WO2017152875A1 - 车辆安全通信方法、装置、车辆多媒体系统及车辆 - Google Patents
车辆安全通信方法、装置、车辆多媒体系统及车辆 Download PDFInfo
- Publication number
- WO2017152875A1 WO2017152875A1 PCT/CN2017/076295 CN2017076295W WO2017152875A1 WO 2017152875 A1 WO2017152875 A1 WO 2017152875A1 CN 2017076295 W CN2017076295 W CN 2017076295W WO 2017152875 A1 WO2017152875 A1 WO 2017152875A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- vehicle data
- vehicle
- data
- original
- instruction
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/606—Protecting data by securing the transmission between two devices or processes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/08—Error detection or correction by redundancy in data representation, e.g. by using checking codes
- G06F11/10—Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/74—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
- H04L12/40052—High-speed IEEE 1394 serial bus
- H04L12/40104—Security; Encryption; Content protection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
- H04L67/025—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/30—Services specially adapted for particular environments, situations or purposes
- H04W4/40—Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
- H04W4/44—Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P] for communication between vehicles and infrastructures, e.g. vehicle-to-cloud [V2C] or vehicle-to-home [V2H]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
- H04L2012/40208—Bus networks characterized by the use of a particular bus standard
- H04L2012/40215—Controller Area Network CAN
Definitions
- the present application relates to the field of vehicle networking, and in particular to a vehicle safety communication method, device, vehicle multimedia system and vehicle.
- car multimedia has gradually become another important mobile terminal system for car owners.
- the traditional car-enclosed system of small screens gradually cannot satisfy users.
- many in-vehicle multimedia devices are equipped with 4G modules and WIFI modules, which can access the Internet and allow customers to install their own preferred APP applications.
- Car multimedia is the carrier of accepting cloud services, but this will bring great security risks to customers, because car multimedia and vehicle other There are communication and interconnection of components, and the vehicle multimedia will issue many commands to control other parts of the vehicle.
- the car multimedia is like a computer and a mobile phone, and is easily invaded by malicious programs.
- the criminals will remotely simulate the cloud server to send the car to the car. Error instruction.
- the purpose of the present application is to provide a vehicle safety communication method, device, vehicle multimedia system and vehicle to improve safety when the vehicle is connected to the network.
- a vehicle safety communication method is provided, the vehicle including an open system, a security chip, and a closed system, between the open system and the closed system
- the method is applied to the security chip by the secure chip connection, and the method includes receiving a first vehicle data instruction from the closed system, wherein the first vehicle data instruction includes raw vehicle data Encrypting the original vehicle data to obtain corresponding encrypted vehicle data; replacing the original vehicle data in the first vehicle data command with the encrypted vehicle data to form a second vehicle data command, and The second vehicle data command is sent to the open system.
- a method of vehicle safety communication comprising an open system, a full chip and a closed system, the open system being connected to the closed system by the security chip, the open system being connected to a server, the method being applied to the server, and the method comprising Receiving vehicle data instructions from the open system, wherein the vehicle data instructions are forwarded by the open system from the security chip, and the vehicle data instructions include encrypted vehicle data; for the vehicle The encrypted vehicle data in the data command is decrypted; when the decryption is successful, the decrypted vehicle data is obtained; and the decrypted vehicle data is processed.
- a vehicle safety communication device comprising an open system, a security chip and a closed system, the security chip being passed between the open system and the closed system Connected, the device is configured on the security chip, and the device includes a first receiving module configured to receive a first vehicle data instruction from the closed system, wherein the first vehicle data instruction comprises Original vehicle data; an encryption module configured to encrypt the original vehicle data to obtain corresponding encrypted vehicle data; a transmitting module configured to replace the original vehicle data in the first vehicle data instruction with The encrypted vehicle data forms a second vehicle data command and transmits the second vehicle data command to the open system.
- a vehicle safety communication device comprising an open system, a security chip and a closed system, the security chip being passed between the open system and the closed system Connected, the open system is coupled to a server, the device is configured at the server, and the apparatus includes: a second receiving module configured to receive vehicle data instructions from the open system, wherein Vehicle data instructions are forwarded by the open system from the security chip, and the vehicle data instructions include encrypted vehicle data; a decryption module configured to decrypt the encrypted vehicle data in the vehicle data instructions Decrypting vehicle data when decrypted successfully; and a processing module configured to process the decrypted vehicle data.
- a vehicle multimedia system comprising: a closed system for collecting raw vehicle data and transmitting a first vehicle data instruction including the original vehicle data; a chip, the security chip comprising the vehicle safety communication device provided according to the third aspect of the present application; an open system, the open system communicates with the closed system by the security chip, and the opening
- the system is also in communication with a server for receiving the second vehicle data command from the security chip and forwarding the second vehicle data command to the server.
- a vehicle comprising a vehicle multimedia system provided in accordance with the fifth aspect of the present application.
- the vehicle data from the closed system is encrypted by the security chip, and the encrypted vehicle data is sent to the server through the open system, and the server performs decryption processing, only when the decryption succeeds, the server In order to obtain vehicle data from a closed system.
- FIG. 1 is a schematic diagram of an implementation environment, according to an exemplary embodiment.
- FIG. 2 is a structural block diagram of a vehicle multimedia system configured in a vehicle, according to an exemplary embodiment.
- FIG. 3 is a flowchart of a method for secure communication of a vehicle, according to an exemplary embodiment.
- FIG. 4 is a flow chart showing another method of vehicle safety communication according to an exemplary embodiment.
- FIG. 5 is a diagram of signaling interaction between a user terminal, a server, an open system, a security chip, and a closed system during vehicle communication, according to an exemplary embodiment.
- Figure 6A is a schematic diagram showing the composition of an example first control command.
- FIG. 6B is a schematic diagram showing the composition of another example first control instruction.
- Figure 6C is a schematic diagram showing the composition of an example second control command.
- FIG. 7 is a flowchart of a method of vehicle safety communication according to another exemplary embodiment.
- FIG. 8 is a schematic diagram of the composition of an example first vehicle data command.
- FIG. 9 is a flowchart of another method of vehicle safety communication according to another exemplary embodiment.
- FIG. 10 is a diagram showing a signaling interaction between a server, an open system, a security chip, and a closed system during vehicle communication, according to another exemplary embodiment.
- 11A is a schematic diagram showing the composition of another example first vehicle data command.
- Figure 11B is a schematic diagram of the composition of an example second vehicle data command.
- 11C is a schematic diagram showing the composition of another example first vehicle data command.
- FIG. 12 is a block diagram of a vehicle safety communication device, according to an exemplary embodiment.
- FIG. 13 is a block diagram of a vehicle safety communication device, according to another exemplary embodiment.
- FIG. 1 is a schematic diagram of an implementation environment, according to an exemplary embodiment. As shown in FIG. 1, the implementation environment may include a user terminal 100, a server 200, and a vehicle 300.
- server 200 may be an electronic device that provides service to vehicle 300, which may be owned by a service provider of vehicle 300.
- the user can register on the server 200 through the user terminal 100 to associate the user terminal 100 with the vehicle 300, such that the user terminal 100 can communicate with the vehicle 300 via the server 200, thereby realizing remote control of the vehicle 300 by the user.
- the vehicle 300 can also feed back vehicle related data to the server 200 so that the service provider can remotely maintain the vehicle 300, and if necessary, the server 200 can also feed back the vehicle related data to the user terminal 100, thereby enabling the user Be able to keep track of the condition of the vehicle.
- the user terminal 100 may be an electronic device capable of networking and communicating with the server 200.
- User The terminal 100 can be, for example, a smartphone, a tablet, a PC, a laptop, and the like.
- the user terminal 100 is a smart phone.
- FIG. 2 is a configuration in the vehicle according to an exemplary embodiment.
- the vehicle multimedia system can include an open system 301 and a closed system 302.
- the open system 301 is used for the vehicle 300 to be networked, to communicate with an external device (for example, the server 200), and to allow the user to install various APP applications according to preferences.
- the open system 301 may be configured with an open core board 303 and a networking module 304 (the networking module 304 may be, for example, a WiFi module, a GPS module, a 3G module, a 4G module, etc.), wherein the open core board 303 Connected to the networking module 304, a networking operation can be performed through the networking module 304 to communicate with an external device (eg, the server 200).
- the networking module 304 may be, for example, a WiFi module, a GPS module, a 3G module, a 4G module, etc.
- the closed system 302 is not allowed to access the Internet for interactive communication with the entire vehicle.
- the closed system 302 can be configured with a micro control unit MCU 305 of the vehicle 300, the micro control unit MCU 305 can be connected to the vehicle CAN bus, through the CAN bus, the micro control unit MCU 305 can control the whole vehicle operation, and Obtain vehicle data from the CAN bus.
- the open system 301 and the closed system 302 can each operate independently.
- the open system 301 and the closed system 302 can be connected by a security chip 306.
- the open core board 303 and the MCU 305 are connected by a security chip 306.
- the open core board 303 and the security chip 306 can be connected through an SDIO (Secure Digital Input Output) interface, and the security chip 306 and the MCU 305 can be connected through a standard port of an SPI (Serial Peripheral Interface).
- the security chip 306 may select an SSX1207 type security chip, which may provide services such as data encryption, identity authentication, limited security storage, and the like. Through the security chip 306, security when the vehicle is connected to the Internet can be improved.
- both the open system 301 and the closed system 302 described in the present application may be an operating system.
- open system 301 can be an Android system and closed system 302 can be a Linux system. It should be understood that this example is merely illustrative of the open system 301 and the closed system 302 and does not define two systems.
- the open system 301 can be a Linux system
- the closed system 302 can be an Android system, or both can be an Android system;
- FIG. 3 is a flowchart of a method for secure communication of a vehicle according to an exemplary embodiment, wherein the method may be applied to a server, for example, the server 200 shown in FIG. 1. As shown in FIG. 3, the method can include the following steps.
- step S301 raw control data from the user terminal is received, wherein the raw control data is used to indicate a target operation to be performed by the vehicle.
- the target operations may include, but are not limited to, the following: unlocking, starting, accelerating, decelerating, extinguishing, locking the car, window lifting, multimedia device control (starting, volume adjustment, switching multimedia files, etc.), and the like.
- step S302 the original control data is encrypted to obtain corresponding encryption control data.
- the server may pre-assign the encryption protocol with the security chip, so that the server may perform encryption processing on the received original control data according to the encryption protocol, and obtain encrypted control data.
- step S303 the encryption control data is transmitted to the open system.
- the open system may generate a first control instruction and include the received encrypted control data in the first control instruction. Thereafter, the open system sends the first control command to the security chip to perform security authentication on the encrypted control data by the security chip.
- FIG. 4 is a flow chart showing another method of vehicle safety communication according to an exemplary embodiment, wherein the method may be applied to a security chip, for example, the security chip 306 shown in FIG. 2. As shown in FIG. 4, the method can include the following steps.
- step S401 a first control instruction from an open system is received, wherein the first control instruction includes encrypted control data.
- step S402 the encrypted control data in the first control command is decrypted.
- the server can pre-agreed an encryption protocol with the security chip, so that the security chip can decrypt the encrypted control data in the received first control instruction according to the encryption protocol.
- step S403 when the decryption is successful, decryption control data is obtained.
- step S404 the encryption control data in the first control instruction is replaced with the decryption control data, forming a second control instruction, and transmitting the second control instruction to the closed system, so that the closed system is based on the second control The command controls the vehicle to perform the target operation.
- the second control instruction sent to the closed system may also indicate The target operation to be performed by the vehicle is an unlocking operation.
- the closed system for example, the MCU
- receives the second control command by analyzing the second control command, it can be known that the target operation is an unlock operation, and then the closed system can send the unlock command to the CAN bus.
- the unlocking component in the vehicle is capable of acquiring this unlocking command from the CAN bus, and performs an unlocking operation according to the unlocking command, thereby completing the unlocking operation of the vehicle.
- FIG. 5 is a diagram of signaling interaction between a user terminal, a server, an open system, a security chip, and a closed system during vehicle communication, according to an exemplary embodiment.
- the user terminal is, for example, the user terminal 100 shown in FIG. 1
- the server is, for example, the server 200 shown in FIG. 1
- the open system is, for example, the open system 301 shown in FIG. 2
- the security chip is, for example, the one shown in FIG. 2 .
- the security chip 306, the closed system is, for example, the closed system 302 shown in FIG. Figure 5 relates to the above steps in the server and communication method for the secure chip of the security chip, and thus its specific signaling interaction process will not be described in detail herein.
- the above vehicle safety communication method applied to the security chip may further include not transmitting any control instruction to the closed system when the decryption fails. That is, once the decryption fails, the security chip can intercept instructions from the open system. For example, when an open system is invaded by a malicious program and impersonates the open system to send a control command, the control command will not be sent to the closed system due to the protection of the security chip, thereby ensuring the security of the closed system and the whole vehicle. Sex.
- the encrypted control data is sent to the open system of the vehicle by the server, and the The encrypted control data can be forwarded to the security chip by the open system, and the security chip performs decryption processing. Only when the decryption succeeds, the decrypted control data is sent to the closed system. At this time, the closed system The vehicle is controlled to perform corresponding operations based on the control data. Thereby, the safety of the vehicle network communication can be improved, and only legal control data can be transmitted to the closed system, thereby preventing the wrong control of the vehicle due to the invasion of the malicious program, thereby ensuring the safety of the vehicle remote control. .
- the security chip can count the number of failed decryptions. When the number of decryption failures reaches a preset number of times (for example, ⁇ 1), it indicates that the open system may have a large security risk at this time.
- the security chip can send a restart command and/or a kill command to the open system, wherein the restart command can be used to control the open system to perform a restart operation, and the antivirus command can be used to control the open system for antivirus. operating. In this way, the security risks of the open system can be lifted to a certain extent, and the malicious program is prevented from threatening the security of the open system for a long time.
- the server may further calculate a parity code of the original control data after receiving the original control data. This parity code is then sent to the open system. After receiving the parity code of the original control data, the open system may be included in the first control instruction together with the encryption control data. For example, the composition of the first control instruction at this time may be as shown in FIG. 6A.
- the security chip may first decrypt the encrypted control data therein, and if the decryption is successful, the decryption control data can be obtained. Thereafter, the security chip can calculate the parity of the decryption control data.
- the decryption control data should be identical to the original control data, so the parity of both should be the same.
- the security chip may further determine that the received first control instruction is a legal instruction, and therefore, the first The encrypted control data in the control command is replaced with decryption control data, a second control command is formed, and the second control command is sent to the closed system.
- the security chip may determine that the received first control instruction is an illegal instruction, and at this time, the instruction may be intercepted. No instructions are sent to the closed system to ensure vehicle safety.
- the accuracy of the legal instruction recognition can be further improved, and the possibility of erroneously identifying the illegal instruction as a legal instruction can be reduced, thereby further improving the safety of the entire vehicle.
- the user can send raw control data to the server through the user terminal, which can be used to indicate the target operation to be performed by the vehicle.
- different target operations may have different levels of security, and the level of security of the target operation can be used to indicate whether the target operation is a sensitive operation.
- the server may directly encrypt the original control data regardless of the security level of the target operation indicated by the original control data.
- the server may selectively encrypt the original control data based on whether the target operation indicated by the original control data is a sensitive operation.
- the server may determine the security level information of the original control data according to the target operation indicated by the original control data, where the security level information may be used to indicate whether the original control data is sensitive data.
- a list of sensitive operations can be pre-stored in the server so that the server receives the original
- the target operation information can be learned by analyzing the original control data.
- the server can then query the list of sensitive operations. If the target operation information is queried in the sensitive operation list, it indicates that the target operation is a sensitive operation. Accordingly, the raw control data is sensitive data. If the target operation information is not queried in the sensitive operation list, it indicates that the target operation is a non-sensitive operation. Accordingly, the raw control data is non-sensitive data.
- the server When the security level information of the original control data indicates that the original control data is sensitive data, the server encrypts the original control data to obtain corresponding encryption control data. That is, the encryption processing operation is only for sensitive data. When the security level information of the original control data indicates that the original control data is non-sensitive data, the server may not encrypt the original control data and directly send the original control data to the open system.
- the security level information of the original control data can also be sent to the open system at the same time.
- the security level information of the original control data is appended to the header of the encryption control data or the original control data to form a signaling, which is then sent to the open system.
- the open system can determine whether the control data included in the signaling is encrypted or not (ie, original) by parsing the header information.
- the security level information of the original control data indicates that the original control data is sensitive data
- the open system generates and sends a first control instruction to the security chip, where the first control instruction may include: security level information and encryption of the original control data. Control data.
- the open system may generate and send a third control instruction to the security chip, where the third control instruction may include: security level information of the original control data And raw control data.
- the security chip can learn whether the control data included in the instruction is encrypted by the security level information included therein. If yes, it is determined that the first control command is received, and the decryption process is performed according to the method shown in FIG. 4. If not, it is determined that the third control command is received, and at this time, the decryption process may not be performed. Instead, the third control command is sent directly to the closed system.
- the MCU in the closed system can learn in various ways that the control data in the command is intended to control what target operation the vehicle performs. For example, in one embodiment, after the MCU in the closed system receives the second control command from the security chip, it can extract the decryption control data therefrom.
- a control data-operation map may be pre-stored in the MCU, in which at least one operation and control data corresponding to each operation are recorded. The MCU can use the extracted decryption control data to query the mapping table to learn the corresponding operation from the mapping table, which is the target operation to be performed by the vehicle.
- the server may generate first mapping instruction data after deriving the target operation by parsing the original control data, wherein the first mapping instruction data may be used to identify the target operation.
- the server can then send the first mapping instruction data to the open system.
- the open system can include the first mapping instruction data in the first control instruction, for example, the composition of the first control instruction formed at this time is as shown in FIG. 6B.
- the security chip is successfully decrypted
- the first mapping instruction data may be retained in the formed second control instruction.
- the composition of the second control instruction formed at this time is as shown in FIG. 6C.
- the MCU can send the decryption control data included in the second control instruction to the CAN bus to acquire the decryption control data from the CAN bus by the corresponding executing component, and then execute the corresponding Target operation.
- the security chip may first determine whether the transmission of the first control instruction is normal before decrypting the encrypted control data in the first control instruction.
- the encryption control data in the first control instruction is decrypted when it is determined that the transmission of the first control command is normal.
- the open system first calculates a parity code of the first control instruction before transmitting the first control instruction to the security chip, and appends the parity code to the tail of the first control instruction to form a signaling. And sent to the security chip. After receiving the signaling, the security chip can extract information other than the tail information and calculate the parity of the information. When the calculated parity code coincides with the parity code included in the trailer information, it indicates that the transmission of the first control command is normal. Otherwise, it indicates that the transmission of the first control instruction is abnormal.
- the security chip may send the first retransmission instruction to the open system, wherein the first retransmission instruction may be used to instruct the open system to retransmit the first control instruction.
- the first control command that is originally legal is caused by the transmission interference to cause the security chip to fail to decrypt, thereby further improving the accuracy and reliability of the security authentication.
- the closed system may also feed back vehicle data to the server via a security chip and an open system, as described below.
- FIG. 7 is a flowchart of a method for secure communication of a vehicle according to another exemplary embodiment, wherein the method may be applied to a security chip, for example, the security chip 306 shown in FIG. 2. As shown in FIG. 7, the method may include the following steps.
- a first vehicle data instruction is received from a closed system (eg, closed system 302 shown in FIG. 2), wherein the first vehicle data instruction includes raw vehicle data.
- a closed system eg, closed system 302 shown in FIG. 2
- the MCU in the closed system may acquire raw vehicle data from the CAN bus
- the original vehicle data may include various types of vehicle data, for example, execution result data of the vehicle for the target operation after performing the target operation, or, in response to External vehicle data that is externally requested (for example, a data acquisition request from a server), or vehicle data that the vehicle actively reports to the server, and the like.
- the unlocking component can feed back the unlocking result to the CAN bus.
- the MCU can listen to this data from the CAN bus and generate a first vehicle data command, after which the data is included as raw vehicle data in the first vehicle data command and sent to the security chip.
- the MCU may further generate second mapping instruction data after the data is monitored, wherein the second mapping instruction data may be used to identify the type of the original vehicle data.
- the second mapping instruction data generated by the MCU may be used to identify the type of the original vehicle data as the unlocking result.
- the MCU may include the second mapping instruction data in the first vehicle data instruction, such as the first vehicle data instruction shown in FIG. 8, so that the server can learn the second mapping instruction data through the second mapping instruction data in the future. The type of raw vehicle data is processed accordingly.
- step S702 the original vehicle data is encrypted to obtain corresponding encrypted vehicle data.
- the server can pre-agreed an encryption protocol with the security chip, so that the security chip can encrypt the original vehicle data in the received first vehicle data instruction according to the encryption protocol, and obtain encrypted vehicle data.
- step S703 the original vehicle data in the first vehicle data command is replaced with encrypted vehicle data, a second vehicle data command is formed, and the second vehicle data command is transmitted to the open system.
- the open system After receiving the second vehicle data command from the security chip, the open system can forward it to the server for decryption processing by the server.
- FIG. 9 is a flowchart of another method of vehicle safety communication according to another exemplary embodiment, wherein the method may be applied to a server, for example, the server 200 shown in FIG. 1. As shown in FIG. 9, the method may include the following steps.
- step S901 a second vehicle data command from the open system is received, wherein the second vehicle data command is forwarded by the open system from the security chip, and the second vehicle data command includes encrypted vehicle data.
- step S902 the encrypted vehicle data in the second vehicle data command is decrypted.
- the server can pre-agreed an encryption protocol with the security chip, so that the server can decrypt the encrypted vehicle data in the received second vehicle data command according to the encryption protocol.
- step S903 when the decryption is successful, the decrypted vehicle data is obtained.
- step S904 the decrypted vehicle data is processed.
- the processing may include, but is not limited to, storing, displaying, forwarding to a user terminal, and the like.
- the server may transmit the decrypted vehicle data to the user terminal after the decryption succeeds in obtaining the decrypted vehicle data to inform the user of the execution result.
- FIG. 10 is a diagram showing a signaling interaction between a server, an open system, a security chip, and a closed system during vehicle communication, according to another exemplary embodiment.
- the server is, for example, the server 200 shown in FIG. 1
- the open system is, for example, the open system 301 shown in FIG. 2
- the security chip is, for example, the security chip 306 shown in FIG. 2
- the closed system is, for example, as shown in FIG. 2 .
- Figure 10 relates to the steps in the above-described vehicle security communication method for a server and for a security chip, and thus, its specific signaling interaction process will not be described in detail herein.
- the vehicle data from the closed system is encrypted by the security chip, and the encrypted vehicle data is sent to the server through the open system, and the server performs decryption processing only when decrypting On success, the server can get vehicle data from the closed system. Thereby, it is possible to prevent the illegal server owner from learning the vehicle information, thereby ensuring the safety of the vehicle information.
- the MCU in the closed system may calculate the parity of the original vehicle data after acquiring the original vehicle data.
- the closed system can then include it in the first vehicle data command along with the original vehicle data, for example, the composition of the first vehicle data command at this time can be as shown in FIG. 11A.
- the security chip may first encrypt the original vehicle data therein to obtain encrypted vehicle data.
- the original vehicle data in the first vehicle data command is replaced with the encrypted vehicle data to form a second vehicle data command, for example, the composition of the second vehicle data command at this time may be as shown in FIG. 11B, and the second vehicle is Data instructions are sent to the open system.
- the server may first decrypt the encrypted vehicle data therein, and if the decryption is successful, the decrypted vehicle data can be obtained.
- the decrypted vehicle data should be identical to the original vehicle data, so the parity of both should be the same.
- the server may determine that the received second vehicle data command is a legal command, wherein the decrypted vehicle data is Real vehicle data from the vehicle. At this point, the decrypted vehicle data can be processed.
- the original vehicle data acquired by the MCU in the closed system may have different security levels, wherein the security level information may be used to indicate whether the original vehicle data is sensitive data.
- the MCU may include the security level information of the original vehicle data in the first vehicle data command.
- the composition of the first vehicle data command at this time may be as shown in FIG. 11C. Shown.
- the security chip may encrypt the raw vehicle data regardless of the security level of the original vehicle data.
- the security chip when the security level information indicates that the original vehicle data is sensitive data, the security chip encrypts the original vehicle data in the first vehicle data command to obtain corresponding encrypted vehicle data. That is, the encryption processing operation is only for sensitive data.
- the security chip may not encrypt the original vehicle data.
- the security chip may generate a second vehicle data instruction, wherein the second vehicle data instruction may include security level information of the original vehicle data, and encrypted vehicle data. .
- the security chip can directly forward the first vehicle data command to the open system.
- the server may determine whether the vehicle data included in the vehicle data instruction is encrypted or not encrypted by parsing the security level information therein (ie, original).
- the server can determine that the second vehicle data command is received and decrypt the encrypted vehicle data therein.
- the security level information indicates that the original vehicle data is non-sensitive data
- the server can determine that the first vehicle data command is received and can directly process the original vehicle data therein.
- the security chip may determine whether the transmission of the first vehicle data command is normal before performing encryption processing on the original vehicle data in the first vehicle data command. .
- the original vehicle data in the first vehicle data command is encrypted when it is determined that the transmission of the first vehicle data command is normal.
- the closed system first calculates a parity code of the first vehicle data instruction and sends the parity code to the tail of the first vehicle data instruction before transmitting the first vehicle data instruction to the security chip.
- a signaling is sent to the security chip.
- the security chip can extract information other than the tail information and calculate the parity of the information.
- the calculated parity code coincides with the parity code included in the trailer information, it indicates that the transmission of the first vehicle data command is normal. Otherwise, it indicates that the transmission of the first vehicle data command is abnormal.
- the security chip may transmit a second retransmission instruction to the closed system, wherein the second retransmission instruction may be used to instruct the closed system to retransmit the first vehicle data instruction.
- the server side it is possible to determine whether the transmission of the second vehicle data command is normal before decrypting the encrypted vehicle data in the received second vehicle data command.
- the encrypted vehicle data in the second vehicle data command is decrypted when it is determined that the transmission of the second vehicle data command is normal.
- the security chip may first calculate a parity code of the second vehicle data instruction and send the parity code to the tail of the second vehicle data instruction before transmitting the second vehicle data instruction to the open system.
- a signaling is formed and sent to the open system.
- the open system can extract information other than the tail information and calculate the parity of the information.
- the calculated parity code coincides with the parity code included in the trailer information, it indicates that the transmission of the second vehicle data command is normal between the security chip and the open system. Otherwise, it indicates that the transmission of the second vehicle data command is abnormal between the security chip and the open system.
- the open system can forward the signaling directly to the server.
- the server may extract information other than the tail information and calculate a parity code of the information.
- the calculated parity code coincides with the parity code included in the trailer information, it indicates that the transmission of the second vehicle data command is normal between the server and the open system. Otherwise, it indicates that the transmission of the second vehicle data command is abnormal between the server and the open system.
- the open system may send a third retransmission instruction to the security chip, wherein the third retransmission instruction is used to instruct the security chip to retransmit Second vehicle data command.
- the server may send a fourth retransmission instruction to the open system, wherein the fourth retransmission instruction is used to indicate the open system retransmission Two vehicle data instructions.
- FIG. 12 is a block diagram of a vehicle safety communication device 1200, which may be configured in a security chip, such as the security chip 306 shown in FIG. 2, according to an exemplary embodiment.
- the apparatus 1200 can include a first receiving module 1201 configured to receive a first vehicle data command from a closed system, wherein the first vehicle data instruction includes raw vehicle data; an encryption module 1202, Configuring to encrypt the original vehicle data to obtain corresponding encrypted vehicle data; the transmitting module 1203 is configured to replace the original vehicle data in the first vehicle data command with the encrypted vehicle data to form a second vehicle data command, and The second vehicle data command is sent to the open system.
- the first vehicle data instruction further includes security level information of the original vehicle data, wherein the security level information is used to indicate whether the original vehicle data is sensitive data; and the encryption module 1202 is configured to be secure When the level information indicates that the original vehicle data is sensitive data, the original vehicle data in the first vehicle data command is encrypted to obtain corresponding encrypted vehicle data.
- the apparatus 1200 may further include: a first determining module configured to determine whether the transmission of the first vehicle data instruction is normal; the encryption module 1202 configured to determine that the transmission of the first vehicle data instruction is normal At the time, the original vehicle data in the first vehicle data command is encrypted to obtain corresponding encrypted vehicle data.
- FIG. 13 is a block diagram of another vehicle safety communication device 1300, which may be configured in a server, such as server 200 shown in FIG. 1, according to an exemplary embodiment.
- the apparatus 1300 can include a second receiving module 1301 configured to receive vehicle data instructions from an open system, wherein the vehicle data instructions are forwarded by the open system from the security chip, and the vehicle The data instructions include encrypted vehicle data; a decryption module 1302 configured to decrypt encrypted vehicle data in the vehicle data instructions, to obtain decrypted vehicle data when the decryption is successful; and a processing module 1303 configured to process the decrypted vehicle data.
- the vehicle data instruction further includes a parity code associated with the original vehicle data corresponding to the encrypted vehicle data prior to encryption; the apparatus 1300 may further include: a calculation module configured to calculate the decrypted vehicle data The parity module; the processing module 1303, configured to process the decrypted vehicle data when the parity code included in the vehicle data instruction coincides with the parity code of the decrypted vehicle data.
- the apparatus 1300 may further include: a second determining module configured to determine whether the transmission of the vehicle data instruction is normal; the decrypting module 1302 is configured to, when determining that the transmission of the vehicle data instruction is normal, to the vehicle The encrypted vehicle data in the data command is decrypted.
- a second determining module configured to determine whether the transmission of the vehicle data instruction is normal
- the decrypting module 1302 is configured to, when determining that the transmission of the vehicle data instruction is normal, to the vehicle The encrypted vehicle data in the data command is decrypted.
- the vehicle data from the closed system is encrypted by the security chip, and the encrypted vehicle data is sent to the server through the open system, and the server performs decryption processing, only when the decryption succeeds, the server In order to obtain raw vehicle data from a closed system.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Computing Systems (AREA)
- Quality & Reliability (AREA)
- Mathematical Physics (AREA)
- Medical Informatics (AREA)
- Telephonic Communication Services (AREA)
- Selective Calling Equipment (AREA)
- Lock And Its Accessories (AREA)
Abstract
本申请公开了一种车辆安全通信方法、装置、车辆多媒体系统及车辆。车辆包括开放式系统、安全芯片和封闭式系统,开放式系统与封闭式系统之间通过安全芯片连接,方法应用于安全芯片,并且方法包括:接收来自封闭式系统的第一车辆数据指令,其中,第一车辆数据指令包括原始车辆数据;对原始车辆数据进行加密,得到相对应的加密车辆数据;将第一车辆数据指令中的原始车辆数据替换为加密车辆数据,形成第二车辆数据指令,并将第二车辆数据指令发送至开放式系统。
Description
相关申请的交叉引用
本申请基于申请号为201610141465.8,申请日为2016年3月11日的中国专利申请提出,并要求该中国专利申请的优先权,该中国专利申请的全部内容在此引入本申请作为参考。
本申请涉及车联网领域,具体地,涉及一种车辆安全通信方法、装置、车辆多媒体系统及车辆。
随着车载多媒体的大屏化的发展和车联网以及4G、WIFI热点的普及,车载多媒体逐渐成为车主的另一个重要的移动终端系统,原有小屏幕的传统车机封闭式系统渐渐无法满足用户越来越多的娱乐化和多媒体化需求。目前,许多车载多媒体都开始搭载4G模块和WIFI模块,可以接入互联网,并允许客户自行安装偏好的APP应用。另外,随着大数据和云服务的发展,出现了远程控制车机的技术,车载多媒体是接受云服务的载体,但是这样会给客户带来很大的安全隐患,因为车载多媒体和整车其他部件存在通信和互联,车载多媒体会发出很多控制整车其他部件的指令,一旦联网之后,车载多媒体就像电脑和手机一样,容易遭到恶意程序的入侵,不法分子会远程模拟云服务器给汽车发送错误指令。一旦被恶意入侵,可能会导致不法分子获取车辆相关的数据信息,导致车辆数据的泄露,所以对车载多媒体接入互联网时进行必要的信息安全保障是很有必要的。
发明内容
本申请的目的是提供一种车辆安全通信方法、装置、车辆多媒体系统及车辆,以提高车辆联网通信时的安全性。
为了实现上述目的,根据本申请的第一方面,提供了一种车辆安全通信方法,所述车辆包括开放式系统、安全芯片和封闭式系统,所述开放式系统与所述封闭式系统之间通过所述安全芯片连接,所述方法应用于所述安全芯片,并且所述方法包括:接收来自所述封闭式系统的第一车辆数据指令,其中,所述第一车辆数据指令包括原始车辆数据;对所述原始车辆数据进行加密,得到相对应的加密车辆数据;将所述第一车辆数据指令中的所述原始车辆数据替换为所述加密车辆数据,形成第二车辆数据指令,并将所述第二车辆数据指令发送至所述开放式系统。
根据本申请的第二方面,提供了一种车辆安全通信方法,所述车辆包括开放式系统、安
全芯片和封闭式系统,所述开放式系统与所述封闭式系统之间通过所述安全芯片连接,所述开放式系统与服务器连接,所述方法应用于所述服务器,并且所述方法包括:接收来自所述开放式系统的车辆数据指令,其中,所述车辆数据指令是由所述开放式系统从所述安全芯片转发的,并且所述车辆数据指令包括加密车辆数据;对所述车辆数据指令中的所述加密车辆数据进行解密;当解密成功时,得到解密车辆数据;以及处理所述解密车辆数据。
根据本申请的第三方面,提供了一种车辆安全通信装置,所述车辆包括开放式系统、安全芯片和封闭式系统,所述开放式系统与所述封闭式系统之间通过所述安全芯片连接,所述装置配置于所述安全芯片,并且所述装置包括:第一接收模块,被配置为接收来自所述封闭式系统的第一车辆数据指令,其中,所述第一车辆数据指令包括原始车辆数据;加密模块,被配置为对所述原始车辆数据进行加密,得到相对应的加密车辆数据;发送模块,被配置为将所述第一车辆数据指令中的所述原始车辆数据替换为所述加密车辆数据,形成第二车辆数据指令,并将所述第二车辆数据指令发送至所述开放式系统。
根据本申请的第四方面,提供了一种车辆安全通信装置,所述车辆包括开放式系统、安全芯片和封闭式系统,所述开放式系统与所述封闭式系统之间通过所述安全芯片连接,所述开放式系统与服务器连接,所述装置配置于所述服务器,并且所述装置包括:第二接收模块,被配置为接收来自所述开放式系统的车辆数据指令,其中,所述车辆数据指令是由所述开放式系统从所述安全芯片转发的,并且所述车辆数据指令包括加密车辆数据;解密模块,被配置为对所述车辆数据指令中的所述加密车辆数据进行解密,当解密成功时,得到解密车辆数据;以及处理模块,被配置为处理所述解密车辆数据。
根据本申请的第五方面,提供了一种车辆多媒体系统,所述车辆多媒体系统包括:封闭式系统,用于采集原始车辆数据,并发送包括所述原始车辆数据的第一车辆数据指令;安全芯片,该安全芯片包括根据本申请的第三方面提供的所述车辆安全通信装置;开放式系统,所述开放式系统与所述封闭式系统之间通过所述安全芯片通信,并且所述开放式系统还与服务器进行通信,所述开放式系统用于接收来自所述安全芯片的所述第二车辆数据指令,并将所述第二车辆数据指令转发至所述服务器。
根据本申请的第六方面,提供了一种车辆,该车辆包括根据本申请的第五方面提供的车辆多媒体系统。
在上述技术方案中,通过安全芯片对来自封闭式系统的车辆数据进行加密处理,并通过开放式系统将经过加密处理的车辆数据发送至服务器,由服务器进行解密处理,只有在解密成功时,服务器才能获取到来自封闭式系统的车辆数据。由此,能够避免非法的服务器所有者获悉车辆信息,从而确保车辆信息的安全性。
本申请的其他特征和优点将在随后的具体实施方式部分予以详细说明。
附图是用来提供对本申请的进一步理解,并且构成说明书的一部分,与下面的具体实施方式一起用于解释本申请,但并不构成对本申请的限制。在附图中:
图1是根据一示例性实施例示出的一种实施环境的示意图。
图2是根据一示例性实施例示出的一种配置在车辆中的车辆多媒体系统的结构框图。
图3是根据一示例性实施例示出的一种车辆安全通信方法的流程图。
图4是根据一示例性实施例示出的另一种车辆安全通信方法的流程图。
图5是根据一示例性实施例示出的一种在车辆通信过程中,用户终端、服务器、开放式系统、安全芯片、以及封闭式系统之间的信令交互图。
图6A是一种示例第一控制指令的组成示意图。
图6B是另一种示例第一控制指令的组成示意图。
图6C是一种示例第二控制指令的组成示意图。
图7是根据另一示例性实施例示出的一种车辆安全通信方法的流程图。
图8是一种示例第一车辆数据指令的组成示意图。
图9是根据另一示例性实施例示出的另一种车辆安全通信方法的流程图。
图10是根据另一示例性实施例示出的一种在车辆通信过程中,服务器、开放式系统、安全芯片、以及封闭式系统之间的信令交互图。
图11A是另一种示例第一车辆数据指令的组成示意图。
图11B是一种示例第二车辆数据指令的组成示意图。
图11C是另一种示例第一车辆数据指令的组成示意图。
图12是根据一示例性实施例示出的一种车辆安全通信装置的框图。
图13是根据另一示例性实施例示出的一种车辆安全通信装置的框图。
以下结合附图对本申请的具体实施方式进行详细说明。应当理解的是,此处所描述的具体实施方式仅用于说明和解释本申请,并不用于限制本申请。
图1是根据一示例性实施例示出的一种实施环境的示意图。如图1所示,该实施环境可以包括用户终端100、服务器200和车辆300。
在本申请中,服务器200可以是为车辆300提供服务的电子设备,其可以由车辆300的服务提供商所有。用户能够通过用户终端100在服务器200上进行注册,使用户终端100与车辆300相关联,这样,用户终端100能够经由服务器200与车辆300进行通信,从而实现用户对车辆300的远程控制。另外,车辆300也可以将车辆相关的数据反馈给服务器200,以便服务提供商对车辆300进行远程维护,并且如果需要,服务器200还可以将该车辆相关的数据反馈给用户终端100,从而使用户能够随时掌握车辆状况。
在本申请中,用户终端100可以是能够联网、与服务器200进行通信的电子设备。用户
终端100可以例如是智能手机、平板电脑、PC机、笔记本电脑等等。图1中以用户终端100是智能手机来示意。
为了提高车辆300在联网时的安全性,在本申请的实施例中,在车辆300中配置了具有双系统的车辆多媒体系统,图2是根据一示例性实施例示出的一种配置在车辆中的车辆多媒体系统的结构框图。如图2所示,该车辆多媒体系统可以包括:开放式系统301和封闭式系统302。其中,开放式系统301用于车辆300联网、与外部设备(例如,服务器200)进行通信,并且允许用户根据喜好安装各种APP应用。示例地,开放式系统301中可以配置有开放式核心板303和联网模块304(该联网模块304可以例如为WiFi模块、GPS模块、3G模块、4G模块等等),其中,开放式核心板303与联网模块304连接,能够通过该联网模块304进行联网操作,以与外部设备(例如,服务器200)通信。
封闭式系统302不被允许接入互联网,其用于与整车进行交互通信。示例地,封闭式系统302中可以配置有车辆300的微控制单元MCU 305,该微控制单元MCU 305能够与整车CAN总线连接,通过CAN总线,微控制单元MCU 305能够控制整车操作,以及从CAN总线获取车辆数据。开放式系统301和封闭式系统302之间能保持各自独立运行。此外,开放式系统301与封闭式系统302之间可以通过安全芯片306连接,示例地,开放式核心板303与MCU 305之间通过安全芯片306连接。其中,开放式核心板303与安全芯片306之间可以通过SDIO(安全数字输入输出)接口连接,安全芯片306与MCU 305之间可以通过SPI(串行外设接口)标准口连接。在本申请的一个示例实施方式中,该安全芯片306可以选用SSX1207型安全芯片,其可提供数据加密、身份认证、有限安全存储等服务。通过该安全芯片306,可以提升车辆联网时的安全性。
需要说明的是,作为一种示例,本申请所述的开放式系统301和封闭式系统302都可以为操作系统。例如,开放式系统301可以是安卓系统,封闭式系统302可以是Linux系统。应当理解,该示例仅仅为了说明开放式系统301和封闭式系统302,并不能限定两个系统。例如,开放式系统301可以是Linux系统,封闭式系统302可以是安卓系统;或者都可以是安卓系统;等等。
图3是根据一示例性实施例示出的一种车辆安全通信方法的流程图,其中,该方法可以应用于服务器中,例如,图1所示的服务器200。如图3所示,该方法可以包括以下步骤。
在步骤S301中,接收来自用户终端的原始控制数据,其中,该原始控制数据用于指示车辆要执行的目标操作。
在本申请中,目标操作可以例如包括但不限于以下:解锁、启动、加速、减速、熄火、锁车、车窗升降、多媒体设备控制(启动、音量调节、切换多媒体文件等)等等。
在步骤S302中,对原始控制数据进行加密,得到相对应的加密控制数据。
服务器可以预先与安全芯片约定加密协议,这样,服务器可以按照该加密协议,对接收到的原始控制数据进行加密处理,并得到加密控制数据。
在步骤S303中,将加密控制数据发送至开放式系统。
开放式系统在接收到该加密控制数据后,可以生成第一控制指令,并且将所接收到的加密控制数据包含在该第一控制指令中。之后,开放式系统将该第一控制指令发送至安全芯片,以由安全芯片对该加密控制数据进行安全性认证。
图4是根据一示例性实施例示出的另一种车辆安全通信方法的流程图,其中,该方法可以应用于安全芯片中,例如,图2所示的安全芯片306。如图4所示,该方法可以包括以下步骤。
在步骤S401中,接收来自开放式系统的第一控制指令,其中,该第一控制指令包括加密控制数据。
在步骤S402中,对第一控制指令中的加密控制数据进行解密。
如前所述,服务器可以预先与安全芯片约定一加密协议,这样,安全芯片可以按照该加密协议,对接收到的第一控制指令中的加密控制数据进行解密处理。
在步骤S403中,当解密成功时,得到解密控制数据。
在步骤S404中,将第一控制指令中的加密控制数据替换为解密控制数据,形成第二控制指令,并将该第二控制指令发送至封闭式系统,以使封闭式系统根据该第二控制指令控制车辆执行目标操作。
例如,假设服务器接收到的来自用户终端的原始控制数据用于指示车辆要进行的目标操作为解锁操作,那么,如果安全芯片解密成功,则其向封闭式系统发送的第二控制指令同样可以指示车辆要进行的目标操作为解锁操作。当封闭式系统(例如,MCU)接收到第二控制指令后,通过对第二控制指令进行解析,能够得知目标操作为解锁操作,之后,封闭式系统能够将解锁指令发送至CAN总线中,车辆中的解锁部件能够从CAN总线中获取到这一解锁指令,并根据该解锁指令来执行解锁操作,由此,完成对车辆的解锁操作。
图5是根据一示例性实施例示出的一种在车辆通信过程中,用户终端、服务器、开放式系统、安全芯片、以及封闭式系统之间的信令交互图。其中,用户终端例如为图1所示的用户终端100,服务器例如为图1所示的服务器200,开放式系统例如为图2所示的开放式系统301,安全芯片例如为图2所示的安全芯片306,封闭式系统例如为图2所示的封闭式系统302。图5涉及以上用于服务器和用于安全芯片的车辆安全通信方法中的步骤,因而,其具体的信令交互过程此处不再详细描述。
此外,虽然在图4中未示出,但是以上应用于安全芯片的车辆安全通信方法还可以包括:当解密失败时,不向封闭式系统发送任何控制指令。也就是说,一旦解密失败,安全芯片就可以将来自开放式系统的指令拦截。例如,当开放式系统被恶意程序入侵而冒充该开放式系统发送控制指令时,由于安全芯片的防护作用,该控制指令不会被发送至封闭式系统,从而确保封闭式系统及整车的安全性。
在上述技术方案中,通过服务器向车辆的开放式系统发送经过加密处理的控制数据,该
经过加密处理的控制数据能够由开放式系统转发给安全芯片,由安全芯片进行解密处理,只有在解密成功时,经解密得到的控制数据才会被发送至封闭式系统,此时,封闭式系统才会根据该控制数据控制车辆执行相应操作。由此,能够提高车辆联网通信时的安全性,确保只有合法的控制数据才会被发送至封闭式系统,防止因恶意程序的入侵导致对车辆进行错误的控制,从而确保车辆远程控制的安全性。
在一些可选的实施方式中,安全芯片可以对解密失败的次数进行计数。当解密失败的次数达到预设次数(例如,≥1)时,则表明开放式系统此时可能存在很大的安全隐患。在这种情况下,安全芯片可以向开放式系统发送重启指令和/或杀毒指令,其中,该重启指令可以用于控制开放式系统进行重启操作,该杀毒指令可以用于控制开放式系统进行杀毒操作。这样,可以在一定程度上解除开放式系统的安全隐患,防止恶意程序长时间威胁开放式系统的安全。
另外,在一些可选的实施方式中,服务器还可以在接收到原始控制数据之后,计算该原始控制数据的奇偶校验码。随后,将该奇偶校验码发送至开放式系统。开放式系统在接收到原始控制数据的奇偶校验码之后,可以将其与加密控制数据一同包含在第一控制指令中,例如,此时的第一控制指令的组成可以如图6A所示。安全芯片在接收到这一第一控制指令后,可以首先对其中的加密控制数据进行解密,如果解密成功,则能够得到解密控制数据。之后,安全芯片可以计算该解密控制数据的奇偶校验码。理论上,解密控制数据应当与原始控制数据相同,因此,二者的奇偶校验码应当一致。当第一控制指令中包括的奇偶校验码与解密控制数据的奇偶校验码相一致时,此时,安全芯片可以进一步确定接收到的第一控制指令为合法指令,因此,可以将第一控制指令中的加密控制数据替换为解密控制数据,形成第二控制指令,并将第二控制指令发送至封闭式系统。当第一控制指令中包括的奇偶校验码与解密控制数据的奇偶校验码不一致时,此时,安全芯片可以确定接收到的第一控制指令为非法指令,此时,可以拦截该指令,不向封闭式系统发送任何指令,从而确保整车安全性。
通过以上实施方式,可以进一步提高对合法指令识别的准确性,降低将非法指令错误地识别为合法指令的可能性,从而进一步提高整车安全性。
如前所述,用户可以通过用户终端向服务器发送原始控制数据,该原始控制数据可以用于指示车辆要执行的目标操作。在本申请的一些实施方式中,不同的目标操作可以具有不同的安全等级,目标操作的安全等级能够用于表示该目标操作是否为敏感操作。
在一个实施方式中,服务器可以不管原始控制数据所指示的目标操作的安全等级如何,都直接将原始控制数据进行加密。或者,在另一个实施方式中,服务器可以根据原始控制数据所指示的目标操作是否为敏感操作,来选择性地对原始控制数据进行加密。
例如,服务器在接收到原始控制数据后,可以根据该原始控制数据所指示的目标操作,确定该原始控制数据的安全等级信息,其中,该安全等级信息可以用于表示原始控制数据是否为敏感数据。例如,在服务器中可以预先存储有敏感操作列表,这样,服务器在接收到原
始控制数据后,通过对该原始控制数据进行解析,能够获悉目标操作信息。之后,服务器可以查询敏感操作列表。如果在敏感操作列表中查询到目标操作信息,则表明该目标操作为敏感操作。相应地,原始控制数据为敏感数据。而如果在敏感操作列表中没有查询到目标操作信息,则表明该目标操作为非敏感操作。相应地,原始控制数据为非敏感数据。
当原始控制数据的安全等级信息表示原始控制数据为敏感数据时,服务器才对该原始控制数据进行加密,得到相对应的加密控制数据。也就是说,加密处理操作仅针对敏感数据。而当原始控制数据的安全等级信息表示原始控制数据为非敏感数据时,服务器可以不对该原始控制数据进行加密,直接将原始控制数据发送至开放式系统。
在服务器向开放式系统发送加密控制数据或者原始控制数据时,还可以同时将原始控制数据的安全等级信息发送至开放式系统。例如,将原始控制数据的安全等级信息附加到加密控制数据或者原始控制数据的头部,形成一条信令,然后将该信令发送至开放式系统。这样,开放式系统在接收到该信令之后,通过对头部信息进行解析,能够确定出信令中包括的控制数据是经过加密处理的还是未经过加密处理的(即,原始的)。当原始控制数据的安全等级信息表示原始控制数据为敏感数据时,开放式系统生成并向安全芯片发送第一控制指令,其中,该第一控制指令可以包括:原始控制数据的安全等级信息和加密控制数据。当原始控制数据的安全等级信息表示原始控制数据为非敏感数据时,开放式系统可以生成并向安全芯片发送第三控制指令,其中,该第三控制指令可以包括:原始控制数据的安全等级信息和原始控制数据。安全芯片在接收到来自开放式系统的控制指令后,可以通过其中包括的安全等级信息来获悉该指令中包括的控制数据是否是加密的。如果是,则确定所接收到的是第一控制指令,并按照图4所示的方法进行解密处理,如果不是,则确定所接收到的是第三控制指令,此时,可以不进行解密处理,而是直接将该第三控制指令发送至封闭式系统。
当第二控制指令或第三控制指令被发送至封闭式系统之后,封闭式系统中的MCU能够通过多种方式来获悉该指令中的控制数据是意图用于控制车辆执行何种目标操作。例如,在一个实施方式中,在封闭式系统中的MCU接收到来自安全芯片的第二控制指令后,其可以从其中提取出解密控制数据。在MCU中可以预先存储有控制数据-操作映射表,在该映射表中记录有至少一种操作以及每种操作相对应的控制数据。MCU可以利用提取出的解密控制数据来查询该映射表,以从该映射表中获悉相对应的操作,该操作即为车辆要执行的目标操作。
或者,在另一个实施方式中,服务器可以在通过对原始控制数据进行解析得出目标操作之后,生成第一映射指令数据,其中,该第一映射指令数据可以用于标识该目标操作。之后,服务器能够将该第一映射指令数据发送至开放式系统。这样,开放式系统可以将该第一映射指令数据包含在第一控制指令中,例如,此时所形成的第一控制指令的组成如图6B所示。这样,在安全芯片解密成功时,在所形成的第二控制指令中,可以保留该第一映射指令数据,例如,此时所形成的第二控制指令的组成如图6C所示。当封闭式系统中的MCU接收到该
第二控制指令后,其可以从其中提取出第一映射指令数据,并由此获悉车辆要执行的目标操作。
在获悉车辆要执行的目标操作之后,MCU能够将第二控制指令中包括的解密控制数据发送至CAN总线中,以由相应的执行部件从CAN总线中获取该解密控制数据,并随后执行相应的目标操作。
在开放式系统与安全芯片之间的交互过程中,有时可能会受到干扰,这就导致安全芯片接收到的第一控制指令可能不完整,从而导致后续的安全认证失败。为了防止这一情况发生,在本申请的一个可选的实施方式中,安全芯片可以在对第一控制指令中的加密控制数据进行解密之前,首先判断第一控制指令的传输是否正常。当确定第一控制指令的传输正常时,才对第一控制指令中的加密控制数据进行解密。
示例地,开放式系统在向安全芯片发送第一控制指令之前,首先计算该第一控制指令的奇偶校验码,并将该奇偶校验码附加到第一控制指令的尾部,形成一条信令,并发送至安全芯片。安全芯片在接收到该信令之后,可以提取出除尾部信息之外的信息,并计算该信息的奇偶校验码。当所计算出的奇偶校验码与尾部信息中包含的奇偶校验码相一致时,表示第一控制指令的传输正常。否则,表示第一控制指令的传输异常。
当确定第一控制指令的传输异常时,安全芯片可以向开放式系统发送第一重传指令,其中,该第一重传指令可以用于指示开放式系统重新传输第一控制指令。
通过这一实施方式,可以避免原本是合法的第一控制指令因传输干扰而导致安全芯片解密失败的情况发生,从而可以进一步提高安全认证的准确性和可靠性。
以上描述了当用户意图通过用户终端远程控制车辆操作时,用户终端、服务器、开放式系统、安全芯片以及封闭式系统之间的交互过程。在本申请的其他实施方式中,封闭式系统也可以通过安全芯片和开放式系统,向服务器反馈车辆数据,如下面描述的。
图7是根据另一示例性实施例示出的一种车辆安全通信方法的流程图,其中,该方法可以应用于安全芯片中,例如,图2所示的安全芯片306。如图7所示,该方法可以包括以下步骤。
在步骤S701中,接收来自封闭式系统(例如,图2所示的封闭式系统302)的第一车辆数据指令,其中,该第一车辆数据指令包括原始车辆数据。
封闭式系统中的MCU可以从CAN总线上获取原始车辆数据,该原始车辆数据可以包括多种类型的车辆数据,例如,车辆在执行目标操作后针对该目标操作的执行结果数据,或者,响应于外部请求(例如,来自服务器的数据获取请求)而反馈的整车数据,或者车辆主动向服务器上报的整车数据,等等。例如,当车辆完成解锁操作后,解锁部件可以将解锁结果反馈至CAN总线。此时,MCU可以从CAN总线上监听到这一数据,并生成第一车辆数据指令,之后,将该数据作为原始车辆数据包含在第一车辆数据指令当中,并将其发送给安全芯片。
可选地,MCU还可以在监听到数据之后,生成第二映射指令数据,其中,该第二映射指令数据可以用于标识原始车辆数据的类型。例如,假设MCU监听到的是来自解锁部件的解锁结果数据,则MCU生成的第二映射指令数据可以用于标识该原始车辆数据的类型为解锁结果。MCU可以将第二映射指令数据包含在第一车辆数据指令当中,如图8所示的第一车辆数据指令,以便日后传输到服务器中时,服务器能够通过该第二映射指令数据,得知该原始车辆数据的类型,从而进行相应处理。
在步骤S702中,对原始车辆数据进行加密,得到相对应的加密车辆数据。
如前所述,服务器可以预先与安全芯片约定一加密协议,这样,安全芯片可以按照该加密协议,对接收到的第一车辆数据指令中的原始车辆数据进行加密处理,并得到加密车辆数据。
在步骤S703中,将第一车辆数据指令中的原始车辆数据替换为加密车辆数据,形成第二车辆数据指令,并将该第二车辆数据指令发送至开放式系统。
开放式系统在接收到来自安全芯片的第二车辆数据指令后,可以将其转发至服务器,以由服务器进行解密处理。
图9是根据另一示例性实施例示出的另一种车辆安全通信方法的流程图,其中,该方法可以应用于服务器中,例如,图1所示的服务器200。如图9所示,该方法可以包括以下步骤。
在步骤S901中,接收来自开放式系统的第二车辆数据指令,其中,该第二车辆数据指令是由开放式系统从安全芯片转发的,并且该第二车辆数据指令包括加密车辆数据。
在步骤S902中,对第二车辆数据指令中的加密车辆数据进行解密。
如前所述,服务器可以预先与安全芯片约定一加密协议,这样,服务器可以按照该加密协议,对接收到的第二车辆数据指令中的加密车辆数据进行解密处理。
在步骤S903中,当解密成功时,得到解密车辆数据。
在步骤S904中,处理该解密车辆数据。其中,所述处理可以例如包括但不限于:存储、显示、向用户终端转发等等。例如,当原始车辆数据为针对目标操作的执行结果数据时,服务器在解密成功得到解密车辆数据后,可以向用户终端发送该解密车辆数据,以向用户告知执行结果。
图10是根据另一示例性实施例示出的一种在车辆通信过程中,服务器、开放式系统、安全芯片、以及封闭式系统之间的信令交互图。其中,服务器例如为图1所示的服务器200,开放式系统例如为图2所示的开放式系统301,安全芯片例如为图2所示的安全芯片306,封闭式系统例如为图2所示的封闭式系统302。图10涉及以上用于服务器和用于安全芯片的车辆安全通信方法中的步骤,因而,其具体的信令交互过程此处不再详细描述。
在上述技术方案中,通过安全芯片对来自封闭式系统的车辆数据进行加密处理,并通过开放式系统将经过加密处理的车辆数据发送至服务器,由服务器进行解密处理,只有在解密
成功时,服务器才能获取到来自封闭式系统的车辆数据。由此,能够避免非法的服务器所有者获悉车辆信息,从而确保车辆信息的安全性。
在一些可选的实施方式中,封闭式系统中的MCU可以在获取到原始车辆数据之后,计算该原始车辆数据的奇偶校验码。随后,封闭式系统可以将其与原始车辆数据一同包含在第一车辆数据指令中,例如,此时的第一车辆数据指令的组成可以如图11A所示。安全芯片在接收到这一第一车辆数据指令后,可以首先对其中的原始车辆数据进行加密,得到加密车辆数据。随后,将第一车辆数据指令中的原始车辆数据替换为加密车辆数据,形成第二车辆数据指令,例如,此时的第二车辆数据指令的组成可以如图11B所示,并将第二车辆数据指令发送至开放式系统。当开放式系统将第二车辆数据指令转发至服务器后,服务器可以首先对其中的加密车辆数据进行解密,如果解密成功,则能够得到解密车辆数据。理论上,解密车辆数据应当与原始车辆数据相同,因此,二者的奇偶校验码应当一致。当第二车辆数据指令中包括的奇偶校验码与解密车辆数据的奇偶校验码相一致时,此时,服务器可以确定接收到的第二车辆数据指令为合法指令,其中的解密车辆数据是来自于车辆的真实整车数据。此时,可以处理该解密车辆数据。
此外,在一些可选的实施方式中,封闭式系统中的MCU所获取到的原始车辆数据可以具有不同的安全等级,其中,该安全等级信息可以用于表示该原始车辆数据是否为敏感数据。在这种情况下,MCU在生成第一车辆数据指令后,可以将原始车辆数据的安全等级信息包含在第一车辆数据指令中,例如,此时的第一车辆数据指令的组成可以如图11C所示。这样,当安全芯片接收到第一车辆数据指令后,可以通过该安全等级信息,判断原始车辆数据是否为敏感数据。在一个实施方式中,安全芯片可以不管原始车辆数据的安全等级如何,都对该原始车辆数据进行加密处理。或者,在另一个实施方式中,当安全等级信息表示原始车辆数据为敏感数据时,安全芯片才对第一车辆数据指令中的原始车辆数据进行加密,得到相对应的加密车辆数据。也就是说,加密处理操作仅针对敏感数据。而当原始车辆数据安全等级信息表示原始车辆数据为非敏感数据时,安全芯片可以不对该原始车辆数据进行加密。
当原始车辆数据的安全等级信息表示原始车辆数据为敏感数据时,安全芯片可以生成第二车辆数据指令,其中,该第二车辆数据指令中可以包括原始车辆数据的安全等级信息、以及加密车辆数据。当原始车辆数据的安全等级信息表示原始车辆数据为非敏感数据时,安全芯片可以直接将第一车辆数据指令转发给开放式系统。服务器在接收到由开放式系统转发的车辆数据指令后,可以通过对其中的安全等级信息进行解析,确定出车辆数据指令中包括的车辆数据是经过加密处理的还是未经过加密处理的(即,原始的)。当安全等级信息表示原始车辆数据为敏感数据时,则服务器能够确定接收到的是第二车辆数据指令,并对其中的加密车辆数据进行解密。当安全等级信息表示原始车辆数据为非敏感数据时,则服务器能够确定接收到的是第一车辆数据指令,并可以直接对其中的原始车辆数据进行处理。
此外,在服务器与开放式系统之间的交互过程中、在开放式系统与安全芯片之间的交互
过程中、以及在安全芯片与封闭式系统中的MCU之间的交互过程中,有时可能会受到干扰,这就导致安全芯片接收到的第一车辆数据指令可能不完整,或者服务器接收到的由开放式系统转发的车辆数据指令不完整,从而导致后续的解密失败。为了防止这一情况发生,在本申请的一个可选的实施方式中,安全芯片可以在对第一车辆数据指令中的原始车辆数据进行加密处理之前,先判断第一车辆数据指令的传输是否正常。当确定第一车辆数据指令的传输正常时,才对第一车辆数据指令中的原始车辆数据进行加密。
示例地,封闭式系统在向安全芯片发送第一车辆数据指令之前,首先计算该第一车辆数据指令的奇偶校验码,并将该奇偶校验码附加到第一车辆数据指令的尾部,形成一条信令,并发送至安全芯片。安全芯片在接收到该信令之后,可以提取出除尾部信息之外的信息,并计算该信息的奇偶校验码。当所计算出的奇偶校验码与尾部信息中包含的奇偶校验码相一致时,表示第一车辆数据指令的传输正常。否则,表示第一车辆数据指令的传输异常。
当确定第一车辆数据指令的传输异常时,安全芯片可以向封闭式系统发送第二重传指令,其中,该第二重传指令可以用于指示封闭式系统重新传输第一车辆数据指令。
另外,在服务器侧,其可以在对接收到的第二车辆数据指令中的加密车辆数据进行解密之前,先判断该第二车辆数据指令的传输是否正常。当确定第二车辆数据指令的传输正常时,才对该第二车辆数据指令中的加密车辆数据进行解密。
示例地,安全芯片可以在向开放式系统发送第二车辆数据指令之前,首先计算该第二车辆数据指令的奇偶校验码,并将该奇偶校验码附加到第二车辆数据指令的尾部,形成一条信令,并发送至开放式系统。开放式系统在接收到该信令之后,可以提取出除尾部信息之外的信息,并计算该信息的奇偶校验码。当所计算出的奇偶校验码与尾部信息中包含的奇偶校验码相一致时,表示在安全芯片与开放式系统之间,第二车辆数据指令的传输正常。否则,表示在安全芯片与开放式系统之间,第二车辆数据指令的传输异常。
当在安全芯片与开放式系统之间,第二车辆数据指令的传输正常时,开放式系统可以直接将该信令转发至服务器。服务器在接收到该信令之后,可以提取出除尾部信息之外的信息,并计算该信息的奇偶校验码。当所计算出的奇偶校验码与尾部信息中包含的奇偶校验码相一致时,表示在服务器与开放式系统之间,第二车辆数据指令的传输正常。否则,表示在服务器与开放式系统之间,第二车辆数据指令的传输异常。
当在安全芯片与开放式系统之间,第二车辆数据指令的传输异常时,开放式系统可以向安全芯片发送第三重传指令,其中,该第三重传指令用于指示安全芯片重新传输第二车辆数据指令。当在服务器与开放式系统之间,第二车辆数据指令的传输异常时,服务器可以向开放式系统发送第四重传指令,其中,该第四重传指令用于指示开放式系统重新传输第二车辆数据指令。
通过这一实施方式,可以避免原本是合法的第二车辆数据指令因传输干扰而导致服务器解密失败的情况发生,从而可以进一步提高安全认证的准确性和可靠性。
图12是根据一示例性实施例示出的一种车辆安全通信装置1200的框图,其中,该装置1200可以配置于安全芯片中,例如,图2所示的安全芯片306。如图12所示,该装置1200可以包括:第一接收模块1201,被配置为接收来自封闭式系统的第一车辆数据指令,其中,该第一车辆数据指令包括原始车辆数据;加密模块1202,被配置为对原始车辆数据进行加密,得到相对应的加密车辆数据;发送模块1203,被配置为将第一车辆数据指令中的原始车辆数据替换为加密车辆数据,形成第二车辆数据指令,并将第二车辆数据指令发送至开放式系统。
可选地,该第一车辆数据指令还包括原始车辆数据的安全等级信息,其中,该安全等级信息用于表示原始车辆数据是否为敏感数据;以及,所述加密模块1202,被配置为当安全等级信息表示原始车辆数据为敏感数据时,对第一车辆数据指令中的原始车辆数据进行加密,得到相对应的加密车辆数据。
可选地,所述装置1200还可以包括:第一判断模块,被配置为判断第一车辆数据指令的传输是否正常;所述加密模块1202,被配置为当确定第一车辆数据指令的传输正常时,对第一车辆数据指令中的原始车辆数据进行加密,得到相对应的加密车辆数据。
图13是根据一示例性实施例示出的另一种车辆安全通信装置1300的框图,其中,该装置1300可以配置于服务器中,例如,图1所示的服务器200。如图13所示,该装置1300可以包括:第二接收模块1301,被配置为接收来自开放式系统的车辆数据指令,其中,该车辆数据指令是由开放式系统从安全芯片转发的,并且车辆数据指令包括加密车辆数据;解密模块1302,被配置为对车辆数据指令中的加密车辆数据进行解密,当解密成功时,得到解密车辆数据;以及处理模块1303,被配置为处理解密车辆数据。
可选地,所述车辆数据指令还包括与加密车辆数据在加密之前所对应的原始车辆数据相关联的奇偶校验码;所述装置1300还可以包括:计算模块,被配置为计算解密车辆数据的奇偶校验码;所述处理模块1303,被配置为当车辆数据指令中包括的奇偶校验码与解密车辆数据的奇偶校验码相一致时,处理解密车辆数据。
可选地,所述装置1300还可以包括:第二判断模块,被配置为判断车辆数据指令的传输是否正常;所述解密模块1302,被配置为当确定车辆数据指令的传输正常时,对车辆数据指令中的加密车辆数据进行解密。
在上述技术方案中,通过安全芯片对来自封闭式系统的车辆数据进行加密处理,并通过开放式系统将经过加密处理的车辆数据发送至服务器,由服务器进行解密处理,只有在解密成功时,服务器才能获取到来自封闭式系统的原始车辆数据。由此,能够避免非法的服务器所有者获悉车辆信息,从而确保车辆信息的安全性。
关于上述实施例中的装置,其中各个模块执行操作的具体方式已经在有关该方法的实施例中进行了详细描述,此处将不做详细阐述说明。
以上结合附图详细描述了本申请的优选实施方式,但是,本申请并不限于上述实施方式
中的具体细节,在本申请的技术构思范围内,可以对本申请的技术方案进行多种简单变型,这些简单变型均属于本申请的保护范围。
另外需要说明的是,在上述具体实施方式中所描述的各个具体技术特征,在不矛盾的情况下,可以通过任何合适的方式进行组合。为了避免不必要的重复,本申请对各种可能的组合方式不再另行说明。
此外,本申请的各种不同的实施方式之间也可以进行任意组合,只要其不违背本申请的思想,其同样应当视为本申请所公开的内容。
Claims (16)
- 一种车辆安全通信方法,其特征在于,所述车辆包括开放式系统、安全芯片和封闭式系统,所述开放式系统与所述封闭式系统之间通过所述安全芯片连接,所述方法应用于所述安全芯片,并且所述方法包括:接收来自所述封闭式系统的第一车辆数据指令,其中,所述第一车辆数据指令包括原始车辆数据;对所述原始车辆数据进行加密,得到相对应的加密车辆数据;将所述第一车辆数据指令中的所述原始车辆数据替换为所述加密车辆数据,形成第二车辆数据指令,并将所述第二车辆数据指令发送至所述开放式系统。
- 根据权利要求1所述的方法,其特征在于,所述第一车辆数据指令还包括与所述原始车辆数据相关联的奇偶校验码。
- 根据权利要求1所述的方法,其特征在于,所述第一车辆数据指令还包括所述原始车辆数据的安全等级信息,其中,所述安全等级信息用于表示所述原始车辆数据是否为敏感数据;所述对所述第一车辆数据指令中的所述原始车辆数据进行加密,得到相对应的加密车辆数据,包括:当所述安全等级信息表示所述原始车辆数据为敏感数据时,对所述原始车辆数据进行加密,得到相对应的加密车辆数据。
- 根据权利要求1至3中任一项所述的方法,其特征在于,所述方法还包括:判断所述第一车辆数据指令的传输是否正常;所述对所述原始车辆数据进行加密,得到相对应的加密车辆数据,包括:当确定所述第一车辆数据指令的传输正常时,对所述原始车辆数据进行加密,得到相对应的加密车辆数据。
- 一种车辆安全通信方法,其特征在于,所述车辆包括开放式系统、安全芯片和封闭式系统,所述开放式系统与所述封闭式系统之间通过所述安全芯片连接,所述开放式系统与服务器连接,所述方法应用于所述服务器,并且所述方法包括:接收来自所述开放式系统的车辆数据指令,其中,所述车辆数据指令是由所述开放式系统从所述安全芯片转发的,并且所述车辆数据指令包括加密车辆数据;对所述车辆数据指令中的所述加密车辆数据进行解密;当解密成功时,得到解密车辆数据;以及处理所述解密车辆数据。
- 根据权利要求5所述的方法,其特征在于,所述车辆数据指令还包括与所述加密车辆数据在加密之前所对应的原始车辆数据相关联的奇偶校验码;所述方法还包括:计算所述解密车辆数据的奇偶校验码;所述处理所述解密车辆数据,包括:当所述车辆数据指令中包括的奇偶校验码与所述解密车辆数据的奇偶校验码相一致时,处理所述解密车辆数据。
- 根据权利要求5或6所述的方法,其特征在于,所述方法还包括:判断所述车辆数据指令的传输是否正常;所述对所述车辆数据指令中的所述加密车辆数据进行解密,包括:当确定所述车辆数据指令的传输正常时,对所述车辆数据指令中的所述加密车辆数据进行解密。
- 一种车辆安全通信装置,其特征在于,所述车辆包括开放式系统、安全芯片和封闭式系统,所述开放式系统与所述封闭式系统之间通过所述安全芯片连接,所述装置配置于所述安全芯片,并且所述装置包括:第一接收模块,被配置为接收来自所述封闭式系统的第一车辆数据指令,其中,所述第一车辆数据指令包括原始车辆数据;加密模块,被配置为对所述原始车辆数据进行加密,得到相对应的加密车辆数据;发送模块,被配置为将所述第一车辆数据指令中的所述原始车辆数据替换为所述加密车辆数据,形成第二车辆数据指令,并将所述第二车辆数据指令发送至所述开放式系统。
- 根据权利要求8所述的装置,其特征在于,所述第一车辆数据指令还包括与所述原始车辆数据相关联的奇偶校验码。
- 根据权利要求8所述的装置,其特征在于,所述第一车辆数据指令还包括所述原始车辆数据的安全等级信息,其中,所述安全等级信息用于表示所述原始车辆数据是否为敏感数据;所述加密模块,被配置为当所述安全等级信息表示所述原始车辆数据为敏感数据时,对所述第一车辆数据指令中的所述原始车辆数据进行加密,得到相对应的加密车辆数据。
- 根据权利要求8至10中任一项所述的装置,其特征在于,所述装置还包括:第一判断模块,被配置为判断所述第一车辆数据指令的传输是否正常;所述加密模块,被配置为当确定所述第一车辆数据指令的传输正常时,对所述第一车辆数据指令中的所述原始车辆数据进行加密,得到相对应的加密车辆数据。
- 一种车辆安全通信装置,其特征在于,所述车辆包括开放式系统、安全芯片和封闭式系统,所述开放式系统与所述封闭式系统之间通过所述安全芯片连接,所述开放式系统与服务器连接,所述装置配置于所述服务器,并且所述装置包括:第二接收模块,被配置为接收来自所述开放式系统的车辆数据指令,其中,所述车辆数据指令是由所述开放式系统从所述安全芯片转发的,并且所述车辆数据指令包括加密车辆数据;解密模块,被配置为对所述车辆数据指令中的所述加密车辆数据进行解密,当解密成功时,得到解密车辆数据;以及处理模块,被配置为处理所述解密车辆数据。
- 根据权利要求12所述的装置,其特征在于,所述车辆数据指令还包括与所述加密车辆数据在加密之前所对应的原始车辆数据相关联的奇偶校验码;所述装置还包括:计算模块,被配置为计算所述解密车辆数据的奇偶校验码;所述处理模块,被配置为当所述车辆数据指令中包括的奇偶校验码与所述解密车辆数据的奇偶校验码相一致时,处理所述解密车辆数据。
- 根据权利要求12或13所述的装置,其特征在于,所述装置还包括:第二判断模块,被配置为判断所述车辆数据指令的传输是否正常;所述解密模块,被配置为当确定所述车辆数据指令的传输正常时,对所述车辆数据指令 中的所述加密车辆数据进行解密。
- 一种车辆多媒体系统,其特征在于,所述车辆多媒体系统包括:封闭式系统,用于采集原始车辆数据,并发送包括所述原始车辆数据的第一车辆数据指令;安全芯片,该安全芯片包括权利要求8-11中任一项所述的车辆安全通信装置;开放式系统,所述开放式系统与所述封闭式系统之间通过所述安全芯片通信,并且所述开放式系统还与服务器进行通信,所述开放式系统用于接收来自所述安全芯片的所述第二车辆数据指令,并将所述第二车辆数据指令转发至所述服务器。
- 一种车辆,其特征在于,所述车辆包括根据权利要求15所述的车辆多媒体系统。
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US16/083,352 US20190026478A1 (en) | 2016-03-11 | 2017-03-10 | Vehicle secure communication method and apparatus, vehicle multimedia system, and vehicle |
EP17762561.3A EP3429158A4 (en) | 2016-03-11 | 2017-03-10 | METHOD AND APPARATUS FOR SECURE COMMUNICATION FOR A VEHICLE, VEHICLE MULTIMEDIA SYSTEM AND VEHICLE |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610141465.8 | 2016-03-11 | ||
CN201610141465.8A CN107181725A (zh) | 2016-03-11 | 2016-03-11 | 车辆安全通信方法、装置、车辆多媒体系统及车辆 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2017152875A1 true WO2017152875A1 (zh) | 2017-09-14 |
Family
ID=59790045
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2017/076295 WO2017152875A1 (zh) | 2016-03-11 | 2017-03-10 | 车辆安全通信方法、装置、车辆多媒体系统及车辆 |
Country Status (4)
Country | Link |
---|---|
US (1) | US20190026478A1 (zh) |
EP (1) | EP3429158A4 (zh) |
CN (1) | CN107181725A (zh) |
WO (1) | WO2017152875A1 (zh) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114124401A (zh) * | 2021-11-02 | 2022-03-01 | 佛吉亚歌乐电子(丰城)有限公司 | 一种数据鉴权方法、装置、设备及存储介质 |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP6973262B2 (ja) * | 2018-04-18 | 2021-11-24 | トヨタ自動車株式会社 | 車両向けサービス提供システム、車載装置およびコマンド送信方法 |
US20220292226A1 (en) * | 2019-11-01 | 2022-09-15 | Google Llc | Peripheral Device Comportability with Security Circuitry |
CN114363894B (zh) * | 2020-09-27 | 2024-06-04 | 花瓣云科技有限公司 | 数据传输方法和装置 |
CN113472757B (zh) * | 2021-06-18 | 2022-06-24 | 上汽通用五菱汽车股份有限公司 | 车辆数据的处理方法、处理平台和可读存储介质 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN201509315U (zh) * | 2009-08-07 | 2010-06-16 | 赵阳 | 基于第三代移动通信的汽车实时信息系统及车载终端 |
CN104050421A (zh) * | 2013-03-15 | 2014-09-17 | 福特全球技术公司 | 用于安全数据传送许可处理的方法和设备 |
US20150134142A1 (en) * | 2013-11-08 | 2015-05-14 | Gogoro Inc. | Apparatus, method and article for providing vehicle event data |
CN104700469A (zh) * | 2015-04-02 | 2015-06-10 | 广州市通汇科技有限公司 | 多车辆即时信息管理及处理系统及其方法 |
Family Cites Families (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040257208A1 (en) * | 2003-06-18 | 2004-12-23 | Szuchao Huang | Remotely controllable and configurable vehicle security system |
IT1396303B1 (it) * | 2009-10-12 | 2012-11-16 | Re Lab S R L | Metodo e sistema per l elaborazione di informazioni relative ad un veicolo |
DE102009056786A1 (de) * | 2009-12-03 | 2011-06-09 | Continental Automotive Gmbh | Mobiles Interface und System zur Steuerung von Fahrzeugfunktionen |
JP2012257122A (ja) * | 2011-06-09 | 2012-12-27 | Hitachi Automotive Systems Ltd | 車両制御装置、車両制御システム |
WO2013144962A1 (en) * | 2012-03-29 | 2013-10-03 | Arilou Information Security Technologies Ltd. | Security system and method for protecting a vehicle electronic system |
US20140358394A1 (en) * | 2013-02-15 | 2014-12-04 | Lxtch, Llc | Jolt and Jar Recorder System and Methods of Use Thereof |
US9795521B2 (en) * | 2013-09-23 | 2017-10-24 | Halcore Group, Inc. | Emergency vehicle control application |
US20150264017A1 (en) * | 2014-03-14 | 2015-09-17 | Hyundai Motor Company | Secure vehicle data communications |
US9842444B2 (en) * | 2014-06-11 | 2017-12-12 | Ford Global Technologies, Llc | Phone sleeve vehicle fob |
US10204340B2 (en) * | 2014-12-30 | 2019-02-12 | Paypal, Inc. | Automotive optical communication system |
CN204614051U (zh) * | 2015-04-02 | 2015-09-02 | 中经汇通电子商务有限公司 | 多车辆即时信息管理及处理系统 |
JP6576676B2 (ja) * | 2015-04-24 | 2019-09-18 | クラリオン株式会社 | 情報処理装置、情報処理方法 |
US9946744B2 (en) * | 2016-01-06 | 2018-04-17 | General Motors Llc | Customer vehicle data security method |
-
2016
- 2016-03-11 CN CN201610141465.8A patent/CN107181725A/zh active Pending
-
2017
- 2017-03-10 WO PCT/CN2017/076295 patent/WO2017152875A1/zh active Application Filing
- 2017-03-10 US US16/083,352 patent/US20190026478A1/en not_active Abandoned
- 2017-03-10 EP EP17762561.3A patent/EP3429158A4/en not_active Withdrawn
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN201509315U (zh) * | 2009-08-07 | 2010-06-16 | 赵阳 | 基于第三代移动通信的汽车实时信息系统及车载终端 |
CN104050421A (zh) * | 2013-03-15 | 2014-09-17 | 福特全球技术公司 | 用于安全数据传送许可处理的方法和设备 |
US20150134142A1 (en) * | 2013-11-08 | 2015-05-14 | Gogoro Inc. | Apparatus, method and article for providing vehicle event data |
CN104700469A (zh) * | 2015-04-02 | 2015-06-10 | 广州市通汇科技有限公司 | 多车辆即时信息管理及处理系统及其方法 |
Non-Patent Citations (1)
Title |
---|
See also references of EP3429158A4 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114124401A (zh) * | 2021-11-02 | 2022-03-01 | 佛吉亚歌乐电子(丰城)有限公司 | 一种数据鉴权方法、装置、设备及存储介质 |
CN114124401B (zh) * | 2021-11-02 | 2023-11-17 | 佛吉亚歌乐电子(丰城)有限公司 | 一种数据鉴权方法、装置、设备及存储介质 |
Also Published As
Publication number | Publication date |
---|---|
US20190026478A1 (en) | 2019-01-24 |
CN107181725A (zh) | 2017-09-19 |
EP3429158A4 (en) | 2019-03-13 |
EP3429158A1 (en) | 2019-01-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2017152864A1 (zh) | 车辆安全通信方法、装置、车辆多媒体系统及车辆 | |
US11088997B2 (en) | Secure communication method and apparatus for vehicle, multimedia system for vehicle, and vehicle | |
US11304057B2 (en) | Authorized access to vehicle data | |
WO2017152875A1 (zh) | 车辆安全通信方法、装置、车辆多媒体系统及车辆 | |
US10733817B2 (en) | Security processing method for car sharing service | |
CN112260995B (zh) | 接入认证方法、装置及服务器 | |
CN109246053B (zh) | 一种数据通信方法、装置、设备和存储介质 | |
KR102375777B1 (ko) | 온보드 단말기를 위한 지불 인증 방법, 장치 및 시스템 | |
KR101673310B1 (ko) | 인증서 기반의 차량 보안 접속 제어 방법 및 그를 위한 장치 및 시스템 | |
US8972736B2 (en) | Fully authenticated content transmission from a provider to a recipient device via an intermediary device | |
US20150264017A1 (en) | Secure vehicle data communications | |
CN110235424A (zh) | 用于在通信系统中提供和管理安全信息的设备和方法 | |
CN110149611B (zh) | 一种身份验证方法、设备、系统及计算机可读介质 | |
WO2017206524A1 (zh) | 电子设备控制方法、终端和控制系统 | |
CN113572728B (zh) | 认证物联网设备的方法、装置、设备及介质 | |
CN110519764B (zh) | 一种通信设备的安全验证方法、系统、计算机设备和介质 | |
CN112994873B (zh) | 一种证书申请方法及设备 | |
CN110971574A (zh) | 一种登录车载系统方法、装置、系统和存储介质 | |
CN106789928B (zh) | 基于系统双向认证的解锁方法及装置 | |
US20150220726A1 (en) | Authentication Method, Authentication Apparatus and Authentication Device | |
CN113014592A (zh) | 物联网设备自动注册系统和方法 | |
CN114301967B (zh) | 窄带物联网控制方法、装置及设备 | |
KR102522599B1 (ko) | 위치 기반 양방향 키 교환 프로토콜을 제공하는 전자 장치 및 이의 동작 방법 | |
KR102613703B1 (ko) | 동기식 무선 분산 통신 시스템에서 패킷 신뢰성 보장 방법 및 이를 사용하는 장치 | |
WO2024113939A1 (zh) | 一种数据读取方法及相关装置 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2017762561 Country of ref document: EP |
|
ENP | Entry into the national phase |
Ref document number: 2017762561 Country of ref document: EP Effective date: 20181011 |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 17762561 Country of ref document: EP Kind code of ref document: A1 |