WO2021012078A1 - Can通信方法、设备及系统 - Google Patents

Can通信方法、设备及系统 Download PDF

Info

Publication number
WO2021012078A1
WO2021012078A1 PCT/CN2019/096740 CN2019096740W WO2021012078A1 WO 2021012078 A1 WO2021012078 A1 WO 2021012078A1 CN 2019096740 W CN2019096740 W CN 2019096740W WO 2021012078 A1 WO2021012078 A1 WO 2021012078A1
Authority
WO
WIPO (PCT)
Prior art keywords
ecu
message
master
slave
random number
Prior art date
Application number
PCT/CN2019/096740
Other languages
English (en)
French (fr)
Inventor
沙庆迪
魏卓
杨艳江
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to CN201980054284.3A priority Critical patent/CN112602287B/zh
Priority to PCT/CN2019/096740 priority patent/WO2021012078A1/zh
Publication of WO2021012078A1 publication Critical patent/WO2021012078A1/zh

Links

Images

Classifications

    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60RVEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
    • B60R16/00Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for
    • B60R16/02Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for electric constitutive elements
    • B60R16/023Electric or fluid circuits specially adapted for vehicles and not otherwise provided for; Arrangement of elements of electric or fluid circuits specially adapted for vehicles and not otherwise provided for electric constitutive elements for transmission of signals between vehicle parts or subsystems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords

Definitions

  • This application relates to the field of communication technology, and in particular to a CAN communication method, device and system.
  • a controller area network (CAN) communication system is set up in a variety of devices (such as vehicles, industrial equipment, etc.).
  • the CAN communication system includes a CAN bus and at least two electronic control units connected to the CAN bus. electronic control unit, ECU).
  • the ECU usually sends messages on the CAN bus in a broadcast manner, and all ECUs connected to the CAN bus can receive the broadcast data.
  • the data broadcast by the ECU on the CAN bus may be attacked, causing the data transmitted on the CAN bus to leak or be illegally tampered with, resulting in lower security of CAN communication.
  • the embodiments of the present application provide a CAN communication method, device and system, which improve the security of CAN communication.
  • inventions of the present application provide a CAN communication method, which can be applied to a controller area network CAN communication system.
  • the CAN communication system includes a CAN bus and at least two electronic control units ECU connected to the CAN bus. Any one of the ECUs: the first ECU obtains a first random number, which is sent by the main ECU of at least two ECUs on the CAN bus; the first ECU obtains the first random number corresponding to the first random number A random sequence: the first ECU decrypts the data message received on the CAN bus according to the first random sequence, and/or encrypts the data message sent on the CAN bus.
  • ECUs in the same CAN bus can obtain the same random number, and one random number corresponds to a random sequence.
  • the ECU Before the ECU sends data on the CAN bus, the ECU can first obtain the random sequence corresponding to the random number, encrypt the data according to the random sequence, and send the encrypted data on the CAN bus.
  • the ECU After the ECU receives the data on the CAN bus, the ECU can first obtain the random sequence corresponding to the random number, and decrypt the data according to the random sequence, so as to reduce the possibility of data leakage or illegal tampering of the data transmitted in the CAN bus ( That is, the possibility of eavesdropping attacks is reduced, and the security of CAN communication is improved.
  • the first ECU may obtain the first random number through the following feasible implementations: the first ECU determines the master-slave status of the first ECU, and the master-slave status is used to indicate that the first ECU is the master ECU or Slave ECU; the first ECU obtains the first random number according to the master-slave status of the first ECU.
  • the first ECU may determine the master-slave status of the first ECU through the following feasible implementations: the first ECU sends a master node competition message including the first message identifier on the CAN bus; Receive the master node competition message including the second message identifier from at least two ECUs other than the first ECU on the CAN bus; according to the size of the first message identifier and the second message identifier, according to the schedule Suppose that the sorting rule sorts at least two ECUs; it is determined whether the first ECU after sorting is in the first position, if so, the first ECU is determined to be the master ECU, and if not, the first ECU is determined to be the slave ECU.
  • the first ECU can determine whether it is the master ECU or the slave ECU according to the message identifiers included in the messages sent by each ECU. Since the message identifiers included in the messages sent by different ECUs are different, the above In this way, a unique main ECU can be determined among at least two ECUs according to the message identification.
  • the first ECU after the first ECU is determined to be the master ECU, when the first ECU determines that the life cycle is over, the first ECU sends a master node rotation notification message, and the master node rotation notification message is used to instruct the first ECU
  • the master-slave state of the first ECU is switched to the slave ECU, and the master-slave state of the next ECU of the first ECU is switched to the master ECU.
  • the main ECU can be switched, reducing the probability of the main ECU being attacked, and reducing the communication security problems caused by the main ECU doing evil.
  • the first ECU after the first ECU is determined to be the master ECU, the first ECU sends a first message, and the master-slave state of the first ECU included in the first message is the master state, and the The ring establishment status is the valid state; when the first ECU is determined to be the slave ECU, after the first ECU receives the second message sent by the second ECU, the ring establishment status of the second ECU is valid, the first ECU Send a third message.
  • the third message includes the master-slave status of the first ECU as the slave status, the ring-building status of the first ECU as the active status, and the second ECU is the ECU before the first ECU after sorting.
  • the ring establishment status of an EUC is a valid state for indicating that the ring establishment status included in the message sent by the ECU before the first ECU is all valid.
  • the first ECU broadcasts the message to carry its master-slave status and the ring establishment status in the broadcast message, so that the CAN communication system can be ECU can learn the master-slave status of other ECUs.
  • the first ECU when the first ECU is determined to be the master ECU, when the first ECU determines that the ring establishment status in the messages sent by at least two ECUs is valid, the first ECU generates the first random number. When the first ECU is determined to be the slave ECU, the first ECU receives the first random number sent by the master ECU.
  • the main ECU generates the first random number, and sends the first random number to other ECUs in the CAN communication system, so that the ECUs in the communication system obtain the same first random number at the same time.
  • the first ECU after the first ECU generates the first random number, the first ECU sends a fourth message, and the state of the fourth message including the first random number and the first random number is the update state;
  • An ECU receives a fifth message sent by at least two ECUs other than the first ECU, and the status of the fifth message including the first random number and the first random number is the update state;
  • the first ECU determines After at least two ECUs other than the first ECU send the fifth message, the first ECU sends the sixth message, and the state of the sixth message including the first random number and the first random number is maintained Status, the hold status is used to indicate that the first random number is valid.
  • the first ECU when the first ECU is the master ECU, after the first ECU broadcasts the first random number, after the first ECU receives the fifth messages sent by all other ECUs, the first ECU broadcasts the sixth message,
  • the holding state in the sixth message indicates that the first random number is valid. That is, when it is determined that each ECU in the CAN communication system receives the first random number, the first random number is validated. In this way, the first random number used by all ECUs in the CAN communication system at the same time can be made The same, so that each ECU can perform correct encryption and decryption.
  • the first ECU if the first ECU does not receive the second message sent by the second ECU within the first preset time period, or the message sent by the second ECU received by the first ECU includes When the ring establishment status of is an invalid state, the first ECU sends a seventh message and updates at least two ECUs, and the ring establishment status included in the seventh message is an invalid state.
  • the first ECU does not receive the second message sent by the second ECU within the first preset time period, or the ring establishment status included in the message sent by the second ECU received by the first ECU When it is in an invalid state, it means that there is an ECU out-of-line failure in the CAN communication system, and the ECU in the CAN communication system is updated and the loop is rebuilt.
  • the first ECU may encrypt the data message sent on the CAN bus according to the first random sequence through the following feasible implementers: the first ECU determines the first count value; the first ECU Determine the first checksum according to the first application data to be sent, the first count value, and the first random number; the first ECU performs the first application data, the first count value, and the first checksum through the first random sequence Encryption processing, get the data message to be sent, and send the data message to be sent.
  • the first application data is encrypted using the first count value and the first random number, so that the determined data message to be sent has higher security.
  • the first ECU after the first ECU decrypts the data message received on the CAN bus according to the first random sequence, the first ECU obtains the second count value and the first count value in the received data message. Two application data and the second checksum; after the first ECU verifies that the second count value is correct, the first ECU determines the third checksum according to the second count value, the second application data and the first random number; in the first When the ECU determines that the third checksum is the same as the second checksum, it determines that the received data message is correct.
  • the correctness of the received application data is verified through the count value and the checksum. In this way, injection attacks, retransmission attacks, etc. can be effectively prevented, and the security of communication is further improved.
  • the embodiments of the present application provide a CAN communication system, including a controller area network CAN bus and at least two electronic control units ECU connected to the CAN bus.
  • ECU the first ECU is used for:
  • the data message received on the CAN bus is decrypted, and/or the data message sent on the CAN bus is encrypted.
  • the first ECU is specifically used for:
  • the first random number is obtained according to the master-slave status of the first ECU.
  • the first ECU is specifically used for:
  • a master node competition message including a second message identifier sent by other ECUs among the at least two ECUs except the first ECU;
  • the first ECU is further used to:
  • the first ECU determines that the life cycle is over, it sends a master node rotation notification message.
  • the master node rotation notification message is used to instruct the master-slave status of the first ECU to switch to the slave ECU, and the slave of the first ECU The master-slave state of an ECU is switched to the master ECU.
  • the first ECU is further configured to send a first message, and the first message included in the first message
  • the master-slave state is the master state
  • the ring-building state of the first ECU is the effective state
  • the first ECU After it is determined that the first ECU is a slave ECU, after the first ECU receives the second message sent by the second ECU that the ring establishment status of the second ECU included in the second message is valid, the first The ECU is also used to send a third message, the master-slave state of the first ECU included in the third message is the slave state, the ring-building state of the first ECU is the active state, and the second ECU is The sequenced ECU before the first ECU, and the ring establishment status of the first EUC is a valid state for indicating that the ring establishment states included in the message sent by the ECU before the first ECU are all valid states .
  • the first ECU when it is determined that the first ECU is the master ECU, the first ECU is specifically configured to: when the first ECU determines the information in the messages sent by the at least two ECUs When the ring states are all valid, generating the first random number;
  • the first ECU is specifically configured to: receive the first random number sent by the master ECU.
  • the first ECU is further configured to:
  • the first ECU After the first ECU determines that all of the at least two ECUs except the first ECU have sent the fifth message, it sends a sixth message, the sixth message including all
  • the state of the first random number and the first random number is a holding state, and the holding state is used to indicate that the first random number is valid.
  • the first ECU is also used for:
  • a seventh message is sent and the at least two ECUs are updated, and the ring establishment state included in the seventh message is an invalid state.
  • the first ECU is specifically used for:
  • the first ECU after the first ECU decrypts the data message received on the CAN bus according to the first random sequence, the first ECU is further configured to:
  • the first ECU After verifying that the second count value is correct, the first ECU determines a third checksum according to the second count value, the second application data, and the first random number;
  • an embodiment of the present application provides an ECU.
  • the ECU is a first ECU.
  • the first ECU includes a processor, a transceiver, a controller, and a memory.
  • the memory stores a computer program.
  • the device is used to read and execute the computer program in the memory, where:
  • the processor is configured to obtain a first random number, the first random number being sent by the main ECU in the CAN communication system of the controller area network where the first ECU is located on the CAN bus in the CAN communication system;
  • the processor is further configured to obtain a first random sequence corresponding to the first random number
  • the controller is configured to control the transceiver to receive data on the CAN bus, and/or to control the transceiver to send data on the CAN bus;
  • the processor is further configured to decrypt data messages received by the transceiver on the CAN bus according to the first random sequence, and/or perform decryption processing on the data messages sent by the transceiver on the CAN bus.
  • the data message is encrypted.
  • the processor is specifically configured to:
  • the first random number is obtained according to the master-slave status of the first ECU.
  • the processor is specifically configured to:
  • a master node competition message including a second message identifier sent by other ECUs among the at least two ECUs except the first ECU;
  • the transceiver is specifically used for:
  • the master node rotation notification message is used to indicate the master-slave status of the first ECU Switch to the slave ECU, and the master-slave state of the next ECU of the first ECU is switched to the master ECU.
  • the transceiver is further configured to send a first message when the processor determines that the first ECU is the master ECU, and the first message included in the first message
  • the master-slave state of the first ECU is the master state, and the ring-building state of the first ECU is the active state;
  • the transceiver is further configured to: when the processor determines that the first ECU is a slave ECU, when the first ECU receives the second ECU included in the second message sent by the second ECU After the ring establishment status is in the valid state, a third message is sent.
  • the third message includes the master-slave status of the first ECU as the slave state, and the ring establishment status of the first ECU as the valid state.
  • the second ECU is the previous ECU of the first ECU, and the ring establishment status of the first EUC is valid to indicate that the ring establishment states included in the message sent by the ECU before the first ECU are all valid status.
  • the processor is specifically configured to: when the processor determines that the first ECU is the master ECU, the first ECU determines that the message sent by the at least two ECUs Generate the first random number when all the ring establishment statuses in are valid;
  • the transceiver is specifically configured to receive the first random number sent by the master ECU when the processor determines that the first ECU is a slave ECU.
  • the transceiver is further configured to, after the processor generates the first random number, send a fourth message, the fourth message including the first random number
  • the status of the number and the first random number is an update status
  • the transceiver is further configured to receive a fifth message sent by another ECU of the at least two ECUs except the first ECU, where the fifth message includes the first random number and the The state of the first random number is an update state;
  • the transceiver is further configured to send a sixth message after the processor determines that other ECUs of the at least two ECUs except the first ECU send the fifth message, and
  • the state including the first random number and the first random number in the sixth message is a holding state, and the holding state is used to indicate that the first random number is valid.
  • the transceiver is further configured to: the transceiver does not receive the second message sent by the second ECU within a first preset time period, or the transceiver When the ring establishment status included in the message sent by the second ECU received by the transceiver is in an invalid state, a seventh message is sent and the at least two ECUs are updated. The ring establishment status included in the seventh message is The status is invalid.
  • the processor is specifically configured to:
  • the processor is further configured to:
  • the first ECU After verifying that the second count value is correct, the first ECU determines a third checksum according to the second count value, the second application data, and the first random number;
  • the processor determines that the third checksum is the same as the second checksum, it is determined that the received data message is correct.
  • an embodiment of the present application provides a CAN communication device, which is applied to a first ECU in a CAN communication system of a controller area network.
  • the CAN communication system includes a CAN bus and at least two electronic controls connected to the CAN bus.
  • the unit ECU, the first ECU is any one of the at least two ECUs, and the device includes a processing module and a transceiver module, wherein,
  • the processing module is configured to obtain a first random number, where the first ECU is any one of the at least two ECUs, and the first random number is the location of the main ECU of the at least two ECUs. Sent on the CAN bus;
  • the processing module is further configured to obtain a first random sequence corresponding to the first random number
  • the processing module is further configured to decrypt data messages received by the transceiver module on the CAN bus according to the first random sequence, and/or perform decryption processing on the data messages sent by the transceiver module on the CAN bus.
  • the data message is encrypted.
  • the processing module is specifically configured to:
  • the first random number is obtained according to the master-slave status of the first ECU.
  • the transceiver module is further configured to send a master node competition message including the first message identifier on the CAN bus;
  • the transceiver module is further configured to receive, on the CAN bus, a master node competition message including a second message identifier sent by another ECU of the at least two ECUs except the first ECU;
  • the processing module is further configured to sort the at least two ECUs according to a preset sorting rule according to the sizes of the first message identifier and the second message identifier;
  • the processing module is also used to determine whether the sorted first ECU is in the first position, if so, determine that the first ECU is the master ECU, and if not, determine that the first ECU is the slave ECU.
  • the transceiver module is further configured to send a master node rotation notification after the processing module determines that the first ECU is the master ECU, and when the first ECU determines that the life cycle is over Message, the master node rotation notification message is used to instruct the master-slave state of the first ECU to switch to the slave ECU, and the master-slave state of the next ECU of the first ECU to switch to the master ECU.
  • the transceiving module is further configured to send a first message when the processing module determines that the first ECU is the master ECU.
  • the master-slave state of the first ECU is the master state, and the ring-building state of the first ECU is the active state;
  • the transceiving module is further configured to: when the determining module determines that the first ECU is a slave ECU, when the transceiving module receives a second message sent by the second ECU, the configuration of the second ECU included After the ring state is in the valid state, a third message is sent.
  • the third message includes that the master-slave state of the first ECU is the slave state, and the ring-building state of the first ECU is the valid state.
  • the second ECU is the previous ECU of the first ECU after sorting, and the ring establishment status of the first EUC is a valid state for indicating that the ring establishment status included in the message sent by the ECU before the first ECU is all Is valid.
  • the processing module is configured to: when the processing module determines that the first ECU is the master ECU, the first ECU determines the message sent by the at least two ECUs Generate the first random number when all the ring establishment statuses in are valid;
  • the transceiver module is further configured to receive the first random number sent by the master ECU when the processing module determines that the first ECU is a slave ECU.
  • the transceiver module is further configured to send a fourth packet after the processing module generates the first random number, and the fourth packet includes the first random number.
  • the status of the number and the first random number is an update status
  • the transceiver module is further configured to receive a fifth message sent by another ECU of the at least two ECUs except the first ECU, where the fifth message includes the first random number and the The state of the first random number is an update state;
  • the transceiver module is further configured to send a sixth message after the processing module determines that all of the at least two ECUs except the first ECU send the fifth message,
  • the state including the first random number and the first random number in the sixth message is a holding state, and the holding state is used to indicate that the first random number is valid.
  • the transceiver module is further used for:
  • the transceiver module does not receive the second message sent by the second ECU within the first preset time period, or the message sent by the second ECU received by the transceiver module includes When the ring establishment state is an invalid state, a seventh message is sent and the at least two ECUs are updated, and the ring establishment state included in the seventh message is an invalid state.
  • the processing module is specifically configured to:
  • the processing module is further configured to:
  • the processing module decrypts the data message received on the CAN bus according to the first random sequence, obtains the second count value, the second application data, and the second check in the received data message with;
  • the first ECU determines a third checksum according to the second count value, the second application data, and the first random number;
  • the first ECU determines that the third checksum is the same as the second checksum, it is determined that the received data message is correct.
  • the present application provides a storage medium, where the storage medium is used to store a computer program, and the computer program is used to implement the CAN communication method described in any one of the first aspect.
  • an embodiment of the present application also provides a chip or integrated circuit, including: a memory and a processor;
  • the memory is used for storing program instructions and sometimes also used for storing intermediate data
  • the processor is configured to call the program instructions stored in the memory to implement the CAN communication method according to any one of the first aspect.
  • an embodiment of the present application further provides a program product, the program product includes a computer program, the computer program is stored in a storage medium, and the computer program is used to implement the CAN of any one of the first Communication method.
  • ECUs in the same CAN bus can obtain the same random number, and one random number corresponds to one random sequence.
  • the ECU Before the ECU sends data on the CAN bus, the ECU can first obtain the random sequence corresponding to the random number, encrypt the data according to the random sequence, and send the encrypted data on the CAN bus.
  • the ECU After the ECU receives the data on the CAN bus, the ECU can first obtain the random sequence corresponding to the random number, and decrypt the data according to the random sequence, so as to reduce the possibility of data leakage or illegal tampering of the data transmitted in the CAN bus ( That is, the possibility of eavesdropping attacks is reduced, and the security of CAN communication is improved.
  • FIG. 1A is an architecture diagram of a CAN communication system provided by an embodiment of this application.
  • FIG. 1B is an architecture diagram of another CAN communication system provided by an embodiment of the application.
  • FIG. 1C is an architecture diagram of another CAN communication system provided by an embodiment of this application.
  • FIG. 2A is a schematic structural diagram of an ECU provided by an embodiment of the application.
  • FIG. 2B is a schematic diagram of another ECU structure provided by an embodiment of the application.
  • FIG. 2C is a schematic diagram of the structure of a car machine provided by an embodiment of the application.
  • FIG. 2D is a schematic structural diagram of another vehicle machine provided by an embodiment of the application.
  • 2E is a schematic structural diagram of a gateway provided by an embodiment of this application.
  • 2F is a schematic structural diagram of another gateway provided by an embodiment of this application.
  • FIG. 3 is a schematic flowchart of a method for determining a main ECU provided by an embodiment of the application
  • FIG. 4 is a schematic diagram of a process of determining a master node according to an embodiment of the application
  • FIG. 5 is a schematic flowchart of a CAN communication method provided by an embodiment of the application.
  • FIG. 6 is a schematic diagram of the structure of a CAN message provided by an embodiment of the application.
  • FIG. 7 is a schematic flowchart of another CAN communication method provided by an embodiment of the application.
  • FIG. 8 is a schematic structural diagram of a CAN communication device provided by an embodiment of the application.
  • the method shown in the embodiment of the present application can be applied to a CAN communication system.
  • the CAN communication system is introduced below.
  • FIG. 1A is an architecture diagram of a CAN communication system provided by an embodiment of the application.
  • the CAN communication system includes a CAN bus and at least two ECUs connected to the CAN bus (for example, ECU1, ECU2, ECU3, and ECU4 shown in FIG. 1A).
  • the at least two ECUs can broadcast data on the CAN bus, and each ECU connected to the CAN bus can receive the data broadcast on the CAN bus.
  • the CAN communication system shown in the embodiments of the present application can be applied to equipment such as vehicles, industrial equipment, and artificial intelligence equipment.
  • equipment such as vehicles, industrial equipment, and artificial intelligence equipment.
  • the CAN communication system is further explained by taking the CAN communication system applied to the vehicle as an example.
  • the CAN communication system When the CAN communication system is applied to a vehicle, the CAN communication system may also include equipment such as vehicles and gateways. Hereinafter, the CAN communication system will be described in conjunction with FIG. 1B-1D.
  • FIG. 1B is an architecture diagram of another CAN communication system provided by an embodiment of the application.
  • the CAN communication system includes a CAN bus, at least two ECUs connected to the CAN bus, and a vehicle connected to the CAN bus.
  • the car machine refers to a device with a large memory and a strong computing capability in the vehicle.
  • the car machine can be a central large-screen device in the vehicle. Both ECU and vehicle can broadcast data on the CAN bus, and both ECU and vehicle can receive broadcast data on the CAN bus.
  • FIG. 1C is an architecture diagram of another CAN communication system provided by an embodiment of the application.
  • the CAN communication system includes CAN bus 1, CAN bus 2, at least two ECUs, vehicles and gateways. Among them, at least two ECUs are connected to CAN bus 1, the vehicle is connected to CAN bus 2, and CAN bus 1 And CAN bus 2 are respectively connected to the gateway.
  • the gateway can be a relay device set in the vehicle.
  • the gateway can forward data on different CAN buses.
  • the data in CAN bus 1 can be sent to CAN bus 2 through the gateway, and the data in CAN bus 2 can also pass through
  • the gateway sends to CAN bus 1.
  • the gateway may also communicate with the cloud server.
  • the gateway may send data to the cloud server, and the gateway may also receive data from the cloud server.
  • the ECU may include a processor, a memory, a controller (can also be referred to as a CAN controller), and a transceiver.
  • the transceiver includes a receiver and/or a transmitter.
  • the processor can be connected to the controller and the memory respectively, and the controller is also connected to the memory and the transceiver respectively.
  • the memory can store application data, computer programs and other data.
  • the memory is usually small. For example, the size of the memory is usually 10K-10M bytes.
  • the memory of the MC9SXS128 chip of nxp is 64k, and the memory of the Infineon chip TC277. It is 4M.
  • a processor refers to a device with computing capabilities.
  • the processor can be a Microcontroller Unit (MCU), a Central Processing Unit (CPU), etc.
  • the processor can read and execute computer programs from the memory , And process the application data in the memory.
  • the controller can control the receiver to receive data on the CAN bus, and receive the data received on the CAN bus sent by the receiver, and store the received data in the memory or send it to the processor.
  • the controller can also obtain data from the processor or memory, and control the transmitter to send the data on the CAN bus.
  • the controller may be arranged inside the processor or outside the processor.
  • the memory can be set inside the processor or outside the memory.
  • Fig. 2A is a schematic structural diagram of an ECU provided by an embodiment of the application.
  • the memory and the controller are arranged inside the processor, and the processor also includes other components (such as processing components, etc.). Within the processing, the memory, the controller, and other components can communicate with each other.
  • the controller is connected to the transceiver.
  • Fig. 2B is a schematic structural diagram of another ECU provided by an embodiment of the application.
  • the memory and the controller are arranged outside the processor, the processor is connected to the controller and the memory respectively, and the controller is also connected to the memory and the transceiver respectively.
  • FIGS. 2A-2B are only illustrative of the structure of the ECU, and are not intended to limit the structure of the ECU.
  • one of the memory and the controller is arranged inside the processor, or the ECU includes two memories, one memory is arranged inside the processor, and the other memory is arranged outside the processor.
  • the vehicle may include a processor, a memory, a controller (can also be referred to as a CAN controller), and a transceiver.
  • the transceiver includes a receiver and/or a transmitter.
  • the processor can be connected to the controller and the memory respectively, and the controller is also connected to the memory and the transceiver respectively.
  • the memory may store application data, computer programs and other data, and the storage space of the memory is usually large.
  • the storage space of the memory is usually tens of G or hundreds of G, for example, the memory of the car machine may be 128G.
  • a processor refers to a device with computing capabilities.
  • the processor can be a Microcontroller Unit (MCU), a Central Processing Unit (CPU), etc.
  • the processor can read and execute computer programs from the memory , And process the application data in the memory.
  • the controller can control the receiver to receive data on the CAN bus, and receive the data received on the CAN bus sent by the receiver, and store the received data in the memory or send it to the processor.
  • the controller can also obtain data from the processor or memory, and control the transmitter to send the data on the CAN bus.
  • the controller may be arranged inside the processor or outside the processor.
  • the memory can be set inside the processor or outside the memory.
  • FIG. 2C is a schematic diagram of the structure of a car machine provided by an embodiment of the application.
  • the controller is arranged inside the processor, and the processor also includes other components (such as processing components, etc.). Within the processing, the controller and other components can communicate with each other. Other components in the processor are connected to the memory, and the controller is also connected to the memory and the transceiver respectively.
  • Fig. 2D is a schematic structural diagram of another vehicle machine provided by an embodiment of the application.
  • the memory and the controller are arranged outside the processor, the processor is connected to the controller and the memory, and the controller is also connected to the memory and the transceiver respectively.
  • FIGS. 2C to 2D are only illustrative of the structure of the car and machine, and are not limited to the structure of the car and machine.
  • both the memory and the controller are arranged inside the processor, or the car machine includes two memories, one memory is arranged inside the processor, and the other memory is arranged outside the processor.
  • the gateway may include a processor, a memory, a controller (can also be referred to as a CAN controller), and a transceiver.
  • the transceiver includes a receiver and/or a transmitter.
  • the processor can be connected to the controller and the memory respectively, and the controller is also connected to the memory and the transceiver respectively.
  • the memory may store application data, computer programs and other data, and the storage space of the memory is usually large. For example, the storage space of the memory is usually tens of G or hundreds of G, for example, the memory of the gateway may be 128G.
  • a processor refers to a device with computing capabilities.
  • the processor can be a Microcontroller Unit (MCU), a Central Processing Unit (CPU), etc.
  • the processor can read and execute computer programs from the memory , And process the application data in the memory.
  • the controller can control the receiver to receive data on the CAN bus, and receive the data received on the CAN bus sent by the receiver, and store the received data in the memory or send it to the processor.
  • the controller can also obtain data from the processor or memory, and control the transmitter to send the data on the CAN bus.
  • the controller may be arranged inside the processor or outside the processor.
  • the memory can be set inside the processor or outside the memory.
  • FIG. 2E is a schematic structural diagram of a gateway provided by an embodiment of this application.
  • the controller is arranged inside the processor, and the processor also includes other components (for example, processing components, etc.). Within the processing, the controller and other components can communicate with each other. Other components in the processor are connected to the memory, and the controller is also connected to the memory and the transceiver respectively.
  • FIG. 2F is a schematic structural diagram of another gateway provided by an embodiment of the application.
  • the memory and the controller are arranged outside the processor, the processor is connected to the controller and the memory respectively, and the controller is also connected to the memory and the transceiver respectively.
  • FIGS. 2E to 2F only illustrate the structure of the gateway in the form of examples, and do not limit the structure of the gateway.
  • both the memory and the controller are arranged inside the processor, or the gateway includes two memories, one memory is arranged inside the processor, and the other memory is arranged outside the processor.
  • Random sequence The sequence is obtained after sorting N integers between 0 and N-1 (or 1 to N).
  • N is usually equal to 8*L
  • L is the number of bytes of the data (CAN message) sent by the ECU.
  • the number of bytes of the CAN message sent by the ECU is usually fixed.
  • the complete set of random sequences includes the sequence of N integers arranged in all permutations, that is, the complete set of random sequences can include A random sequence.
  • Random sequence subset refers to a part of the complete set of random sequences.
  • Random number A random sequence corresponds to a random number, and the random number can be an integer between 0 and N-1 (or 1 to N). For example, assuming that N is 64, the correspondence between random numbers and random sequences can be as shown in Table 1:
  • the way of encrypting the data to be sent through the random sequence can be as follows: According to the random sequence, the data on different bits in the data to be sent are exchanged. For example, assuming that the data to be sent is 8 bytes (64 bits), if it is encrypted according to the random sequence corresponding to the random number 1, the data on the first and second bits of the data to be sent can be exchanged. , In order to obtain the encrypted data; if the encryption is performed according to the random sequence corresponding to the random number 2, the data of the first and third bits of the data to be sent can be exchanged to obtain the encrypted data.
  • the process of decrypting the received data according to the random sequence is the reverse process of encrypting the data to be sent according to the random sequence, which will not be repeated here.
  • the ECU when the memory of the ECU is large, the ECU can store the complete set of random sequences.
  • the ECU can store the random sequence subset and the random number corresponding to each random sequence in the random sequence subset.
  • the random sequence subset stored in all ECUs connected to the same CAN bus is the same, and the ECU stores The random sequence subset of can periodically update its stored random sequence subset.
  • the CAN communication system when the CAN communication system architecture is shown in Figure 1A, when leaving the factory, a subset of random sequences can be stored in each ECU, if each ECU can be connected to a cloud server through a gateway , The full set of random sequences can be stored in the cloud server. When a subset of random sequences in the ECU needs to be updated, a part of the full set of random sequences in the cloud server can be updated to the ECU.
  • the architecture of the CAN communication system is shown in Figure 1B, the complete set of random sequences can be stored in the vehicle.
  • the complete set of random sequences can be stored in the vehicle or cloud server.
  • the complete set of random sequences can be stored in the vehicle through the gateway and CAN bus.
  • Part of the complete set of random sequences is updated to ECU.
  • the complete set of random sequences is stored in the cloud server, a part of the complete set of random sequences in the vehicle can be updated to the ECU through the gateway and CAN bus.
  • a main ECU can be determined among at least two ECUs in the CAN communication system, and the main ECU can broadcast a random number on the CAN bus, so that all ECUs in the CAN communication system use the random number to correspond Encrypt the data to be sent with the random sequence of, and use the random sequence corresponding to the random number to decrypt the received data.
  • FIG. 3 is a schematic flowchart of a method for determining a main ECU provided by an embodiment of the application. See Figure 3. The method can include:
  • Each ECU in the CAN communication system sends a competition message on the CAN bus.
  • S301 may be executed when the main ECU needs to be determined. For example, execute S301 after the CAN communication system is powered on, or execute S301 when the main ECU needs to be re-determined (for example, there is an ECU failure in the CAN communication system or an ECU is newly added).
  • the ECU in the CAN communication system refers to the ECU connected to the same CAN bus.
  • the contention message may include message identification, master-slave status, and ring establishment status.
  • the master-slave state in the competition message is the slave ECU state, and the ring establishment state in the competition message is the invalid state.
  • the master-slave state is used to indicate that the ECU is the master ECU or the slave ECU.
  • the ECU's master-slave state is the master state
  • the ECU is the master ECU
  • the ECU's master-slave state is the slave state
  • the ECU is the slave ECU.
  • the message identifiers included in the same type of messages sent by the ECU are the same.
  • all messages (such as competition messages, first messages, etc.) sent by an ECU used to compete for the master node carry the same message identifier, and all the first application data messages sent by an ECU carry The message IDs are the same.
  • the message identifiers included in the same type of messages sent by different ECUs are different.
  • the message identifiers included in the competing messages sent by different ECUs are different.
  • the ECU sending data on the CAN bus means that the ECU broadcasts data on the CAN bus.
  • Each ECU in the CAN communication system receives a competition message on the CAN bus, and determines the master-slave state of each ECU according to the received competition message.
  • the ECU may obtain a competition message received within a preset time period, and determine its own master-slave status based on the competition message received within the preset time period.
  • the preset time period may be a preset time period after the CAN communication system is powered on, for example, the preset time period may be within 5 seconds, 10 seconds, etc. after the CAN communication system is powered on.
  • the ECU can sort each ECU according to the preset sorting rules according to the size order of the message identifiers in the competition messages received within a preset time period, and
  • the first ECU is determined as the master ECU
  • the non-first ECU is determined as the slave ECU.
  • the first ECU after sorting is called the master ECU
  • the second ECU is called the first slave ECU
  • the third ECU is called the second slave ECU, and so on.
  • the master ECU sends a first message on the CAN bus, and the master-slave state included in the first message is the master state, and the ring establishment state is the valid state.
  • the first message also includes a message identifier.
  • the message identifier included in the first message is the same as the message identifier included in the competition message sent by the main ECU.
  • the first message may also include a random number x, and the state of the random number is a hold state.
  • the random number x is set in the ECU when the CAN communication system is shipped from the factory, and can also be set in the ECU when the CAN communication system was run last time.
  • the state of the random number as the holding state is used to indicate that the random number x is available, that is, the random number x can be used for encryption and/or decryption processing.
  • the main state included in the first message is used to indicate that the ECU that sends the first message is the main ECU, and the ring establishment state is valid state is used to indicate that the main ECU can perform normal communication.
  • the first slave ECU After the first slave ECU receives the first message sent by the master ECU on the CAN bus, the first slave ECU sends a second message on the CAN bus, and the master-slave state included in the second message is the slave state , The ring-building status is valid.
  • the second message also includes a message identifier.
  • the message identifier included in the second message is the same as the message identifier included in the competition message sent by the first slave ECU.
  • the second message may also include a random number x, and the state of the random number is a hold state.
  • the random number x is set in the ECU when the CAN communication system is shipped from the factory, and can also be set in the ECU when the CAN communication system was run last time.
  • the state of the random number as the holding state is used to indicate that the random number x is available, that is, the random number x can be used for encryption and/or decryption processing.
  • the first slave ECU is the next ECU after the master ECU sorted according to a preset sorting rule.
  • the first slave ECU may determine that the ring establishment state in the first message sent by the master ECU is a valid state, and the first message includes the master-slave state (master state) and the first slave ECU determined in S302 When the obtained master-slave status of the master ECU is the same, the first slave ECU sends the second message.
  • the slave status in the second message is used to indicate that the ECU sending the second message is the slave ECU.
  • the ring establishment status in the second message is valid to indicate that the first slave ECU and the ECUs (the master ECU and the first slave ECU) before the first slave ECU can communicate normally, and the master ECU sends The master-slave status included in the first message is correct.
  • the ECU can identify the ECU that sent the message according to the message identifier in the message.
  • the second slave ECU After the second slave ECU receives the second message on the CAN bus, the second slave ECU sends a third message on the CAN bus, and the master-slave state included in the third message is the slave state and the ring establishment state Is valid.
  • the third message also includes a message identifier.
  • the message identifier included in the third message is the same as the message identifier included in the competition message sent by the second slave ECU.
  • the third message may also include a random number x, and the state of the random number is a hold state.
  • the random number x is set in the ECU when the CAN communication system is shipped from the factory, and can also be set in the ECU when the CAN communication system was run last time.
  • the state of the random number as the holding state is used to indicate that the random number x is available, that is, the random number x can be used for encryption and/or decryption processing.
  • the second slave ECU is an ECU after the first slave ECU sorted according to a preset sorting rule.
  • the second slave ECU determines that the ring establishment status in the second message is valid, and the master-slave status (slave status) included in the second message is determined by the second slave ECU in S302
  • the second slave ECU sends the above second message.
  • the slave status in the third message is used to indicate that the ECU sending the third message is the slave ECU.
  • the ring establishment status in the third message is valid to indicate that the second slave ECU and the ECUs before the second slave ECU (the master ECU, the first slave ECU, and the second slave ECU) can communicate normally.
  • the master-slave status included in the second message is correct.
  • slave nodes also execute steps similar to S305, until the last slave node executes the steps similar to S305, and the master ECU receives the message sent by the last slave node. After the master ECU receives the last message sent from the ECU on the CAN bus, the identity of the master ECU takes effect.
  • the master-slave state included in the last message sent by the slave ECU sorted according to the preset rule is the slave state
  • the ring establishment state is the valid state
  • the master ECU After the master ECU receives the last message sent by the slave ECU, it indicates that all ECUs in the CAN communication system can communicate normally, and the master-slave states of all ECUs in the CAN communication system are correct.
  • the master ECU and the slave ECU can periodically repeat S303-S305.
  • a new ECU may be added to the CAN communication system, and the message identifier in the message sent by the new ECU is a new message identifier. In this case, it can also be executed again S301-S305 to realize the reconfirmation of the master node.
  • the main ECU can update the random number.
  • S306-S309 the process of updating the random number by the main ECU will be described in detail.
  • the first random number is a random number corresponding to any random sequence in the random sequence subset stored in the main ECU.
  • S307 The main ECU sends a fourth message on the CAN bus, and the state including the first random number and the first random number in the fourth message is an update state.
  • the fourth message may also include a message identifier.
  • the state of the first random number is the update state, it indicates that the first random number is currently being updated (not updated), that is, the first random number cannot be used for encryption processing and/or decryption processing.
  • the slave ECU After receiving the fourth message, the slave ECU sends a fifth message on the CAN bus.
  • the state of the fifth message including the first random number and the first random number is an update state.
  • the fourth message may also include the master-slave status as the master status, and the ring establishment status as the valid status.
  • the slave ECU may send the fifth message after receiving the fourth message or the fifth message sent by the previous ECU, for example, the first slave ECU receives the fourth message sent by the master node After that, the fifth message is sent. After the second slave ECU receives the fifth message sent by the first slave ECU, the fifth message is sent, and so on.
  • the master ECU determines that the random numbers of all the slave ECUs are updated to the first random number
  • the master ECU sends a sixth message on the CAN bus.
  • the sixth message includes the first random number and the first random number.
  • the state is the hold state, and the hold state is used to indicate that the first random number is valid.
  • the slave ECU After receiving the sixth message from the ECU, the slave ECU starts to encrypt and/or decrypt the data using the first random number.
  • the master ECU may resend the sixth message multiple times.
  • the ECU when the ECU sends the messages (competition message, the first message, the second message,..., the sixth message) involved in the embodiment in FIG. 3, it can use the random number pair before the update.
  • the message is encrypted, and the encryption process is similar to the encryption process shown in the embodiment of FIG. 5, and details are not described herein again.
  • the message sent by the ECU itself will carry the message identifier. Therefore, through the above method, the competition and random number of the main ECU can be realized without adding additional information to the message. Update, saving signaling overhead.
  • the main ECU can be updated during the CAN communication.
  • the main ECU can be updated through the following feasible implementation methods: after the current main ECU serves as the main ECU for a preset time period, the next ECU of the main ECU sorted according to the preset rules can be used as the main ECU .
  • the current main ECU can send a notification message on the CAN bus to indicate the next ECU to be the main ECU.
  • Fig. 4 is a schematic diagram of a process of determining a master node provided by an embodiment of the application. Refer to Figure 4, assuming that the CAN communication system includes ECU1, ECU2 and ECU3.
  • ECU1 After the CAN communication system is powered on, in the first cycle T1, ECU1 broadcasts the competition message 1 on the CAN bus.
  • the message identification in the competition message 1 is 0x501
  • the master-slave state is the slave state
  • the ring-building state is Invalid state.
  • ECU2 broadcasts competition message 2 on the CAN bus.
  • the message identification in competition message 2 is 0x502
  • the master-slave state is the slave state
  • the ring-building state is the invalid state.
  • the ECU3 broadcasts the competition message 3 on the CAN bus.
  • the message identifier included in the competition message 3 is 0x503, the master-slave state is the slave state, and the ring establishment state is the invalid state.
  • ECU1, ECU2 and ECU3 can all obtain competition message 1, competition message 2 and competition message 3 on the CAN bus.
  • ECU1, ECU2 and ECU3 can respectively sort the ECUs according to the message identification included in the competition message , ECUs after sorting are: ECU1, ECU2 and ECU3. Sort the message identifiers in the three competition messages. Since the message identifier in the competition message 1 is the smallest, it is determined that ECU1 is the master ECU, and ECU2 and ECU3 are the slave ECUs.
  • ECU1 main ECU
  • the message included in the first message is identified as 0x501
  • the master-slave state is the master state
  • the ring-building state is the valid state.
  • ECU2 After ECU2 receives the first message sent by ECU1, ECU2 sends the second message in the third cycle T3, the message included in the second message is identified as 0x502, the master-slave state is the slave state, and the ring establishment state Is valid.
  • ECU3 After ECU3 receives the second message sent by ECU2, ECU3 sends the third message in the fourth cycle T4.
  • the message identifier included in the third message is 0x503
  • the master-slave state is the slave state
  • the ring establishment state Is valid.
  • ECU1 After ECU1 receives the second message sent by ECU3, the main ECU identity of ECU1 takes effect, and ECU1 can update the random number. After ECU1 receives the second message sent by ECU3, ECU1 sends the first message in the fifth cycle T5.
  • the message identifier included in the first message is 0x501, the master-slave state is the master state, and the ring-building state is Effective state. And so on.
  • ECU1 Assuming that after ECU1 receives the second message sent by ECU3, ECU1 updates the random number to the first random number, then ECU1 sends a fourth message on the CAN bus, and the message identifier included in the fourth message is 0x501, The random number is the first random number, and the random number status is the update status.
  • ECU2 After ECU2 receives the fourth message on the CAN bus, ECU2 sends the fifth message on the CAN bus.
  • the fifth message sent by ECU2 includes the message identifier 0x502, the random number as the first random number, and the random number.
  • the number status is the update status.
  • ECU3 After the ECU3 receives the fourth message on the CAN bus, ECU3 sends the fifth message on the CAN bus.
  • the message identifier included in the fifth message sent by ECU3 is 0x503, the random number is the first random number, and the random number is the first random number.
  • the number status is the update status.
  • ECU1 receives the fifth message sent by ECU2 and the fifth message sent by ECU3, ECU1 sends the sixth message three times on the CAN bus.
  • the message identifier included in the sixth message is 0x501 and the random number is the first A random number, the random number state is the hold state.
  • the first random number is used to encrypt and/or decrypt the data.
  • the data can be encrypted by the method shown in the embodiment of FIG. 5.
  • FIG. 5 is a schematic flowchart of a CAN communication method provided by an embodiment of the application. Referring to Figure 5, the method may include:
  • the first ECU obtains a first random number.
  • the first random number is sent by the main ECU in the CAN communication system on the CAN bus.
  • the first random number may be sent by the main ECU on the CAN bus in the manner shown in the embodiment of FIG. 3.
  • the first ECU obtains a first random sequence corresponding to the first random number.
  • the first random sequence corresponding to the first random number is stored in the memory of the first ECU. Therefore, the first ECU may obtain the first random sequence in its memory.
  • S503 The first ECU encrypts the first application data by using the first random sequence to obtain a data message to be sent.
  • the first application data is data that needs to be protected.
  • the first application data may be sensor data, control instructions, and the like.
  • Fig. 6 is a schematic structural diagram of a CAN message provided by an embodiment of the application.
  • the CAN message includes message identification and data field, and the data field includes application data, count value and checksum.
  • the checksum is determined according to the application data, count value and random number.
  • One ECU can send multiple types of CAN messages, and one type of CAN message corresponds to one message identifier.
  • One type of message also corresponds to a counter. After the ECU sends this type of message once, the counter corresponding to this type of message adds 1 to the counter.
  • the first ECU may encrypt the first application data in the following feasible implementation manners: the first ECU determines the first count value, and the first ECU determines the first count value according to the first application data to be sent, the first count value, and the first application data. A random number determines the first checksum, and the first ECU encrypts the first application data, the first count value, and the first checksum through the first random sequence to obtain the data message to be sent.
  • the first ECU may obtain the current count value corresponding to the message type corresponding to the first application data, and add 1 to the current count value to obtain the first count value.
  • the first application data, the first count value and the first random number can be logically operated to obtain the checksum.
  • the first application data, the first count value and the first checksum can be spliced to obtain the data field, and the data field is encrypted by the first random sequence to obtain the encrypted data field, the message identifier and the encrypted data field It constitutes the data message to be sent.
  • S504 The first ECU sends the data message to be sent on the CAN bus.
  • the first ECU may broadcast the data message to be sent on the CAN bus.
  • ECUs in the same CAN bus can obtain the same random number, and one random number corresponds to a random sequence.
  • the ECU can first obtain the random sequence corresponding to the random number, encrypt the data according to the random sequence, and send the encrypted data on the CAN bus. In this way, the possibility of data leakage or illegal tampering in the CAN bus can be reduced, and the security of CAN communication can be improved.
  • any first ECU in the CAN communication system when any first ECU in the CAN communication system receives data, the data can be decrypted by the method shown in the embodiment of FIG. 7.
  • FIG. 7 is a schematic flowchart of another CAN communication method provided by an embodiment of the application. Referring to Figure 7, the method may include:
  • the first ECU receives a data message.
  • the data message is received by the first ECU on the CAN bus, and the data message is a message encrypted by the method shown in the embodiment of FIG. 5.
  • the first ECU obtains a first random number.
  • the first ECU obtains a first random sequence corresponding to the first random number.
  • execution process of S702-S703 can refer to the execution process of S501-S502, which will not be repeated here.
  • the first ECU decrypts the data field of the data message by using the first random sequence to obtain second application data, a second count value, and a second checksum.
  • S705 The first ECU judges whether the second count value is correct.
  • the first ECU determines a third checksum according to the second count value, the second application data, and the first random number.
  • the first ECU may perform a logical operation on the second count value, the second application data, and the first random number to obtain the third checksum.
  • S707 The first ECU judges whether the third checksum is the same as the second checksum.
  • S708 The first ECU determines that the obtained second application data is correct.
  • the first ECU determines that the obtained second application data is incorrect.
  • ECUs in the same CAN bus can obtain the same random number, and one random number corresponds to a random sequence.
  • the ECU can first obtain the random sequence corresponding to the random number, and decrypt the data according to the random sequence, so as to reduce the possibility of data leakage or illegal tampering of the data transmitted in the CAN bus ( That is, the possibility of eavesdropping attacks is reduced, and the security of CAN communication is improved. Further, it is possible to verify whether the received application data is correct according to the count value and the checksum. In this way, injection attacks and retransmission attacks can be effectively prevented.
  • the embodiment of the present application also provides a CAN communication system.
  • the structure of the CAN communication system may be as shown in FIG. 1A-1C. Please refer to Figure 1A-1C.
  • the CAN communication system includes at least a CAN bus and at least two ECUs connected to the CAN bus. For any one of the at least two ECUs, the first ECU is used for:
  • the data message received on the CAN bus is decrypted, and/or the data message sent on the CAN bus is encrypted.
  • the first ECU can execute the technical solutions shown in the foregoing method embodiments, and its implementation principles and beneficial effects are similar, and will not be repeated here.
  • the first ECU is specifically used for:
  • the first random number is obtained according to the master-slave status of the first ECU.
  • the first ECU is specifically used for:
  • a master node competition message including a second message identifier sent by other ECUs among the at least two ECUs except the first ECU;
  • the first ECU is further used to:
  • the first ECU determines that the life cycle is over, it sends a master node rotation notification message.
  • the master node rotation notification message is used to instruct the master-slave status of the first ECU to switch to the slave ECU, and the slave of the first ECU The master-slave state of an ECU is switched to the master ECU.
  • the first ECU is further configured to send a first message, and the first message included in the first message
  • the master-slave state is the master state
  • the ring-building state of the first ECU is the effective state
  • the first ECU After it is determined that the first ECU is a slave ECU, after the first ECU receives the second message sent by the second ECU that the ring establishment status of the second ECU included in the second message is valid, the first The ECU is also used to send a third message, the master-slave state of the first ECU included in the third message is the slave state, the ring-building state of the first ECU is the active state, and the second ECU is The sequenced ECU before the first ECU, and the ring establishment status of the first EUC is a valid state for indicating that the ring establishment states included in the message sent by the ECU before the first ECU are all valid states .
  • the first ECU when it is determined that the first ECU is the master ECU, the first ECU is specifically configured to: when the first ECU determines the information in the messages sent by the at least two ECUs When the ring states are all valid, generating the first random number;
  • the first ECU is specifically configured to: receive the first random number sent by the master ECU.
  • the first ECU is further configured to:
  • the first ECU After the first ECU determines that all of the at least two ECUs except the first ECU have sent the fifth message, it sends a sixth message, the sixth message including all
  • the state of the first random number and the first random number is a holding state, and the holding state is used to indicate that the first random number is valid.
  • the first ECU is also used for:
  • a seventh message is sent and the at least two ECUs are updated, and the ring establishment state included in the seventh message is an invalid state.
  • the first ECU is specifically used for:
  • the first ECU after the first ECU decrypts the data message received on the CAN bus according to the first random sequence, the first ECU is further configured to:
  • the first ECU After verifying that the second count value is correct, the first ECU determines a third checksum according to the second count value, the second application data, and the first random number;
  • the first ECU can execute the technical solutions shown in the foregoing method embodiments, and the implementation principles and beneficial effects are similar, and will not be repeated here.
  • FIG. 8 is a schematic structural diagram of a CAN communication device provided by an embodiment of the application.
  • the CAN communication device 10 is applied to a first ECU in a CAN communication system.
  • the CAN communication system includes a CAN bus and at least two ECUs connected to the CAN bus.
  • the first ECU is the Any one of at least two ECUs, the CAN communication device 10 includes a processing module 11 and a transceiver module 12, wherein,
  • the processing module 11 is configured to obtain a first random number, where the first ECU is any one of the at least two ECUs, and the first random number is that the main ECU of the at least two ECUs Sent on the CAN bus;
  • the processing module 11 is further configured to obtain a first random sequence corresponding to the first random number
  • the processing module 11 is further configured to perform decryption processing on the data message received by the transceiver module 12 on the CAN bus according to the first random sequence, and/or, perform a decryption process on the data message received by the transceiver module 12 on the CAN bus. Encryption of data messages sent on the
  • the transceiver module 12 may include a receiving module and/or a sending module.
  • the receiving module is used to receive data on the CAN bus
  • the sending module is used to send data on the CAN bus.
  • the processing module 11 may execute S301-S302 in the embodiment of FIG. 3, S501-S503 in the embodiment of FIG. 5, and S702-S709 in the embodiment of FIG. 7.
  • the transceiver module 12 may execute S303-S309 in the embodiment in FIG. 3, S504 in the embodiment in FIG. 5, and S701 in the embodiment in FIG. 7.
  • CAN communication device provided in the embodiments of the present application can execute the technical solutions shown in the foregoing method embodiments, and the implementation principles and beneficial effects are similar, and will not be repeated here.
  • processing module 11 is specifically configured to:
  • the first random number is obtained according to the master-slave status of the first ECU.
  • the transceiver module 12 is further configured to send a master node competition message including the first message identifier on the CAN bus;
  • the transceiver module 12 is further configured to receive, on the CAN bus, a master node competition message including a second message identifier sent by another ECU of the at least two ECUs except the first ECU;
  • the processing module 11 is further configured to sort the at least two ECUs according to a preset sorting rule according to the sizes of the first message identifier and the second message identifier;
  • the processing module 11 is also used to determine whether the sorted first ECU is in the first position, if so, determine that the first ECU is the master ECU, if not, determine that the first ECU is the slave ECU .
  • the transceiving module 12 is further configured to, after the processing module 11 determines that the first ECU is the master ECU, when the first ECU determines that the life cycle is over, send the master node A rotation notification message, where the master node rotation notification message is used to instruct the master-slave state of the first ECU to switch to the slave ECU, and the master-slave state of the next ECU of the first ECU is switched to the master ECU.
  • the transceiver module 12 is further configured to send a first message when the processing module 11 determines that the first ECU is the master ECU.
  • the master-slave state of the first ECU is the master state, and the ring-building state of the first ECU is the active state;
  • the transceiving module 12 is further configured to: when the determining module 11 determines that the first ECU is a slave ECU, the second ECU included in the second message sent by the second ECU is received by the transceiving module After the ring establishment status of the first ECU is in the valid state, a third message is sent.
  • the third message includes the master-slave status of the first ECU as the slave state and the ring establishment status of the first ECU as the valid state.
  • the second ECU is the previous ECU of the first ECU after sorting, and the ring establishment status of the first EUC is a valid state for indicating the ring establishment included in the message sent by the ECU before the first ECU The status is valid.
  • the processing module 11 is configured to: when the processing module 11 determines that the first ECU is the master ECU, when the first ECU determines that the at least two ECUs send When the ring establishment status in the message is all valid, generate the first random number;
  • the transceiver module 12 is further configured to receive the first random number sent by the master ECU when the processing module determines that the first ECU is a slave ECU.
  • the transceiver module 12 is further configured to send a fourth packet after the processing module 11 generates the first random number, and the fourth packet includes the first random number.
  • a random number and the status of the first random number is an update status;
  • the transceiver module 12 is further configured to receive a fifth message sent by another ECU of the at least two ECUs except the first ECU, where the fifth message includes the first random number and The state of the first random number is an update state;
  • the transceiver module 12 is further configured to send a sixth message after the processing module 11 determines that all ECUs of the at least two ECUs except the first ECU send the fifth message,
  • the state including the first random number and the first random number in the sixth message is a holding state, and the holding state is used to indicate that the first random number is valid.
  • the transceiver module 12 is further configured to:
  • the transceiver module 12 does not receive the second message sent by the second ECU within the first preset time period, or the message sent by the second ECU received by the transceiver module includes When the ring establishment status of is an invalid state, a seventh message is sent and the at least two ECUs are updated, and the ring establishment status included in the seventh message is an invalid state.
  • processing module 11 is specifically configured to:
  • processing module 11 is further configured to:
  • the processing module decrypts the data message received on the CAN bus according to the first random sequence, obtains the second count value, the second application data, and the second check in the received data message with;
  • the first ECU determines a third checksum according to the second count value, the second application data, and the first random number;
  • the first ECU determines that the third checksum is the same as the second checksum, it is determined that the received data message is correct.
  • CAN communication device provided in the embodiments of the present application can execute the technical solutions shown in the foregoing method embodiments, and the implementation principles and beneficial effects are similar, and will not be repeated here.
  • An embodiment of the present application also provides an ECU.
  • the ECU is a first ECU.
  • the first ECU includes a processor, a transceiver, a controller, and a memory.
  • the memory stores a computer program, and the processor is used for reading. Fetch and execute the computer program in the memory, the processor is respectively connected to the controller and the memory, the controller is also connected to the transceiver and the memory, the transceiver includes receiving And/or transmitter, where,
  • the processor is configured to obtain a first random number, the first random number being sent by the main ECU in the CAN communication system of the controller area network where the first ECU is located on the CAN bus in the CAN communication system;
  • the processor is further configured to obtain a first random sequence corresponding to the first random number
  • the controller is configured to control the transceiver to receive data on the CAN bus, and/or to control the transceiver to send data on the CAN bus;
  • the processor is further configured to decrypt data messages received by the transceiver on the CAN bus according to the first random sequence, and/or perform decryption processing on the data messages sent by the transceiver on the CAN bus.
  • the data message is encrypted.
  • the processor shown in the embodiment of the present application may implement the function of the processing module 11 in the embodiment of FIG. 8.
  • the transceiver shown in the embodiment of the present application can implement the functions of the transceiver module 12 in the embodiment of FIG. 8.
  • the processor is specifically configured to:
  • the first random number is obtained according to the master-slave status of the first ECU.
  • the processor is specifically configured to:
  • a master node competition message including a second message identifier sent by other ECUs among the at least two ECUs except the first ECU;
  • the transceiver is specifically used for:
  • the master node rotation notification message is used to indicate the master-slave status of the first ECU Switch to the slave ECU, and the master-slave state of the next ECU of the first ECU is switched to the master ECU.
  • the transceiver is further configured to send a first message when the processor determines that the first ECU is the master ECU, and the first message included in the first message
  • the master-slave state of the first ECU is the master state, and the ring-building state of the first ECU is the active state;
  • the transceiver is further configured to: when the processor determines that the first ECU is a slave ECU, when the first ECU receives the second ECU included in the second message sent by the second ECU After the ring establishment status is in the valid state, a third message is sent.
  • the third message includes the master-slave status of the first ECU as the slave state, and the ring establishment status of the first ECU as the valid state.
  • the second ECU is the previous ECU of the first ECU, and the ring establishment status of the first EUC is valid to indicate that the ring establishment states included in the message sent by the ECU before the first ECU are all valid status.
  • the processor is specifically configured to: when the processor determines that the first ECU is the master ECU, the first ECU determines that the message sent by the at least two ECUs Generate the first random number when all the ring establishment statuses in are valid;
  • the transceiver is specifically configured to receive the first random number sent by the master ECU when the processor determines that the first ECU is a slave ECU.
  • the transceiver is further configured to, after the processor generates the first random number, send a fourth message, the fourth message including the first random number
  • the status of the number and the first random number is an update status
  • the transceiver is further configured to receive a fifth message sent by another ECU of the at least two ECUs except the first ECU, where the fifth message includes the first random number and the The state of the first random number is an update state;
  • the transceiver is further configured to send a sixth message after the processor determines that other ECUs of the at least two ECUs except the first ECU send the fifth message, and
  • the state including the first random number and the first random number in the sixth message is a holding state, and the holding state is used to indicate that the first random number is valid.
  • the transceiver is further configured to: the transceiver does not receive the second message sent by the second ECU within a first preset time period, or the transceiver When the ring establishment status included in the message sent by the second ECU received by the transceiver is in an invalid state, a seventh message is sent and the at least two ECUs are updated. The ring establishment status included in the seventh message is The status is invalid.
  • the processor is specifically configured to:
  • the processor is further configured to:
  • the first ECU After verifying that the second count value is correct, the first ECU determines a third checksum according to the second count value, the second application data, and the first random number;
  • the processor determines that the third checksum is the same as the second checksum, it is determined that the received data message is correct.
  • the foregoing processor may be a CPU, MCU, or other general-purpose processors, DSP, ASIC, and so on.
  • the general-purpose processor may be a microprocessor or the processor may also be any conventional processor or the like.
  • the steps in the embodiment of the authentication method disclosed in this application may be directly embodied as being executed and completed by a hardware processor, or executed and completed by a combination of hardware and software modules in the processor.
  • the present application provides a storage medium, the storage medium is used to store a computer program, and the computer program is used to implement the CAN communication method described in the foregoing embodiment.
  • the embodiment of the present application also provides a chip or integrated circuit, including: a memory and a processor;
  • the memory is used for storing program instructions and sometimes also used for storing intermediate data
  • the processor is configured to call the program instructions stored in the memory to implement the CAN communication method as described above.
  • the memory can be independent or integrated with the processor.
  • the memory may also be located outside the chip or integrated circuit.
  • An embodiment of the present application also provides a program product, the program product includes a computer program, the computer program is stored in a storage medium, and the computer program is used to implement the aforementioned CAN communication method.
  • All or part of the steps in the foregoing method embodiments can be implemented by a program instructing relevant hardware.
  • the aforementioned program can be stored in a readable memory.
  • the program executes the steps that include the foregoing method embodiments; and the foregoing memory (storage medium) includes: read-only memory (English: read-only memory, abbreviation: ROM), RAM, flash memory, hard disk, Solid state drives, magnetic tapes (English: magnetic tape), floppy disks (English: floppy disk), optical discs (English: optical disc) and any combination thereof.
  • These computer program instructions can be provided to the processing unit of a general-purpose computer, a special-purpose computer, an embedded processor, or other programmable data processing equipment to generate a machine, so that the instructions executed by the processing unit of the computer or other programmable data processing equipment are generated for use It is a device that realizes the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
  • These computer program instructions can also be stored in a computer-readable memory that can guide a computer or other programmable data processing equipment to work in a specific manner, so that the instructions stored in the computer-readable memory produce an article of manufacture including the instruction device.
  • the device implements the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
  • These computer program instructions can also be loaded on a computer or other programmable data processing equipment, so that a series of operation steps are executed on the computer or other programmable equipment to produce computer-implemented processing, so as to execute on the computer or other programmable equipment.
  • the instructions provide steps for implementing functions specified in a flow or multiple flows in the flowchart and/or a block or multiple blocks in the block diagram.
  • the term “including” and its variations may refer to non-limiting inclusion; the term “or” and its variations may refer to “and/or”.
  • the terms “first”, “second”, etc. in the present application are used to distinguish similar objects, and are not necessarily used to describe a specific order or sequence.
  • “plurality” means two or more.
  • “And/or” describes the association relationship of the associated objects, indicating that there can be three types of relationships, for example, A and/or B, which can mean: A alone exists, A and B exist at the same time, and B exists alone.
  • the character “/” generally indicates that the associated objects are in an "or” relationship.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mechanical Engineering (AREA)
  • Small-Scale Networks (AREA)

Abstract

本申请实施例提供一种CAN通信方法、设备及系统,该方法应用于控制器局域网CAN通信系统,CAN通信系统包括CAN总线和与CAN总线连接的至少两个电子控制单元ECU,该方法包括:第一ECU获取第一随机数,第一ECU为至少两个ECU中的任意一个ECU,第一随机数为至少两个ECU中的主ECU在CAN总线上发送的;第一ECU获取第一随机数对应的第一随机序列;第一ECU根据第一随机序列对在CAN总线上接收的数据报文进行解密处理,和/或,对在CAN总线上发送的数据报文进行加密处理。提高了CAN通信的安全性。

Description

CAN通信方法、设备及系统 技术领域
本申请涉及通信技术领域,尤其涉及一种CAN通信方法、设备及系统。
背景技术
目前,在多种设备(例如车辆、工业设备等)中设置有控制器局域网(controller area network,CAN)通信系统,CAN通信系统中包括CAN总线和与CAN总线连接的至少两个电子控制单元(electronic control unit,ECU)。
在实际应用过程中,ECU通常以广播的方式在CAN总线上发送报文,与CAN总线连接的所有ECU均可以接收到广播的数据。然而,在上述过程中,ECU在CAN总线中广播的数据可能会受到攻击,使得CAN总线中传输的数据泄露或者被非法篡改,导致CAN通信的安全性较低。
发明内容
本申请实施例提供一种CAN通信方法、设备及系统,提高了CAN通信的安全性。
第一方面,本申请实施例提供一种CAN通信方法,该方法可以应用于控制器局域网CAN通信系统,CAN通信系统包括CAN总线和与CAN总线连接的至少两个电子控制单元ECU,针对至少两个ECU中的任意一个第一ECU:第一ECU获取第一随机数,第一随机数为至少两个ECU中的主ECU在CAN总线上发送的;第一ECU获取第一随机数对应的第一随机序列;第一ECU根据第一随机序列对在CAN总线上接收的数据报文进行解密处理,和/或,对在CAN总线上发送的数据报文进行加密处理。
在上述过程中,同一CAN总线中的ECU可以获取相同的随机数,一个随机数对应一个随机序列。ECU在CAN总线上发送数据之前,ECU可以先获取随机数对应的随机序列,并根据随机序列对数据进行加密处理,并在CAN总线上发送加密后的数据。ECU在CAN总线上接收到数据之后,ECU可以先获取随机数对应的随机序列,并根据随机序列对数据进行解密处理,这样,可以降低CAN总线中传输的数据泄露或者被非法篡改的可能性(即,降低了窃听攻击的可能性),提高了CAN通信的安全性。
在一种可能的实施方式中,第一ECU可以通过如下可行的实现方式获取第一随机数:第一ECU确定第一ECU的主从状态,主从状态用于指示第一ECU为主ECU或者从ECU;第一ECU根据第一ECU的主从状态获取第一随机数。
在一种可能的实施方式中,第一ECU可以通过如下可行的实现方式确定第一ECU的主从状态:第一ECU在CAN总线上发送包括第一报文标识的主节点竞争报文;在CAN总线上接收至少两个ECU中除第一ECU之外的其它ECU发送的包括第二报文标识的主节点竞争报文;根据第一报文标识和第二报文标识的大小,按照预设排序规则对至少两个 ECU进行排序;判断排序后的第一ECU是否位于第一位,若是,则确定第一ECU为主ECU,若否,则确定第一ECU为从ECU。
在上述过程中,第一ECU可以根据各个ECU发送的报文中包括的报文标识确定其为主ECU或者从ECU,由于不同ECU发送的报文中包括的报文标识不同,因此,通过上述方式,根据报文标识可以在至少两个ECU中确定得到唯一的一个主ECU。
在一种可能的实施方式中,在确定第一ECU为主ECU之后,在第一ECU确定生命周期结束时,第一ECU发送主节点轮换通知消息,主节点轮换通知消息用于指示第一ECU的主从状态切换为从ECU,第一ECU的下一个ECU的主从状态切换为主ECU。
在上述过程中,通过上述方式,可以使得主ECU发生切换,减少主ECU被攻击的概率、以及减少由于主ECU作恶引起的通信安全问题。
在一种可能的实施方式中,在第一ECU确定为主ECU之后,第一ECU发送第一报文,第一报文中包括的第一ECU的主从状态为主状态、第一ECU的建环状态为有效状态;在第一ECU确定为从ECU时,在第一ECU接收到第二ECU发送的第二报文中包括的第二ECU的建环状态为有效状态之后,第一ECU发送第三报文,第三报文包括的第一ECU的主从状态为从状态、第一ECU的建环状态为有效状态,第二ECU为排序后的第一ECU的前一个ECU,第一EUC的建环状态为有效状态用于指示第一ECU之前的ECU发送的报文中包括的建环状态均为有效状态。
在上述过程中,在第一ECU的主从状态确定之后,第一ECU广播报文,以在广播的报文中携带自己的主从状态以及建环状态,这样,可以使得CAN通信系统中的ECU可以获知其它各ECU的主从状态。
在一种可能的实施方式中,在第一ECU确定为主ECU时,在第一ECU确定至少两个ECU发送的报文中的建环状态均为有效时,则第一ECU生成第一随机数。在第一ECU确定为从ECU时,则第一ECU接收主ECU发送的第一随机数。
在上述过程中,可以确保由主ECU生成第一随机数,并将第一随机数发送给CAN通信系统中的其它ECU,以使通信系统中的ECU在同一时刻获取得到第一随机数相同。
在一种可能的实施方式中,第一ECU生成第一随机数之后,第一ECU发送第四报文,第四报文中包括第一随机数和第一随机数的状态为更新状态;第一ECU接收至少两个ECU中除第一ECU之外的其它ECU发送的第五报文,第五报文中包括第一随机数和第一随机数的状态为更新状态;在第一ECU确定至少两个ECU中除第一ECU之外的其它ECU均发送第五报文之后,第一ECU发送第六报文,第六报文中包括第一随机数和第一随机数的状态为保持状态,保持状态用于指示第一随机数生效。
在上述过程中,当第一ECU为主ECU时,第一ECU广播第一随机数之后,在第一ECU接收到所有其它ECU发送的第五报文之后,第一ECU广播第六报文,第六报文中的保持状态指示第一随机数生效。即,在确定CAN通信系统中的每个ECU均接收到第一随机数时,才使得第一随机数生效,这样,可以使得CAN通信系统中所有的ECU在同一时刻所使用的第一随机数相同,进而使得各个ECU可以进行正确的加密和解密。
在一种可能的实施方式中,若第一ECU在第一预设时长之内未收到第二ECU发送的第二报文,或者第一ECU接收到的第二ECU发送的报文中包括的建环状态为无效状态时,第一ECU发送第七报文并更新至少两个ECU,第七报文中包括的建环状态为无效状态。
在上述过程中,若第一ECU在第一预设时长之内未收到第二ECU发送的第二报文,或者第一ECU接收到的第二ECU发送的报文中包括的建环状态为无效状态时,说明CAN通信系统中存在ECU出线故障,则对CAN通信系统中的ECU进行更新,以及重新建环。
在一种可能的实施方式中,第一ECU可以通过如下可行的实现方根据第一随机序列对在CAN总线上发送的数据报文进行加密处理:第一ECU确定第一计数值;第一ECU根据待发送的第一应用数据、第一计数值和第一随机数确定第一校验和;第一ECU通过第一随机序列对第一应用数据、第一计数值和第一校验和进行加密处理,得到待发送的数据报文,并发送待发送的数据报文。
在上述过程中,通过第一计数值和第一随机数对第一应用数据进行加密处理,使得确定得到的待发送的数据报文的安全性较高。
在一种可能的实施方式中,第一ECU根据第一随机序列对在CAN总线上接收的数据报文进行解密处理之后,第一ECU在接收到的数据报文中获取第二计数值、第二应用数据和第二校验和;在第一ECU验证第二计数值正确后,第一ECU根据第二计数值、第二应用数据和第一随机数确定第三校验和;在第一ECU确定第三校验和与第二校验和相同时,确定接收到的数据报文正确。
在上述过程中,通过计数值和校验和验证接收到的应用数据是否正确,这样,可以有效的防止注入攻击、重传攻击等,进一步提高了通信的安全性。
第二方面,本申请实施例提供一种CAN通信系统,包括控制器局域网CAN总线和与所述CAN总线连接的至少两个电子控制单元ECU,针对所述至少两个ECU中的任意一个第一ECU,所述第一ECU用于:
获取第一随机数,所述第一随机数为所述至少两个ECU中的主ECU在所述CAN总线上发送的;
获取所述第一随机数对应的第一随机序列;
根据所述第一随机序列对在CAN总线上接收的数据报文进行解密处理,和/或,对在所述CAN总线上发送的数据报文进行加密处理。
在一种可能的实施方式中,所述第一ECU具体用于:
确定所述第一ECU的主从状态,所述主从状态用于指示所述第一ECU为主ECU或者从ECU;
根据所述第一ECU的主从状态获取所述第一随机数。
在一种可能的实施方式中,所述第一ECU具体用于:
在所述CAN总线上发送包括第一报文标识的主节点竞争报文;
在所述CAN总线上接收所述至少两个ECU中除所述第一ECU之外的其它ECU发送的包括第二报文标识的主节点竞争报文;
根据所述第一报文标识和所述第二报文标识的大小,按照预设排序规则对所述至少两个ECU进行排序;
判断排序后的所述第一ECU是否位于第一位,若是,则确定所述第一ECU为主ECU,若否,则确定所述第一ECU为从ECU。
在一种可能的实施方式中,在确定所述第一ECU为主ECU之后,所述第一ECU还用于:
在所述第一ECU确定生命周期结束时,发送主节点轮换通知消息,所述主节点轮换通知消息用于指示所述第一ECU的主从状态切换为从ECU,所述第一ECU的下一个ECU的主从状态切换为主ECU。
在一种可能的实施方式中,在确定所述第一ECU为主ECU之后,所述第一ECU还用于发送第一报文,所述第一报文中包括的所述第一ECU的主从状态为主状态、所述第一ECU的建环状态为有效状态;
在确定所述第一ECU为从ECU之后,在所述第一ECU接收到第二ECU发送的第二报文中包括的所述第二ECU的建环状态为有效状态之后,所述第一ECU还用于发送第三报文,所述第三报文包括的所述第一ECU的主从状态为从状态、所述第一ECU的建环状态为有效状态,所述第二ECU为排序后的所述第一ECU的前一个ECU,所述第一EUC的建环状态为有效状态用于指示所述第一ECU之前的ECU发送的报文中包括的建环状态均为有效状态。
在一种可能的实施方式中,在确定所述第一ECU为主ECU时,所述第一ECU具体用于:在所述第一ECU确定所述至少两个ECU发送的报文中的建环状态均为有效时,生成所述第一随机数;
在确定所述第一ECU为从ECU时,所述第一ECU具体用于:接收所述主ECU发送的所述第一随机数。
在一种可能的实施方式中,在所述第一ECU生成所述第一随机数之后,所述第一ECU还用于:
发送第四报文,所述第四报文中包括所述第一随机数和所述第一随机数的状态为更新状态;
接收所述至少两个ECU中除所述第一ECU之外的其它ECU发送的第五报文,所述第五报文中包括所述第一随机数和所述第一随机数的状态为更新状态;
在所述第一ECU确定所述至少两个ECU中除所述第一ECU之外的其它ECU均发送所述第五报文之后,发送第六报文,所述第六报文中包括所述第一随机数和所述第一随机数的状态为保持状态,所述保持状态用于指示所述第一随机数生效。
在一种可能的实施方式中,所述第一ECU还用于:
在所述第一ECU在第一预设时长之内未收到所述第二ECU发送的所述第二报文,或者所述第一ECU接收到的所述第二ECU发送的报文中包括的建环状态为无效状态时,发送第七报文并更新所述至少两个ECU,所述第七报文中包括的建环状态为无效状态。
在一种可能的实施方式中,所述第一ECU具体用于:
确定第一计数值;
根据待发送的第一应用数据、所述第一计数值和所述第一随机数确定第一校验和;
通过所述第一随机序列对所述第一应用数据、所述第一计数值和所述第一校验和进行加密处理,得到待发送的数据报文,并发送所述待发送的数据报文。
在一种可能的实施方式中,在所述第一ECU根据所述第一随机序列对在CAN总线上接收的数据报文进行解密处理之后,所述第一ECU还用于:
在接收到的数据报文中获取第二计数值、第二应用数据和第二校验和;
验证所述第二计数值正确后,所述第一ECU根据所述第二计数值、所述第二应用数 据和所述第一随机数确定第三校验和;
在所述第三校验和与所述第二校验和相同时,确定接收到的数据报文正确。
第三方面,本申请实施例提供一种ECU,所述ECU为第一ECU,所述第一ECU包括处理器、收发器、控制器和存储器,所述存储器中存储有计算机程序,所述处理器用于读取并执行所述存储器中的计算机程序,其中,
所述处理器用于,获取第一随机数,所述第一随机数为所述第一ECU所在的控制器局域网CAN通信系统中的主ECU在所述CAN通信系统中的CAN总线上发送的;
所述处理器还用于,获取所述第一随机数对应的第一随机序列;
所述控制器用于,控制所述收发器在所述CAN总线上接收数据,和/或,控制所述收发器在所述CAN总线上发送数据;
所述处理器还用于,根据所述第一随机序列对所述收发器在CAN总线上接收的数据报文进行解密处理,和/或,对所述收发器在所述CAN总线上发送的数据报文进行加密处理。
在一种可能的实施方式中,所述处理器具体用于:
确定所述第一ECU的主从状态,所述主从状态用于指示所述第一ECU为主ECU或者从ECU;
根据所述第一ECU的主从状态获取所述第一随机数。
在一种可能的实施方式中,所述处理器具体用于:
在所述CAN总线上发送包括第一报文标识的主节点竞争报文;
在所述CAN总线上接收所述至少两个ECU中除所述第一ECU之外的其它ECU发送的包括第二报文标识的主节点竞争报文;
根据所述第一报文标识和所述第二报文标识的大小,按照预设排序规则对所述至少两个ECU进行排序;
判断排序后的所述第一ECU是否位于第一位,若是,则确定所述第一ECU为主ECU,若否,则确定所述第一ECU为从ECU。
在一种可能的实施方式中,所述收发器具体用于:
在确定所述第一ECU为主ECU之后,在所述第一ECU确定生命周期结束时,发送主节点轮换通知消息,所述主节点轮换通知消息用于指示所述第一ECU的主从状态切换为从ECU,所述第一ECU的下一个ECU的主从状态切换为主ECU。
在一种可能的实施方式中,所述收发器还用于,在所述处理器确定所述第一ECU为主ECU时,发送第一报文,所述第一报文中包括的所述第一ECU的主从状态为主状态、所述第一ECU的建环状态为有效状态;
所述收发器还用于,在所述处理器确定所述第一ECU为从ECU时,在所述第一ECU接收到第二ECU发送的第二报文中包括的所述第二ECU的建环状态为有效状态之后,发送第三报文,所述第三报文包括的所述第一ECU的主从状态为从状态、所述第一ECU的建环状态为有效状态,所述第二ECU为所述第一ECU的前一个ECU,所述第一EUC的建环状态为有效状态用于指示所述第一ECU之前的ECU发送的报文中包括的建环状态均为有效状态。
在一种可能的实施方式中,所述处理器具体用于,在所述处理器确定所述第一ECU 为主ECU时,在所述第一ECU确定所述至少两个ECU发送的报文中的建环状态均为有效时,生成所述第一随机数;
所述收发器具体用于,在所述处理器确定所述第一ECU为从ECU时,接收所述主ECU发送的所述第一随机数。
在一种可能的实施方式中,所述收发器还用于,在所述处理器生成所述第一随机数之后,发送第四报文,所述第四报文中包括所述第一随机数和所述第一随机数的状态为更新状态;
所述收发器还用于,接收所述至少两个ECU中除所述第一ECU之外的其它ECU发送的第五报文,所述第五报文中包括所述第一随机数和所述第一随机数的状态为更新状态;
所述收发器还用于,在所述处理器确定所述至少两个ECU中除所述第一ECU之外的其它ECU均发送所述第五报文之后,发送第六报文,所述第六报文中包括所述第一随机数和所述第一随机数的状态为保持状态,所述保持状态用于指示所述第一随机数生效。
在一种可能的实施方式中,所述收发器还用于,在所述收发器在第一预设时长之内未收到所述第二ECU发送的所述第二报文,或者所述收发器接收到的所述第二ECU发送的报文中包括的建环状态为无效状态时,发送第七报文并更新所述至少两个ECU,所述第七报文中包括的建环状态为无效状态。
在一种可能的实施方式中,所述处理器具体用于:
确定第一计数值;
根据待发送的第一应用数据、所述第一计数值和所述第一随机数确定第一校验和;
通过所述第一随机序列对所述第一应用数据、所述第一计数值和所述第一校验和进行加密处理,得到待发送的数据报文,并发送所述待发送的数据报文。
在一种可能的实施方式中,在所述处理器根据所述第一随机序列对在CAN总线上接收的数据报文进行解密处理之后,所述处理器还用于:
在接收到的数据报文中获取第二计数值、第二应用数据和第二校验和;
验证所述第二计数值正确后,所述第一ECU根据所述第二计数值、所述第二应用数据和所述第一随机数确定第三校验和;
在所述处理器确定所述第三校验和与所述第二校验和相同时,确定接收到的数据报文正确。
第四方面,本申请实施例提供一种CAN通信装置,应用于控制器局域网CAN通信系统中的第一ECU,所述CAN通信系统包括CAN总线和与所述CAN总线连接的至少两个电子控制单元ECU,所述第一ECU为所述至少两个ECU中的任意一个ECU,所述装置包括处理模块和收发模块,其中,
所述处理模块用于,获取第一随机数,所述第一ECU为所述至少两个ECU中的任意一个ECU,所述第一随机数为所述至少两个ECU中的主ECU在所述CAN总线上发送的;
所述处理模块还用于,获取所述第一随机数对应的第一随机序列;
所述处理模块还用于,根据所述第一随机序列对所述收发模块在CAN总线上接收的数据报文进行解密处理,和/或,对所述收发模块在所述CAN总线上发送的数据报文进行加密处理。
在一种可能的实施方式中,所述处理模块具体用于:
确定所述第一ECU的主从状态,所述主从状态用于指示所述第一ECU为主ECU或者从ECU;
根据所述第一ECU的主从状态获取所述第一随机数。
在一种可能的实施方式中,所述收发模块还用于,在所述CAN总线上发送包括第一报文标识的主节点竞争报文;
所述收发模块还用于,在所述CAN总线上接收所述至少两个ECU中除所述第一ECU之外的其它ECU发送的包括第二报文标识的主节点竞争报文;
所述处理模块还用于,根据所述第一报文标识和所述第二报文标识的大小,按照预设排序规则对所述至少两个ECU进行排序;
所述处理模块还用于,判断排序后的所述第一ECU是否位于第一位,若是,则确定所述第一ECU为主ECU,若否,则确定所述第一ECU为从ECU。
在一种可能的实施方式中,所述收发模块还用于,在所述处理模块确定所述第一ECU为主ECU之后,在所述第一ECU确定生命周期结束时,发送主节点轮换通知消息,所述主节点轮换通知消息用于指示所述第一ECU的主从状态切换为从ECU,所述第一ECU的下一个ECU的主从状态切换为主ECU。
在一种可能的实施方式中,所述收发模块还用于,在所述处理模块确定所述第一ECU为主ECU时,发送第一报文,所述第一报文中包括的所述第一ECU的主从状态为主状态、所述第一ECU的建环状态为有效状态;
所述收发模块还用于,在所述确定模块确定所述第一ECU为从ECU时,在所述收发模块接收到第二ECU发送的第二报文中包括的所述第二ECU的建环状态为有效状态之后,发送第三报文,所述第三报文包括的所述第一ECU的主从状态为从状态、所述第一ECU的建环状态为有效状态,所述第二ECU为排序后的所述第一ECU的前一个ECU,所述第一EUC的建环状态为有效状态用于指示所述第一ECU之前的ECU发送的报文中包括的建环状态均为有效状态。
在一种可能的实施方式中,所述处理模块具有用于,在所述处理模块确定所述第一ECU为主ECU时,在所述第一ECU确定所述至少两个ECU发送的报文中的建环状态均为有效时,生成所述第一随机数;
所述收发模块还用于,在所述处理模块确定所述第一ECU为从ECU时,接收所述主ECU发送的所述第一随机数。
在一种可能的实施方式中,所述收发模块还用于,在所述处理模块生成所述第一随机数之后,发送第四报文,所述第四报文中包括所述第一随机数和所述第一随机数的状态为更新状态;
所述收发模块还用于,接收所述至少两个ECU中除所述第一ECU之外的其它ECU发送的第五报文,所述第五报文中包括所述第一随机数和所述第一随机数的状态为更新状态;
所述收发模块还用于,在所述处理模块确定所述至少两个ECU中除所述第一ECU之外的其它ECU均发送所述第五报文之后,发送第六报文,所述第六报文中包括所述第一随机数和所述第一随机数的状态为保持状态,所述保持状态用于指示所述第一随机数生效。
在一种可能的实施方式中,所述收发模块还用于:
若所述收发模块在第一预设时长之内未收到所述第二ECU发送的所述第二报文,或者所述收发模块接收到的所述第二ECU发送的报文中包括的建环状态为无效状态时,发送第七报文并更新所述至少两个ECU,所述第七报文中包括的建环状态为无效状态。
在一种可能的实施方式中,所述处理模块具体用于:
确定第一计数值;
根据待发送的第一应用数据、所述第一计数值和所述第一随机数确定第一校验和;
通过所述第一随机序列对所述第一应用数据、所述第一计数值和所述第一校验和进行加密处理,得到待发送的数据报文,并发送所述待发送的数据报文。
在一种可能的实施方式中,所述处理模块还用于:
在所述处理模块根据所述第一随机序列对在CAN总线上接收的数据报文进行解密处理之后,在接收到的数据报文中获取第二计数值、第二应用数据和第二校验和;
在所述第一ECU验证所述第二计数值正确后,所述第一ECU根据所述第二计数值、所述第二应用数据和所述第一随机数确定第三校验和;
在所述第一ECU确定所述第三校验和与所述第二校验和相同时,确定接收到的数据报文正确。
第五方面,本申请提供一种存储介质,所述存储介质用于存储计算机程序,所述计算机程序用于实现第一方面任一项所述的CAN通信方法。
第六方面,本申请实施例还提供一种芯片或者集成电路,包括:存储器和处理器;
所述存储器,用于存储程序指令,有时还用于存储中间数据;
所述处理器,用于调用所述存储器中存储的所述程序指令以实现第一方面任一项所述的CAN通信方法。
第七方面,本申请实施例还提供一种程序产品,所述程序产品包括计算机程序,所述计算机程序存储在存储介质中,所述计算机程序用于实现第一方面任一项所述的CAN通信方法。
本申请实施例提供的CAN通信方法、设备及系统,同一CAN总线中的ECU可以获取相同的随机数,一个随机数对应一个随机序列。ECU在CAN总线上发送数据之前,ECU可以先获取随机数对应的随机序列,并根据随机序列对数据进行加密处理,并在CAN总线上发送加密后的数据。ECU在CAN总线上接收到数据之后,ECU可以先获取随机数对应的随机序列,并根据随机序列对数据进行解密处理,这样,可以降低CAN总线中传输的数据泄露或者被非法篡改的可能性(即,降低了窃听攻击的可能性),提高了CAN通信的安全性。
附图说明
图1A为本申请实施例提供的一种CAN通信系统的架构图;
图1B为本申请实施例提供的另一种CAN通信系统的架构图;
图1C为本申请实施例提供的又一种CAN通信系统的架构图;
图2A为本申请实施例提供的一种ECU的结构示意图;
图2B为本申请实施例提供的另一种ECU的结构示意图;
图2C为本申请实施例提供的一种车机的结构示意图;
图2D为本申请实施例提供的另一种车机的结构示意图;
图2E为本申请实施例提供的一种网关的结构示意图;
图2F为本申请实施例提供的另一种网关的结构示意图;
图3为本申请实施例提供的确定主ECU方法的流程示意图;
图4为本申请实施例提供的主节点确定过程示意图;
图5为本申请实施例提供的一种CAN通信方法的流程示意图;
图6为本申请实施例提供的CAN报文的结构示意图;
图7为本申请实施例提供的另一种CAN通信方法的流程示意图;
图8为本申请实施例提供的一种CAN通信装置的结构示意图。
具体实施方式
本申请实施例所示的方法可以应用于CAN通信系统。为了便于理解,下面,对CAN通信系统进行介绍。
图1A为本申请实施例提供的一种CAN通信系统的架构图。请参见图1A,CAN通信系统包括CAN总线、以及与CAN总线连接的至少两个ECU(例如图1A中所示的ECU1、ECU2、ECU3和ECU4)。该至少两个ECU可以在CAN总线上广播数据,与CAN总线连接的每个ECU均可以接收到CAN总线上广播的数据。
本申请实施例所示的CAN通信系统可以应用于车辆、工业设备、人工智能设备等设备中。下面,以CAN通信系统应用于车辆为例,对CAN通信系统进行进一步说明。
当CAN通信系统应用于车辆时,CAN通信系统中还可以包括车机、网关等设备。下面,结合图1B-图1D为CAN通信系统进行说明。
图1B为本申请实施例提供的另一种CAN通信系统的架构图。请参见图1B,CAN通信系统包括CAN总线、与CAN总线连接的至少两个ECU、以及与CAN总线连接的车机。其中,车机是指车辆中具有大存储器、以及具有较强运算能力的设备,例如,车机可以为车辆中的中央大屏设备。ECU和车机均可以在CAN总线上广播数据,ECU和车机均可以在CAN总线上接收广播的数据。
图1C为本申请实施例提供的又一种CAN通信系统的架构图。请参见图1C,CAN通信系统包括CAN总线1、CAN总线2、至少两个ECU、车机和网关,其中,至少两个ECU与CAN总线1连接,车机与CAN总线2连接,CAN总线1和CAN总线2分别与网关连接。网关可以为设置在车辆中的中继设备,网关可以对不同CAN总线上的数据进行转发,例如,CAN总线1中的数据可以通过网关发送至CAN总线2,CAN总线2中的数据也可以通过网关发送至CAN总线1。可选的,网关还可以与云服务器进行通信,例如,网关可以向云服务器发送数据,网关还可以从云服务器接收数据。
下面,结合图2A-图2F,对上述任意一种CAN通信系统中的ECU、车机、和网关的结构进行说明。
ECU可以包括处理器、存储器、控制器(还可以称为CAN控制器)、收发器,收发器包括接收器和/或发送器。处理器可以分别与控制器和存储器连接,控制器还分别与存储器和收发器连接。其中,存储器可以存储应用数据、计算机程序等数据,该存储器通常较小,例如,该存储器的大小通常为10K-10M字节,例如,nxp的MC9SXS128芯片的存储 器是64k,Infineon的芯片TC277的存储器是4M。处理器是指具有运算能力的器件,例如,处理器可以为微控制单元(Microcontroller Unit,MCU)、中央处理器(Central Processing Unit,CPU)等,处理器可以从存储器中读取并执行计算机程序,以及对存储器中的应用数据进行处理等。控制器可以控制接收器在CAN总线上接收数据,以及接收接收器发送的在CAN总线上接收到的数据,并将接收到的数据存储至存储器或者发送给处理器。控制器还可以从处理器或者存储器获取数据,并控制发送器在CAN总线上发送该数据。
可选的,控制器可以设置在处理器内部,也可以设置在处理器外部。存储器可以设置在处理器内部,也可以设置在存储器外部。下面,结合图2A-图2B,介绍两种可能的ECU的结构。
图2A为本申请实施例提供的一种ECU的结构示意图。请参见图2A,存储器和控制器设置在处理器内部,处理器还包括其它部件(例如处理部件等),在处理内部,存储器、控制器和其它部件之间可以相互通信。控制器与收发器连接。
图2B为本申请实施例提供的另一种ECU的结构示意图。请参见图2B,存储器和控制器设置在处理器外部,处理器分别与控制器和存储器连接,控制器还分别与存储器和收发器连接。
需要说明的是,图2A-图2B只是以示例的形式示意ECU的结构,并非对ECU的结构进行的限定。例如,还可以是存储器和控制器中的一个设置在处理器内部,或者,ECU包括两个存储器,一个存储器设置在处理器内部,另一个存储器设置在处理器外部。
车机可以包括处理器、存储器、控制器(还可以称为CAN控制器)、收发器,收发器包括接收器和/或发送器。处理器可以分别与控制器和存储器连接,控制器还分别与存储器和收发器连接。其中,存储器可以存储应用数据、计算机程序等数据,该存储器的存储空间通常较大,例如,该存储器的存储空间通常为几十G或者几百G,例如,车机的存储器可以为128G。处理器是指具有运算能力的器件,例如,处理器可以为微控制单元(Microcontroller Unit,MCU)、中央处理器(Central Processing Unit,CPU)等,处理器可以从存储器中读取并执行计算机程序,以及对存储器中的应用数据进行处理等。控制器可以控制接收器在CAN总线上接收数据,以及接收接收器发送的在CAN总线上接收到的数据,并将接收到的数据存储至存储器或者发送给处理器。控制器还可以从处理器或者存储器获取数据,并控制发送器在CAN总线上发送该数据。
可选的,控制器可以设置在处理器内部,也可以设置在处理器外部。存储器可以设置在处理器内部,也可以设置在存储器外部。下面,结合图2C-图2D,介绍两种可能的车机的结构。
图2C为本申请实施例提供的一种车机的结构示意图。请参见图2C,控制器设置在处理器内部,处理器还包括其它部件(例如处理部件等),在处理内部,控制器和其它部件之间可以相互通信。处理器中的其它部件与存储器连接,控制器还分别与存储器和收发器连接。
图2D为本申请实施例提供的另一种车机的结构示意图。请参见图2D,存储器和控制器设置在处理器外部,处理器分别与控制器和存储器连接,控制器还分别与存储器和收发器连接。
需要说明的是,图2C-图2D只是以示例的形式示意车机的结构,并非对车机的结构进 行的限定。例如,还可以是存储器和控制器均设置在处理器内部,或者,车机包括两个存储器,一个存储器设置在处理器内部,另一个存储器设置在处理器外部。
网关可以包括处理器、存储器、控制器(还可以称为CAN控制器)、收发器,收发器包括接收器和/或发送器。处理器可以分别与控制器和存储器连接,控制器还分别与存储器和收发器连接。其中,存储器可以存储应用数据、计算机程序等数据,该存储器的存储空间通常较大,例如,该存储器的存储空间通常为几十G或者几百G,例如,网关的存储器可以为128G。处理器是指具有运算能力的器件,例如,处理器可以为微控制单元(Microcontroller Unit,MCU)、中央处理器(Central Processing Unit,CPU)等,处理器可以从存储器中读取并执行计算机程序,以及对存储器中的应用数据进行处理等。控制器可以控制接收器在CAN总线上接收数据,以及接收接收器发送的在CAN总线上接收到的数据,并将接收到的数据存储至存储器或者发送给处理器。控制器还可以从处理器或者存储器获取数据,并控制发送器在CAN总线上发送该数据。
可选的,控制器可以设置在处理器内部,也可以设置在处理器外部。存储器可以设置在处理器内部,也可以设置在存储器外部。下面,结合图2E-图2F,介绍两种可能的网关的结构。
图2E为本申请实施例提供的一种网关的结构示意图。请参见图2E,控制器设置在处理器内部,处理器还包括其它部件(例如处理部件等),在处理内部,控制器和其它部件之间可以相互通信。处理器中的其它部件与存储器连接,控制器还分别与存储器和收发器连接。
图2F为本申请实施例提供的另一种网关的结构示意图。请参见图2F,存储器和控制器设置在处理器外部,处理器分别与控制器和存储器连接,控制器还分别与存储器和收发器连接。
需要说明的是,图2E-图2F只是以示例的形式示意网关的结构,并非对网关的结构进行的限定。例如,还可以是存储器和控制器均设置在处理器内部,或者,网关包括两个存储器,一个存储器设置在处理器内部,另一个存储器设置在处理器外部。
为了便于理解,对本申请涉及的概念进行说明。
随机序列:对0至N-1(或者1至N)之间的N个整数进行排序后得到序列。N通常等于8*L,L为ECU发送的数据(CAN报文)的字节数,在数据发送过程中,通常以二进制形式进行发送,因此,N=8*L。ECU发送的CAN报文的字节数通常为固定。
随机序列全集:随机序列全集包括对N个整数按照所有排列方式排列后的序列,即,随机序列全集中可以包括
Figure PCTCN2019096740-appb-000001
个随机序列。
随机序列子集:是指随机序列全集中的一部分。
随机数:一个随机序列对应一个随机数,随机数可以为0至N-1(或者1至N)之间的整数。例如,假设N为64,则随机数和随机序列之间的对应关系可以如表1所示:
表1
随机数 随机序列
0 0,1,2,3,4,5,……,61,62,63
1 1,0,2,3,4,5,……,61,62,63
2 2,1,0,3,4,5,……,61,62,63
3 3,0,1,2,4,5,……,61,62,63
…… ……
通过随机序列对待发送的数据进行加密的方式可以如下:根据随机序列,对待发送的数据中、不同位上的数据进行位置调换。例如,假设待发送的数据为8个字节(64位),若在根据随机数1对应的随机序列进行加密时,可以将待发送的数据的第一位和第二位上的数据交换位置,以得到加密后的数据;若根据随机数2对应的随机序列进行加密时,可以将待发送的数据的第一位和第三位的数据交换位置,以得到加密后的数据。
需要说明的是,根据随机序列对接收到的数据进行解密的过程为根据随机序列对待发送的数据进行加密的过程为反过程,此处不再进行赘述。
在本申请中,当ECU的存储器较大时,ECU可以存储随机序列全集。当ECU的存储器较小时,ECU可以存储随机序列子集和随机序列子集中每个随机序列对应的随机数,其中,与同一CAN总线连接的所有ECU中存储的随机序列子集相同,ECU中存储的随机序列子集可以周期性更新其存储的随机序列子集。
可选的,假设CAN通信系统应用于车辆,当CAN通信系统的架构如图1A所示时,在出厂时,可以将随机序列子集存储至各个ECU,若各个ECU可以通过网关与云服务器连接,则可以将随机序列全集存储至云服务器,当需要对ECU中的随机序列子集更新时,可以将云服务器中的随机序列全集中的一部分更新至ECU中。当CAN通信系统的架构如图1B所示,则可以将随机序列全集存储在车机中。当需要对ECU中的随机序列子集进行更新时,可以通过CAN总线将车机中的随机序列全集中的一部分更新至ECU。当CAN通信系统的架构如图1C所示时,则可以将随机序列全集存储在车机或者云服务器中,当随机序列全集存储在车机时,则可以通过网关和CAN总线将车机中的随机序列全集中的一部分更新至ECU。当随机序列全集存储至云服务器中时,则可以通过网关和CAN总线将车机中的随机序列全集中的一部分更新至ECU。
下面,通过具体实施例,对本申请所示的技术方案进行详细说明。需要说明的是,下面几个实施例可以单独存在,也可以相互结合,对于相同或显示的内容,在不同的实施例中不再重复说明。
在本申请实施例中,可以在CAN通信系统中的至少两个ECU中确定一个主ECU,主ECU可以在CAN总线上广播随机数,以使CAN通信系统中的所有ECU均采用该随机数对应的随机序列对待发送的数据进行加密处理、以及采用该随机数对应的随机序列对接收到的数据进行解密处理。
下面,结合图3,对确定主ECU以及随机数的更新过程进行说明。
图3为本申请实施例提供的确定主ECU方法的流程示意图。请参见图3,该方法可以包括:
S301、CAN通信系统中的每个ECU在CAN总线上发送竞争报文。
可选的,可以在需要确定主ECU时执行S301。例如,在CAN通信系统上电之后执行S301,或者,在需要重新确定主ECU(例如CAN通信系统中存在ECU故障或者新增ECU)时执行S301。
其中,CAN通信系统中ECU是指与同一CAN总线连接的ECU。
可选的,竞争报文中可以包括报文标识、主从状态和建环状态。竞争报文中的主从状态均为从ECU状态,竞争报文中的建环状态均为无效状态。主从状态用于指示ECU为主ECU或者从ECU,当ECU的主从状态为主状态时,则该ECU为主ECU,当ECU的主从状态为从状态时,则该ECU为从ECU。
可选的,对于CAN通信系统中的任意一个ECU,该ECU发送的同一类型的报文中包括的报文标识相同。例如,一个ECU发送的所有用于进行主节点竞争的报文(例如竞争报文、第一报文等)中携带的报文标识相同,一个ECU发送的所有第一应用数据的报文中携带的报文标识相同。不同的ECU发送的同一类型的报文中包括的报文标识不同,例如,不同ECU发送的竞争报文中包括的报文标识不同。
为了便于理解,在S303-S305中对建环状态进行说明。
需要说明的是,在本申请实施例中,在不进行特殊说明的情况下,ECU在CAN总线上发送数据是指ECU在CAN总线上广播数据。
S302、CAN通信系统中的每个ECU在CAN总线上接收竞争报文,并根据接收到的竞争报文确定各ECU的主从状态。
可选的,针对CAN通信系统中的任意一个ECU,该ECU可以获取在预设时段内接收到的竞争报文,并根据在预设时段内接收到的竞争报文确定自己的主从状态。预设时段可以为CAN通信系统上电之后的预设时段,例如,预设时段可以为CAN通信系统上电之后的5秒内、10秒内等。
可选的,针对CAN通信系统中的任意一个ECU,该ECU可以根据预设时段内接收到的竞争报文中的报文标识的大小顺序,按照预设排序规则对各个ECU进行排序,并将第一位的ECU确定为主ECU,将非第一位的ECU确定为从ECU。在下文中,将排序后的第一个ECU称为主ECU,第二个ECU称为第一从ECU,第三ECU称为第二从ECU,以此类推。
S303、主ECU在CAN总线上发送第一报文,第一报文中包括的主从状态为主状态、建环状态为有效状态。
可选的,第一报文中还包括报文标识。第一报文中包括的报文标识与主ECU发送的竞争报文中包括的报文标识相同。
可选的,第一报文中还可以包括随机数x、随机数的状态为保持状态。其中,随机数x为CAN通信系统在出厂时在ECU中设置的,也可以为CAN通信系统在上次运行时在ECU中设置的。随机数的状态为保持状态用于指示随机数x为可用状态,即,可以使用随机数x进行加密和/或解密处理。
其中,第一报文中包括的主状态用于指示发送该第一报文的ECU为主ECU,建环状态为有效状态用于指示主ECU可以进行正常的通信。
S304、在第一从ECU在CAN总线上接收到主ECU发送的第一报文之后,第一从ECU在CAN总线上发送第二报文,第二报文中包括的主从状态为从状态、建环状态为有效状 态。
可选的,第二报文中还包括报文标识。该第二报文中包括的报文标识与第一从ECU发送的竞争报文中包括的报文标识相同。
可选的,第二报文中还可以包括随机数x、随机数的状态为保持状态。其中,随机数x为CAN通信系统在出厂时在ECU中设置的,也可以为CAN通信系统在上次运行时在ECU中设置的。随机数的状态为保持状态用于指示随机数x为可用状态,即,可以使用随机数x进行加密和/或解密处理。
其中,第一从ECU为按照预设排序规则排序后的、主ECU的后一个ECU。
可选的,第一从ECU可以判断主ECU发送的第一报文中的建环状态为有效状态,且第一报文中包括主从状态(主状态)与第一从ECU在S302中确定得到的主ECU的主从状态相同时,第一从ECU才发送上述第二报文。
第二报文中的从状态用于指示:发送该第二报文的ECU为从ECU。第二报文中的建环状态为有效状态用于指示:第一从ECU、以及第一从ECU之前的ECU(主ECU和第一从ECU)均可以进行正常的通信,且主ECU发送的第一报文中包括的主从状态正确。
需要说明的是,ECU可以根据报文中的报文标识识别发送报文的ECU。
S305、在第二从ECU在CAN总线上接收到第二报文之后,第二从ECU在CAN总线上发送第三报文,第三报文中包括的主从状态为从状态、建环状态为有效状态。
可选的,第三报文中还包括报文标识。该第三报文中包括的报文标识与第二从ECU发送的竞争报文中包括的报文标识相同。
可选的,第三报文中还可以包括随机数x、随机数的状态为保持状态。其中,随机数x为CAN通信系统在出厂时在ECU中设置的,也可以为CAN通信系统在上次运行时在ECU中设置的。随机数的状态为保持状态用于指示随机数x为可用状态,即,可以使用随机数x进行加密和/或解密处理。
其中,第二从ECU为按照预设排序规则排序后的、第一从ECU的后一个ECU。
可选的,只有当第二从ECU确定第二报文中的建环状态为有效状态,且第二报文中包括的主从状态(从状态)与第二从ECU在S302中确定得到的第一从ECU的主从状态相同时,第二从ECU才发送上述第二报文。
第三报文中的从状态用于指示:发送该第三报文的ECU为从ECU。第三报文中的建环状态为有效状态用于指示:第二从ECU、以及第二从ECU之前的ECU(主ECU、第一从ECU和第二从ECU)均可以进行正常的通信,且第二报文中包括的主从状态正确。
需要说明的是,其它从节点也执行与S305类似的步骤,直至最后一个从节点执行与S305类似的步骤之后,主ECU接收到最后一个从节点发送的报文。在主ECU在CAN总线上接收到最后一个从ECU发送的报文之后,该主ECU的身份生效。
其中,按照预设规则排序后的最后一个从ECU发送的报文中包括的主从状态为从状态、建环状态为有效状态。
在主ECU接收到最后一个从ECU发送的报文之后,说明CAN通信系统中的所有ECU均可以正常通信,且CAN通信系统中的所有ECU的主从状态均正确。
可选的,在主ECU接收到最后一个从ECU发送的报文之后,主ECU和从ECU可以周期性的重复执行S303-S305。
在重复执行S303-S305的过程中,当一个ECU故障时,则该ECU的下一个ECU则无法接收到对应的报文。若一个ECU在预设时长内未接收到上一个ECU发送的报文时,则该ECU发送的报文中包括的建环状态将设置为无效状态。相应的,若一个ECU接收到上一个ECU发送的报文中包括的建环状态为无效状态时,则该一个ECU发送的报文中包括的建环状态也将被设置为无效状态,以此类推,直至所有正常ECU都发送包括无效状态的报文之后,可以重新执行S301-S305,以实现重新确定主节点。
在重复执行S303-S305的过程中,CAN通信系统中可能会增加新的ECU,新的ECU发送的报文中的报文标识为新的报文标识,在该种情况下,也可以重新执行S301-S305,以实现重新确认主节点。
需要说明的是,在主ECU的身份生效之后,主ECU可以更新随机数,下面,结合S306-S309,对主ECU更新随机数的过程进行详细说明。
S306、在主ECU在CAN总线上接收到最后一个从ECU发送的报文之后,主ECU确定第一随机数。
其中,第一随机数为主ECU中存储的随机序列子集中任意一个随机序列对应的随机数。
S307、主ECU在CAN总线上发送第四报文,第四报文中包括第一随机数和第一随机数的状态为更新状态。
可选的,第四报文中还可以包括报文标识。
其中,当第一随机数的状态为更新状态时,说明第一随机数当前正在更新(未更新完成),即,不能使用第一随机数进行加密处理和/或解密处理。
S308、从ECU在接收到第四报文之后,在CAN总线上发送第五报文,第五报文中包括第一随机数和第一随机数的状态为更新状态。
可选的,第四报文中还可以包括主从状态为主状态、建环状态为有效状态。相应的,从ECU可以是在接收到其上一个ECU发送的第四报文或者第五报文之后,才发送第五报文,例如,第一从ECU接收到主节点发送的第四报文之后,发送第五报文,第二从ECU接收到第一从ECU发送的第五报文之后,发送第五报文,以此类推。
S309、在主ECU确定所有的从ECU的随机数均更新为第一随机数时,主ECU在CAN总线上发送第六报文,第六报文中包括第一随机数和第一随机数的状态为保持状态,保持状态用于指示第一随机数生效。
可选的,在从ECU接收到第六报文之后,从ECU开始使用第一随机数对数据进行加密和/或解密。
为了避免从ECU接收不到第六报文,主ECU可以重发多次第六报文。
可选的,ECU在发送图3实施例所涉及的报文(竞争报文、第一报文、第二报文、……、第六报文)时,均可以通过更新前的随机数对报文进行加密处理处理,其加密处理的过程与图5实施例所示的加密过程类似,此处不再进行赘述。
在图3所示的实施例中,ECU发送的报文中本身就会携带报文标识,因此,通过上述方法,无需在报文中增加额外的信息即可实现主ECU的竞争和随机数的更新,节省了信令开销。
在图3所示实施例的基础上,为了提高CAN通信的安全性,在CAN通信的过程中, 可以对主ECU进行更新。可选的,可以通过如下可行的实现方式对主ECU进行更新:在当前的主ECU作为主ECU预设时长之后,可以由按照预设规则排序后的、该主ECU的下一个ECU作为主ECU。例如,当前的主ECU可以在CAN总线上发送通知消息,以指示下一个ECU轮为主ECU。
下面,结合图4,通过具体示例,对图3实施例所示的方法进行说明。
图4为本申请实施例提供的主节点确定过程示意图。请参见图4,假设CAN通信系统中包括ECU1、ECU2和ECU3。
在CAN通信系统上电之后,在第一个周期T1内,ECU1在CAN总线上广播竞争报文1,竞争报文1中的报文标识为0x501、主从状态为从状态、建环状态为无效状态。ECU2在CAN总线上广播竞争报文2,竞争报文2中的报文标识为0x502、主从状态为从状态、建环状态为无效状态。ECU3在CAN总线上广播竞争报文3,竞争报文3中包括的报文标识为0x503、主从状态为从状态、建环状态为无效状态。
ECU1、ECU2和ECU3均可以在CAN总线在获取得到竞争报文1、竞争报文2和竞争报文3,ECU1、ECU2和ECU3可以分别根据竞争报文中包括的报文标识,对ECU进行排序,排序后的ECU为:ECU1、ECU2和ECU3。对三个竞争报文中的报文标识进行排序,由于竞争报文1中的报文标识最小,则确定ECU1为主ECU,ECU2和ECU3为从ECU。
在第二个周期T2内,ECU1(主ECU)发送第一报文,第一报文中包括的报文标识为0x501、主从状态为主状态、建环状态为有效状态。
在ECU2接收到ECU1发送的第一报文之后,ECU2在第三个周期T3内发送第二报文,第二报文中包括的报文标识为0x502、主从状态为从状态、建环状态为有效状态。
在ECU3接收到ECU2发送的第二报文之后,ECU3在第四个周期T4内发送第三报文,第三报文中包括的报文标识为0x503、主从状态为从状态、建环状态为有效状态。
在ECU1接收到ECU3发送的第二报文之后,ECU1的主ECU身份生效,ECU1可以更新随机数。ECU1接收到ECU3发送的第二报文之后,ECU1在第五个周期T5内发送第一报文,第一报文中包括的报文标识为0x501、主从状态为主状态、建环状态为有效状态。以此类推。
假设在ECU1接收到ECU3发送的第二报文之后,ECU1将随机数更新为第一随机数,则ECU1在CAN总线上发送第四报文,第四报文中包括的报文标识为0x501、随机数为第一随机数、随机数状态为更新状态。在ECU2在CAN总线上接收到第四报文之后,ECU2在CAN总线上发送第五报文,ECU2发送的第五报文中包括的报文标识为0x502、随机数为第一随机数、随机数状态为更新状态。在ECU3在CAN总线上接收到第四报文之后,ECU3在CAN总线上发送第五报文,ECU3发送的第五报文中包括的报文标识为0x503、随机数为第一随机数、随机数状态为更新状态。在ECU1接收到ECU2发送的第五报文以及ECU3发送的第五报文之后,ECU1在CAN总线上发送三次第六报文,第六报文中包括的报文标识为0x501、随机数为第一随机数、随机数状态为保持状态。在ECU2和ECU3接收到第六报文之后,采用第一随机数对数据进行加密和/或解密。
在上述任意一个实施例的基础上,在CAN通信系统中的任意一个第一ECU发送数据时,可以通过图5实施例所示的方法对数据进行加密处理。
图5为本申请实施例提供的一种CAN通信方法的流程示意图。请参见图5,该方法可以包括:
S501、第一ECU获取第一随机数。
其中,第一随机数为CAN通信系统中的主ECU在CAN总线上发送的,例如,第一随机数可以为主ECU通过图3实施例所示的方式在CAN总线上发送的。
S502、第一ECU获取第一随机数对应的第一随机序列。
可选的,第一ECU的存储器中存储有第一随机数对应的第一随机序列,因此,第一ECU可以在其存储器中获取第一随机序列。
S503、第一ECU通过第一随机序列对第一应用数据进行加密处理,得到待发送的数据报文。
其中,第一应用数据为需要保护的数据,例如,第一应用数据可以为传感数据、控制指令等。
为了便于理解,首先结合图6,对CAN报文的结构进行说明。
图6为本申请实施例提供的CAN报文的结构示意图。请参见图6,CAN报文中包括报文标识和数据域,数据域包括应用数据、计数值和校验和。其中,校验和为根据应用数据、计数值和随机数确定得到的。
一个ECU可以发送多种类型的CAN报文,一种类型的CAN报文对应一种报文标识。一种类型的报文还对应一个计数器,ECU每发送一次该种类型的报文之后,则该种类型的报文对应的计数器将计数值加1。
可选的,第一ECU可以通过如下可行的实现方式对第一应用数据进行加密处理:第一ECU确定第一计数值,第一ECU根据待发送的第一应用数据、第一计数值和第一随机数确定第一校验和,第一ECU通过第一随机序列对第一应用数据、第一计数值和第一校验和进行加密处理,得到待发送的数据报文。
第一ECU可以获取第一应用数据对应的报文类型对应的当前计数值,并将当前计数值加1得到第一计数值。可以对第一应用数据、第一计数值和第一随机数进行逻辑运算得到校验和。可以将第一应用数据、第一计数值和第一校验和拼接得到数据域,通过第一随机序列对数据域进行加密处理,得到加密后的数据域,报文标识和加密后的数据域构成了待发送的数据报文。
需要说明的是,通过随机序列对数据进行加密处理的过程在本申请实施例中已进行介绍,此处不再进行赘述。
S504、第一ECU在CAN总线上发送待发送的数据报文。
可选的,第一ECU可以在CAN总线上广播待发送的数据报文。
在图5所示的实施例中,同一CAN总线中的ECU可以获取相同的随机数,一个随机数对应一个随机序列。ECU在CAN总线上发送数据之前,ECU可以先获取随机数对应的随机序列,并根据随机序列对数据进行加密处理,并在CAN总线上发送加密后的数据。这样,可以降低CAN总线中传输的数据泄露或者被非法篡改的可能性,提高了CAN通信的安全性。
在上述任意一个实施例的基础上,在CAN通信系统中的任意一个第一ECU接收到数据时,可以通过图7实施例所示的方法对数据进行解密处理。
图7为本申请实施例提供的另一种CAN通信方法的流程示意图。请参见图7,该方法可以包括:
S701、第一ECU接收数据报文。
该数据报文为第一ECU在CAN总线上接收到的,且该数据报文为通过图5实施例所示的方法进行加密后的报文。
S702、第一ECU获取第一随机数。
S703、第一ECU获取第一随机数对应的第一随机序列。
需要说明的是,S702-S703的执行过程可以参见S501-S502的执行过程,此处不再进行赘述。
S704、第一ECU通过第一随机序列对数据报文的数据域进行解密处理,得到第二应用数据、第二计数值和第二校验和。
需要说明的是,通过随机序列对数据进行解密处理的过程在本申请实施例中已进行介绍,此处不再进行赘述。
S705、第一ECU判断第二计数值是否正确。
若是,则执行S706。
若否,则执行S709。
S706、第一ECU根据第二计数值、第二应用数据和第一随机数确定第三校验和。
可选的,第一ECU可以对第二计数值、第二应用数据和第一随机数进行逻辑运算,以得到第三校验和。
S707、第一ECU判断第三校验和与第二校验和是否相同。
若是,则执行S708。
若否,则执行S709。
S708、第一ECU确定获取得到的第二应用数据正确。
S709、第一ECU确定获取得到的第二应用数据错误。
在图7所示的实施例中,同一CAN总线中的ECU可以获取相同的随机数,一个随机数对应一个随机序列。ECU在CAN总线上接收到数据之后,ECU可以先获取随机数对应的随机序列,并根据随机序列对数据进行解密处理,这样,可以降低CAN总线中传输的数据泄露或者被非法篡改的可能性(即,降低了窃听攻击的可能性),提高了CAN通信的安全性。进一步的,还可以根据计数值和校验和验证接收到的应用数据是否正确,这样,可以有效的防止注入攻击、重传攻击等。
本申请实施例还提供一种CAN通信系统,CAN通信系统的结构可以如图1A-图1C所示。请参见图1A-图1C。CAN通信系统至少包括CAN总线和与所述CAN总线连接的至少两个ECU,针对所述至少两个ECU中的任意一个第一ECU,所述第一ECU用于:
获取第一随机数,所述第一随机数为所述至少两个ECU中的主ECU在所述CAN总线上发送的;
获取所述第一随机数对应的第一随机序列;
根据所述第一随机序列对在CAN总线上接收的数据报文进行解密处理,和/或,对在所述CAN总线上发送的数据报文进行加密处理。
需要说明的是,第一ECU可以执行上述方法实施例所示的技术方案,其实现原理以 及有益效果类似,此处不再进行赘述。
在一种可能的实施方式中,所述第一ECU具体用于:
确定所述第一ECU的主从状态,所述主从状态用于指示所述第一ECU为主ECU或者从ECU;
根据所述第一ECU的主从状态获取所述第一随机数。
在一种可能的实施方式中,所述第一ECU具体用于:
在所述CAN总线上发送包括第一报文标识的主节点竞争报文;
在所述CAN总线上接收所述至少两个ECU中除所述第一ECU之外的其它ECU发送的包括第二报文标识的主节点竞争报文;
根据所述第一报文标识和所述第二报文标识的大小,按照预设排序规则对所述至少两个ECU进行排序;
判断排序后的所述第一ECU是否位于第一位,若是,则确定所述第一ECU为主ECU,若否,则确定所述第一ECU为从ECU。
在一种可能的实施方式中,在确定所述第一ECU为主ECU之后,所述第一ECU还用于:
在所述第一ECU确定生命周期结束时,发送主节点轮换通知消息,所述主节点轮换通知消息用于指示所述第一ECU的主从状态切换为从ECU,所述第一ECU的下一个ECU的主从状态切换为主ECU。
在一种可能的实施方式中,在确定所述第一ECU为主ECU之后,所述第一ECU还用于发送第一报文,所述第一报文中包括的所述第一ECU的主从状态为主状态、所述第一ECU的建环状态为有效状态;
在确定所述第一ECU为从ECU之后,在所述第一ECU接收到第二ECU发送的第二报文中包括的所述第二ECU的建环状态为有效状态之后,所述第一ECU还用于发送第三报文,所述第三报文包括的所述第一ECU的主从状态为从状态、所述第一ECU的建环状态为有效状态,所述第二ECU为排序后的所述第一ECU的前一个ECU,所述第一EUC的建环状态为有效状态用于指示所述第一ECU之前的ECU发送的报文中包括的建环状态均为有效状态。
在一种可能的实施方式中,在确定所述第一ECU为主ECU时,所述第一ECU具体用于:在所述第一ECU确定所述至少两个ECU发送的报文中的建环状态均为有效时,生成所述第一随机数;
在确定所述第一ECU为从ECU时,所述第一ECU具体用于:接收所述主ECU发送的所述第一随机数。
在一种可能的实施方式中,在所述第一ECU生成所述第一随机数之后,所述第一ECU还用于:
发送第四报文,所述第四报文中包括所述第一随机数和所述第一随机数的状态为更新状态;
接收所述至少两个ECU中除所述第一ECU之外的其它ECU发送的第五报文,所述第五报文中包括所述第一随机数和所述第一随机数的状态为更新状态;
在所述第一ECU确定所述至少两个ECU中除所述第一ECU之外的其它ECU均发送 所述第五报文之后,发送第六报文,所述第六报文中包括所述第一随机数和所述第一随机数的状态为保持状态,所述保持状态用于指示所述第一随机数生效。
在一种可能的实施方式中,所述第一ECU还用于:
在所述第一ECU在第一预设时长之内未收到所述第二ECU发送的所述第二报文,或者所述第一ECU接收到的所述第二ECU发送的报文中包括的建环状态为无效状态时,发送第七报文并更新所述至少两个ECU,所述第七报文中包括的建环状态为无效状态。
在一种可能的实施方式中,所述第一ECU具体用于:
确定第一计数值;
根据待发送的第一应用数据、所述第一计数值和所述第一随机数确定第一校验和;
通过所述第一随机序列对所述第一应用数据、所述第一计数值和所述第一校验和进行加密处理,得到待发送的数据报文,并发送所述待发送的数据报文。
在一种可能的实施方式中,在所述第一ECU根据所述第一随机序列对在CAN总线上接收的数据报文进行解密处理之后,所述第一ECU还用于:
在接收到的数据报文中获取第二计数值、第二应用数据和第二校验和;
验证所述第二计数值正确后,所述第一ECU根据所述第二计数值、所述第二应用数据和所述第一随机数确定第三校验和;
在所述第三校验和与所述第二校验和相同时,确定接收到的数据报文正确。
需要说明的是,第一ECU可以执行上述方法实施例所示的技术方案,其实现原理以及有益效果类似,此处不再进行赘述。
图8为本申请实施例提供的一种CAN通信装置的结构示意图。请参见图8,该CAN通信装置10应用于CAN通信系统中的第一ECU,所述CAN通信系统包括CAN总线和与所述CAN总线连接的至少两个ECU,所述第一ECU为所述至少两个ECU中的任意一个ECU,所述CAN通信装置10包括处理模块11和收发模块12,其中,
所述处理模块11用于,获取第一随机数,所述第一ECU为所述至少两个ECU中的任意一个ECU,所述第一随机数为所述至少两个ECU中的主ECU在所述CAN总线上发送的;
所述处理模块11还用于,获取所述第一随机数对应的第一随机序列;
所述处理模块11还用于,根据所述第一随机序列对所述收发模块12在CAN总线上接收的数据报文进行解密处理,和/或,对所述收发模块12在所述CAN总线上发送的数据报文进行加密处理。
可选的,收发模块12可以包括接收模块和/或发送模块,接收模块用于在CAN总线上接收数据,发送模块用于在CAN总线上发送数据。
可选的,处理模块11可以执行图3实施例中的S301-S302,图5实施例中的S501-S503,以及图7实施例中的S702-S709。
可选的,收发模块12可以执行图3实施例中的S303-S309,图5实施例中的S504,以及图7实施例中的S701。
需要说明的是,本申请实施例提供的CAN通信装置可以执行上述方法实施例所示的技术方案,其实现原理以及有益效果类似,此处不再进行赘述。
在一种可能的实施方式中,所述处理模块11具体用于:
确定所述第一ECU的主从状态,所述主从状态用于指示所述第一ECU为主ECU或者从ECU;
根据所述第一ECU的主从状态获取所述第一随机数。
在一种可能的实施方式中,所述收发模块12还用于,在所述CAN总线上发送包括第一报文标识的主节点竞争报文;
所述收发模块12还用于,在所述CAN总线上接收所述至少两个ECU中除所述第一ECU之外的其它ECU发送的包括第二报文标识的主节点竞争报文;
所述处理模块11还用于,根据所述第一报文标识和所述第二报文标识的大小,按照预设排序规则对所述至少两个ECU进行排序;
所述处理模块11还用于,判断排序后的所述第一ECU是否位于第一位,若是,则确定所述第一ECU为主ECU,若否,则确定所述第一ECU为从ECU。
在一种可能的实施方式中,所述收发模块12还用于,在所述处理模块11确定所述第一ECU为主ECU之后,在所述第一ECU确定生命周期结束时,发送主节点轮换通知消息,所述主节点轮换通知消息用于指示所述第一ECU的主从状态切换为从ECU,所述第一ECU的下一个ECU的主从状态切换为主ECU。
在一种可能的实施方式中,所述收发模块12还用于,在所述处理模块11确定所述第一ECU为主ECU时,发送第一报文,所述第一报文中包括的所述第一ECU的主从状态为主状态、所述第一ECU的建环状态为有效状态;
所述收发模块12还用于,在所述确定模块11确定所述第一ECU为从ECU时,在所述收发模块接收到第二ECU发送的第二报文中包括的所述第二ECU的建环状态为有效状态之后,发送第三报文,所述第三报文包括的所述第一ECU的主从状态为从状态、所述第一ECU的建环状态为有效状态,所述第二ECU为排序后的所述第一ECU的前一个ECU,所述第一EUC的建环状态为有效状态用于指示所述第一ECU之前的ECU发送的报文中包括的建环状态均为有效状态。
在一种可能的实施方式中,所述处理模块11具有用于,在所述处理模块11确定所述第一ECU为主ECU时,在所述第一ECU确定所述至少两个ECU发送的报文中的建环状态均为有效时,生成所述第一随机数;
所述收发模块12还用于,在所述处理模块确定所述第一ECU为从ECU时,接收所述主ECU发送的所述第一随机数。
在一种可能的实施方式中,所述收发模块12还用于,在所述处理模块11生成所述第一随机数之后,发送第四报文,所述第四报文中包括所述第一随机数和所述第一随机数的状态为更新状态;
所述收发模块12还用于,接收所述至少两个ECU中除所述第一ECU之外的其它ECU发送的第五报文,所述第五报文中包括所述第一随机数和所述第一随机数的状态为更新状态;
所述收发模块12还用于,在所述处理模块11确定所述至少两个ECU中除所述第一ECU之外的其它ECU均发送所述第五报文之后,发送第六报文,所述第六报文中包括所述第一随机数和所述第一随机数的状态为保持状态,所述保持状态用于指示所述第一随机数生效。
在一种可能的实施方式中,所述收发模块12还用于:
若所述收发模块12在第一预设时长之内未收到所述第二ECU发送的所述第二报文,或者所述收发模块接收到的所述第二ECU发送的报文中包括的建环状态为无效状态时,发送第七报文并更新所述至少两个ECU,所述第七报文中包括的建环状态为无效状态。
在一种可能的实施方式中,所述处理模块11具体用于:
确定第一计数值;
根据待发送的第一应用数据、所述第一计数值和所述第一随机数确定第一校验和;
通过所述第一随机序列对所述第一应用数据、所述第一计数值和所述第一校验和进行加密处理,得到待发送的数据报文,并发送所述待发送的数据报文。
在一种可能的实施方式中,所述处理模块11还用于:
在所述处理模块根据所述第一随机序列对在CAN总线上接收的数据报文进行解密处理之后,在接收到的数据报文中获取第二计数值、第二应用数据和第二校验和;
在所述第一ECU验证所述第二计数值正确后,所述第一ECU根据所述第二计数值、所述第二应用数据和所述第一随机数确定第三校验和;
在所述第一ECU确定所述第三校验和与所述第二校验和相同时,确定接收到的数据报文正确。
需要说明的是,本申请实施例提供的CAN通信装置可以执行上述方法实施例所示的技术方案,其实现原理以及有益效果类似,此处不再进行赘述。
本申请实施例还提供一种ECU,所述ECU为第一ECU,所述第一ECU包括处理器、收发器、控制器和存储器,所述存储器中存储有计算机程序,所述处理器用于读取并执行所述存储器中的计算机程序,所述处理器分别与所述控制器和所述存储器连接,所述控制器还分别与所述收发器和所述存储器连接,所述收发器包括接收器和/或发送器,其中,
所述处理器用于,获取第一随机数,所述第一随机数为所述第一ECU所在的控制器局域网CAN通信系统中的主ECU在所述CAN通信系统中的CAN总线上发送的;
所述处理器还用于,获取所述第一随机数对应的第一随机序列;
所述控制器用于,控制所述收发器在所述CAN总线上接收数据,和/或,控制所述收发器在所述CAN总线上发送数据;
所述处理器还用于,根据所述第一随机序列对所述收发器在CAN总线上接收的数据报文进行解密处理,和/或,对所述收发器在所述CAN总线上发送的数据报文进行加密处理。
需要说明的是,本申请实施例提供的ECU的结构可以参见图2A-图2B所示,此处不再进行赘述。
可选的,本申请实施例所示的处理器可以实现图8实施例中的处理模块11的功能。本申请实施例所示的收发器可以实现图8实施例中的收发模块12的功能。
需要说明的是,本申请实施例提供的ECU可以执行上述方法实施例所示的技术方案,其实现原理以及有益效果类似,此处不再进行赘述。
在一种可能的实施方式中,所述处理器具体用于:
确定所述第一ECU的主从状态,所述主从状态用于指示所述第一ECU为主ECU或者从ECU;
根据所述第一ECU的主从状态获取所述第一随机数。
在一种可能的实施方式中,所述处理器具体用于:
在所述CAN总线上发送包括第一报文标识的主节点竞争报文;
在所述CAN总线上接收所述至少两个ECU中除所述第一ECU之外的其它ECU发送的包括第二报文标识的主节点竞争报文;
根据所述第一报文标识和所述第二报文标识的大小,按照预设排序规则对所述至少两个ECU进行排序;
判断排序后的所述第一ECU是否位于第一位,若是,则确定所述第一ECU为主ECU,若否,则确定所述第一ECU为从ECU。
在一种可能的实施方式中,所述收发器具体用于:
在确定所述第一ECU为主ECU之后,在所述第一ECU确定生命周期结束时,发送主节点轮换通知消息,所述主节点轮换通知消息用于指示所述第一ECU的主从状态切换为从ECU,所述第一ECU的下一个ECU的主从状态切换为主ECU。
在一种可能的实施方式中,所述收发器还用于,在所述处理器确定所述第一ECU为主ECU时,发送第一报文,所述第一报文中包括的所述第一ECU的主从状态为主状态、所述第一ECU的建环状态为有效状态;
所述收发器还用于,在所述处理器确定所述第一ECU为从ECU时,在所述第一ECU接收到第二ECU发送的第二报文中包括的所述第二ECU的建环状态为有效状态之后,发送第三报文,所述第三报文包括的所述第一ECU的主从状态为从状态、所述第一ECU的建环状态为有效状态,所述第二ECU为所述第一ECU的前一个ECU,所述第一EUC的建环状态为有效状态用于指示所述第一ECU之前的ECU发送的报文中包括的建环状态均为有效状态。
在一种可能的实施方式中,所述处理器具体用于,在所述处理器确定所述第一ECU为主ECU时,在所述第一ECU确定所述至少两个ECU发送的报文中的建环状态均为有效时,生成所述第一随机数;
所述收发器具体用于,在所述处理器确定所述第一ECU为从ECU时,接收所述主ECU发送的所述第一随机数。
在一种可能的实施方式中,所述收发器还用于,在所述处理器生成所述第一随机数之后,发送第四报文,所述第四报文中包括所述第一随机数和所述第一随机数的状态为更新状态;
所述收发器还用于,接收所述至少两个ECU中除所述第一ECU之外的其它ECU发送的第五报文,所述第五报文中包括所述第一随机数和所述第一随机数的状态为更新状态;
所述收发器还用于,在所述处理器确定所述至少两个ECU中除所述第一ECU之外的其它ECU均发送所述第五报文之后,发送第六报文,所述第六报文中包括所述第一随机数和所述第一随机数的状态为保持状态,所述保持状态用于指示所述第一随机数生效。
在一种可能的实施方式中,所述收发器还用于,在所述收发器在第一预设时长之内未收到所述第二ECU发送的所述第二报文,或者所述收发器接收到的所述第二ECU发送的报文中包括的建环状态为无效状态时,发送第七报文并更新所述至少两个ECU,所述第七报文中包括的建环状态为无效状态。
在一种可能的实施方式中,所述处理器具体用于:
确定第一计数值;
根据待发送的第一应用数据、所述第一计数值和所述第一随机数确定第一校验和;
通过所述第一随机序列对所述第一应用数据、所述第一计数值和所述第一校验和进行加密处理,得到待发送的数据报文,并发送所述待发送的数据报文。
在一种可能的实施方式中,在所述处理器根据所述第一随机序列对在CAN总线上接收的数据报文进行解密处理之后,所述处理器还用于:
在接收到的数据报文中获取第二计数值、第二应用数据和第二校验和;
验证所述第二计数值正确后,所述第一ECU根据所述第二计数值、所述第二应用数据和所述第一随机数确定第三校验和;
在所述处理器确定所述第三校验和与所述第二校验和相同时,确定接收到的数据报文正确。
需要说明的是,本申请实施例提供的ECU可以执行上述方法实施例所示的技术方案,其实现原理以及有益效果类似,此处不再进行赘述。
可选的,上述处理器可以是CPU、MCU,还可以是其他通用处理器、DSP、ASIC等。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。结合本申请所公开的认证方法实施例中的步骤可以直接体现为硬件处理器执行完成,或者用处理器中的硬件及软件模块组合执行完成。
本申请提供一种存储介质,所述存储介质用于存储计算机程序,所述计算机程序用于实现上述实施例所述的CAN通信方法。
本申请实施例还提供一种芯片或者集成电路,包括:存储器和处理器;
所述存储器,用于存储程序指令,有时还用于存储中间数据;
所述处理器,用于调用所述存储器中存储的所述程序指令以实现如上所述的CAN通信方法。
可选的,存储器可以是独立的,也可以跟处理器集成在一起。在有些实施方式中,存储器还可以位于所述芯片或者集成电路之外。
本申请实施例还提供一种程序产品,所述程序产品包括计算机程序,所述计算机程序存储在存储介质中,所述计算机程序用于实现上述的CAN通信方法。
实现上述各方法实施例的全部或部分步骤可以通过程序指令相关的硬件来完成。前述的程序可以存储于一可读取存储器中。该程序在执行时,执行包括上述各方法实施例的步骤;而前述的存储器(存储介质)包括:只读存储器(英文:read-only memory,缩写:ROM)、RAM、快闪存储器、硬盘、固态硬盘、磁带(英文:magnetic tape)、软盘(英文:floppy disk)、光盘(英文:optical disc)及其任意组合。
本申请实施例是参照根据本申请实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理单元以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理单元执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指 定的功能的装置。
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。
显然,本领域的技术人员可以对本申请实施例进行各种改动和变型而不脱离本申请的精神和范围。这样,倘若本申请实施例的这些修改和变型属于本申请权利要求及其等同技术的范围之内,则本申请也意图包含这些改动和变型在内。
在本申请中,术语“包括”及其变形可以指非限制性的包括;术语“或”及其变形可以指“和/或”。本本申请中术语“第一”、“第二”等是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。本申请中,“多个”是指两个或两个以上。“和/或”,描述关联对象的关联关系,表示可以存在三种关系,例如,A和/或B,可以表示:单独存在A,同时存在A和B,单独存在B这三种情况。字符“/”一般表示前后关联对象是一种“或”的关系。

Claims (22)

  1. 一种CAN通信方法,其特征在于,应用于控制器局域网CAN通信系统,所述CAN通信系统包括CAN总线和与所述CAN总线连接的至少两个电子控制单元ECU,所述方法包括:
    第一ECU获取第一随机数,所述第一ECU为所述至少两个ECU中的任意一个ECU,所述第一随机数为所述至少两个ECU中的主ECU在所述CAN总线上发送的;
    所述第一ECU获取所述第一随机数对应的第一随机序列;
    所述第一ECU根据所述第一随机序列对在CAN总线上接收的数据报文进行解密处理,和/或,对在所述CAN总线上发送的数据报文进行加密处理。
  2. 根据权利要求1所述的方法,其特征在于,所述第一ECU获取第一随机数,包括:
    所述第一ECU确定所述第一ECU的主从状态,所述主从状态用于指示所述第一ECU为主ECU或者从ECU;
    所述第一ECU根据所述第一ECU的主从状态获取所述第一随机数。
  3. 根据权利要求2所述的方法,其特征在于,所述第一ECU确定所述第一ECU的主从状态,包括:
    所述第一ECU在所述CAN总线上发送包括第一报文标识的主节点竞争报文;
    在所述CAN总线上接收所述至少两个ECU中除所述第一ECU之外的其它ECU发送的包括第二报文标识的主节点竞争报文;
    根据所述第一报文标识和所述第二报文标识的大小,按照预设排序规则对所述至少两个ECU进行排序;
    判断排序后的所述第一ECU是否位于第一位,若是,则确定所述第一ECU为主ECU,若否,则确定所述第一ECU为从ECU。
  4. 根据权利要求3所述的方法,其特征在于,在确定所述第一ECU为主ECU之后,还包括:
    在所述第一ECU确定生命周期结束时,所述第一ECU发送主节点轮换通知消息,所述主节点轮换通知消息用于指示所述第一ECU的主从状态切换为从ECU,所述第一ECU的下一个ECU的主从状态切换为主ECU。
  5. 根据权利要求3或4所述的方法,其特征在于,所述第一ECU确定所述第一ECU的主从状态之后,还包括:
    在所述第一ECU为主ECU时,所述第一ECU发送第一报文,所述第一报文中包括的所述第一ECU的主从状态为主状态、所述第一ECU的建环状态为有效状态;
    在所述第一ECU为从ECU时,在所述第一ECU接收到第二ECU发送的第二报文中包括的所述第二ECU的建环状态为有效状态之后,所述第一ECU发送第三报文,所述第三报文包括的所述第一ECU的主从状态为从状态、所述第一ECU的建环状态为有效状态,所述第二ECU为排序后的所述第一ECU的前一个ECU,所述第一EUC的建环状态为有效状态用于指示所述第一ECU之前的ECU发送的报文中包括的建环状态均为有效状态。
  6. 根据权利要求5所述的方法,其特征在于,所述第一ECU根据所述第一ECU的主从状态获取所述第一随机数,包括:
    在所述第一ECU为主ECU时,在所述第一ECU确定所述至少两个ECU发送的报文中的建环状态均为有效时,则所述第一ECU生成所述第一随机数;
    在所述第一ECU为从ECU时,则所述第一ECU接收所述主ECU发送的所述第一随机数。
  7. 根据权利要求1-6任一项所述的方法,其特征在于,所述第一ECU根据所述第一随机序列对在所述CAN总线上发送的数据报文进行加密处理,包括:
    所述第一ECU确定第一计数值;
    所述第一ECU根据待发送的第一应用数据、所述第一计数值和所述第一随机数确定第一校验和;
    所述第一ECU通过所述第一随机序列对所述第一应用数据、所述第一计数值和所述第一校验和进行加密处理,得到待发送的数据报文,并发送所述待发送的数据报文。
  8. 根据权利要求1-7任一项所述的方法,其特征在于,所述第一ECU根据所述第一随机序列对在CAN总线上接收的数据报文进行解密处理之后,还包括:
    所述第一ECU在接收到的数据报文中获取第二计数值、第二应用数据和第二校验和;
    在所述第一ECU验证所述第二计数值正确后,所述第一ECU根据所述第二计数值、所述第二应用数据和所述第一随机数确定第三校验和;
    在所述第一ECU确定所述第三校验和与所述第二校验和相同时,确定接收到的数据报文正确。
  9. 一种CAN通信系统,其特征在于,包括控制器局域网CAN总线和与所述CAN总线连接的至少两个电子控制单元ECU,针对所述至少两个ECU中的任意一个第一ECU,所述第一ECU用于:
    获取第一随机数,所述第一随机数为所述至少两个ECU中的主ECU在所述CAN总线上发送的;
    获取所述第一随机数对应的第一随机序列;
    根据所述第一随机序列对在CAN总线上接收的数据报文进行解密处理,和/或,对在所述CAN总线上发送的数据报文进行加密处理。
  10. 根据权利要求9所述的系统,其特征在于,所述第一ECU具体用于:
    确定所述第一ECU的主从状态,所述主从状态用于指示所述第一ECU为主ECU或者从ECU;
    根据所述第一ECU的主从状态获取所述第一随机数。
  11. 根据权利要求10所述的系统,其特征在于,所述第一ECU具体用于:
    在所述CAN总线上发送包括第一报文标识的主节点竞争报文;
    在所述CAN总线上接收所述至少两个ECU中除所述第一ECU之外的其它ECU发送的包括第二报文标识的主节点竞争报文;
    根据所述第一报文标识和所述第二报文标识的大小,按照预设排序规则对所述至少两个ECU进行排序;
    判断排序后的所述第一ECU是否位于第一位,若是,则确定所述第一ECU为主ECU,若否,则确定所述第一ECU为从ECU。
  12. 根据权利要求11所述的系统,其特征在于,在确定所述第一ECU为主ECU之 后,所述第一ECU还用于:
    在所述第一ECU确定生命周期结束时,发送主节点轮换通知消息,所述主节点轮换通知消息用于指示所述第一ECU的主从状态切换为从ECU,所述第一ECU的下一个ECU的主从状态切换为主ECU。
  13. 根据权利要求11或12所述的系统,其特征在于,
    在确定所述第一ECU为主ECU之后,所述第一ECU还用于发送第一报文,所述第一报文中包括的所述第一ECU的主从状态为主状态、所述第一ECU的建环状态为有效状态;
    在确定所述第一ECU为从ECU之后,在所述第一ECU接收到第二ECU发送的第二报文中包括的所述第二ECU的建环状态为有效状态之后,所述第一ECU还用于发送第三报文,所述第三报文包括的所述第一ECU的主从状态为从状态、所述第一ECU的建环状态为有效状态,所述第二ECU为排序后的所述第一ECU的前一个ECU,所述第一EUC的建环状态为有效状态用于指示所述第一ECU之前的ECU发送的报文中包括的建环状态均为有效状态。
  14. 根据权利要求13所述的系统,其特征在于,
    在确定所述第一ECU为主ECU时,所述第一ECU具体用于:在所述第一ECU确定所述至少两个ECU发送的报文中的建环状态均为有效时,生成所述第一随机数;
    在确定所述第一ECU为从ECU时,所述第一ECU具体用于:接收所述主ECU发送的所述第一随机数。
  15. 根据权利要求9-14任一项所述的系统,其特征在于,所述第一ECU具体用于:
    确定第一计数值;
    根据待发送的第一应用数据、所述第一计数值和所述第一随机数确定第一校验和;
    通过所述第一随机序列对所述第一应用数据、所述第一计数值和所述第一校验和进行加密处理,得到待发送的数据报文,并发送所述待发送的数据报文。
  16. 根据权利要求9-15任一项所述的系统,其特征在于,在所述第一ECU根据所述第一随机序列对在CAN总线上接收的数据报文进行解密处理之后,所述第一ECU还用于:
    在接收到的数据报文中获取第二计数值、第二应用数据和第二校验和;
    验证所述第二计数值正确后,所述第一ECU根据所述第二计数值、所述第二应用数据和所述第一随机数确定第三校验和;
    在所述第三校验和与所述第二校验和相同时,确定接收到的数据报文正确。
  17. 一种ECU,其特征在于,应用于控制器局域网CAN通信系统,所述CAN通信系统包括CAN总线和与所述CAN总线连接的至少两个电子控制单元ECU,所述ECU为所述至少两个ECU中的第一ECU,所述第一ECU包括处理器、收发器、控制器和存储器,所述存储器中存储有计算机程序,所述处理器用于读取并执行所述存储器中的计算机程序,其中,
    所述处理器用于,获取第一随机数,所述第一随机数为所述第一ECU所在的控制器局域网CAN通信系统中的主ECU在所述CAN通信系统中的CAN总线上发送的;
    所述处理器还用于,获取所述第一随机数对应的第一随机序列;
    所述控制器用于,控制所述收发器在所述CAN总线上接收数据,和/或,控制所述收 发器在所述CAN总线上发送数据;
    所述处理器还用于,根据所述第一随机序列对所述收发器在CAN总线上接收的数据报文进行解密处理,和/或,对所述收发器在所述CAN总线上发送的数据报文进行加密处理。
  18. 根据权利要求17所述的ECU,其特征在于,所述处理器具体用于:
    确定所述第一ECU的主从状态,所述主从状态用于指示所述第一ECU为主ECU或者从ECU;
    根据所述第一ECU的主从状态获取所述第一随机数。
  19. 根据权利要求18所述的ECU,其特征在于,
    所述收发器还用于,在所述处理器确定所述第一ECU为主ECU时,发送第一报文,所述第一报文中包括的所述第一ECU的主从状态为主状态、所述第一ECU的建环状态为有效状态;
    所述收发器还用于,在所述处理器确定所述第一ECU为从ECU时,在所述第一ECU接收到第二ECU发送的第二报文中包括的所述第二ECU的建环状态为有效状态之后,发送第三报文,所述第三报文包括的所述第一ECU的主从状态为从状态、所述第一ECU的建环状态为有效状态,所述第二ECU为所述第一ECU的前一个ECU,所述第一EUC的建环状态为有效状态用于指示所述第一ECU之前的ECU发送的报文中包括的建环状态均为有效状态。
  20. 根据权利要求19所述的ECU,其特征在于,
    所述处理器具体用于,在所述处理器确定所述第一ECU为主ECU时,在所述第一ECU确定所述至少两个ECU发送的报文中的建环状态均为有效时,生成所述第一随机数;
    所述收发器具体用于,在所述处理器确定所述第一ECU为从ECU时,接收所述主ECU发送的所述第一随机数。
  21. 根据权利要求17-20任一项所述的ECU,其特征在于,所述处理器具体用于:
    确定第一计数值;
    根据待发送的第一应用数据、所述第一计数值和所述第一随机数确定第一校验和;
    通过所述第一随机序列对所述第一应用数据、所述第一计数值和所述第一校验和进行加密处理,得到待发送的数据报文,并发送所述待发送的数据报文。
  22. 根据权利要求17-21任一项所述的ECU,其特征在于,在所述处理器根据所述第一随机序列对在CAN总线上接收的数据报文进行解密处理之后,所述处理器还用于:
    在接收到的数据报文中获取第二计数值、第二应用数据和第二校验和;
    验证所述第二计数值正确后,所述第一ECU根据所述第二计数值、所述第二应用数据和所述第一随机数确定第三校验和;
    在所述处理器确定所述第三校验和与所述第二校验和相同时,确定接收到的数据报文正确。
PCT/CN2019/096740 2019-07-19 2019-07-19 Can通信方法、设备及系统 WO2021012078A1 (zh)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201980054284.3A CN112602287B (zh) 2019-07-19 2019-07-19 Can通信方法、设备及系统
PCT/CN2019/096740 WO2021012078A1 (zh) 2019-07-19 2019-07-19 Can通信方法、设备及系统

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2019/096740 WO2021012078A1 (zh) 2019-07-19 2019-07-19 Can通信方法、设备及系统

Publications (1)

Publication Number Publication Date
WO2021012078A1 true WO2021012078A1 (zh) 2021-01-28

Family

ID=74192790

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/096740 WO2021012078A1 (zh) 2019-07-19 2019-07-19 Can通信方法、设备及系统

Country Status (2)

Country Link
CN (1) CN112602287B (zh)
WO (1) WO2021012078A1 (zh)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113328919A (zh) * 2021-05-28 2021-08-31 江苏徐工工程机械研究院有限公司 一种can总线标识符、通信方法以及通信系统
CN114244747A (zh) * 2021-11-12 2022-03-25 潍柴动力股份有限公司 一种报文健康监控方法、装置及ecu
CN115878160A (zh) * 2023-03-08 2023-03-31 江铃汽车股份有限公司 一种基于can通信的ecu升级方法及系统

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106027260A (zh) * 2016-05-12 2016-10-12 成都信息工程大学 基于密钥预分配的汽车ecu完整性验证和加密通信方法
CN106549940A (zh) * 2016-10-13 2017-03-29 北京奇虎科技有限公司 车辆数据传输方法及系统
US20170111177A1 (en) * 2015-10-19 2017-04-20 Toyota Jidosha Kabushiki Kaisha Vehicle system and authentication method
EP3219553A1 (en) * 2014-11-12 2017-09-20 Panasonic Intellectual Property Corporation of America Update management method, update management device, and control program
CN108989024A (zh) * 2018-06-29 2018-12-11 百度在线网络技术(北京)有限公司 控制在车辆中电子控制单元间通信的方法、装置、设备、存储介质以及相应车辆

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3852313B1 (en) * 2014-04-03 2022-06-08 Panasonic Intellectual Property Corporation of America Network communication system, fraud detection electronic control unit and anti-fraud handling method
US9729312B2 (en) * 2015-04-28 2017-08-08 The United States Of America As Represented By The Secretary Of The Navy System and method for high-assurance data storage and processing based on homomorphic encryption
US10673623B2 (en) * 2015-09-25 2020-06-02 Mongodb, Inc. Systems and methods for hierarchical key management in encrypted distributed databases
US10623178B2 (en) * 2016-07-15 2020-04-14 Dell Products L.P. System and method for secure messaging between distributed computing nodes
CN108199941B (zh) * 2017-12-29 2022-03-08 北京纳米维景科技有限公司 一种基于can2.0b的can总线通信方法
CN109450750A (zh) * 2018-11-30 2019-03-08 广东美的制冷设备有限公司 设备的语音控制方法、装置、移动终端和家电设备

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3219553A1 (en) * 2014-11-12 2017-09-20 Panasonic Intellectual Property Corporation of America Update management method, update management device, and control program
US20170111177A1 (en) * 2015-10-19 2017-04-20 Toyota Jidosha Kabushiki Kaisha Vehicle system and authentication method
CN106027260A (zh) * 2016-05-12 2016-10-12 成都信息工程大学 基于密钥预分配的汽车ecu完整性验证和加密通信方法
CN106549940A (zh) * 2016-10-13 2017-03-29 北京奇虎科技有限公司 车辆数据传输方法及系统
CN108989024A (zh) * 2018-06-29 2018-12-11 百度在线网络技术(北京)有限公司 控制在车辆中电子控制单元间通信的方法、装置、设备、存储介质以及相应车辆

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113328919A (zh) * 2021-05-28 2021-08-31 江苏徐工工程机械研究院有限公司 一种can总线标识符、通信方法以及通信系统
CN113328919B (zh) * 2021-05-28 2023-10-10 江苏徐工工程机械研究院有限公司 一种can总线标识符、通信方法以及通信系统
CN114244747A (zh) * 2021-11-12 2022-03-25 潍柴动力股份有限公司 一种报文健康监控方法、装置及ecu
CN114244747B (zh) * 2021-11-12 2023-11-17 潍柴动力股份有限公司 一种报文健康监控方法、装置及ecu
CN115878160A (zh) * 2023-03-08 2023-03-31 江铃汽车股份有限公司 一种基于can通信的ecu升级方法及系统

Also Published As

Publication number Publication date
CN112602287A (zh) 2021-04-02
CN112602287B (zh) 2022-02-11

Similar Documents

Publication Publication Date Title
US11595422B2 (en) Method for preventing electronic control unit from executing process based on malicious frame transmitted to bus
US11971978B2 (en) Vehicle network system whose security is improved using message authentication code
JP7139424B2 (ja) 車両搭載機器アップグレード方法および関連機器
JP6773617B2 (ja) 更新制御装置、ソフトウェア更新システムおよび更新制御方法
WO2021012078A1 (zh) Can通信方法、设备及系统
US10735435B2 (en) Communication system, management node, normal node, counter synchronization method, and storage medium
US9705678B1 (en) Fast CAN message authentication for vehicular systems
KR101527779B1 (ko) 효율적인 차량용 리프로그래밍 장치 및 그 제어방법
US7840810B2 (en) Systems and methods for rejoining a second group of nodes with a first group of nodes using a shared group key
US10050983B2 (en) Communication system, receiving apparatus, receiving method, and computer program product
WO2021004454A1 (zh) 运算方法、装置及设备
JPWO2018142504A1 (ja) 暗号鍵配信システム、鍵配信ecu、鍵受信ecu、鍵配信プログラム、鍵受信プログラム及び暗号鍵配信方法
CN117980904A (zh) 所测量的微控制器重启
Groza et al. Broadcast authentication in a low speed controller area network
US20230275750A1 (en) System and method for secure storage and distribution of encryption keys
US11546370B2 (en) Anti-replay protection for network packet communications
Groza et al. Higher layer authentication for broadcast in Controller Area Networks
JP6958114B2 (ja) 電子制御装置
JP2019097206A (ja) 不正対処方法、不正検知電子制御ユニット、および、ネットワーク通信システム
US20230224284A1 (en) Method of controlling security key of vehicle
EP4387285A1 (en) Key indication protocol
US20240348438A1 (en) Electronic control unit and storage medium
US20240348450A1 (en) Safe and secure communication
WO2022097519A1 (ja) 車両用データ保存方法、車両用データ保存システム
US20230306101A1 (en) System, vehicle, and method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19938503

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19938503

Country of ref document: EP

Kind code of ref document: A1