CN117892290A - Vehicle refreshing method, device, terminal equipment and storage medium - Google Patents

Vehicle refreshing method, device, terminal equipment and storage medium Download PDF

Info

Publication number
CN117892290A
CN117892290A CN202410029767.0A CN202410029767A CN117892290A CN 117892290 A CN117892290 A CN 117892290A CN 202410029767 A CN202410029767 A CN 202410029767A CN 117892290 A CN117892290 A CN 117892290A
Authority
CN
China
Prior art keywords
file
refreshing
package
vehicle
decrypted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202410029767.0A
Other languages
Chinese (zh)
Inventor
刘新
樊球
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Launch Technology Co Ltd
Original Assignee
Shenzhen Launch Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Launch Technology Co Ltd filed Critical Shenzhen Launch Technology Co Ltd
Priority to CN202410029767.0A priority Critical patent/CN117892290A/en
Publication of CN117892290A publication Critical patent/CN117892290A/en
Pending legal-status Critical Current

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The application discloses a vehicle refreshing method, a device, terminal equipment and a storage medium, wherein a refreshing file is obtained; compressing and encrypting the refreshing file and the pre-configured limit-controlled storage file to obtain an encrypted upgrade package; compressing and decrypting the encrypted upgrade package and a pre-configured decrypted and signature-verified storage file to obtain a decrypted refreshing package; calculating the decrypted refreshing package to obtain a summary value; and processing the refreshing function according to the abstract value and the encrypted upgrade package. The scheme not only can improve the safety of transmitting the diagnostic writing upgrade package, but also can limit control on writing equipment and vehicles, reduces the frequency of illegal writing and improves the after-sale diagnostic efficiency.

Description

Vehicle refreshing method, device, terminal equipment and storage medium
Technical Field
The present invention relates to the field of information refreshing, and in particular, to a vehicle refreshing method, device, terminal device, and storage medium.
Background
With the continuous development of automobile electronics, the functions of the electronic control units of the vehicles are more and more complex, and the requirements for the electronic control units of the vehicles for brushing are more and more frequent. The flashing function can update the software of the vehicle, repair loopholes, improve performance and the like. However, current security controls for the swiped file are relatively weak, which may lead to some security concerns and administrative difficulties.
At present, the data encryption and management and control method of the refreshing file does not carry out encryption processing on the refreshing file, and a user can refresh the ECU of any vehicle only by equipment and the refreshing file, so that illegal refreshing is easy to cause, and after-sales management and control are not facilitated.
Disclosure of Invention
The invention mainly aims to provide a vehicle refreshing method, a device, terminal equipment and a storage medium, and aims to solve the technical problem that refreshing files are not encrypted and managed.
In order to achieve the above object, the present invention provides a vehicle flashing method, including:
acquiring a brushing file;
compressing and encrypting the refreshing file and the pre-configured limit-controlled storage file to obtain an encrypted upgrade package;
compressing and decrypting the encrypted upgrade package and a pre-configured decrypted and signature-verified storage file to obtain a decrypted refreshing package;
calculating the decrypted refreshing package to obtain a summary value;
and processing the refreshing function according to the abstract value and the encrypted upgrade package.
Optionally, the step of compressing and encrypting the swipe file and the preconfigured limit-controlled storage file to obtain an encrypted upgrade package includes:
Compressing the refreshing file and a preconfigured limit-controlled storage file to obtain a transmission compression packet, wherein the preconfigured limit-controlled storage file comprises a version number of the refreshing file, a vehicle identification number and a white list of a diagnostic box;
and encrypting the transmission compressed packet through an encryption algorithm to obtain an encrypted upgrade packet.
Optionally, the step of compressing and decrypting the encrypted upgrade package and the pre-configured decrypted and signed storage file to obtain the decrypted refresh package includes:
compressing the encrypted upgrade package and a pre-configured decryption and signature verification storage file to obtain a complete upgrade package;
decompressing the complete upgrade package to obtain a transmission compression package and the pre-configured decryption and signature verification storage file, wherein the pre-configured decryption and signature verification storage file comprises signature information and symmetric key ciphertext in the encrypted upgrade package;
the private key is called to decrypt the symmetric key ciphertext in the encrypted upgrade package, and a plaintext symmetric key is obtained;
and decrypting the transmission compressed package through the plaintext symmetric key to obtain a decrypted refreshing package file.
Optionally, the step of decrypting the symmetric key ciphertext in the encrypted upgrade package with the call private key to obtain the plaintext symmetric key includes:
sending a request for acquiring a private key of the decryption character string to a server;
based on the request for obtaining the private key of the decryption string, verifying the request through the server;
and if the request passes the verification, receiving a private key of the decryption character string returned by the server.
Optionally, the step of performing a digest operation on the decrypted bundle to obtain a digest value includes:
acquiring the decrypted refreshing package file;
reading the content in the decrypted refreshing package file;
inputting the content in the read refreshing package file into a summary algorithm for summary operation;
and obtaining the digest value through digest operation.
Optionally, the step of processing the brushing function according to the digest value and the encrypted upgrade package includes:
comparing the abstract value with signature information in the upgrade package to obtain a comparison result;
judging whether the comparison result meets a preset condition or not;
if not, executing the operation instruction for stopping the brushing function;
If yes, executing the operation instruction of the brushing function.
Optionally, if the comparison result meets a preset condition, the step of executing the operation instruction of the brushing function includes:
decompressing the transmission compressed packet to obtain a storage file controlled by the limit;
analyzing the limit control storage file to obtain a vehicle identification number list and a diagnostic box serial number list;
judging whether the vehicle identification number list and the diagnostic box serial number list are both in a white list of the diagnostic box or not;
if yes, executing a brushing function operation instruction;
if not, executing the operation instruction for stopping the brushing function.
The embodiment of the application also provides a vehicle flashing device, which comprises:
the acquisition module is used for acquiring the brushing file;
the compression and encryption module is used for compressing and encrypting the refreshing file and the pre-configured limit-controlled storage file to obtain an encrypted upgrade package;
the decryption and compression module is used for compressing and decrypting the encrypted upgrade package and the pre-configured decryption and signature verification storage file to obtain a decrypted refreshing package;
the operation module is used for operating the decrypted refreshing package to obtain a summary value;
And the verification module is used for processing the refreshing function according to the abstract value and the encrypted upgrade package.
The embodiment of the application also provides a vehicle flashing terminal device, which comprises: a memory, a processor, and a vehicle swiping program stored on the memory and executable on the processor, the vehicle swiping program configured to implement the steps of the vehicle swiping method as described above.
The embodiment of the application also provides a storage medium, wherein the storage medium stores a vehicle flashing program, and the vehicle flashing program realizes the steps of the vehicle flashing method when being executed by a processor.
The vehicle refreshing method, the device, the terminal equipment and the storage medium provided by the embodiment of the application are used for acquiring the refreshing file; compressing and encrypting the refreshing file and the pre-configured limit-controlled storage file to obtain an encrypted upgrade package; compressing and decrypting the encrypted upgrade package and a pre-configured decrypted and signature-verified storage file to obtain a decrypted refreshing package; calculating the decrypted refreshing package to obtain a summary value; and processing the refreshing function according to the abstract value and the encrypted upgrade package. The scheme not only can improve the safety of transmitting the diagnostic writing upgrade package, but also can limit control on writing equipment and vehicles, reduces the frequency of illegal writing and improves the after-sale diagnostic efficiency.
Drawings
FIG. 1 is a schematic diagram of functional modules of a terminal device to which a vehicle handwriting device of the present application belongs;
FIG. 2 is a flow chart of a first exemplary embodiment of a vehicle handwriting method of the present application;
FIG. 3 is a flow chart of a second exemplary embodiment of a vehicle handwriting method of the present application;
FIG. 4 is a flow chart of a third exemplary embodiment of a vehicle handwriting method of the present application;
FIG. 5 is a flow chart of a fourth exemplary embodiment of a vehicle handwriting method of the present application;
FIG. 6 is a diagram illustrating an overall package structure according to an example of a specific scenario of the vehicle handwriting method of the present application;
FIG. 7 is an exemplary diagram of an xml file configuration program for limit control in accordance with an exemplary scenario of the vehicle handwriting method of the present application;
fig. 8 is a diagram illustrating an example of a configuration procedure of a xlm file of decryption and signature verification, which is involved in a specific scenario example of the vehicle writing method of the present application.
The achievement of the objects, functional features and advantages of the present invention will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Detailed Description
It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
The main solutions of the embodiments of the present application are: acquiring a brushing file; compressing and encrypting the refreshing file and the pre-configured limit-controlled storage file to obtain an encrypted upgrade package; compressing and decrypting the encrypted upgrade package and a pre-configured decrypted and signature-verified storage file to obtain a decrypted refreshing package; calculating the decrypted refreshing package to obtain a summary value; and processing the refreshing function according to the abstract value and the encrypted upgrade package. The scheme not only can improve the safety of transmitting the diagnostic writing upgrade package, but also can limit control on writing equipment and vehicles, reduces the frequency of illegal writing and improves the after-sale diagnostic efficiency.
In the embodiment of the application, in the related vehicle writing technology, most writing functions do not perform corresponding permission setting, and no encryption security measures are provided for writing files, so that certain potential safety hazards exist.
Based on the above, the embodiment of the application provides a solution, which can improve the transmission safety of the written file by encrypting the written file, and can limit and control the written equipment and vehicles, thereby reducing the frequency of illegal writing.
Specifically, referring to fig. 1, fig. 1 is a schematic functional block diagram of a terminal device to which a vehicle handwriting device of the present application belongs. The vehicle flashing device may be a device independent of the terminal device, capable of data processing, which may be carried on the terminal device in the form of hardware or software. The terminal device may be a diagnostic or programmer, a brushtool or the like which can be used for communication and brushwriting with the electronic control unit of the vehicle. The embodiment of the application is exemplified by a brushing tool.
In this embodiment, the terminal device to which the vehicle writing and erasing apparatus belongs at least includes an encryption and decryption module 110, a processor 120, a memory 130, and a diagnosis module 140.
The memory 130 stores an operating system and a vehicle refreshing program, and the vehicle refreshing device can store the acquired refreshing file, the storage file controlled by the configured storage limit, and the storage file for decryption and signature verification in the memory 130; the encryption and decryption module 110 may be an encryption algorithm library, encryption software, an encryption library of a programming language, etc.; the diagnostic module 140 may be a diagnostic instrument, a scanning tool, or the like.
Wherein the vehicle flashing program of the memory 130 when executed by the processor performs the steps of:
acquiring a brushing file;
compressing and encrypting the refreshing file and the pre-configured limit-controlled storage file to obtain an encrypted upgrade package;
compressing and decrypting the encrypted upgrade package and a pre-configured decrypted and signature-verified storage file to obtain a decrypted refreshing package;
calculating the decrypted refreshing package to obtain a summary value;
and processing the refreshing function according to the abstract value and the encrypted upgrade package.
Further, the vehicle flashing program of the memory 130 when executed by the processor further performs the steps of:
compressing the refreshing file and a preconfigured limit-controlled storage file to obtain a transmission compression packet, wherein the preconfigured limit-controlled storage file comprises a version number of the refreshing file, a vehicle identification number and a white list of a diagnostic box;
And encrypting the transmission compressed packet through an encryption algorithm to obtain an encrypted upgrade packet.
Further, the vehicle flashing program of the memory 130 when executed by the processor further performs the steps of:
compressing the encrypted upgrade package and a pre-configured decryption and signature verification storage file to obtain a complete upgrade package;
decompressing the complete upgrade package to obtain a transmission compression package and the pre-configured decryption and signature verification storage file, wherein the pre-configured decryption and signature verification storage file comprises signature information and symmetric key ciphertext in the encrypted upgrade package;
the private key is called to decrypt the symmetric key ciphertext in the encrypted upgrade package, and a plaintext symmetric key is obtained;
and decrypting the transmission compressed package through the plaintext symmetric key to obtain a decrypted refreshing package file.
Further, the vehicle flashing program of the memory 130 when executed by the processor further performs the steps of:
sending a request for acquiring a private key of the decryption character string to a server;
based on the request for obtaining the private key of the decryption string, verifying the request through the server;
and if the request passes the verification, receiving a private key of the decryption character string returned by the server.
Further, the vehicle flashing program of the memory 130 when executed by the processor further performs the steps of:
acquiring the decrypted refreshing package file;
reading the content in the decrypted refreshing package file;
inputting the content in the read refreshing package file into a summary algorithm for summary operation;
and obtaining the digest value through digest operation.
Further, the vehicle flashing program of the memory 130 when executed by the processor further performs the steps of:
comparing the abstract value with signature information in the upgrade package to obtain a comparison result;
judging whether the comparison result meets a preset condition or not;
if not, executing the operation instruction for stopping the brushing function;
if yes, executing the operation instruction of the brushing function.
Further, the vehicle flashing program of the memory 130 when executed by the processor further performs the steps of:
decompressing the transmission compressed packet to obtain a storage file controlled by the limit;
analyzing the limit control storage file to obtain a vehicle identification number list and a diagnostic box serial number list;
judging whether the vehicle identification number list and the diagnostic box serial number list are both in a white list of the diagnostic box or not;
If yes, executing a brushing function operation instruction;
if not, executing the operation instruction for stopping the brushing function.
Through the scheme, the embodiment specifically acquires the brushing file; compressing and encrypting the refreshing file and the pre-configured limit-controlled storage file to obtain an encrypted upgrade package; compressing and decrypting the encrypted upgrade package and a pre-configured decrypted and signature-verified storage file to obtain a decrypted refreshing package; calculating the decrypted refreshing package to obtain a summary value; and processing the refreshing function according to the abstract value and the encrypted upgrade package. By the method, manufacturers can safely transmit the diagnosis and writing upgrade package, limit control can be achieved on written equipment and vehicles, the frequency of illegal writing is reduced, and after-sale diagnosis efficiency is improved.
Based on the above terminal device architecture, but not limited to the above architecture, the method embodiments of the present application are presented.
Referring to fig. 2, fig. 2 is a schematic flow chart of a first exemplary embodiment of a vehicle flashing method according to the present application, where the vehicle flashing method includes:
step S10, obtaining a swiped file.
Wherein, the file is written with data from the content to the file to update the content of the file.
In this embodiment, the swipe file may be used to diagnose and address the swiped device as well as the vehicle malfunction. According to the written-over file in the control unit, a developer can analyze the error code and the fault information in the written-over file to determine the problem of the vehicle and take corresponding repairing measures. Thus, the swipe file needs to be acquired first.
Specifically, first, it is necessary to connect the brush tool with a diagnostic interface of a device that needs to make a diagnosis.
The developer may then develop the brush file according to the operating interface of the brush tool. The swipe files are typically categorized by control unit and software version, developing swipe files that match the swipe device and vehicle.
Finally, after the swipe file is developed, the swipe tool communicates with the swipe device or the control unit of the vehicle via the diagnostic interface and downloads the swipe file to the storage device of the diagnostic tool for subsequent diagnosis and operation.
Through the steps, the acquisition of the refreshing file can provide a basis for the subsequent diagnosis and repair of the vehicle and the refreshing equipment.
And step S20, compressing and encrypting the writing file and the pre-configured limit-controlled storage file to obtain an encrypted upgrade package.
The limit control storage file is recorded with the version number of the file which is written, and the information such as a vehicle VIN (Vehicle Identification Number ) code, a white list of a diagnostic box serial number and the like which can be written;
the vehicle VIN code refers to a vehicle identification number used for distinguishing and identifying different automobiles;
a diagnostic cartridge is a device for diagnosing and detecting a vehicle fault.
Specifically, in this embodiment, before the step of compressing and encrypting the swiped file and the preconfigured limit-controlled storage file, a limit-controlled storage file needs to be preconfigured, specifically, a configuration procedure is described below.
First, a storage file is created, which may be created using a text editor or xlm (eXtensible Markup Language ) editor.
Then, in the storage file, functions or operations requiring rights management and different roles or user groups are defined. And sets attributes such as names, descriptions, displacement identifiers and the like of the roles for each role to obtain a storage file of limit control.
And storing the configured limit control storage file, and ensuring whether the naming and the position of the limit control storage file accord with the requirements of a diagnostic system.
And finally, importing the configured limit-controlled storage file into a diagnosis system, and carrying out corresponding configuration and setting so that the diagnosis system can carry out authority control according to the limit-controlled storage file.
After the configuration of the limit-controlled storage file is completed, in order to prevent the write-through file and the limit-controlled storage file from being revealed or maliciously tampered in the transmission process, measures for compressing and encrypting the write-through file and the limit-controlled storage file are required.
Firstly, the written file and the limit-controlled storage file are compressed to obtain a compressed package, so that the size of the file is reduced, and the file is convenient to transmit and store. Common compression algorithms include ZIP (ZIP Archive), RAR (Roshal Archive), and the like, and an appropriate compression algorithm can be selected according to the needs.
Then, on the basis of the compressed flash file, the compressed flash file is encrypted to obtain an encrypted upgrade package so as to ensure the security of the file content. The encryption algorithm may be a common symmetric encryption algorithm or an asymmetric encryption algorithm, and in this embodiment, the encryption is performed using the AES (Advanced Encryption Standard ) symmetric encryption algorithm.
Similarly, the limit-controlled storage file is encrypted to ensure the security of the information in the storage file. The storage file for limit control is also encrypted by AES.
And finally, merging the encrypted upgrade package and the encrypted limit control storage file to generate a complete upgrade package. The two files can be combined into one file or packaged into one complete upgrade package.
In summary, by compressing and encrypting the write-through file and the limit-controlled storage file, the security and integrity of the upgrade package can be ensured. Only after decryption and decompression can the original written and read files and storage files be obtained, so that corresponding operations and management can be performed. Thus, unauthorized access and tampering can be prevented, and the security and protection capability of the system are improved.
And step S30, compressing and decrypting the encrypted upgrade package and the pre-configured decrypted and checked storage file to obtain a decrypted refreshing package.
The decrypted and checked storage file records the signature information of the encrypted upgrade package and the symmetric key ciphertext of the compressed package for encrypting the storage file with the refreshing file and the limit control.
Specifically, in this embodiment, before the step of compressing and encrypting the encrypted upgrade package and the pre-configured decrypted and signed storage file, a pre-configured decrypted and signed storage file is further required, and a configuration process is specifically described below.
First, a storage file for signature information of an encrypted upgrade package and symmetric key ciphertext needs to be created.
Before configuration decryption and signature verification, the file is ensured to acquire the corresponding key ciphertext and the encryption upgrade package.
And then, acquiring a corresponding key according to the symmetric key ciphertext, and decrypting the storage file by using the key. This can be achieved by decryption algorithms and keys of the RAS asymmetric encryption algorithm. After decryption, the original configuration information can be obtained.
Next, the decrypted configuration information is checked using the certificate. This may be achieved by using a corresponding signing algorithm and certificate. The purpose of the verification is to ensure the integrity and authenticity of the configuration information.
If the signature verification is successful, the configuration information is not tampered, and the configuration of the decrypted and signed storage file is completed, which is sent by a legal sender.
After the configuration of the decrypted and checked storage files is completed, in order to prevent the encrypted upgrade package and the pre-configured decrypted and checked storage files from being leaked or maliciously tampered in the transmission process, measures for compressing and encrypting the refreshing files and the limit-controlled storage files are needed.
After receiving the complete upgrade package, the user decompresses the complete upgrade package to obtain an encrypted upgrade package, decrypts and verifies the signed storage file, and decrypts the encrypted upgrade package according to the secret key or the private key in the decrypted and verified storage file. This may use a corresponding decryption algorithm and key to perform the decryption operation, restoring the encrypted upgrade package to the original swipe data.
And then the symmetric key or certificate in the decrypted and signed storage file is used for signing the decrypted upgrade package. This will verify the integrity and authenticity of the file, ensuring that the file is not tampered with during transmission and storage.
And finally, decrypting the compressed package storing the refreshing file and the limit-controlled storage file through the symmetric key in the checked storage file to obtain a decrypted refreshing package, wherein the decrypted refreshing data and related files are contained, so that the normal refreshing process of the vehicle is ensured.
Through the steps, the encrypted upgrade package and the decrypted and checked storage file are compressed and decrypted, and the decrypted refreshing package can ensure the safety, the integrity and the credibility of the data, meet the compliance requirement and improve the efficiency of the refreshing process.
And step S40, calculating the decrypted refreshing package to obtain a summary value.
The digest value is a fixed-length data representation obtained by calculating the decrypted flash packet. It is obtained by applying a specific hash function to the data in the brush packet.
After obtaining the decrypted bundle, the bundle data is used as input and is operated on by using the SHA256 algorithm. SHA256 (Secure Hash Algorithm 256-bit, secure hash algorithm 256 bits) algorithms convert input data to a 256-bit (32-byte) digest value. And after the operation is finished, obtaining the abstract value of the brush writing packet.
Where SHA256 is a cryptographic hash function that converts input data into a fixed-length digest value. This digest value is unique and even small changes in the input data can result in disparate digest values. Thus, the digest value may be used to verify the integrity and consistency of the data, as well as to detect if the data has been tampered with.
In summary, SHA256 operation is performed on the decrypted flash packet to obtain the digest value, which can provide functions of verifying data integrity, preventing tampering and spoofing, and verifying data consistency, so as to enhance the safety and reliability of vehicle flash.
And step S50, processing the refreshing function according to the abstract value and the encrypted upgrade package.
Specifically, the digest value and signature information in the decrypted and signed stored file need to be compared first to determine if the file has been tampered with.
If the digest value of the file is inconsistent with the signature information, that is, the digest value of the decrypted upgrade package file is different from the digest value calculated before, it is indicated that the upgrade package file may be tampered or damaged, and the refreshing function needs to be suspended or perform corresponding error processing.
If the digest value of the file is consistent with the signature information, that is, the digest value of the decrypted upgrade package file is the same as the digest value calculated before, it is indicated that the upgrade package file is not tampered or damaged, and the subsequent refreshing operation can be continued.
In summary, the integrity and the credibility of the file can be verified by comparing the digest value with the signature information. If the comparison result is inconsistent, the file is tampered, the brushing operation is stopped, and the diagnosis program is exited, so that the safety and the reliability of the system are ensured.
Further, referring to fig. 3, fig. 3 is a schematic flow chart of a second exemplary embodiment according to the first exemplary embodiment, based on the step S20, the encrypted upgrade package and the pre-configured decrypted and signature-checking storage file are compressed and decrypted, so as to obtain a decrypted brush package, which is further refined, and includes:
step S21, compressing the encrypted upgrade package and a pre-configured decryption and signature verification storage file to obtain a complete upgrade package;
step S22, decompressing the complete upgrade package to obtain a transmission compressed package and a pre-configured decryption and signature verification storage file, wherein the pre-configured decryption and signature verification storage file comprises signature information and symmetric key ciphertext in the encrypted upgrade package;
s23, a private key is called to decrypt the symmetric key ciphertext in the encrypted upgrade package, and a plaintext symmetric key is obtained;
and step S24, decrypting the transmission compressed package through the plaintext symmetric key to obtain a decrypted refreshing package file.
Specifically, firstly, an encrypted upgrade package and a decrypted and signed storage file are obtained, the two files are compressed through a compression algorithm, and the compressed file is the complete upgrade package. The encrypted upgrade package and the decrypted and signed storage file are contained.
After receiving the complete upgrade package, the user of the service station decompresses the complete upgrade package to restore the original transmission compressed package and the decrypted and signature-checking storage file. The decrypted and checked storage file comprises signature information and symmetric key ciphertext in an encrypted upgrade package;
then, a request is sent to the server requesting acquisition of the private key of the decryption string. This request may be an HTTP (Hypertext Transfer Protocol ) request containing the specific API (Application Programming Interface ) endpoint or URL (Uniform Resource Locator, uniform source locator), and necessary parameters such as authentication credentials or other identifiers. After receiving the request sent by the client, the server verifies the request. If the request passes the server's authentication, the server generates or provides a private key to decrypt the string and returns it as a response to the client. After receiving a private key of a decryption character string returned by the server, the client calls the private key to decrypt a symmetric key ciphertext in a storage file for decryption and signature verification, and a plaintext symmetric key is obtained.
And finally, acquiring a transmission compressed packet, wherein the transmission compressed packet comprises the written file and the limit-controlled storage file. And decrypting the transmission compressed packet by using the plaintext symmetric key to obtain a decrypted refreshing packet file. The decrypted refresh packet file may be used for subsequent refresh operations.
By the method, the encrypted upgrade package and the decrypted and signed storage file can be compressed, decompressed and decrypted, and finally the decrypted refreshing package file is obtained so as to carry out subsequent refreshing operation.
Further, referring to fig. 4, fig. 4 is a schematic flow chart of a third exemplary embodiment according to the first exemplary embodiment, and based on the step S40, the performing a digest operation on the decrypted bundle to obtain a further refinement of the digest value includes:
step S41, obtaining the decrypted refreshing package file;
step S42, reading the content in the decrypted refreshing package file;
step S43, inputting the read content in the refreshing package file into a summarization algorithm for summarization operation;
in step S44, a digest value is obtained by digest operation.
The digest algorithm may include common hash algorithms such as MD5, SHA-1, SHA-256, etc.
Compared with the first embodiment, the present embodiment further includes a method for reading the content of the decrypted flash file and performing the digest operation to obtain the digest value.
Specifically, first, it is necessary to acquire the decrypted bundle file and read the contents in the bundle file that has been decrypted. Where it may be implemented using functions or methods related to file operations, such as opening a file, reading the contents of a file, etc.
Then, the read content in the package file is input into a summarization algorithm to perform summarization operation through the summarization algorithm. The digest algorithm may be a common hash algorithm such as MD5, SHA-1, SHA256, etc.
Finally, the result obtained by the digest operation is the digest value. Wherein the digest value is a fixed-length string representing a unique identification of the input data. The digest value may be used in subsequent operations of the vehicle flashing function.
By the method, the comparison abstract value is obtained, the integrity and the correctness of the refreshing package file can be verified, and the data is ensured not to be tampered or damaged.
Further, referring to fig. 5, fig. 4 is a flowchart of a fourth exemplary embodiment according to the first exemplary embodiment, and based on the step S50, the processing of the writing function is further refined according to the digest value and the encrypted upgrade package, including:
Step S51, comparing the abstract value with signature information in the upgrade package to obtain a comparison result;
step S52, judging whether the comparison result meets a preset condition;
step S53, if not, executing the instruction for stopping the brushing function operation;
and step S54, if yes, executing the operation instruction of the brushing function.
Specifically, firstly, obtaining the abstract value and the signature information in the upgrade package, and comparing the abstract value with the signature information in the upgrade package to obtain a comparison result. By comparing the digest value with the signature information in the upgrade package, it is possible to verify whether the upgrade package is tampered or counterfeited.
Then, it is necessary to determine whether the comparison result satisfies a preset condition. Wherein the preset condition can be determined according to the requirements of the security policy or the upgrade package. For example, it may be whether the digest value and the signature information of the encrypted upgrade package are consistent or valid, or the like. According to the different preset conditions, whether to continue to execute the operation of the brushing function can be determined.
If the comparison result does not meet the preset condition, the summary information is inconsistent with the signature information of the encrypted upgrade package or the signature information is invalid, which indicates that the upgrade package may be tampered or forged, the refreshing function needs to be stopped, and the diagnostic program is exited.
If the comparison result meets the preset condition, the summary information is consistent with the signature information of the encrypted upgrade package and the signature information is valid, which indicates that the upgrade package is not tampered, and the operation of the refreshing function can be continuously executed.
And when the judgment result is that the operation of the refreshing function is continuously executed, decompressing a transmission compression packet, wherein the transmission compression packet comprises the refreshing file and the limit controlled storage file, and obtaining the original refreshing file and the limit controlled storage file.
And analyzing the limit-controlled storage file to obtain a vehicle VIN code list and a diagnostic box serial number list which can be written in a refreshing way.
Judging whether the VIN code list and the diagnostic box serial number list are in a white list of diagnostic box serial numbers, wherein the white list is a preset diagnostic box serial number list allowing a brushing function;
if the VIN code list and the diagnostic box serial number list are both in the white list of the diagnostic box serial numbers, the operation of the brushing function can be executed normally, and the operation of the brushing function can be executed continuously;
if one of the VIN code list and the diagnostic box serial number list is not stored in the white list of the diagnostic box serial number, or neither list is stored in the white list of the diagnostic box serial number, it is indicated that the brushing function is not in compliance with the safety requirement, the brushing function is required to be stopped, and the diagnostic program is exited.
By the method, damage to the vehicle caused by malicious or unauthorized written files can be prevented, only verified written files can be ensured to be applied, and after-sale diagnosis efficiency is improved.
Embodiments of the present application are specifically described below in conjunction with specific scenarios.
Assuming that a certain automobile manufacturer needs to push a new software upgrade that can improve the performance and functionality of the vehicle, the manufacturer may take the following method to ensure the safety of the swiping function.
Wherein the manufacturer needs a structural example of the developed and configured file as shown in fig. 6. The first-level file comprises a complete upgrade package (diagnostic. Zip) formed by compressing a compression package (flashfile. Zip) and a decrypted and signed xml file (PKI. Xml), wherein the compression package (flashfile. Zip) is obtained by compressing a limit-controlled xml file (precondition. Xml) and a swipe file; the second level files include compressed package (flashfile. Zip) and decrypted and signed xml files (pki. Xml); the third level files include xml files (precondition. Xml) of limit control files, flash files, signature information, and symmetric key ciphertexts.
Specifically, after the manufacturer develops the brush file, a limitation-controlled xml file (precondition. Xml) configuration program is configured in the vehicle, as shown in fig. 7. The file records the version number of the file which is written and written, the vehicle VIN code which can be written and the white list of the serial number of the diagnostic box.
Then, the limited xml file and the flash file are made into a compressed package (flashfile. Zip), and AES (Advanced Encryption Standard ) encryption is performed on the compressed package, so as to obtain an encrypted upgrade package, and the encrypted upgrade package is the main body of the flash file at this time.
A decrypted and signed xlm file (pki. Xml) is then configured, wherein the file records the signature information of the encrypted upgrade package and the symmetric key ciphertext for the encrypted compressed package (flashfile. Zip). The configuration procedure of a specific decrypted and signed xlm file (pki.xml) is shown in fig. 8.
Next, the compressed package (flashfile. Zip) and the decrypted and signed xlm file (pki. Xml) are compressed into a complete upgrade package (diagnostic. Zip).
After receiving the complete upgrade package (diagnostic. Zip), the service station user decompresses the upgrade package to obtain an original compressed package (flashfile. Zip) and a decrypted and signed xlm file (PKI. Xml), requests a private key of a decrypted character string from a server, and decrypts a symmetric key ciphertext in the decrypted and signed xlm file (PKI. Xml) through the private key to obtain a plaintext symmetric key.
And then decrypting the compressed packet (flashfile. Zip) by using the symmetric key to obtain a decrypted refreshing packet, and carrying out SHA256 (Secure Hash Algorithm-bit, 256-bit secure hash algorithm) operation on the refreshing packet to obtain the digest value of the refreshing packet.
Finally, the digest value is compared with the signature information in the xlm file (pki. Xml) for decryption and verification. If the comparison results are inconsistent, indicating that the file is tampered, stopping brushing, and exiting the diagnostic program; if the comparison result is consistent, the file is not tampered and can be used normally, the compressed package (flashfile) is decompressed again, the limit-controlled xml file (precondition. Xml) is analyzed, a writable VIN code list and a diagnosis and serial number list are obtained, and whether the VIN code and the diagnosis box serial number of the vehicle are in a white list or not is compared. If one of the VIN code and the serial number of the diagnostic box does not exist in the white list or neither of the VIN code and the serial number of the diagnostic box exists in the white list, stopping the brushing function and exiting the diagnostic program; if both the VIN code and the diagnostic box serial number are present in the whitelist, the flush function will be authorized for execution, and once the flush function is authorized for execution, the diagnostic tool will perform a flush operation using the encrypted upgrade package. In the process of brushing, the digest value and the signature of the upgrade package are also verified, so that the integrity and the authenticity of the upgrade package are ensured.
Through the method, a manufacturer can safely transmit the diagnosis and write-in file, and can also carry out authority control on the written-in vehicle, so that unauthorized writing-in operation is prevented, and the safety and reliability of the vehicle are ensured.
Through the embodiment scheme, the method specifically comprises the steps of acquiring a brushing file; configuring a storage file controlled by a limit; compressing and encrypting according to the refreshing file and the limit-controlled storage file to obtain an encrypted upgrade package; configuring a storage file for decryption and signature verification; compressing and decrypting according to the encrypted upgrade package and the decrypted and checked storage file to obtain a decrypted refreshing package; calculating the decrypted refreshing package to obtain a summary value; and processing the refreshing function according to the abstract value and the encrypted upgrade package. The scheme not only can improve the safety of transmitting the diagnostic writing upgrade package, but also can limit control on writing equipment and vehicles, reduces the frequency of illegal writing and improves the after-sale diagnostic efficiency.
In addition, the embodiment of the application also provides a vehicle flashing device, which comprises:
the acquisition module is used for acquiring the brushing file;
The compression and encryption module is used for compressing and encrypting the refreshing file and the pre-configured limit-controlled storage file to obtain an encrypted upgrade package;
the decryption and compression module is used for compressing and decrypting the encrypted upgrade package and the pre-configured decryption and signature verification storage file to obtain a decrypted refreshing package;
the operation module is used for operating the decrypted refreshing package to obtain a summary value;
and the verification module is used for processing the refreshing function according to the abstract value and the encrypted upgrade package.
The present embodiment realizes the principle and implementation process of vehicle brushing, please refer to the above embodiments, and the description thereof is omitted herein.
In addition, the embodiment of the application also provides a vehicle flashing terminal device, which comprises: a memory, a processor, and a vehicle swiping program stored on the memory and executable on the processor, the vehicle swiping program configured to implement the steps of the vehicle swiping method as described above.
Because the vehicle writing program is executed by the processor, all the technical solutions of all the embodiments are adopted, and therefore, at least all the beneficial effects brought by all the technical solutions of all the embodiments are provided, and are not described in detail herein.
In addition, the embodiment of the application also provides a storage medium, wherein the storage medium stores a vehicle refreshing program, and the vehicle refreshing program realizes the steps of the vehicle refreshing method when being executed by a processor.
Because the vehicle writing program is executed by the processor, all the technical solutions of all the embodiments are adopted, and therefore, at least all the beneficial effects brought by all the technical solutions of all the embodiments are provided, and are not described in detail herein.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The foregoing embodiment numbers of the present invention are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (e.g. ROM/RAM, magnetic disk, optical disk) as described above, comprising instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform the method according to the embodiments of the present invention.
The foregoing description is only of the preferred embodiments of the present invention, and is not intended to limit the scope of the invention, but rather is intended to cover any equivalents of the structures or equivalent processes disclosed herein or in the alternative, which may be employed directly or indirectly in other related arts.

Claims (10)

1. A vehicle swiping method, characterized in that the vehicle swiping method comprises the following steps:
Acquiring a brushing file;
compressing and encrypting the refreshing file and the pre-configured limit-controlled storage file to obtain an encrypted upgrade package;
compressing and decrypting the encrypted upgrade package and a pre-configured decrypted and signature-verified storage file to obtain a decrypted refreshing package;
calculating the decrypted refreshing package to obtain a summary value;
and processing the refreshing function according to the abstract value and the encrypted upgrade package.
2. The vehicle flashing method of claim 1, wherein the step of compressing and encrypting the flashing file and the preconfigured limit-governed storage file to obtain an encrypted upgrade package comprises:
compressing the refreshing file and a preconfigured limit-controlled storage file to obtain a transmission compression packet, wherein the preconfigured limit-controlled storage file comprises a version number of the refreshing file, a vehicle identification number and a white list of a diagnostic box;
and encrypting the transmission compressed packet through an encryption algorithm to obtain an encrypted upgrade packet.
3. The vehicle flashing method of claim 1, wherein the step of compressing and decrypting the encrypted upgrade package and the pre-configured decrypted and signed storage file to obtain a decrypted flashing package comprises:
Compressing the encrypted upgrade package and a pre-configured decryption and signature verification storage file to obtain a complete upgrade package;
decompressing the complete upgrade package to obtain a transmission compression package and the pre-configured decryption and signature verification storage file, wherein the pre-configured decryption and signature verification storage file comprises signature information and symmetric key ciphertext in the encrypted upgrade package;
the private key is called to decrypt the symmetric key ciphertext in the encrypted upgrade package, and a plaintext symmetric key is obtained;
and decrypting the transmission compressed package through the plaintext symmetric key to obtain a decrypted refreshing package file.
4. The vehicle flashing method of claim 3, wherein the step of decrypting the symmetric key ciphertext in the encrypted upgrade package with the call private key to obtain a plaintext symmetric key comprises:
sending a request for acquiring a private key of the decryption character string to a server;
based on the request for obtaining the private key of the decryption string, verifying the request through the server;
and if the request passes the verification, receiving a private key of the decryption character string returned by the server.
5. The vehicle flashing method of claim 1, wherein the step of summarizing the decrypted flashing packet to obtain a summary value comprises:
Acquiring the decrypted refreshing package file;
reading the content in the decrypted refreshing package file;
inputting the content in the read refreshing package file into a summary algorithm for summary operation;
and obtaining the digest value through digest operation.
6. The vehicle flashing method of claim 1, wherein the step of processing the flashing function based on the digest value and the encrypted upgrade package comprises:
comparing the abstract value with signature information in the upgrade package to obtain a comparison result;
judging whether the comparison result meets a preset condition or not;
if not, executing the operation instruction for stopping the brushing function;
if yes, executing the operation instruction of the brushing function.
7. The vehicle writing method according to claim 6, wherein the step of executing the writing function operation instruction if the comparison result satisfies a preset condition includes:
decompressing the transmission compressed packet to obtain a storage file controlled by the limit;
analyzing the limit control storage file to obtain a vehicle identification number list and a diagnostic box serial number list;
judging whether the vehicle identification number list and the diagnostic box serial number list are both in a white list of the diagnostic box or not;
If yes, executing a brushing function operation instruction;
if not, executing the operation instruction for stopping the brushing function.
8. A vehicle swiping device, characterized in that the vehicle swiping device comprises:
the acquisition module is used for acquiring the brushing file;
the compression and encryption module is used for compressing and encrypting the refreshing file and the pre-configured limit-controlled storage file to obtain an encrypted upgrade package;
the decryption and compression module is used for compressing and decrypting the encrypted upgrade package and the pre-configured decryption and signature verification storage file to obtain a decrypted refreshing package;
the operation module is used for operating the decrypted refreshing package to obtain a summary value;
and the verification module is used for processing the refreshing function according to the abstract value and the encrypted upgrade package.
9. A vehicle flashing terminal device, the terminal device comprising: a memory, a processor, and a vehicle swiping program stored on the memory and executable on the processor, the vehicle swiping program configured to implement the steps of the vehicle swiping method of any of claims 1 to 7.
10. A storage medium having stored thereon a vehicle swiping program which when executed by a processor implements the steps of the vehicle swiping method according to any of claims 1 to 7.
CN202410029767.0A 2024-01-08 2024-01-08 Vehicle refreshing method, device, terminal equipment and storage medium Pending CN117892290A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410029767.0A CN117892290A (en) 2024-01-08 2024-01-08 Vehicle refreshing method, device, terminal equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410029767.0A CN117892290A (en) 2024-01-08 2024-01-08 Vehicle refreshing method, device, terminal equipment and storage medium

Publications (1)

Publication Number Publication Date
CN117892290A true CN117892290A (en) 2024-04-16

Family

ID=90642218

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410029767.0A Pending CN117892290A (en) 2024-01-08 2024-01-08 Vehicle refreshing method, device, terminal equipment and storage medium

Country Status (1)

Country Link
CN (1) CN117892290A (en)

Similar Documents

Publication Publication Date Title
US11258792B2 (en) Method, device, system for authenticating an accessing terminal by server, server and computer readable storage medium
CN110519309B (en) Data transmission method, device, terminal, server and storage medium
US8874922B2 (en) Systems and methods for multi-layered authentication/verification of trusted platform updates
US7526649B2 (en) Session key exchange
CN107430658B (en) Security software certification and verifying
US11330432B2 (en) Maintenance system and maintenance method
CN106936588B (en) Hosting method, device and system of hardware control lock
JP2008251021A (en) Application authentication system
US20180113703A1 (en) Method for updating software of a control device of a vehicle
CN112468294B (en) Access method and authentication equipment of vehicle-mounted TBOX
CN112883382A (en) Vehicle flashing method, vehicle networking box, vehicle and storage medium
US20110154436A1 (en) Provider Management Methods and Systems for a Portable Device Running Android Platform
CN115129332A (en) Firmware burning method, computer equipment and readable storage medium
KR20070059891A (en) Application authentication security system and method thereof
US20090210719A1 (en) Communication control method of determining whether communication is permitted/not permitted, and computer-readable recording medium recording communication control program
CN114189862A (en) Wireless terminal and interface access authentication method of wireless terminal in Uboot mode
CN114884661B (en) Hybrid security service cryptographic system
CN116132041A (en) Key processing method and device, storage medium and electronic equipment
CN116011042A (en) Data storage method, device, system, computer equipment and storage medium
US11550932B2 (en) Method for a terminal to acquire and access data
CN117892290A (en) Vehicle refreshing method, device, terminal equipment and storage medium
CN114285581A (en) Application management method and related product
CN114301601B (en) Interface management method and terminal based on Android platform
CN115996126B (en) Information interaction method, application device, auxiliary platform and electronic device
US20060212699A1 (en) Method and apparatus for certifying a design of a software computer program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination