[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN114124578B - Communication method, device, vehicle and storage medium - Google Patents

Communication method, device, vehicle and storage medium Download PDF

Info

Publication number
CN114124578B
CN114124578B CN202210083195.5A CN202210083195A CN114124578B CN 114124578 B CN114124578 B CN 114124578B CN 202210083195 A CN202210083195 A CN 202210083195A CN 114124578 B CN114124578 B CN 114124578B
Authority
CN
China
Prior art keywords
control unit
verification
management server
authentication key
vehicle
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210083195.5A
Other languages
Chinese (zh)
Other versions
CN114124578A (en
Inventor
于永庆
靳慧杰
金正雄
杨欣欣
荣海涛
孙虎昌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hubei Xinqing Technology Co ltd
Original Assignee
Hubei Xinqing Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hubei Xinqing Technology Co ltd filed Critical Hubei Xinqing Technology Co ltd
Priority to CN202210083195.5A priority Critical patent/CN114124578B/en
Publication of CN114124578A publication Critical patent/CN114124578A/en
Application granted granted Critical
Publication of CN114124578B publication Critical patent/CN114124578B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Lock And Its Accessories (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a communication method, a communication device, a vehicle and a storage medium. The communication method comprises the following steps: firstly, sending registration information to a management server, wherein the registration information comprises a first identification mark and a vehicle identification mark of a vehicle component; secondly, receiving and storing an authentication key sent by the management server, wherein the authentication key is obtained by the management server according to the registration information; then, according to the authentication key and the verification information sent by the verification control unit, a message authentication code is obtained and sent to the verification control unit; and finally, receiving feedback information which is sent by the verification control unit and whether the feedback information passes the verification or not, wherein the feedback information whether the feedback information passes the verification or not is obtained by the verification control unit according to the message authentication code. By adopting the method, the vehicle component is registered to the management server to obtain the legal authentication key, and the vehicle component is verified whether to be legal or not by the verification control unit based on the authentication key, so that the condition that the illegal vehicle component is installed on the vehicle and potential safety hazards are brought to the vehicle is prevented.

Description

Communication method, device, vehicle and storage medium
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a communication method, an apparatus, a vehicle, and a storage medium.
Background
A Control system of a vehicle generally includes a plurality of vehicle components, such as various ECU (Electronic Control Unit) components. When a certain vehicle is stolen, the ECU component is often detached and flows to the market for retail sale. If the ECU component of the stolen automobile is illegally installed on another automobile, the problem that the ECU component is not matched with the automobile can occur, so that the automobile is in the risk of operation failure, and great potential safety hazard is brought.
Disclosure of Invention
In view of the above-mentioned shortcomings in the prior art, an object of the present invention is to provide a communication method, apparatus, vehicle and storage medium, which can prevent an illegal vehicle component from being mounted on the vehicle and bringing about a potential safety hazard to the vehicle.
In order to achieve the above object, the present invention provides a communication method, applied to a vehicle component of a vehicle control system, where the vehicle control system further includes a verification control unit and a management server, and the communication method includes:
sending registration information to a management server, wherein the registration information comprises a first identification mark of the vehicle component and a corresponding vehicle identification mark;
receiving and storing an authentication key sent by the management server, wherein the authentication key is obtained by the management server according to the registration information;
obtaining a message authentication code according to the authentication key and the verification information sent by the verification control unit and sending the message authentication code to the verification control unit;
and receiving feedback information which is sent by the verification control unit and is verified or not, wherein the feedback information which is sent by the verification control unit and is verified or not is obtained by the verification control unit according to the message authentication code.
Optionally, the step of receiving and storing an authentication key sent by the management server, where the authentication key is obtained by the management server according to the registration information includes:
sending the password public key to a management server;
receiving an authentication key sent by a management server, wherein the authentication key is obtained by the management server according to a password public key and an authentication key to be encrypted, and the authentication key to be encrypted is obtained by the management server according to registration information and a root key;
the authentication key is saved.
Optionally, the step of saving the authentication key includes:
decrypting the authentication key according to the password private key to obtain a decrypted authentication key;
and storing the decrypted authentication key.
Optionally, the step of obtaining the message authentication code and sending the message authentication code to the verification control unit according to the authentication key and the verification information sent by the verification control unit includes:
receiving a second identification mark sent by the verification control unit;
obtaining a message authentication code according to the first identification mark, the second identification mark and the authentication key;
and sending the first identification mark and the message authentication code to a verification control unit.
Optionally, the step of receiving feedback information whether the verification control unit sends the feedback information that is sent by the verification control unit and passes the verification, the feedback information whether passing the verification being obtained by the verification control unit according to the message authentication code includes:
and receiving feedback information whether the verification is passed or not, which is sent by the verification control unit, wherein the feedback information whether the verification is passed or not is obtained by the verification control unit according to the message authentication code and the information check code, and the information check code is obtained by the verification control unit according to the first identification identifier, the second identification identifier and the authentication key.
Optionally, the step of receiving feedback information that is sent by the verification control unit and whether the feedback information passes the verification includes:
when the message authentication code is matched with the message check code, receiving feedback information which passes the verification and is sent by the verification control unit; and when the message authentication code and the message check code are not matched, receiving feedback information which is sent by the verification control unit and fails to be verified.
Optionally, the vehicle control system further includes a system database for recording the first identification identifier and the authentication key corresponding to the vehicle component, and after the step of receiving and storing the authentication key sent by the management server, the vehicle control system further includes:
and when the verification control unit does not inquire the first identification mark and the authentication key corresponding to the vehicle component in the system database, receiving feedback information which is sent by the verification control unit and fails to be verified.
The invention also provides a communication device, which is applied to the vehicle component of the vehicle control system, the vehicle control system also comprises a verification control unit and a management server, and the communication device comprises:
the information registration module is used for sending registration information to the management server, wherein the registration information comprises a first identification mark of the vehicle component and a corresponding vehicle identification mark;
the first receiving module is used for receiving and storing the authentication key sent by the management server, and the authentication key is obtained by the management server according to the registration information;
the acquisition and transmission module is used for acquiring a message authentication code according to the authentication key and the verification information transmitted by the verification control unit and transmitting the message authentication code to the verification control unit;
and the second receiving module is used for receiving the feedback information which is sent by the verification control unit and whether the feedback information passes the verification or not, and the feedback information which passes the verification or not is obtained by the verification control unit according to the message authentication code.
The invention also provides a vehicle, which comprises a vehicle body, a storage medium and a processor, wherein the storage medium and the processor are arranged on the vehicle body, the storage medium stores a computer program, and the processor realizes the steps of the communication method in any one of the above items when executing the computer program.
The present invention also provides a computer-readable storage medium having a computer program stored thereon, the computer program, when executed by a processor, implementing the steps of the communication method of any of the above.
Compared with the prior art, the invention has the beneficial effects that: firstly, sending registration information to a management server, wherein the registration information comprises a first identification mark and a vehicle identification mark of a vehicle component; secondly, receiving and storing an authentication key sent by the management server, wherein the authentication key is obtained by the management server according to the registration information; then, according to the authentication key and the verification information sent by the verification control unit, a message authentication code is obtained and sent to the verification control unit; and finally, receiving feedback information which is sent by the verification control unit and whether the feedback information passes the verification or not, wherein the feedback information whether the feedback information passes the verification or not is obtained by the verification control unit according to the message authentication code. By adopting the method, the vehicle component is registered to the management server to obtain the legal authentication key, and the vehicle component is verified whether to be legal or not by the verification control unit based on the authentication key, so that the condition that the illegal vehicle component is installed on the vehicle and potential safety hazards are brought to the vehicle is prevented.
Drawings
In order to illustrate the embodiments or the technical solutions in the prior art more clearly, the drawings needed to be used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the invention, and it is obvious for a person skilled in the art that other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a block diagram of a vehicle control system according to an embodiment of the present invention;
FIG. 2 is a first flowchart of a communication method according to an embodiment of the present invention;
FIG. 3 is a second flowchart of a communication method according to an embodiment of the present invention;
FIG. 4 is a flow chart of a communication method according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of an ECU registration process in accordance with an embodiment of the present invention;
FIG. 6 is a schematic diagram of an ECU authentication process according to an embodiment of the present invention;
FIG. 7 is a block diagram of a communication device according to an embodiment of the present invention;
fig. 8 is a diagram of a connection between a storage medium and a processor according to an embodiment of the present invention.
Detailed Description
The following description of the various embodiments refers to the accompanying drawings that illustrate specific embodiments in which the invention may be practiced. In the description of the present invention, it is to be understood that the terms "first", "second" and "third" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implying any number of technical features indicated. Thus, features defined as "first", "second", "third" may explicitly or implicitly include one or more of the described features. In the description of the present invention, "a plurality" means two or more unless specifically defined otherwise.
In the description of the present invention, it should be noted that, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; may be mechanically connected, may be electrically connected or may be in communication with each other; either directly or indirectly through intervening media, either internally or in any other relationship. The specific meanings of the above terms in the present invention can be understood by those skilled in the art according to specific situations.
The following disclosure provides many different embodiments or examples for implementing different features of the invention. To simplify the disclosure of the present invention, the components and arrangements of specific examples are described below. Of course, they are merely examples and are not intended to limit the present invention.
The embodiment of the invention provides a communication method, which is applied to a vehicle component 1 of a vehicle control system, as shown in fig. 1, the vehicle control system further comprises a verification control unit 2 and a management server 3. The ECU consists of three parts, namely an input circuit, a microcomputer, an output circuit and the like. The electronic components can control the mechanical components more precisely through the development of the automobile system electronization, thereby reducing the loss of the mechanical components, improving the efficiency and the service life of the automobile system. With the development of intelligent interconnected automobiles, more and more ECUs are installed on the automobiles.
In the present embodiment, the verification control unit 2 is a master ECU, and the vehicle component 1 is a conventional ECU.
As shown in fig. 2, the communication method of the present embodiment includes steps 100, 200, 300 and 400, and the following steps are specifically described with the vehicle component 1 as an execution subject, and specifically include the following steps:
step 100, sending registration information to the management server 3, where the registration information includes the first identification mark of the vehicle component 1 and the corresponding vehicle identification mark. The first identification mark is an ECU ID of the vehicle component 1, and the vehicle identification mark is identification information of a vehicle corresponding to the vehicle component 1, such as a vehicle unique ID, such as a frame number and an engine number. Each vehicle has a unique identification mark when leaving the factory, the assembled vehicle component 1 is also singly matched and bound with the vehicle component 1, and the vehicle component 1 can obtain a corresponding first identification mark through a registration terminal.
Step 200, receiving and storing the authentication key sent by the management server 3, wherein the authentication key is obtained by the management server 3 according to the registration information. The authentication key is a parameter input in an algorithm for converting a plaintext into a ciphertext or converting the ciphertext into the plaintext in information transmission.
In one embodiment, as shown in fig. 3, step 200 specifically includes step 210, step 220, and step 230, wherein:
step 210, the cryptographic public key is sent to the management server 3. Each automobile component corresponds to one password public key, and the corresponding password public key can be obtained through the registration terminal when the automobile is delivered from a factory.
Step 220, receiving the authentication key sent by the management server 3, where the authentication key is obtained by the management server 3 according to the cryptographic public key and the authentication key to be encrypted, and the authentication key to be encrypted is obtained by the management server 3 according to the registration information and the root key. Wherein the root key is generated by the encryption engine. In this step, the management server 3 may generate the authentication key based on the SM3 algorithm in a distributed manner based on the ECU ID, the vehicle unique ID, and the root key.
Step 230, the authentication key is saved. Specifically, the authentication key is decrypted according to the password private key to obtain the decrypted authentication key. The decrypted authentication key is then saved. The authentication key may be saved to a secure storage medium of the vehicle assembly 1. At the same time, the verification control unit 2 updates the authentication key of the vehicle component 1 and the first identification into the system database 4.
The public key and the private key are a key pair (namely a public key and a private key) obtained through an algorithm, and one of the public key and the private key is published to the outside and is called as a public key; the other one itself holds, called the private key. The key pair derived by such an algorithm can be guaranteed to be unique worldwide. When using this key pair, if one of the keys is used to encrypt a piece of data, the other key must be used to decrypt the piece of data. For example, encrypting data with a public key necessitates decryption with the private key, and if encrypting with the private key, also must decrypt with the public key, otherwise decryption will not succeed.
In this embodiment, the secret key and the secret key of each vehicle component 1 are uniquely paired with each other, and the certification key is encrypted by the secret key, and only the secret key of the vehicle component 1 can decrypt the encrypted certification key. Because the secret key is private, others cannot know the exact secret key, and cannot decrypt the authentication key encrypted by the public key. By the method, the security of the authentication key in the transmission process is ensured, and the authentication key cannot be illegally stolen and tampered by others.
The registration work of the vehicle component 1 on the management server 3 is completed through step 100 and step 200. On the other hand, the verification control unit 2 may also use the above method principle to complete the registration work on the management server 3, and both the second identification mark and the corresponding authentication key of the verification control unit 2 may also be synchronized into the system database 4.
Step 300, obtaining the message authentication code according to the authentication key and the verification information sent by the verification control unit 2, and sending the message authentication code to the verification control unit 2.
Specifically, the verification information includes a second identification mark of the verification control unit 2, and the verification control unit 2 periodically inquires and detects each vehicle component 1 and transmits the second identification mark to each vehicle quantity component. As shown in fig. 4, step 300 may include step 310, step 320, and step 330, wherein:
in step 310, the second identification mark sent by the verification control unit 2 is received.
And 320, obtaining a message authentication code according to the first identification mark, the second identification mark and the authentication key. Wherein, the message Authentication code is MAC (message Authentication code). Specifically, the detected vehicle component 1 calculates the MAC value according to its own first identifier and Authentication key, and the second identifier of the verification control unit 2 by using a CMAC (Cipher-based Message Authentication Code) algorithm.
Step 330, the first identification mark and the message authentication code are sent to the verification control unit 2.
Step 400, receiving the feedback information whether the verification is passed or not sent by the verification control unit 2, wherein the feedback information whether the verification is passed or not is obtained by the verification control unit 2 according to the message authentication code. The feedback information of whether the verification is passed is obtained by the verification control unit 2 according to the message authentication code and the information check code, and the information check code is obtained by the verification control unit 2 according to the first identification mark, the second identification mark and the authentication key.
In one embodiment, in step 400, when the message authentication code and the message check code match, the feedback information that is sent by the verification control unit 2 and passes the verification is received. When the message authentication code and the message check code do not match, feedback information that fails to be verified and sent by the verification control unit 2 is received. Meanwhile, the verification control unit 2 may send alarm information to an alarm unit of the vehicle control system to prompt that the vehicle component 1 is not matched with the vehicle and is an illegal vehicle component 1.
For example, the vehicle component 1 calculates the message authentication code as MAC1, and transmits MAC1 and its own first identification to the verification control unit 2. The verification control unit 2 recalculates the obtained message authentication code to be MAC2 according to the first identification mark, the corresponding authentication key and the second identification mark, compares the MAC1 with the MAC2 and judges whether the two are consistent or matched; if yes, the vehicle component 1 is legal, and if not, the vehicle component 1 is illegal in source and is not the original component of the vehicle.
In one embodiment, the vehicle control system further includes a system database 4 for recording the first identification and the authentication key corresponding to the vehicle component 1, and after the step of receiving and storing the authentication key sent by the management server 3, the vehicle control system further includes the following steps:
when the verification control unit 2 does not inquire the first identification mark and the authentication key corresponding to the vehicle component 1 in the system database 4, feedback information that the verification control unit 2 has failed in verification is received.
In the authentication process of the vehicle component 1, the verification control unit 2 firstly queries in the system database 4 whether the vehicle component 1 is legally registered, and if the vehicle component 1 is not registered, the system database 4 cannot query the first identification mark of the vehicle component 1, which indicates that the source of the vehicle component 1 is illegal.
Only after the verification control unit 2 inquires the corresponding first identification mark in the system database 4, the next procedure of verifying the message authentication code is entered.
The communication method of this embodiment is based on a security encryption authentication technology of an HSM (hardware security module), and implements protection of a vehicle control system. The vehicle component 1 and the verification control unit 2 each have an HSM built therein.
Each ECU (including the vehicle component 1 and the verification control unit 2) needs to be registered in advance on the management server 3, enter the system database 4 of the vehicle control system, and acquire the authentication key.
By the verification control unit 2 periodically polling all vehicle components 1 in the vehicle control system, only the vehicle component 1 having the correct authentication key can give a correct response.
If the vehicle control system detects that an unauthorized vehicle component 1 is in the vehicle, it may react and issue a warning.
The communication method of the present embodiment includes two parts. The first part is an ECU registration flow, i.e., including step 100 and step 200. The second part is an ECU authentication flow including step 300 and step 400.
The ECU registration process is shown in fig. 5, and specifically as follows:
A1) the vehicle component 1 acquires its corresponding ECU ID (first identification) and ECU public key (cryptographic public key) through the registered terminal.
A2) The vehicle component 1 transmits the ECU ID, the ECU public key, and the vehicle identification to be attached to the vehicle to the management server 3.
A3) The management server 3 dispersively generates an ECU KEY (authentication KEY) based on the cryptographic SM3 algorithm from the ECU ID, the vehicle identification number, and the root KEY.
A4) The management server 3 encrypts the ECU KEY using the ECU public KEY of the vehicle component 1 and then sends it to the vehicle component 1.
A5) The vehicle component 1 decrypts the encrypted ECU KEY with its own ECU private KEY (password private KEY) and writes into the secure storage medium of the vehicle component 1.
A6) The vehicle component 1 sends the ECU ID and the ECU KEY to the authentication control unit 2.
A7) The authentication control unit 2 updates the system database 4, including the ECU IDs and corresponding ECU KEYs, of all the vehicle components 1 registered to be mounted on the vehicle, using the secure channel. The authentication control unit 2 also registers to the management system by the above-described method.
The ECU authentication flow is shown in fig. 6, and specifically as follows:
B1) the authentication control unit 2 periodically inquires each vehicle component 1, and transmits a master ECU ID (second identification code) of the authentication control unit 2 to the vehicle component 1.
B2) The detected vehicle component 1 calculates a MAC value by using a CMAC algorithm based on the received master ECU ID, its own ECU ID, and ECU KEY of the authentication control unit 2.
B3) The vehicle component 1 transmits its EUC ID, MAC value to the authentication control unit 2.
B4) The authentication control unit 2 inquires of the system database 4 whether the ECU ID of the vehicle component 1 is registered; if yes, go to step B5; if not, go to step B7.
B5) The verification control unit 2 recalculates the MAC based on the received ECU ID, the master ECU ID, and the ECU KEY obtained based on the ECU ID, and compares the calculated MAC value with the received MAC value to verify the identity of the vehicle component 1.
B6) The authentication control unit 2 sends a response to the vehicle component 1 informing whether it is legitimate or not.
B7) If not, the superior system will be warned.
The communication architecture between vehicle ECUs basically relies on a CAN (Controller Area Network) bus. In the embodiment, the communication bandwidth is occupied as little as possible, so an AES-CMAC algorithm is adopted, wherein AES is Advanced Encryption Standard, that is, Advanced Encryption Standard. Therefore, the integrity of the communication data can be ensured, the identity of the communication party can be verified, and the performance of the symmetric algorithm is high.
In addition, in the current automobile architecture, the AES-CMAC algorithm is configured even for the HSM in the low-profile (EVITA LIGHT standard) ECU. After the future internal network of the ECU is upgraded to the ethernet, and the HSMs of the ECU are upgraded to EVITA HIGHY standard, and the asymmetric algorithm is built in, the technical solution of this embodiment may also adopt the asymmetric algorithm based on PKI (Public Key Infrastructure) to verify the identity of the ECU. The basic flow is as follows:
firstly, the management server 3 is responsible for issuing certificates;
then, the vehicle component 1 (conventional ECU) of each vehicle control system possesses an issued certificate;
finally, the authentication control unit 2 (master ECU) possesses a root certificate of the management server 3, which is responsible for authenticating each ECU in the vehicle control system.
The embodiment of the invention provides a communication device, which is applied to a vehicle component 1 of a vehicle control system, and the vehicle control system further comprises a verification control unit 2 and a management server 3. As shown in fig. 7, the communication device includes an information registration module 101, a first receiving module 102, an acquisition and transmission module 103, and a second receiving module 104. Wherein:
the information registration module 101 is configured to send registration information to the management server 3, where the registration information includes the first identification mark of the vehicle component 1 and the vehicle identification mark.
The first receiving module 102 is configured to receive and store the authentication key sent by the management server 3, where the authentication key is obtained by the management server 3 according to the registration information.
The obtaining and sending module 103 is configured to obtain a message authentication code according to the authentication key and the verification information sent by the verification control unit 2, and send the message authentication code to the verification control unit 2.
The second receiving module 104 is configured to receive feedback information that is sent by the verification control unit 2 and that is whether the verification is passed, where the feedback information that is sent by the verification control unit 2 and that is whether the verification is passed is obtained by the verification control unit 2 according to the message authentication code.
The communication device of the present embodiment, using the communication method provided by the above embodiment, registers the vehicle component 1 with the management server 3 to obtain a legal authentication key, and then verifies whether the vehicle component 1 is legal or not through the verification control unit 2 based on the authentication key, so as to prevent the illegal vehicle component 1 from being installed on the vehicle, thereby bringing about potential safety hazard to the vehicle.
In this embodiment, protection of a vehicle control system is implemented based on a security encryption authentication technology of an HSM (hardware security module). The vehicle component 1 and the verification control unit 2 each have an HSM built therein.
Each ECU (including the vehicle component 1 and the verification control unit 2) needs to be registered in advance on the management server 3, enter the system database 4 of the vehicle control system, and acquire the authentication key.
By the verification control unit 2 periodically polling all vehicle components 1 in the vehicle control system, only the vehicle component 1 having the correct authentication key can give a correct response.
If the vehicle control system detects that an unauthorized vehicle component 1 is in the vehicle, it may react and issue a warning.
An embodiment of the present invention provides a vehicle, including a vehicle body, a storage medium, and a processor, where the storage medium and the processor are disposed on the vehicle body, the storage medium stores a computer program, and the processor implements the steps of the communication method provided in any one of the above embodiments when executing the computer program.
The embodiment first sends registration information to the management server 3, wherein the registration information includes a first identification mark and a vehicle identification mark of the vehicle component 1; secondly, receiving and storing an authentication key sent by the management server 3, wherein the authentication key is obtained by the management server 3 according to the registration information; then, according to the authentication key and the verification information sent by the verification control unit 2, a message authentication code is obtained and sent to the verification control unit 2; and finally, receiving feedback information which is sent by the verification control unit 2 and is verified or not, wherein the feedback information which is sent by the verification control unit 2 and is verified or not is obtained by the verification control unit 2 according to the message authentication code. By adopting the method, the vehicle component 1 is registered to the management server 3 to obtain a legal authentication key, and the vehicle component 1 is verified to be legal or not by the verification control unit 2 based on the authentication key, so that the condition that the illegal vehicle component 1 is installed on the vehicle and potential safety hazards are brought to the vehicle is prevented.
It will be understood by those skilled in the art that all or part of the steps in the methods of the above embodiments may be performed by instructions (computer programs) which may be stored in a computer-readable storage medium and loaded and executed by a processor, or by related hardware controlled by the instructions (computer programs). To this end, the storage medium of the vehicle according to the embodiment of the present invention stores a plurality of instructions, which can be loaded by the processor to execute the steps of any embodiment of the communication method provided by the embodiment of the present invention.
Embodiments of the present invention further provide a computer-readable storage medium, on which a computer program is stored, where the computer program is executed by a processor to implement the steps of any one of the communication methods provided in the foregoing embodiments.
As shown in fig. 8, the storage medium and the processor are electrically connected, directly or indirectly, to enable transmission or interaction of data. For example, the elements may be electrically connected to each other via one or more communication buses or signal lines, such as via a bus. The storage medium stores computer-executable instructions for implementing the data access control method, and includes at least one software functional module which can be stored in the storage medium in the form of software or firmware, and the processor executes various functional applications and data processing by running the software programs and modules stored in the storage medium. The storage medium may be, but is not limited to, a Random Access Memory (RAM), a Read Only Memory (ROM), a programmable read-only memory (PROM), an erasable read-only memory (EPROM), an electrically erasable read-only memory (EEPROM), and the like. The storage medium is used for storing programs, and the processor executes the programs after receiving the execution instructions. Further, the software programs and modules within the storage media described above may also include an operating system, which may include various software components and/or drivers for managing system tasks (e.g., memory management, storage device control, power management, etc.), and may communicate with various hardware or software components to provide an operating environment for other software components. The processor may be an integrated circuit chip having signal processing capabilities. The processor may be a general-purpose processor, and includes a Central Processing Unit (CPU), a Network Processor (NP), and the like. The various methods, steps, and logic flow diagrams disclosed in this embodiment may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
Since the instructions stored in the storage medium can execute the steps in any communication method embodiment provided in the embodiment of the present invention, beneficial effects that can be achieved by any communication method provided in the embodiment of the present invention can be achieved, for details, see the foregoing embodiment, and are not described herein again.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (9)

1. A communication method applied to a vehicle component of a vehicle control system that further includes an authentication control unit and a management server, the communication method comprising:
sending registration information to the management server, wherein the registration information comprises a first identification mark of the vehicle component and a corresponding vehicle identification mark;
receiving and storing an authentication key sent by the management server, wherein the authentication key is obtained by the management server according to the registration information;
obtaining a message authentication code according to the stored authentication key, the first identification mark and verification information sent by the verification control unit, and sending the message authentication code to the verification control unit, wherein the verification information comprises a second identification mark of the verification control unit;
and receiving feedback information whether the verification is passed or not, which is sent by the verification control unit, wherein the feedback information whether the verification is passed or not is obtained by the verification control unit according to whether the message authentication code is matched with the information check code or not, and the information check code is obtained by the verification control unit according to the first identification identifier, the second identification identifier and the stored authentication key.
2. The communication method according to claim 1, wherein the step of receiving and storing the authentication key transmitted from the management server, the authentication key being obtained by the management server based on the registration information, comprises:
sending a cryptographic public key to the management server;
receiving an authentication key sent by the management server, wherein the authentication key sent by the management server is obtained by the management server according to the password public key and an authentication key to be encrypted, and the authentication key to be encrypted is obtained by the management server according to the registration information and a root key;
and storing the authentication key sent by the management server.
3. The communication method according to claim 2, wherein the step of saving the authentication key transmitted from the management server comprises:
decrypting the authentication key according to the password private key to obtain a decrypted authentication key;
and storing the decrypted authentication key.
4. The communication method according to any one of claims 1 to 3, wherein the step of obtaining a message authentication code according to the stored authentication key, the first identification mark and the verification information sent by the verification control unit and sending the message authentication code to the verification control unit comprises:
receiving the second identification mark sent by the verification control unit;
obtaining a message authentication code according to the first identification mark, the second identification mark and the stored authentication key;
and sending the first identification mark and the message authentication code to the verification control unit.
5. The communication method according to claim 4, wherein the step of receiving the feedback information whether the authentication is passed or not sent by the authentication control unit comprises:
when the message authentication code is matched with the message check code, receiving feedback information which is sent by the verification control unit and passes verification; and when the message authentication code is not matched with the information check code, receiving feedback information which is sent by the verification control unit and fails to be verified.
6. The communication method according to claim 1, wherein the vehicle control system further includes a system database for recording a first identification identifier corresponding to the vehicle component and an authentication key obtained by the management server based on the registration information, and further includes, after the step of receiving and storing the authentication key transmitted by the management server:
and when the verification control unit does not inquire in the system database, the first identification mark corresponding to the vehicle component and the authentication key obtained by the management server according to the registration information, receiving feedback information which is sent by the verification control unit and fails to be verified.
7. A communication apparatus applied to a vehicle component of a vehicle control system that further includes an authentication control unit and a management server, the communication apparatus comprising:
the information registration module is used for sending registration information to the management server, wherein the registration information comprises a first identification mark of the vehicle component and a corresponding vehicle identification mark;
the first receiving module is used for receiving and storing an authentication key sent by the management server, wherein the authentication key is obtained by the management server according to the registration information;
the acquisition and transmission module is used for acquiring a message authentication code according to the stored authentication key, the first identification mark and the verification information transmitted by the verification control unit and transmitting the message authentication code to the verification control unit, wherein the verification information comprises a second identification mark of the verification control unit;
and the second receiving module is used for receiving feedback information which is sent by the verification control unit and whether the feedback information passes the verification or not, the feedback information which passes the verification or not is obtained by the verification control unit according to whether the message authentication code is matched with the information check code or not, and the information check code is obtained by the verification control unit according to the first identification mark, the second identification mark and the stored authentication key.
8. A vehicle comprising a vehicle body, a storage medium and a processor, the storage medium and the processor being provided on the vehicle body, the storage medium storing a computer program, characterized in that the processor implements the steps of the communication method according to any one of claims 1 to 6 when executing the computer program.
9. A computer-readable storage medium, on which a computer program is stored, characterized in that a processor implements the steps of the communication method according to any one of claims 1 to 6 when executing the computer program.
CN202210083195.5A 2022-01-25 2022-01-25 Communication method, device, vehicle and storage medium Active CN114124578B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210083195.5A CN114124578B (en) 2022-01-25 2022-01-25 Communication method, device, vehicle and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210083195.5A CN114124578B (en) 2022-01-25 2022-01-25 Communication method, device, vehicle and storage medium

Publications (2)

Publication Number Publication Date
CN114124578A CN114124578A (en) 2022-03-01
CN114124578B true CN114124578B (en) 2022-04-15

Family

ID=80361033

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210083195.5A Active CN114124578B (en) 2022-01-25 2022-01-25 Communication method, device, vehicle and storage medium

Country Status (1)

Country Link
CN (1) CN114124578B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115499190A (en) * 2022-09-14 2022-12-20 北京汽车研究总院有限公司 Vehicle key management method, safety service equipment and key management system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106161359A (en) * 2015-04-02 2016-11-23 阿里巴巴集团控股有限公司 The method and device of certification user, the method and device of registration wearable device
WO2018100789A1 (en) * 2016-11-30 2018-06-07 Kddi株式会社 Distribution system, key generation device, in-vehicle computer, data security device, distribution method and computer program
CN108496322A (en) * 2016-01-18 2018-09-04 Kddi株式会社 Carried-on-vehicle computer system, vehicle, key generating device, management method, key generation method and computer program
CN109274489A (en) * 2018-09-25 2019-01-25 重庆邮电大学 A kind of authentication key agreement method under TWDM-PON system
CN109286649A (en) * 2017-07-19 2019-01-29 现代自动车株式会社 Vehicular system and its control method
CN111770091A (en) * 2020-06-29 2020-10-13 王志辉 Equipment identity authentication and dynamic secret negotiation method and device for hospital Internet of things health monitoring system

Family Cites Families (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104767618B (en) * 2015-04-03 2018-02-09 清华大学 A kind of CAN authentication method and system based on broadcast
JP6238939B2 (en) * 2015-08-24 2017-11-29 Kddi株式会社 In-vehicle computer system, vehicle, management method, and computer program
JP6217728B2 (en) * 2015-10-19 2017-10-25 トヨタ自動車株式会社 Vehicle system and authentication method
CN106027260B (en) * 2016-05-12 2019-04-02 成都信息工程大学 Automobile ECU integrity verification and encryption communication method based on cipher key pre-distribution
WO2018207243A1 (en) * 2017-05-09 2018-11-15 三菱電機株式会社 Onboard authentication system, onboard authentication method, and onboard authentication program
CN108989024B (en) * 2018-06-29 2023-04-14 百度在线网络技术(北京)有限公司 Method, device and equipment for controlling communication between ECUs and corresponding vehicle
CN113709123B (en) * 2018-10-31 2023-07-28 百度在线网络技术(北京)有限公司 Security control method and device and computer equipment
US11290437B2 (en) * 2018-12-27 2022-03-29 Beijing Voyager Technology Co., Ltd. Trusted platform protection in an autonomous vehicle
CN115378580B (en) * 2019-07-12 2024-10-11 华为技术有限公司 Authentication method, equipment and system
CN111077883A (en) * 2019-12-27 2020-04-28 国家计算机网络与信息安全管理中心 Vehicle-mounted network safety protection method and device based on CAN bus
CN111131313B (en) * 2019-12-31 2021-05-11 北京邮电大学 Safety guarantee method and system for replacing ECU (electronic control Unit) of intelligent networked automobile
WO2021147100A1 (en) * 2020-01-23 2021-07-29 华为技术有限公司 Message transmission method and apparatus
CN111432374B (en) * 2020-02-28 2023-09-15 深圳开源互联网安全技术有限公司 Network-connected automobile network node identity authentication method and device and readable storage medium
EP4260587A4 (en) * 2020-12-31 2023-12-06 Huawei Technologies Co., Ltd. Key provisioning method and related products
CN112653559B (en) * 2021-01-04 2023-01-06 潍柴动力股份有限公司 Electric control unit starting method and device and storage medium
CN113709102A (en) * 2021-07-19 2021-11-26 英博超算(南京)科技有限公司 Gateway ECU security service system based on PKI asymmetric mechanism
CN113709103A (en) * 2021-07-19 2021-11-26 英博超算(南京)科技有限公司 Automobile ECU gateway fingerprint VFP decryption system and method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106161359A (en) * 2015-04-02 2016-11-23 阿里巴巴集团控股有限公司 The method and device of certification user, the method and device of registration wearable device
CN108496322A (en) * 2016-01-18 2018-09-04 Kddi株式会社 Carried-on-vehicle computer system, vehicle, key generating device, management method, key generation method and computer program
WO2018100789A1 (en) * 2016-11-30 2018-06-07 Kddi株式会社 Distribution system, key generation device, in-vehicle computer, data security device, distribution method and computer program
CN109286649A (en) * 2017-07-19 2019-01-29 现代自动车株式会社 Vehicular system and its control method
CN109274489A (en) * 2018-09-25 2019-01-25 重庆邮电大学 A kind of authentication key agreement method under TWDM-PON system
CN111770091A (en) * 2020-06-29 2020-10-13 王志辉 Equipment identity authentication and dynamic secret negotiation method and device for hospital Internet of things health monitoring system

Also Published As

Publication number Publication date
CN114124578A (en) 2022-03-01

Similar Documents

Publication Publication Date Title
CN111131313B (en) Safety guarantee method and system for replacing ECU (electronic control Unit) of intelligent networked automobile
US10382485B2 (en) Blockchain-assisted public key infrastructure for internet of things applications
CN109076078B (en) Method for establishing and updating a key for secure on-board network communication
KR101838511B1 (en) Method of providing security for controller using encryption and appratus for implementing the same
US9132790B2 (en) In-vehicle network system
CA2357792C (en) Method and device for performing secure transactions
US7228420B2 (en) Method and system for technician authentication of a vehicle
CN108768933B (en) Autonomous supervision digital identity authentication system on block chain platform
US7181615B2 (en) Method and system for vehicle authentication of a remote access device
CN110708388B (en) Vehicle body safety anchor node device, method and network system for providing safety service
US20030126433A1 (en) Method and system for performing on-line status checking of digital certificates
JP2010011400A (en) Cipher communication system of common key system
US20040003229A1 (en) Method and system for vehicle authentication of another vehicle
CN110768938A (en) Vehicle safety communication method and device
EP4089978A1 (en) Authentication method and apparatus for vehicle-mounted device
CN113114699A (en) Vehicle terminal identity certificate application method
CN112019566A (en) Data transmission method, server, client and computer storage medium
US20190007220A1 (en) Method, Security Device and Security System
CN115396121A (en) Security authentication method for security chip OTA data packet and security chip device
CN112883382A (en) Vehicle flashing method, vehicle networking box, vehicle and storage medium
US7076665B2 (en) Method and system for vehicle subassembly authentication of a component
CN109495269B (en) Method and system for verifying credibility of vehicle-mounted terminal access equipment and vehicle-mounted terminal
CN114124578B (en) Communication method, device, vehicle and storage medium
Fuchs et al. HIP-20: Integration of vehicle-hsm-generated credentials into plug-and-charge infrastructure
CN116318637A (en) Method and system for secure network access communication of equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant