CN117909987A - Security refreshing method and system for application software of electronic control unit and readable storage medium - Google Patents

Security refreshing method and system for application software of electronic control unit and readable storage medium Download PDF

Info

Publication number
CN117909987A
CN117909987A CN202311866803.0A CN202311866803A CN117909987A CN 117909987 A CN117909987 A CN 117909987A CN 202311866803 A CN202311866803 A CN 202311866803A CN 117909987 A CN117909987 A CN 117909987A
Authority
CN
China
Prior art keywords
ota upgrade
upgrade package
signed
encryption
symmetric key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311866803.0A
Other languages
Chinese (zh)
Inventor
吴革
严宇峰
余健
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zero Beam Technology Co ltd
Original Assignee
Zero Beam Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zero Beam Technology Co ltd filed Critical Zero Beam Technology Co ltd
Priority to CN202311866803.0A priority Critical patent/CN117909987A/en
Publication of CN117909987A publication Critical patent/CN117909987A/en
Pending legal-status Critical Current

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention provides a security refreshing method, a security refreshing system and a readable storage medium of an electric control unit application software, wherein the security refreshing method comprises the steps of obtaining a signed encryption OTA upgrade package and transmitting the signed encryption OTA upgrade package to a vehicle end through a public network; acquiring a signed symmetric key, and transmitting the signed symmetric key to a vehicle end through a private network; respectively checking the signed encryption OTA upgrade package and the signed symmetric key to obtain an encryption OTA upgrade package and a symmetric key, and performing symmetric decryption operation on the encryption OTA upgrade package based on the symmetric key to obtain an OTA upgrade package; and acquiring each ECU installation package based on the OTA upgrade package, wherein each ECU installation package is used for executing refreshing of the application software of the electric control unit. The method can ensure the safe refreshing of the ECU application software through the combination communication of the public network and the private network and the cloud encryption vehicle end decryption method.

Description

Security refreshing method and system for application software of electronic control unit and readable storage medium
Technical Field
The invention relates to the technical field of automobiles, in particular to a safe refreshing method and system for application software of an electric control unit and a readable storage medium.
Background
With the continuous development of automotive electronics, electronic Control Units (ECU) are increasingly used. In order to ensure the performance and safety of the vehicle, the software in the ECU needs to be updated periodically. However, during the update process, security risks exist, such as imperfect signature and encryption techniques, improper private key management, incomplete security policies, and lack of effective signature verification mechanisms. Therefore, how to ensure the refresh security of the ECU application software becomes a problem to be solved.
Currently, some solutions have been proposed, such as using digital signatures, key Management Protocol (KMP). However, the above solution may have a certain security hidden trouble, for example, man-in-the-middle attack, key disclosure, digital certificate forging, and installation package tampering may exist in the signing process, so a more secure method is needed to ensure the refreshing security of the ECU application software.
Disclosure of Invention
In view of the above-mentioned drawbacks of the prior art, the present invention is directed to a method, a system and a readable storage medium for secure refreshing of application software of an electronic control unit, which can ensure secure refreshing of application software of an ECU by combining communication between a public network and a private network and cloud encryption and decryption.
The first aspect of the invention provides a method for safely refreshing application software of an electric control unit, which comprises the following steps:
Acquiring a signed encryption OTA upgrade package, and transmitting the signed encryption OTA upgrade package to a vehicle end through a public network;
Acquiring a signed symmetric key, and transmitting the signed symmetric key to a vehicle end through a private network;
Respectively checking the signed encryption OTA upgrade package and the signed symmetric key to obtain an encryption OTA upgrade package and a symmetric key, and performing symmetric decryption operation on the encryption OTA upgrade package based on the symmetric key to obtain an OTA upgrade package;
and acquiring each ECU installation package based on the OTA upgrade package, wherein each ECU installation package is used for executing refreshing of the application software of the electric control unit.
As an optional implementation manner, the obtaining the signed encrypted OTA upgrade package includes:
Acquiring an OTA upgrade package, a symmetric key, a cloud certificate private key and a vehicle-end built-in public key;
Performing symmetric encryption operation on the OTA upgrade package through the symmetric key to obtain an encrypted OTA upgrade package;
Carrying out asymmetric encryption operation signing on the encrypted OTA upgrade package through the cloud certificate private key to obtain a signed encrypted OTA upgrade package;
and carrying out asymmetric encryption operation signing on the symmetric key through the cloud certificate private key to obtain a signed symmetric key.
As an optional implementation manner, the acquiring the OTA upgrade package includes:
acquiring each ECU installation package and cloud ECU certificate private keys corresponding to each ECU installation package;
Performing corresponding asymmetric signature operation on each ECU installation package based on a cloud ECU certificate private key corresponding to each ECU installation package to obtain each signed ECU installation package;
and packaging the signed ECU installation packages and the description files thereof into an OTA upgrade package.
As an optional implementation manner, the acquiring each ECU installation package based on the OTA upgrade package, where each ECU installation package is used to execute refreshing of application software of an electronic control unit, includes:
The vehicle end obtains each signed ECU installation package based on the OTA upgrade package and distributes the signed ECU installation package to the corresponding ECU;
And after the vehicle end meets the installation triggering condition, the vehicle end ECU certificate public key corresponding to each signed ECU installation package carries out synchronous signature verification on each signed ECU installation package, and after the signature verification is passed, the signed ECU installation package directly executes refreshing operation of the application software of the electronic control unit.
As an optional implementation manner, the signing the signed encrypted OTA upgrade package and the signed symmetric key respectively to obtain an encrypted OTA upgrade package and a symmetric key, which includes:
And the vehicle end performs asymmetric encryption operation signature verification on the signed encryption OTA upgrade package and the signed symmetric key based on the built-in public key of the vehicle end to obtain the encryption OTA upgrade package and the symmetric key respectively.
As an optional implementation manner, the signing the encrypted OTA upgrade package by the asymmetric encryption operation through the cloud certificate private key to obtain a signed encrypted OTA upgrade package includes:
Acquiring the abstract of the encrypted OTA upgrade package;
And carrying out asymmetric encryption operation signing on the abstract of the encryption OTA upgrade package based on the cloud certificate private key to obtain signature header information of the encryption OTA upgrade package, and assembling the signature header information of the encryption OTA upgrade package to the head of the encryption OTA upgrade package to obtain a signed encryption OTA upgrade package.
As an optional implementation manner, signing the symmetric key through the asymmetric encryption operation performed on the cloud certificate private key to obtain a signed symmetric key includes:
obtaining the abstract of the symmetric key;
And signing the abstract of the symmetric key by asymmetric encryption operation based on the cloud certificate private key to obtain signature header information of the symmetric key, and assembling the signature header information of the symmetric key to the head of the symmetric key to obtain the signed symmetric key.
A second aspect of the present invention provides a security refresh system for application software of an electronic control unit, including:
the public network transmission module is at least used for acquiring the signed encryption OTA upgrade package and transmitting the signed encryption OTA upgrade package to the vehicle end through the public network;
the private network transmission module is at least used for acquiring the signed symmetric key and transmitting the signed symmetric key to the vehicle end through the private network;
The signature verification module is at least used for respectively verifying the signed encryption OTA upgrade package and the signed symmetric key to obtain an encryption OTA upgrade package and a symmetric key;
the decryption module is at least used for carrying out symmetric decryption operation on the encrypted OTA upgrade package based on the symmetric key to obtain an OTA upgrade package;
And the refreshing execution module is at least used for acquiring each ECU installation package based on the OTA upgrade package, and each ECU installation package is used for executing refreshing of the application software of the electric control unit.
The third aspect of the invention provides a vehicle cloud transmission method based on an OTA upgrade package, comprising the following steps:
acquiring an OTA upgrade package, a symmetric key, a cloud certificate private key and a vehicle-end built-in public key at a cloud;
The cloud performs symmetric encryption operation on the OTA upgrade package through the symmetric key to obtain an encrypted OTA upgrade package;
the cloud end carries out asymmetric encryption operation signing on the encryption OTA upgrade package through the cloud end certificate private key to obtain a signed encryption OTA upgrade package, and the signed encryption OTA upgrade package is transmitted to a vehicle end through a public network;
The cloud end carries out asymmetric encryption operation signing on the symmetric key through the cloud end certificate private key to obtain a signed symmetric key, and transmits the signed symmetric key to a vehicle end through a private network;
the vehicle end carries out asymmetric encryption operation and signature verification on the signed encryption OTA upgrade package and the signed symmetric key respectively based on the built-in public key of the vehicle end to obtain an encryption OTA upgrade package and a symmetric key respectively;
And the vehicle end performs symmetric decryption operation on the encrypted OTA upgrade package based on the symmetric key to obtain the OTA upgrade package.
A fourth aspect of the present invention provides an electronic device, comprising: at least one processor; and at least one memory communicatively coupled to the processor, wherein: the memory stores program instructions executable by the processor, the processor invoking the program instructions being capable of performing the method according to the first aspect of the invention or the third aspect of the invention.
A fifth aspect of the invention provides a computer-readable storage medium having stored thereon a computer program which, when executed by a computer, performs a method according to the first aspect of the invention or the third aspect of the invention.
In summary, compared with the prior art, the invention has at least one of the following beneficial technical effects:
According to the invention, the security refreshing of the ECU application software is ensured by combining the communication of the public network and the private network and the cloud encryption vehicle end decryption method, the source of the OTA upgrade package can be rapidly judged by an asymmetric signature algorithm, the security and the integrity of the installation package can be ensured by symmetric encryption, the OTA upgrade cost can be saved by transmitting the upgrade package through the public network, and meanwhile, the security of the updating process is improved by exchanging the symmetric encryption key by the private network, so that the security of the application software refreshing of the electronic control unit is ensured.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the description of the embodiments will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flow chart of a security refreshing method of application software of an electronic control unit according to an embodiment of the invention.
Fig. 2 is a schematic flow chart of acquiring an OTA upgrade package at a cloud end in an embodiment of the invention.
Fig. 3 is a schematic diagram illustrating a method for acquiring a signed encrypted OTA upgrade package and a signed symmetric key in an embodiment of the present invention.
Fig. 4 is a schematic flow chart of acquiring an OTA upgrade package at a vehicle end according to an embodiment of the present invention.
Fig. 5 shows a flowchart of acquiring an ECU installation package at a vehicle end according to an embodiment of the present invention.
Fig. 6 is a block diagram of a security refresh system for application software of an electronic control unit in an embodiment of the invention.
Fig. 7 shows a schematic structural diagram of an electronic device in an embodiment according to the invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to fall within the scope of the invention. Furthermore, it should be understood that the detailed description is presented herein for purposes of illustration and description only, and is not intended to limit the invention.
It should be noted that the following description order of the embodiments is not intended to limit the preferred order of the embodiments of the present invention. In the following embodiments, the descriptions of the embodiments are focused on, and for the part that is not described in detail in a certain embodiment, reference may be made to the related descriptions of other embodiments.
The symmetric encryption algorithm is a key-based encryption algorithm, and common symmetric encryption algorithms include AES, DES, 3DES and AES-256. These algorithms use the same key for both encryption and decryption operations and are therefore referred to as symmetric encryption algorithms. The symmetric encryption algorithm has the advantages of high encryption and decryption speed and high encryption strength, and is widely applied to the fields of data encryption and network security. The symmetric encryption algorithm mainly comprises two types of operations: encryption and decryption. These operations operate on plaintext using algorithms and keys to obtain ciphertext. After the ciphertext is transmitted or stored, the ciphertext can be decrypted by the same algorithm and the same secret key to restore the ciphertext into the original plaintext. The main scope that this patent relates to is to use symmetric key encryption and decryption to encrypt and decrypt the OTA upgrade package, ensures that the content is not by leakage and falsification.
The asymmetric encryption algorithm is an encryption algorithm based on public keys and private keys, and common asymmetric encryption algorithms comprise RSA, elgamal, knapsack algorithm, rabin and D-H, ECC. These algorithms use two different keys for encryption and decryption operations and are therefore referred to as asymmetric encryption algorithms. The asymmetric encryption algorithm has the advantages of convenience in key management and high encryption strength, and is widely applied to the fields of data encryption and network security. The asymmetric encryption algorithm mainly comprises three types of operations: public key encryption, private key decryption, private key signature and public key verification, the scope that this patent mainly relates to is private key signature, public key verify the signature, confirms the validity of signature.
The digest algorithm is an algorithm that compresses an arbitrary length message into a fixed length digest (typically 128 bits, 160 bits, or 256 bits). Common digest algorithms are MD5, SHA-1, SHA-2, SHA-3, HMAC, RIPEMD, BLAKE b. The method can compress and encode information in the message, so that the integrity and identity authentication of the message can be rapidly verified under the condition of not revealing original data. The digest is typically generated using a hash function, which is a one-way function that maps input data to fixed-length output values. Since the hash function has unidirectionality and irreversibility, even small input changes can cause great difference of output values, so that the uniqueness and the safety of the digest are ensured.
As shown in fig. 1, the present invention provides a method for refreshing application software of an electronic control unit, which includes the following steps.
Step S1: the cloud acquires each ECU installation package to be updated and a cloud ECU certificate private key corresponding to each ECU installation package to be updated, wherein each ECU installation package to be updated is issued by an ECU research and development team, and each cloud ECU certificate private key corresponding to each ECU installation package to be updated and a vehicle end ECU certificate public key are issued in the cloud in advance, for example, each ECU installation package to be updated is an ECU-1 installation package, an ECU-2 installation package, … and an ECU-N installation package, cloud ECU certificate private keys corresponding to each ECU installation package are cloud ECU-1 certificate private keys, cloud ECU-2 certificate private keys, … and cloud ECU-N certificate private keys, and vehicle end ECU certificate public keys are vehicle end ECU-1 certificate public keys, vehicle end ECU-2 certificate public keys, … and vehicle end ECU-N certificate public keys.
Specifically, the ECU installation package refers to an upgrade software package of an automotive electronic control unit, and is used for ECU upgrade to further improve functionality and stability of the ECU, wherein each ECU defines a set of product numbers when being created, each product number defines a set of corresponding combination of a cloud ECU certificate private key and a vehicle end ECU certificate public key, and the cloud ECU certificate private key and the vehicle end ECU certificate public key are the same key.
Step S2: the cloud performs corresponding asymmetric signature operation on each ECU installation package based on the cloud ECU certificate private key corresponding to each ECU installation package to obtain each signed ECU installation package, specifically, as shown in fig. 2, the signed ECU installation package is used for verifying the source of the ECU installation package when the vehicle end is refreshed and installed, ensuring the available ECU installation package issued by the authorities, then being used for installation, the signed ECU installation package is derived from the asymmetric signature operation performed on each ECU installation package, firstly, the abstract of each ECU installation package is obtained, and then the abstract corresponding to the cloud ECU certificate private key corresponding to each ECU installation package is used for signing, so that each signed ECU installation package is obtained.
Step S3: the cloud end packages the signed ECU installation packages and the description files thereof into a unified OTA upgrade package, specifically, as shown in fig. 2, the cloud end performs unified management on all signed ECU installation packages, takes a whole vehicle upgrade baseline as a standard, packages the signed ECU installation packages and upgrade contents thereof into a unified OTA upgrade package, wherein the upgrade contents can be the description files, the description files comprise description information aiming at the ECU installation packages in the OTA upgrade package, for example, the description files comprise which version of the ECU in the OTA upgrade package is upgraded to, the corresponding relationship between the ECU installation packages and the ECU can be upgraded under what conditions, and the like.
Specifically, the OTA upgrade package includes a summary package of the vehicle-end software update, and each version of the OTA upgrade package summarizes all ECU installation packages used by all vehicle-ends that need to be updated in this version, and manages all signed ECU installation packages through a relevant resource management platform on the cloud end.
Step S4: the cloud obtains the symmetric key, which may be randomly generated by the cloud when encrypting the OTA upgrade package each time, for example, a 64-byte random number may be used, and if other technical requirements are met, the content of the customized other symmetric key may be used for implementing step S4, which is not limited herein.
Step S5: and the cloud end performs symmetric encryption operation on the OTA upgrade package through the symmetric key to obtain an encrypted OTA upgrade package, wherein the algorithm used in the symmetric encryption operation can be DES, 3DES, AES, blowfish, RC4, RC5, RC6 and SM1, SM4 and SM7 algorithms of national cipher.
Specifically, the encrypted OTA upgrade package refers to a binary file package obtained by performing symmetric encryption operation on the OTA upgrade package through a symmetric key, and the binary file package is used for decrypting and restoring by a vehicle end through the same key, so that the content of the OTA upgrade package is ensured not to be leaked and tampered.
Step S6: the cloud generates a signed encryption OTA upgrade package, specifically, as shown in fig. 3, firstly, a digest of the encryption OTA upgrade package is obtained based on a digest algorithm, the digest of the encryption OTA upgrade package is signed by asymmetric encryption operation based on a cloud certificate private key to obtain signature header information of the encryption OTA upgrade package, the signature header information of the encryption OTA upgrade package is assembled to the head of the encryption OTA upgrade package to obtain the signed encryption OTA upgrade package, wherein an algorithm used by the asymmetric encryption operation signature comprises RSA, DSA, ECC, diffie-Hellman, el gamal and SM2 and SM9 algorithms of national keys.
Specifically, a cloud certificate private key and a vehicle-end built-in public key are issued by a root key, the cloud certificate private key issued by the root key at the cloud end carries out asymmetric encryption operation signing on the abstract of the encryption OTA upgrade package, a signature header is generated and is combined into the encryption OTA upgrade package to obtain a signed encryption OTA upgrade package, the vehicle-end carries out asymmetric encryption operation signature verification on the signed encryption OTA upgrade package through the vehicle-end built-in public key issued by the root key, and signature header information stripping is carried out on the signed OTA upgrade package after the signature verification passes, so that the encryption OTA upgrade package is obtained.
Specifically, the signed encrypted OTA upgrade package refers to an encrypted OTA upgrade package containing signature header information, and is used for a vehicle end to verify the source of the signed encrypted OTA upgrade package, ensure that the signed encrypted OTA upgrade package is an available OTA upgrade package issued by authorities, and then is used for installation, as shown in fig. 3, the signed encrypted OTA upgrade package is derived from a digest of the encrypted OTA upgrade package generated by a digest algorithm, and the digest of the encrypted OTA upgrade package is signed by asymmetric encryption operation through a cloud certificate private key issued by a root key, so that the signature header is combined into the encrypted OTA upgrade package to obtain the signed encrypted OTA upgrade package.
Step S7: the cloud generates a signed symmetric key, firstly obtains a digest of the symmetric key, signs the digest of the symmetric key based on a cloud certificate private key through asymmetric encryption operation to obtain signature header information of the symmetric key, assembles the signature header information of the symmetric key to the head of the symmetric key to obtain the signed symmetric key, wherein an algorithm of the asymmetric encryption operation comprises RSA, DSA, ECC, diffie-Hellman, el gamal and SM2 and SM9 algorithms of national keys.
Specifically, as shown in fig. 3, the signed symmetric key refers to a symmetric key file containing signature header information, and is used for verifying the source of the symmetric key by a vehicle end, so as to ensure that the symmetric key is a trusted symmetric key issued by an official authority; generating a digest of the symmetric key through a digest algorithm, performing asymmetric signature operation on the digest of the symmetric key through a cloud certificate private key issued by a root key, generating a signature header, and merging the signature header into symmetric key content to obtain a signed symmetric key.
Step S8: and the cloud transmits the signed encryption OTA upgrade package to the vehicle end through a public network (channel).
Specifically, as shown in fig. 4, the public network refers to a public network established between the vehicle and the internet, and the network is generally provided by a telecom operator and uses a public IP address and a standard protocol for communication, and because the OTA upgrade packet is larger and is not suitable for transmission by adopting a private network with limited bandwidth, the public network adopts a common X509 certificate and HTTP protocol for transmission, and in order to further enhance security, a custom gateway and protocol can also be used for authentication forwarding of the request.
Step S9: and the cloud transmits the signed symmetric key to the vehicle end through a private network (channel).
Specifically, as shown in fig. 4, the private network refers to a private network of a telecom operator, which provides an isolated environment, so that cloud or other vehicles can run and manage their application programs and services in an independent network and communicate with each other, without being directly exposed on the internet, and cannot route and address on the public internet, and the private network allows developers to control the network traffic and access rights of the application programs, thereby improving the security.
Step S10: the vehicle end obtains an encrypted OTA upgrade package, wherein, as shown in fig. 4, public key information contained in a vehicle certificate which is internally arranged in an ICC main control of the vehicle end, namely, a vehicle end internal public key is uniformly issued by a root key, the vehicle end internal public key is utilized to carry out asymmetric encryption operation signature verification on the signed encrypted OTA upgrade package, signature header information stripping is carried out on the signed OTA upgrade package after the signature verification passes, the encrypted OTA upgrade package is obtained, the vehicle end can be helped to verify the legitimacy of the encrypted OTA upgrade package through the asymmetric encryption operation signature, and illegal or malicious software downloading by a user is effectively avoided.
Specifically, the method of verifying the signature by using the built-in public key of the vehicle end to perform asymmetric encryption operation on the signed encrypted OTA upgrade package refers to verifying whether signature information is signed by a corresponding cloud certificate private key or not through the built-in public key of the vehicle end, and is used for verifying the source of the signed encrypted OTA upgrade package by the vehicle end, ensuring that the signed encrypted OTA upgrade package is a trusted encrypted OTA upgrade package signed by an official authority, verifying the signed encrypted OTA upgrade package through the built-in public key of the vehicle end, and removing signature header information after verification passes to obtain the encrypted OTA upgrade package.
Step S11: the vehicle end obtains a symmetric key, wherein, as shown in fig. 4, public key information contained in a vehicle certificate which is internally arranged in the ICC main control of the vehicle end, namely, a vehicle end internal public key, the vehicle end internal public key is uniformly issued by a root key, the vehicle end internal public key is utilized to carry out asymmetric encryption operation signature verification on the signed symmetric key, and signature header information stripping is carried out on the signed symmetric key after the signature verification passes, so as to obtain the symmetric key.
Specifically, the method of signing the signed symmetric key by using the built-in public key of the vehicle end refers to verifying whether the signature information is signed by the corresponding cloud certificate private key through the built-in public key of the vehicle end, and is used for verifying the source of the signed symmetric key by the vehicle end, ensuring that the signed symmetric key is a trusted encryption OTA upgrade package signed by an official body, verifying the signed symmetric key through the built-in public key of the vehicle end, and removing the signature header information after the verification passes to obtain the symmetric key.
Step S12: the vehicle end obtains the OTA upgrade package, specifically, as shown in fig. 4, the vehicle end performs symmetric decryption operation on the encrypted OTA upgrade package obtained in step S10 based on the symmetric key obtained in step S11 to obtain the OTA upgrade package, wherein steps S8-S12 can adopt a differential mode to perform multiple separate synchronous downloads and decryption, finally the OTA upgrade package is combined, the refreshing efficiency of the application software of the electronic control unit is improved, and the decryption mode refers to performing symmetric decryption operation on the encrypted OTA upgrade package through the symmetric key to obtain the OTA upgrade package.
Specifically, the differential mode specifically represents a downloading mode, and it is assumed that a signed encrypted OTA upgrade packet has 10G, and the compressed packet is symmetrically encrypted, and when downloaded, the compressed packet is split into several parts for downloading, and separately decrypted, so as to improve the running speed.
Step S13: the vehicle end obtains each signed ECU installation package based on the OTA upgrade package, distributes each signed ECU installation package to a corresponding ECU, and the ECU enters a state to be installed, specifically, as shown in fig. 5, after obtaining each signed ECU installation package based on the description information of the OTA upgrade package, the vehicle end distributes each signed ECU installation package to a corresponding ECU, the vehicle end system enters the state to be installed, and determines an installation triggering condition according to a user upgrade policy, wherein the user upgrade policy can be understood as an upgrade convention, such as automatic upgrade, designated time period upgrade, user selected upgrade and the like.
Step S14: the vehicle end performs installation, when the vehicle end meets the installation triggering condition, the vehicle end ECU certificate public key corresponding to each signed ECU installation package performs synchronous signature verification on each signed ECU installation package, as shown in fig. 5, when each signed ECU installation package passes through each ECU installation package obtained after signature verification, the refreshing operation of the application software of the electronic control unit is directly performed in series, and by the mode, the signature verification synchronous updating operation can be automatically completed, and the possibility that final software is tampered is avoided.
Step S15: and after the vehicle end is installed, cleaning the backup file after the application software of the electric control unit is refreshed, and automatically entering a normal state of the vehicle.
It should be noted that, the steps in the present invention are not strictly limited, for example, the steps S8 and S9 may be performed synchronously, the step S10 and the step S11 may also be performed synchronously, and for a reasonable change of the steps, the method still belongs to the scope of protection of the present invention, and the method of combining communication between the public network and the private network and decrypting the cloud encrypted vehicle end is used in the present invention, so that the security in the transmission and refreshing process is improved, and the security of the application software refreshing of the electronic control unit is ensured.
As shown in fig. 6, the present invention further provides a security refreshing system for application software of an electronic control unit, including:
the public network transmission module is at least used for acquiring the signed encryption OTA upgrade package and transmitting the signed encryption OTA upgrade package to the vehicle end through the public network;
the private network transmission module is at least used for acquiring the signed symmetric key and transmitting the signed symmetric key to the vehicle end through the private network;
The signature verification module is at least used for respectively verifying the signed encryption OTA upgrade package and the signed symmetric key to obtain an encryption OTA upgrade package and a symmetric key;
the decryption module is at least used for carrying out symmetric decryption operation on the encrypted OTA upgrade package based on the symmetric key to obtain an OTA upgrade package;
And the refreshing execution module is at least used for acquiring each ECU installation package based on the OTA upgrade package, and each ECU installation package is used for executing refreshing of the application software of the electric control unit.
The method ensures the safe refreshing of the ECU application software through the combination communication of the public network and the private network and the cloud encryption vehicle end decryption; the method and the device can rapidly judge the source of the OTA upgrade package through the asymmetric signature algorithm, ensure the safety and the integrity of the installation package through symmetric encryption, save the OTA upgrade cost through transmitting the upgrade package through the public network, and simultaneously utilize the private network to exchange the symmetric key, thereby improving the safety of the updating process and further ensuring the safety of the application software refreshing of the electric control unit.
The invention also provides a vehicle cloud transmission method of the OTA upgrade package, which comprises the following steps:
Acquiring an OTA upgrade package, a symmetric key and a cloud certificate private key at a cloud;
The cloud performs symmetric encryption operation on the OTA upgrade package through the symmetric key to obtain an encrypted OTA upgrade package;
the cloud end carries out asymmetric encryption operation signing on the encryption OTA upgrade package through the cloud end certificate private key to obtain a signed encryption OTA upgrade package, and the signed encryption OTA upgrade package is transmitted to a vehicle end through a public network;
The cloud end carries out asymmetric encryption operation signing on the symmetric key through the cloud end certificate private key to obtain a signed symmetric key, and transmits the signed symmetric key to the vehicle end through a private network, wherein the vehicle end is configured with a vehicle end built-in public key;
the vehicle end carries out asymmetric encryption operation and signature verification on the signed encryption OTA upgrade package and the signed symmetric key respectively based on the built-in public key of the vehicle end to obtain an encryption OTA upgrade package and a symmetric key respectively;
And the vehicle end performs symmetric decryption operation on the encrypted OTA upgrade package based on the symmetric key to obtain the OTA upgrade package.
The method ensures the safety transmission performance of the OTA upgrade package between the vehicle clouds through the combination communication of the public network and the private network and the cloud encryption vehicle end decryption; the method and the device can rapidly judge the source of the OTA upgrade package through the asymmetric signature algorithm, ensure the safety and the integrity of the OTA upgrade package through symmetric encryption, save the OTA upgrade cost through transmitting the OTA upgrade package through a public network, and simultaneously utilize a private network to exchange symmetric encryption keys, thereby improving the safety of the updating process and further ensuring the safety of the application software refreshing of the electric control unit.
As shown in fig. 7, the present invention further provides an electronic device, including: at least one processor; and at least one memory communicatively coupled to the processor, wherein: the memory stores program instructions executable by the processor, the processor invoking the program instructions to perform a method according to any of the embodiments of the invention.
The invention also provides a computer readable storage medium having stored thereon a computer program which, when executed by a computer, performs a method according to any of the embodiments of the invention.
It is understood that the computer-readable storage medium may include: any entity or device capable of carrying a computer program, a recording medium, a USB flash disk, a removable hard disk, a magnetic disk, an optical disk, a computer memory, a read-only memory (ROM), a random access memory (RAM, random Access Memory), a software distribution medium, and so forth. The computer program comprises computer program code. The computer program code may be in the form of source code, object code, executable files, or in some intermediate form, among others. The computer readable storage medium may include: any entity or device capable of carrying computer program code, a recording medium, a U disk, a removable hard disk, a magnetic disk, an optical disk, a computer memory, a read-only memory (ROM), a random access memory (RAM, random Access Memory), a software distribution medium, and so forth.
In some embodiments of the invention, the vehicle device may include a controller, which is a single chip microcomputer chip, integrated with a processor, memory, communication module, etc. The processor may refer to a processor comprised by the controller. The processor may be a central processing unit (Central Processing Unit, CPU), but may also be other general purpose processors, digital signal processors (DIGITAL SIGNAL processor, DSP), application SPECIFIC INTEGRATED Circuit (ASIC), off-the-shelf programmable gate array (field-programmable GATE ARRAY, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like.
Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps of the process, and additional implementations are included within the scope of the preferred embodiment of the present invention in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the present invention.
Those of ordinary skill in the art will appreciate that the elements and algorithm steps of the examples described in connection with the embodiments disclosed herein may be embodied in electronic hardware, in computer software, or in a combination of the two, and that the elements and steps of the examples have been generally described in terms of function in the foregoing description to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims (11)

1. The method for safely refreshing the application software of the electric control unit is characterized by comprising the following steps of:
Acquiring a signed encryption OTA upgrade package, and transmitting the signed encryption OTA upgrade package to a vehicle end through a public network;
Acquiring a signed symmetric key, and transmitting the signed symmetric key to a vehicle end through a private network;
Respectively checking the signed encryption OTA upgrade package and the signed symmetric key to obtain an encryption OTA upgrade package and a symmetric key, and performing symmetric decryption operation on the encryption OTA upgrade package based on the symmetric key to obtain an OTA upgrade package;
and acquiring each ECU installation package based on the OTA upgrade package, wherein each ECU installation package is used for executing refreshing of the application software of the electric control unit.
2. The method for secure refreshing of electronic control unit application software according to claim 1, wherein the obtaining the signed encrypted OTA upgrade package comprises:
Acquiring an OTA upgrade package, a symmetric key, a cloud certificate private key and a vehicle-end built-in public key;
Performing symmetric encryption operation on the OTA upgrade package through the symmetric key to obtain an encrypted OTA upgrade package;
Carrying out asymmetric encryption operation signing on the encrypted OTA upgrade package through the cloud certificate private key to obtain a signed encrypted OTA upgrade package;
and carrying out asymmetric encryption operation signing on the symmetric key through the cloud certificate private key to obtain a signed symmetric key.
3. The method for secure refreshing of application software of an electronic control unit according to claim 1 or 2, wherein the obtaining an OTA upgrade package includes:
acquiring each ECU installation package and cloud ECU certificate private keys corresponding to each ECU installation package;
Performing corresponding asymmetric signature operation on each ECU installation package based on a cloud ECU certificate private key corresponding to each ECU installation package to obtain each signed ECU installation package;
and packaging the signed ECU installation packages and the description files thereof into an OTA upgrade package.
4. The method for safely refreshing the application software of the electronic control unit according to claim 3, wherein the acquiring each ECU installation package based on the OTA upgrade package, the each ECU installation package being used for executing refreshing of the application software of the electronic control unit, comprises:
The vehicle end obtains each signed ECU installation package based on the OTA upgrade package and distributes the signed ECU installation package to the corresponding ECU;
And after the vehicle end meets the installation triggering condition, the vehicle end ECU certificate public key corresponding to each signed ECU installation package carries out synchronous signature verification on each signed ECU installation package, and after the signature verification is passed, the signed ECU installation package directly executes refreshing operation of the application software of the electronic control unit.
5. The method for secure refreshing of application software of an electronic control unit according to claim 2, wherein the signing the signed encrypted OTA upgrade package and the signed symmetric key respectively to obtain an encrypted OTA upgrade package and a symmetric key comprises:
And the vehicle end performs asymmetric encryption operation signature verification on the signed encryption OTA upgrade package and the signed symmetric key based on the built-in public key of the vehicle end to obtain the encryption OTA upgrade package and the symmetric key respectively.
6. The method for secure refreshing of application software of an electronic control unit according to claim 2, wherein the signing the encrypted OTA upgrade package by the asymmetric encryption operation through the cloud certificate private key to obtain a signed encrypted OTA upgrade package comprises:
Acquiring the abstract of the encrypted OTA upgrade package;
And carrying out asymmetric encryption operation signing on the abstract of the encryption OTA upgrade package based on the cloud certificate private key to obtain signature header information of the encryption OTA upgrade package, and assembling the signature header information of the encryption OTA upgrade package to the head of the encryption OTA upgrade package to obtain a signed encryption OTA upgrade package.
7. The method for safely refreshing the application software of the electronic control unit according to claim 2 or 6, wherein the signing the symmetric key by the asymmetric encryption operation through the cloud certificate private key to obtain a signed symmetric key comprises:
obtaining the abstract of the symmetric key;
And signing the abstract of the symmetric key by asymmetric encryption operation based on the cloud certificate private key to obtain signature header information of the symmetric key, and assembling the signature header information of the symmetric key to the head of the symmetric key to obtain the signed symmetric key.
8. A security refresh system for application software of an electronic control unit, comprising:
the public network transmission module is at least used for acquiring the signed encryption OTA upgrade package and transmitting the signed encryption OTA upgrade package to the vehicle end through the public network;
the private network transmission module is at least used for acquiring the signed symmetric key and transmitting the signed symmetric key to the vehicle end through the private network;
The signature verification module is at least used for respectively verifying the signed encryption OTA upgrade package and the signed symmetric key to obtain an encryption OTA upgrade package and a symmetric key;
the decryption module is at least used for carrying out symmetric decryption operation on the encrypted OTA upgrade package based on the symmetric key to obtain an OTA upgrade package;
And the refreshing execution module is at least used for acquiring each ECU installation package based on the OTA upgrade package, and each ECU installation package is used for executing refreshing of the application software of the electric control unit.
9. An OTA upgrade packet-based vehicle cloud transmission method is characterized by comprising the following steps:
acquiring an OTA upgrade package, a symmetric key, a cloud certificate private key and a vehicle-end built-in public key at a cloud;
The cloud performs symmetric encryption operation on the OTA upgrade package through the symmetric key to obtain an encrypted OTA upgrade package;
the cloud end carries out asymmetric encryption operation signing on the encryption OTA upgrade package through the cloud end certificate private key to obtain a signed encryption OTA upgrade package, and the signed encryption OTA upgrade package is transmitted to a vehicle end through a public network;
The cloud end carries out asymmetric encryption operation signing on the symmetric key through the cloud end certificate private key to obtain a signed symmetric key, and transmits the signed symmetric key to a vehicle end through a private network;
the vehicle end carries out asymmetric encryption operation and signature verification on the signed encryption OTA upgrade package and the signed symmetric key respectively based on the built-in public key of the vehicle end to obtain an encryption OTA upgrade package and a symmetric key respectively;
And the vehicle end performs symmetric decryption operation on the encrypted OTA upgrade package based on the symmetric key to obtain the OTA upgrade package.
10. An electronic device, comprising:
At least one processor; and at least one memory communicatively coupled to the processor, wherein: the memory stores program instructions executable by the processor, the processor invoking the program instructions to perform the method of any of claims 1-7 or 9.
11. A readable storage medium storing a computer program, characterized in that the computer program is executed by a processor for performing the method according to any one of claims 1-7 or 9.
CN202311866803.0A 2023-12-29 2023-12-29 Security refreshing method and system for application software of electronic control unit and readable storage medium Pending CN117909987A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311866803.0A CN117909987A (en) 2023-12-29 2023-12-29 Security refreshing method and system for application software of electronic control unit and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311866803.0A CN117909987A (en) 2023-12-29 2023-12-29 Security refreshing method and system for application software of electronic control unit and readable storage medium

Publications (1)

Publication Number Publication Date
CN117909987A true CN117909987A (en) 2024-04-19

Family

ID=90681157

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311866803.0A Pending CN117909987A (en) 2023-12-29 2023-12-29 Security refreshing method and system for application software of electronic control unit and readable storage medium

Country Status (1)

Country Link
CN (1) CN117909987A (en)

Similar Documents

Publication Publication Date Title
US10652015B2 (en) Confidential communication management
US10708072B2 (en) Mutual authentication of confidential communication
EP3437247B1 (en) System and method for distribution of identity based key material and certificate
CA2590989C (en) Protocol and method for client-server mutual authentication using event-based otp
US11356425B2 (en) Techniques for improving security of encrypted vehicle software updates
US10880100B2 (en) Apparatus and method for certificate enrollment
CN112913189B (en) OTA (over the air) upgrading method and device
CN109905384B (en) Data migration method and system
JP2022540653A (en) Data protection and recovery system and method
CN114448641A (en) Privacy encryption method, electronic equipment, storage medium and chip
CN114208109A (en) Method for establishing secure data communication for a processing device, trust module for generating a cryptographic key, and field device
CN116419217A (en) OTA data upgrading method, system, equipment and storage medium
CN108242997B (en) Method and apparatus for secure communication
CN117909987A (en) Security refreshing method and system for application software of electronic control unit and readable storage medium
CN114598465B (en) Data updating method and controller
CN116599772B (en) Data processing method and related equipment
CN117280651A (en) Apparatus and method for decision making
Schramm et al. Secure feature activation
CN117792651A (en) Private key certificate management method, system, processing terminal and storage medium
CN117499032A (en) Communication method, device, equipment and storage medium
CN115276972A (en) Data transmission method, storage medium and vehicle

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination