[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN115834121A - Vehicle-mounted communication system and vehicle-mounted communication method - Google Patents

Vehicle-mounted communication system and vehicle-mounted communication method Download PDF

Info

Publication number
CN115834121A
CN115834121A CN202211271965.5A CN202211271965A CN115834121A CN 115834121 A CN115834121 A CN 115834121A CN 202211271965 A CN202211271965 A CN 202211271965A CN 115834121 A CN115834121 A CN 115834121A
Authority
CN
China
Prior art keywords
data
mapping table
obd
matching
received
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211271965.5A
Other languages
Chinese (zh)
Other versions
CN115834121A8 (en
Inventor
Q·王
M·因关佐
R·奥坎波
Y·程
梁锋
赵宇虹
陈俊名
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Weilai Automobile Technology Anhui Co Ltd
Original Assignee
Weilai Automobile Technology Anhui Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Weilai Automobile Technology Anhui Co Ltd filed Critical Weilai Automobile Technology Anhui Co Ltd
Priority to CN202211271965.5A priority Critical patent/CN115834121A/en
Publication of CN115834121A publication Critical patent/CN115834121A/en
Publication of CN115834121A8 publication Critical patent/CN115834121A8/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Small-Scale Networks (AREA)

Abstract

The invention relates to a vehicle-mounted communication system, a vehicle-mounted communication method, a computer storage medium, a computer device and a vehicle. An in-vehicle communication system according to an aspect of the present invention includes: an on-board diagnostic unit; and a central gateway communicatively connected with the on-board diagnostics unit and deployed with a firewall policy, wherein the central gateway is configured to receive data from the on-board diagnostics unit and selectively send the received data to a vehicle control unit based on the firewall policy.

Description

车载通信系统及车载通信方法In-vehicle communication system and in-vehicle communication method

技术领域technical field

本发明涉及车辆通信领域,并且更具体地涉及一种车载通信系统、车载通信方法、计算机存储介质、计算机设备及车辆。The present invention relates to the field of vehicle communication, and more specifically relates to a vehicle communication system, a vehicle communication method, a computer storage medium, computer equipment and a vehicle.

背景技术Background technique

对车载系统进行诊断以便监控车辆部件的作用方式并且由此监控整个车辆的功能性能。诊断可以被理解为对故障的识别和基于所检测的数据对故障原因的测定。Diagnostics are performed on on-board systems in order to monitor the behavior of vehicle components and thereby monitor the functional performance of the entire vehicle. Diagnosis is to be understood as the recognition of a fault and the determination of the cause of the fault based on the detected data.

目前在对车载系统进行诊断的过程中,大多采用UDS统一诊断协议,通过将诊断设备连接到车载诊断系统的端口来发送和接收数据。然而,由于UDS统一诊断协议缺少对经由车载诊断系统的端口发送和接收的数据的访问控制策略,因此恶意攻击者可能通过车载诊断系统的端口获得车辆内部网络中关键服务的访问权限,从而影响车辆用户的体验甚至威胁驾乘安全。At present, in the process of diagnosing the on-board system, most of them adopt the UDS unified diagnosis protocol, and send and receive data by connecting the diagnostic equipment to the port of the on-board diagnostic system. However, since the UDS unified diagnostic protocol lacks access control policies for data sent and received via the port of the OBD system, malicious attackers may gain access to key services in the vehicle's internal network through the port of the OBD system, thereby affecting the vehicle. User experience even threatens driving safety.

例如,目前的车载通信系统大多经由CAN(Controller Area Network,控制器局域网络)通道、LIN(Local Interconnect Network,局部互联网络)通道或者以太网来实现车载通信,如果不能针对经由车载诊断系统的端口发送和接收的数据实施有效的访问控制策略,则恶意攻击者可能通过车载诊断系统的端口获得对车辆控制单元的访问权限,从而威胁车辆用户的驾乘安全。For example, most of the current vehicle communication systems realize vehicle communication via CAN (Controller Area Network) channel, LIN (Local Interconnect Network, local interconnection network) channel or Ethernet. If an effective access control strategy is implemented for the data sent and received, malicious attackers may gain access to the vehicle control unit through the port of the on-board diagnostic system, thereby threatening the driving safety of vehicle users.

发明内容Contents of the invention

为了解决或至少缓解以上问题中的一个或多个,提供了以下技术方案。In order to solve or at least alleviate one or more of the above problems, the following technical solutions are provided.

按照本发明的第一方面,提供一种车载通信系统,所述系统包括:车载诊断单元;以及中央网关,其与所述车载诊断单元通信地连接并且部署有防火墙策略,其中所述中央网关配置成从所述车载诊断单元接收数据并基于所述防火墙策略选择性地将所述接收的数据发送到车辆控制单元。According to a first aspect of the present invention, there is provided a vehicular communication system, said system comprising: a vehicular diagnostic unit; and a central gateway communicatively connected to said vehicular diagnostic unit and deployed with a firewall policy, wherein said central gateway configures receiving data from the on-board diagnostic unit and selectively sending the received data to a vehicle control unit based on the firewall policy.

根据本发明一实施例所述的车载通信系统,其中所述中央网关进一步配置成:经由CAN总线、LIN总线和以太网通道中的一个或多个接收数据;以及基于所述防火墙策略选择性地将所述接收的数据发送到车辆控制单元。According to the vehicle communication system according to an embodiment of the present invention, wherein the central gateway is further configured to: receive data via one or more of CAN bus, LIN bus and Ethernet channel; and selectively based on the firewall policy The received data is sent to a vehicle control unit.

根据本发明一实施例或以上任一实施例的所述的车载通信系统,其中所述中央网关包括:处理器,其配置成经由CAN接口与所述车载诊断单元通信地连接;交换机,其配置成经由以太网与所述车载诊断单元和所述处理器通信地连接;以及路由器,其配置成经由以太网与所述交换机通信地连接并且经由CAN总线和/或LIN总线将所述接收的数据发送到车辆控制单元。According to one embodiment of the present invention or the vehicle communication system described in any one of the above embodiments, wherein the central gateway includes: a processor configured to communicate with the vehicle diagnostic unit via a CAN interface; a switch configured to being communicatively connected with the on-board diagnostic unit and the processor via Ethernet; and a router configured to be communicatively connected with the switch via Ethernet and transfer the received data via a CAN bus and/or a LIN bus to sent to the vehicle control unit.

根据本发明一实施例或以上任一实施例的所述的车载通信系统,其中所述防火墙策略包括:基于虚拟局域网将车载通信网络划分成第一广播域和第二广播域;检测从所述车载诊断单元接收的数据,以将所述接收的数据识别为访问外部网络的数据和不访问外部网络的数据;以及将所述第一广播域配置成用于访问外部网络的数据的通信,以及将所述第二广播域配置成用于不访问外部网络的数据的通信。According to one embodiment of the present invention or the vehicle communication system described in any one of the above embodiments, the firewall policy includes: dividing the vehicle communication network into a first broadcast domain and a second broadcast domain based on a virtual local area network; data received by the onboard diagnostic unit to identify the received data as data accessing an external network and data not accessing an external network; and configuring the first broadcast domain for communication of data accessing an external network, and The second broadcast domain is configured for communication of data that does not access external networks.

根据本发明一实施例或以上任一实施例的所述的车载通信系统,其中在所述中央网关的所述处理器中,所述防火墙策略包括:预先配置CAN标识符与路由标识符之间的映射表;将经由CAN接口从所述车载诊断单元接收的数据与所述预先配置的映射表进行匹配;响应于经由CAN接口从所述车载诊断单元接收的数据与所述预先配置的映射表匹配而经由所述路由器将所述数据通过CAN总线和/或LIN总线发送到所述车辆控制单元;以及响应于经由CAN接口从所述车载诊断单元接收的数据与所述预先配置的映射表不匹配而丢弃所述数据。According to one embodiment of the present invention or the vehicle communication system described in any one of the above embodiments, in the processor of the central gateway, the firewall policy includes: pre-configuring the relationship between the CAN identifier and the routing identifier matching the data received from the OBD via the CAN interface with the preconfigured mapping table; responding to the data received from the OBD via the CAN interface with the preconfigured mapping table matching to send the data to the vehicle control unit via the router via the CAN bus and/or the LIN bus; and in response to the data received from the OBD via the CAN interface from the on-board diagnostic unit not matching the pre-configured mapping match and discard the data.

根据本发明一实施例或以上任一实施例的所述的车载通信系统,其中所述预先配置的CAN标识符与路由标识符之间的映射表包括:初始映射表,其配置成建立所述CAN标识符与对应于所述路由标识符的数据块之间的映射关系;以及转发映射表,其配置成建立所述CAN标识符与用于传输对应于所述路由标识符的数据块的CAN总线之间的映射关系。According to an embodiment of the present invention or the vehicle communication system described in any of the above embodiments, wherein the mapping table between the pre-configured CAN identifier and the routing identifier includes: an initial mapping table, which is configured to establish the a mapping relationship between a CAN identifier and a data block corresponding to the routing identifier; and a forwarding mapping table configured to establish the CAN identifier and the CAN used to transmit the data block corresponding to the routing identifier. Mapping relationship between buses.

根据本发明一实施例或以上任一实施例的所述的车载通信系统,其中所述防火墙策略进一步包括:将经由CAN接口从所述车载诊断单元接收的数据与所述初始映射表进行匹配;响应于经由CAN接口从所述车载诊断单元接收的数据与所述初始映射表不匹配而丢弃所述数据;响应于经由CAN接口从所述车载诊断单元接收的数据与所述初始映射表匹配而进一步将所述数据与所述转发映射表进行匹配;响应于所述数据与所述转发映射表匹配而经由所述路由器将所述数据通过CAN总线和/或LIN总线发送到所述车辆控制单元;以及响应于所述数据与所述转发映射表不匹配而丢弃所述数据。According to one embodiment of the present invention or the vehicle communication system described in any one of the above embodiments, the firewall policy further includes: matching the data received from the vehicle diagnostic unit via the CAN interface with the initial mapping table; discarding data received from the OBD via a CAN interface in response to the data not matching the initial mapping table; in response to data received from the OBD unit via a CAN interface matching the initial mapping table further matching the data to the forwarding mapping table; sending the data to the vehicle control unit via the router via a CAN bus and/or a LIN bus in response to the data matching the forwarding mapping table ; and discarding the data in response to the data not matching the forwarding map.

根据本发明一实施例或以上任一实施例的所述的车载通信系统,其中在所述中央网关的所述交换机中,所述防火墙策略包括:预先配置IP地址和端口之间的映射表;识别出经由以太网从所述车载诊断单元接收的数据的目标IP地址和目标端口;将所述识别出的目标IP地址和目标端口与所述预先配置的IP地址和端口之间的映射表进行匹配;响应于所述识别出的目标IP地址和目标端口与所述预先配置的IP地址和端口之间的映射表匹配而将所述数据通过以太网发送到所述车辆控制单元;以及响应于所述识别出的目标IP地址和目标端口与所述预先配置的IP地址和端口之间的映射表不匹配而丢弃所述数据。According to one embodiment of the present invention or the vehicle communication system described in any one of the above embodiments, in the switch of the central gateway, the firewall policy includes: pre-configuring a mapping table between IP addresses and ports; identifying a destination IP address and a destination port for data received from the OBD via Ethernet; and performing a mapping table between the identified destination IP address and destination port and the pre-configured IP address and port matching; sending the data over Ethernet to the vehicle control unit in response to the identified target IP address and target port matching a mapping table between the pre-configured IP addresses and ports; and in response to The identified target IP address and target port do not match the pre-configured mapping table between the IP address and port, and the data is discarded.

根据本发明一实施例或以上任一实施例的所述的车载通信系统,其中利用三态内容寻址存储器识别出经由以太网从所述车载诊断单元接收的数据的目标IP地址和目标端口。The vehicular communication system according to an embodiment of the present invention or any one of the above embodiments, wherein a destination IP address and a destination port of data received from the OBD via Ethernet are identified using a 3-state content addressable memory.

按照本发明的第二方面,提供一种车载通信方法,其包括:从车载诊断单元接收数据;在中央网关部署防火墙策略,所述中央网关与所述车载诊断单元通信地连接;以及基于所述防火墙策略选择性地将所述接收的数据发送到车辆控制单元。According to a second aspect of the present invention, there is provided an on-board communication method, which includes: receiving data from an on-board diagnostic unit; deploying a firewall policy at a central gateway communicatively connected to the on-board diagnostic unit; and based on the A firewall policy selectively sends said received data to a vehicle control unit.

根据本发明一实施例所述的车载通信方法,其中所述方法还包括:经由CAN总线、LIN总线和以太网通道中的一个或多个接收数据;以及基于所述防火墙策略选择性地将所述接收的数据发送到车辆控制单元。According to the vehicle communication method according to an embodiment of the present invention, the method further includes: receiving data via one or more of CAN bus, LIN bus and Ethernet channel; and selectively sending the data based on the firewall policy The received data is sent to the vehicle control unit.

根据本发明一实施例或以上任一实施例的所述的车载通信方法,其中所述中央网关包括:处理器,其配置成经由CAN接口与所述车载诊断单元通信地连接;交换机,其配置成经由以太网与所述车载诊断单元和所述处理器通信地连接;以及路由器,其配置成经由以太网与所述交换机通信地连接并且经由CAN总线和/或LIN总线将所述接收的数据发送到车辆控制单元。According to one embodiment of the present invention or the vehicle communication method described in any one of the above embodiments, the central gateway includes: a processor configured to communicate with the vehicle diagnostic unit via a CAN interface; a switch configured to being communicatively connected with the on-board diagnostic unit and the processor via Ethernet; and a router configured to be communicatively connected with the switch via Ethernet and transfer the received data via a CAN bus and/or a LIN bus to sent to the vehicle control unit.

根据本发明一实施例或以上任一实施例的所述的车载通信方法,其中所述防火墙策略包括:基于虚拟局域网将车载通信网络划分成第一广播域和第二广播域;检测从所述车载诊断单元接收的数据,以将所述接收的数据识别为访问外部网络的数据和不访问外部网络的数据;以及将所述第一广播域配置成用于访问外部网络的数据的通信,以及将所述第二广播域配置成用于不访问外部网络的数据的通信。According to one embodiment of the present invention or the vehicle communication method described in any one of the above embodiments, the firewall policy includes: dividing the vehicle communication network into a first broadcast domain and a second broadcast domain based on a virtual local area network; data received by the onboard diagnostic unit to identify the received data as data accessing an external network and data not accessing an external network; and configuring the first broadcast domain for communication of data accessing an external network, and The second broadcast domain is configured for communication of data that does not access external networks.

根据本发明一实施例或以上任一实施例的所述的车载通信方法,其中在所述中央网关的所述处理器中,所述防火墙策略包括:预先配置CAN标识符与路由标识符之间的映射表;将经由CAN接口从所述车载诊断单元接收的数据与所述预先配置的映射表进行匹配;响应于经由CAN接口从所述车载诊断单元接收的数据与所述预先配置的映射表匹配而经由所述路由器将所述数据通过CAN总线和/或LIN总线发送到所述车辆控制单元;以及响应于经由CAN接口从所述车载诊断单元接收的数据与所述预先配置的映射表不匹配而丢弃所述数据。According to one embodiment of the present invention or the vehicle-mounted communication method described in any one of the above embodiments, in the processor of the central gateway, the firewall policy includes: pre-configuring the relationship between the CAN identifier and the routing identifier matching the data received from the OBD via the CAN interface with the preconfigured mapping table; responding to the data received from the OBD via the CAN interface with the preconfigured mapping table matching to send the data to the vehicle control unit via the router via the CAN bus and/or the LIN bus; and in response to the data received from the OBD via the CAN interface from the on-board diagnostic unit not matching the pre-configured mapping match and discard the data.

根据本发明一实施例或以上任一实施例的所述的车载通信方法,其中所述预先配置的CAN标识符与路由标识符之间的映射表包括:初始映射表,其配置成建立所述CAN标识符与对应于所述路由标识符的数据块之间的映射关系;以及转发映射表,其配置成建立所述CAN标识符与用于传输对应于所述路由标识符的数据块的CAN总线之间的映射关系。According to one embodiment of the present invention or the vehicle communication method described in any one of the above embodiments, wherein the mapping table between the pre-configured CAN identifier and the routing identifier includes: an initial mapping table configured to establish the a mapping relationship between a CAN identifier and a data block corresponding to the routing identifier; and a forwarding mapping table configured to establish the CAN identifier and the CAN used to transmit the data block corresponding to the routing identifier. Mapping relationship between buses.

根据本发明一实施例或以上任一实施例的所述的车载通信方法,其中所述防火墙策略进一步包括:将经由CAN接口从所述车载诊断单元接收的数据与所述初始映射表进行匹配;响应于经由CAN接口从所述车载诊断单元接收的数据与所述初始映射表不匹配而丢弃所述数据;响应于经由CAN接口从所述车载诊断单元接收的数据与所述初始映射表匹配而进一步将所述数据与所述转发映射表进行匹配;响应于所述数据与所述转发映射表匹配而经由所述路由器将所述数据通过CAN总线和/或LIN总线发送到所述车辆控制单元;以及响应于所述数据与所述转发映射表不匹配而丢弃所述数据。According to one embodiment of the present invention or the vehicle communication method described in any one of the above embodiments, the firewall policy further includes: matching the data received from the vehicle diagnostic unit via the CAN interface with the initial mapping table; discarding data received from the OBD via a CAN interface in response to the data not matching the initial mapping table; in response to data received from the OBD unit via a CAN interface matching the initial mapping table further matching the data to the forwarding mapping table; sending the data to the vehicle control unit via the router via a CAN bus and/or a LIN bus in response to the data matching the forwarding mapping table ; and discarding the data in response to the data not matching the forwarding map.

根据本发明一实施例或以上任一实施例的所述的车载通信方法,其中在所述中央网关的所述交换机中,所述防火墙策略包括:预先配置IP地址和端口之间的映射表;识别出经由以太网从所述车载诊断单元接收的数据的目标IP地址和目标端口;将所述识别出的目标IP地址和目标端口与所述预先配置的IP地址和端口之间的映射表进行匹配;响应于所述识别出的目标IP地址和目标端口与所述预先配置的IP地址和端口之间的映射表匹配而将所述数据通过以太网发送到所述车辆控制单元;以及响应于所述识别出的目标IP地址和目标端口与所述预先配置的IP地址和端口之间的映射表不匹配而丢弃所述数据。According to one embodiment of the present invention or the vehicle-mounted communication method described in any one of the above embodiments, in the switch of the central gateway, the firewall policy includes: pre-configuring a mapping table between IP addresses and ports; identifying a destination IP address and a destination port for data received from the OBD via Ethernet; and performing a mapping table between the identified destination IP address and destination port and the pre-configured IP address and port matching; sending the data over Ethernet to the vehicle control unit in response to the identified target IP address and target port matching a mapping table between the pre-configured IP addresses and ports; and in response to The identified target IP address and target port do not match the pre-configured mapping table between the IP address and port, and the data is discarded.

根据本发明一实施例或以上任一实施例的所述的车载通信方法,其中利用三态内容寻址存储器识别出经由以太网从所述车载诊断单元接收的数据的目标IP地址和目标端口。In the vehicle communication method according to one embodiment of the present invention or any one of the above embodiments, a target IP address and a target port of data received from the OBD via Ethernet are identified by using a 3-state content addressable memory.

根据本发明的第三方面,提供一种计算机存储介质,所述计算机存储介质包括指令,所述指令在运行时执行根据本发明第二方面所述的车载通信方法的步骤。According to a third aspect of the present invention, a computer storage medium is provided, the computer storage medium includes instructions, and the instructions execute the steps of the vehicle communication method according to the second aspect of the present invention when running.

根据本发明的第四方面,提供一种计算机设备,包括存储器、处理器及存储在存储器上并在处理器上运行的计算机程序,所述处理器执行所述计算机程序时实现根据本发明第二方面所述的车载通信方法的步骤。According to a fourth aspect of the present invention, there is provided a computer device, including a memory, a processor, and a computer program stored on the memory and run on the processor. When the processor executes the computer program, the second computer program according to the present invention is realized. The steps of the in-vehicle communication method described in the aspect.

根据本发明的第五方面,提供一种车辆,所述车辆包括根据本发明第一方面所述的车载通信系统。According to a fifth aspect of the present invention, there is provided a vehicle comprising the in-vehicle communication system according to the first aspect of the present invention.

根据本发明的一个或多个实施例的用于车载通信的方案能够通过在中央网关处部署防火墙策略,使得从车载诊断单元接收的数据在被发送到车辆控制单元之前通过该部署的防火墙策略进行检测和拦截,从而有效阻断网络攻击者通过车载诊断系统的端口对车辆内部网络中关键服务的访问权限,提高了车辆的用户体验和驾乘的安全性能。The solution for in-vehicle communication according to one or more embodiments of the present invention can be implemented by deploying a firewall policy at the central gateway such that data received from the on-board diagnostic unit passes through the deployed firewall policy before being sent to the vehicle control unit. Detection and interception, so as to effectively block the network attacker's access to key services in the vehicle's internal network through the port of the on-board diagnostic system, and improve the user experience of the vehicle and the safety performance of driving.

附图说明Description of drawings

本发明的上述和/或其它方面和优点将通过以下结合附图的各个方面的描述变得更加清晰和更容易理解,附图中相同或相似的单元采用相同的标号表示。在所述附图中:The above and/or other aspects and advantages of the present invention will become clearer and easier to understand through the following descriptions in conjunction with the various aspects of the accompanying drawings, in which the same or similar elements are denoted by the same reference numerals. In said attached drawings:

图1示出了按照本发明的一个或多个实施例的车载通信系统的示意图。FIG. 1 shows a schematic diagram of a vehicle communication system according to one or more embodiments of the present invention.

图2示出了按照本发明的一个或多个实施例的车载通信系统的示意图。FIG. 2 shows a schematic diagram of a vehicle communication system according to one or more embodiments of the present invention.

图3示出了按照本发明的一个或多个实施例的车载通信方法的流程图。Fig. 3 shows a flowchart of a vehicle communication method according to one or more embodiments of the present invention.

图4示出了按照本发明的一个或多个实施例的计算机设备的框图。Figure 4 shows a block diagram of a computer device in accordance with one or more embodiments of the invention.

具体实施方式Detailed ways

以下具体实施方式的描述本质上仅仅是示例性的,并且不旨在限制所公开的技术或所公开的技术的应用和用途。此外,不意图受在前述技术领域、背景技术或以下具体实施方式中呈现的任何明示或暗示的理论的约束。The following description of specific embodiments is merely exemplary in nature, and is not intended to limit the disclosed technology or the application and uses of the disclosed technology. Furthermore, there is no intention to be bound by any expressed or implied theory presented in the preceding technical field, background or the following detailed description.

在实施例的以下详细描述中,阐述了许多具体细节以便提供对所公开技术的更透彻理解。然而,对于本领域普通技术人员显而易见的是,可以在没有这些具体细节的情况下实践所公开的技术。在其他实例中,没有详细描述公知的特征,以避免不必要地使描述复杂化。In the following detailed description of the embodiments, numerous specific details are set forth in order to provide a thorough understanding of the disclosed technology. It will be apparent, however, to one of ordinary skill in the art that the disclosed technology may be practiced without these specific details. In other instances, well known features have not been described in detail to avoid unnecessarily complicating the description.

诸如“包含”和“包括”之类的用语表示除了具有在说明书中有直接和明确表述的单元和步骤以外,本发明的技术方案也不排除具有未被直接或明确表述的其它单元和步骤的情形。诸如“第一”和“第二”之类的用语并不表示单元在时间、空间、大小等方面的顺序而仅仅是作区分各单元之用。Words such as "comprising" and "comprising" mean that in addition to the units and steps that are directly and explicitly stated in the specification, the technical solution of the present invention does not exclude other units and steps that are not directly or explicitly stated. situation. Words such as "first" and "second" do not denote the order of elements in terms of time, space, size, etc. but are merely used to distinguish elements.

在下文中,将参考附图详细地描述根据本发明的各示例性实施例。Hereinafter, exemplary embodiments according to the present invention will be described in detail with reference to the accompanying drawings.

图1示出了按照本发明的一个或多个实施例的车载通信系统的示意图。FIG. 1 shows a schematic diagram of a vehicle communication system according to one or more embodiments of the present invention.

如图1中所示,车载通信系统100包括车载诊断单元110和中央网关120,中央网关120与车载诊断单元110通信地连接并且部署有防火墙策略,其中中央网关120可以配置成从车载诊断单元110接收数据并基于防火墙策略选择性地将所接收的数据发送到车辆控制单元130。As shown in FIG. 1 , the vehicular communication system 100 includes a vehicular diagnostic unit 110 and a central gateway 120 , the central gateway 120 is communicatively connected to the vehicular diagnostic unit 110 and deployed with a firewall policy, wherein the central gateway 120 can be configured to receive information from the vehicular diagnostic unit 110 Data is received and selectively sent to the vehicle control unit 130 based on firewall policies.

可选地,中央网关120可以采用包括CAN通信、LIN通信和以太网通信的主体通信网络架构,其操作为车载通信数据的关键交互节点,因此有必要在中央网关120处设计用于对从车载诊断单元110接收的数据以及经由CAN总线、LIN总线和以太网通道中的一个或多个接收的数据进行安全性检测与拦截的防火墙策略。Optionally, the central gateway 120 can adopt a main body communication network architecture including CAN communication, LIN communication and Ethernet communication, and it operates as a key interaction node of vehicle communication data, so it is necessary to design at the central gateway 120 for communicating from vehicle to vehicle The data received by the diagnostic unit 110 and the data received via one or more of the CAN bus, the LIN bus and the Ethernet channel are subjected to security detection and interception firewall policies.

根据本发明的一个或多个实施例,在中央网关120处部署的防火墙策略能够保证从车载诊断单元110接收的数据以及经由CAN总线、LIN总线和以太网通道中的一个或多个接收的数据在被对应的车载控制单元130接收之前首先经过该防火墙策略的检测与拦截,而无法绕过中央网关120处部署的防火墙策略直接访问对应的车辆控制单元130。根据本发明的一个或多个实施例,在中央网关120处部署的防火墙策略能够保证从车载诊断单元110接收的数据以及经由CAN总线、LIN总线和以太网通道中的一个或多个接收的数据按照访问权限最小化的白名单策略进行路由,对不符合路由策略的数据进行丢弃。According to one or more embodiments of the present invention, the firewall policy deployed at the central gateway 120 can guarantee that the data received from the OBD unit 110 and the data received via one or more of CAN bus, LIN bus and Ethernet channel Before being received by the corresponding vehicle control unit 130 , it is firstly detected and intercepted by the firewall policy, and cannot bypass the firewall policy deployed at the central gateway 120 to directly access the corresponding vehicle control unit 130 . According to one or more embodiments of the present invention, the firewall policy deployed at the central gateway 120 can guarantee that the data received from the OBD unit 110 and the data received via one or more of CAN bus, LIN bus and Ethernet channel Routing is performed according to the whitelist policy that minimizes access rights, and data that does not comply with the routing policy is discarded.

在一个实施例中,在中央网关120处部署的防火墙策略可以包括:基于虚拟局域网技术将车载通信网络划分成第一广播域和第二广播域;检测从车载诊断单元110接收的数据,以将所接收的数据识别为访问外部网络的数据和不访问外部网络的数据;以及将划分的第一广播域配置成用于访问外部网络的数据的通信,以及将划分的第二广播域配置成用于不访问外部网络的数据的通信。由此,通过虚拟局域网技术将不会由外部网络访问的数据进行隔离,使得访问外部网络的数据无法直接通过中央网关120访问到内部隔离区域内的对应服务。In one embodiment, the firewall policy deployed at the central gateway 120 may include: dividing the vehicle communication network into a first broadcast domain and a second broadcast domain based on virtual local area network technology; detecting data received from the vehicle diagnostic unit 110 to The received data is identified as data accessing the external network and data not accessing the external network; and configuring the divided first broadcast domain for communication of data accessing the external network, and configuring the divided second broadcast domain to use Communication of data that does not access external networks. Thus, the data that will not be accessed by the external network is isolated through the virtual local area network technology, so that the data that accesses the external network cannot directly access the corresponding service in the internal isolation area through the central gateway 120 .

可选地,中央网关120可以经由外部总线与一个或多个车辆控制单元130连接,其中外部总线可以基于CAN协议、LIN协议和以太网协议中的一个或多个在中央网关120与一个或多个车辆控制单元130之间建立通信。Optionally, the central gateway 120 can be connected with one or more vehicle control units 130 via an external bus, wherein the external bus can be based on one or more of the CAN protocol, the LIN protocol and the Ethernet protocol. Communication between the vehicle control units 130 is established.

在一个实施例中,中央网关120可以配置成:经由CAN总线、LIN总线和以太网通道中的一个或多个接收数据;以及基于防火墙策略选择性地将所接收的数据发送到车辆控制单元130。In one embodiment, central gateway 120 may be configured to: receive data via one or more of CAN bus, LIN bus, and Ethernet channel; and selectively send the received data to vehicle control unit 130 based on firewall policy .

需要说明的是,在中央网关120处部署的防火墙策略不仅可以适用于对从车载诊断单元110接收的数据以及经由CAN总线、LIN总线和以太网通道中的一个或多个接收的数据进行检测和拦截,在不脱离本发明的精神和范围的情况下,在中央网关120处部署的防火墙策略还可以对通过中央网关120的其他数据进行检测和拦截。It should be noted that the firewall policy deployed at the central gateway 120 may not only be applicable to detecting and Interception, other data passing through the central gateway 120 may also be detected and intercepted by firewall policies deployed at the central gateway 120 without departing from the spirit and scope of the present invention.

示例性地,车辆控制单元130是用于控制车辆的装置、或者是用于控制搭载在车辆上的辅助设备的装置。车辆控制单元130可以包括但不限于被配置为提供对发动机操作组件(例如,怠速控制组件、燃料输送组件、排放控制组件等)的控制和对发动机操作组件的监控(例如,发动机诊断代码的状态)的动力传动系统控制模块、被配置为管理各种电力控制功能(诸如外部照明、内部照明、无钥匙进入、远程启动)和进入状态点验证(例如,车辆的发动机盖、车门和/或行李厢的关闭状态)的车身控制模块、被配置为与遥控钥匙或其他本地车辆装置通信的无线电收发器模块、被配置为提供对制热和制冷系统组件(例如,压缩机离合器和鼓风机控制、温度传感器信息等)的控制和监控的气候控制管理模块等。Exemplarily, the vehicle control unit 130 is a device for controlling the vehicle, or a device for controlling auxiliary equipment mounted on the vehicle. The vehicle control unit 130 may include, but is not limited to, be configured to provide control of engine operating components (eg, idle control components, fuel delivery components, emission control components, etc.) and monitoring of engine operating components (eg, status of engine diagnostic codes) ), configured to manage various power control functions (such as exterior lighting, interior lighting, keyless entry, remote compartment closed state), a radio transceiver module configured to communicate with the key fob or other local vehicle device, a radio transceiver module configured to provide control over heating and cooling system components (e.g., compressor clutch and blower control, temperature sensor information, etc.) control and monitoring of the climate control management module, etc.

图2示出了按照本发明的一个或多个实施例的车载通信系统的示意图。FIG. 2 shows a schematic diagram of a vehicle communication system according to one or more embodiments of the present invention.

如图2中所示,车载通信系统200包括车载诊断单元210和中央网关220,中央网关220与车载诊断单元210通信地连接并且部署有防火墙策略,其中中央网关220可以配置成从车载诊断单元210接收数据并基于防火墙策略选择性地将所接收的数据发送到车辆控制单元230。As shown in FIG. 2 , the vehicular communication system 200 includes a vehicular diagnostic unit 210 and a central gateway 220 , the central gateway 220 is communicatively connected to the vehicular diagnostic unit 210 and is deployed with a firewall policy, wherein the central gateway 220 can be configured to receive information from the vehicular diagnostic unit 210 Data is received and selectively sent to the vehicle control unit 230 based on firewall policies.

可选地,中央网关220可以包括:处理器2201,其配置成经由CAN接口与车载诊断单元210通信地连接;交换机2202,其配置成经由以太网与车载诊断单元210和处理器2201通信地连接;以及路由器2203,其配置成经由以太网与交换机2202通信地连接并且经由CAN总线和/或LIN总线将从车载诊断单元210接收的数据发送到车辆控制单元130。示例性地,在中央网关220处部署的防火墙策略可以包括部署于处理器2201、交换机2202和路由器2203中的一个或多个处的一个或多个防火墙策略,以对从车载诊断单元210接收的数据以及经由CAN总线、LIN总线和以太网通道中的一个或多个接收的数据进行检测和拦截。Optionally, the central gateway 220 may include: a processor 2201 configured to be communicatively connected to the OBD unit 210 via a CAN interface; a switch 2202 configured to be communicatively connected to the OBD unit 210 and the processor 2201 via Ethernet and a router 2203 configured to communicatively connect with the switch 2202 via Ethernet and to transmit data received from the on-board diagnostic unit 210 to the vehicle control unit 130 via the CAN bus and/or the LIN bus. Exemplarily, the firewall policies deployed at the central gateway 220 may include one or more firewall policies deployed at one or more of the processor 2201, the switch 2202, and the router 2203 to Data and data received via one or more of CAN bus, LIN bus and Ethernet channel are detected and intercepted.

在一个实施例中,在中央网关220处部署的防火墙策略可以包括:基于虚拟局域网技术将车载通信网络划分成第一广播域和第二广播域;检测从车载诊断单元210接收的数据,以将所接收的数据识别为访问外部网络的数据和不访问外部网络的数据;以及将划分的第一广播域配置成用于访问外部网络的数据的通信,以及将划分的第二广播域配置成用于不访问外部网络的数据的通信。由此,通过虚拟局域网技术将不会由外部网络访问的数据进行隔离,使得访问外部网络的数据无法直接通过中央网关220访问到内部隔离区域内的对应服务。In one embodiment, the firewall policy deployed at the central gateway 220 may include: dividing the vehicle communication network into a first broadcast domain and a second broadcast domain based on virtual local area network technology; detecting data received from the vehicle diagnostic unit 210 to The received data is identified as data accessing the external network and data not accessing the external network; and configuring the divided first broadcast domain for communication of data accessing the external network, and configuring the divided second broadcast domain to use Communication of data that does not access external networks. Therefore, the data that will not be accessed by the external network is isolated through the virtual local area network technology, so that the data that accesses the external network cannot directly access the corresponding service in the internal isolation area through the central gateway 220 .

在一个实施例中,如图2中所示,在中央网关220的处理器2201处,防火墙策略可以包括:预先配置CAN标识符与路由标识符之间的映射表;将经由CAN接口从车载诊断单元210接收的数据与预先配置的映射表进行匹配;响应于经由CAN接口从车载诊断单元210接收的数据与预先配置的映射表匹配而经由路由器2203将数据通过CAN总线和/或LIN总线发送到车辆控制单元230;以及响应于经由CAN接口从车载诊断单元210接收的数据与预先配置的映射表不匹配而丢弃所述数据。可选地,预先配置的CAN标识符与路由标识符之间的映射表可以包括:初始映射表,其配置成建立CAN标识符与对应于路由标识符的数据块之间的映射关系;以及转发映射表,其配置成建立CAN标识符与用于传输对应于路由标识符的数据块的CAN总线之间的映射关系,其定义了CAN报文在CAN总线之间的转发规则。In one embodiment, as shown in FIG. 2, at the processor 2201 of the central gateway 220, the firewall policy may include: pre-configuring a mapping table between CAN identifiers and routing identifiers; Data received by unit 210 is matched against a pre-configured mapping table; data is sent via router 2203 over the CAN bus and/or LIN bus to the vehicle control unit 230; and discarding data received from the on-board diagnostic unit 210 via the CAN interface in response to the data not matching the pre-configured mapping table. Optionally, the pre-configured mapping table between the CAN identifier and the routing identifier may include: an initial mapping table configured to establish a mapping relationship between the CAN identifier and the data block corresponding to the routing identifier; and forwarding A mapping table configured to establish a mapping relationship between the CAN identifier and the CAN bus for transmitting the data block corresponding to the routing identifier, which defines the forwarding rules of the CAN message between the CAN buses.

在一个实施例中,在中央网关220的处理器2201处,防火墙策略可以进一步包括:将经由CAN接口从车载诊断单元210接收的数据与初始映射表进行匹配;响应于经由CAN接口从车载诊断单元210接收的数据与初始映射表不匹配而丢弃所述数据;响应于经由CAN接口从车载诊断单元210接收的数据与初始映射表匹配而进一步将所述数据与转发映射表进行匹配;响应于所述数据与所述转发映射表匹配而经由路由器2203将所述数据通过CAN总线和/或LIN总线发送到车辆控制单元230;以及响应于所述数据与所述转发映射表不匹配而丢弃所述数据。通过在中央网关220的处理器2201处部署包括初始映射表和转发映射表的防火墙策略,可以提高对从车载诊断单元210接收的数据的检测和拦截的效率和准确性。In one embodiment, at the processor 2201 of the central gateway 220, the firewall policy may further include: matching the data received from the OBD unit 210 via the CAN interface with the initial mapping table; 210 discarding the data received if it does not match the initial mapping table; further matching the data to the forwarding mapping table in response to the data received from the OBD unit 210 via the CAN interface matching the initial mapping table; responding to the The data matches the forwarding mapping table and sends the data to the vehicle control unit 230 through the CAN bus and/or the LIN bus via the router 2203; and discards the forwarding mapping table in response to the data not matching the forwarding mapping table data. By deploying a firewall policy including an initial mapping table and a forwarding mapping table at the processor 2201 of the central gateway 220 , the efficiency and accuracy of detection and interception of data received from the OBD unit 210 can be improved.

在另一个实施例中,如图2中所示,在中央网关220的交换机2202处,防火墙策略可以包括:预先配置IP地址和端口之间的映射表,其表示可访问服务的映射表;识别出经由以太网从车载诊断单元210接收的数据的目标IP地址和目标端口;将所识别出的目标IP地址和目标端口与预先配置的IP地址和端口之间的映射表进行匹配;响应于所识别出的目标IP地址和目标端口与预先配置的IP地址和端口之间的映射表匹配而将所述数据通过以太网发送到车辆控制单元230;以及响应于所识别出的目标IP地址和目标端口与预先配置的IP地址和端口之间的映射表不匹配而丢弃所述数据。示例性地,可以利用三态内容寻址存储器(TCAM)识别出经由以太网从车载诊断单元210接收的数据的来源IP地址、目标IP地址和目标端口。通过利用TCAM来识别经由以太网从车载诊断单元210接收的数据的来源IP地址、目标IP地址和目标端口,既能实现精确匹配查找又能实现模糊匹配查找,从而能够缩短数据识别时间并提高数据识别的灵活性。In another embodiment, as shown in FIG. 2, at the switch 2202 of the central gateway 220, the firewall policy may include: pre-configuring a mapping table between an IP address and a port, which represents a mapping table of accessible services; Identify the destination IP address and destination port of data received from the OBD unit 210 via Ethernet; match the identified destination IP address and destination port with a pre-configured mapping table between IP addresses and ports; respond to the sending said data over Ethernet to the vehicle control unit 230 by matching the identified target IP address and target port with a pre-configured mapping table between IP addresses and ports; and responding to the identified target IP address and target port The port does not match the pre-configured mapping table between IP addresses and ports and the data is discarded. For example, the source IP address, destination IP address, and destination port of data received from the OBD unit 210 via Ethernet may be identified using Tri-State Content Addressable Memory (TCAM). By utilizing the TCAM to identify the source IP address, destination IP address, and destination port of data received from the OBD unit 210 via Ethernet, both exact match lookup and fuzzy match lookup can be realized, thereby enabling shortened data recognition time and improved data quality. Identification flexibility.

在一个实施例中,为了进一步提高车载通信的安全性,车机端和云端之间的通信可以采取TLS(Transport Layer Security)双向认证和CA证书校验等策略。在TLS双向认证过程中,云端可以将公共密钥发送到车机端,并且车机端可以通过将其公共密钥发送到云端来进行响应。In one embodiment, in order to further improve the security of the vehicle communication, the communication between the vehicle and the cloud can adopt strategies such as TLS (Transport Layer Security) two-way authentication and CA certificate verification. During the TLS two-way authentication process, the cloud can send the public key to the vehicle, and the vehicle can respond by sending its public key to the cloud.

在一个实施例中,为了进一步防止网络攻击者通过车载诊断系统的端口对车辆内部网络中关键服务发起恶意攻击,车机端诊断身份鉴权可以采用AES对称加密技术。In one embodiment, in order to further prevent network attackers from launching malicious attacks on key services in the vehicle's internal network through the port of the on-board diagnostic system, AES symmetric encryption technology can be used for on-board diagnosis identity authentication.

根据本发明的一个方面提出的车载通信系统能够通过在中央网关处部署防火墙策略,使得从车载诊断单元接收的数据在被发送到车辆控制单元之前通过该部署的防火墙策略进行检测和拦截,从而有效阻断网络攻击者通过车载诊断系统的端口对车辆内部网络中关键服务的访问权限,提高了车辆的用户体验和驾乘的安全性能。The vehicular communication system proposed according to one aspect of the present invention is able to efficiently deploy the firewall policy at the central gateway so that the data received from the vehicular diagnostic unit is detected and intercepted by the deployed firewall policy before being sent to the vehicle control unit. Blocking network attackers' access to key services in the vehicle's internal network through the port of the on-board diagnostic system improves the user experience of the vehicle and the safety performance of driving.

图3示出了按照本发明的一个或多个实施例的车载通信方法的流程图。Fig. 3 shows a flowchart of a vehicle communication method according to one or more embodiments of the present invention.

如图3中所示,按照本发明的一个或多个实施例的车载通信方法包括如下步骤:As shown in FIG. 3, the vehicle communication method according to one or more embodiments of the present invention includes the following steps:

步骤310:从车载诊断单元接收数据;Step 310: Receive data from OBD;

步骤320:在中央网关部署防火墙策略,中央网关与车载诊断单元通信地连接;以及Step 320: Deploying a firewall policy on the central gateway, which is communicatively connected to the vehicle diagnostic unit; and

步骤330:基于所述防火墙策略选择性地将所接收的数据发送到车辆控制单元。STEP 330 : Selectively sending the received data to the vehicle control unit based on the firewall policy.

可选地,中央网关可以包括:处理器,其配置成经由CAN接口与车载诊断单元通信地连接;交换机,其配置成经由以太网与车载诊断单元和处理器通信地连接;以及路由器,其配置成经由以太网与交换机通信地连接并且经由CAN总线和/或LIN总线将从车载诊断单元接收的数据发送到车辆控制单元。示例性地,在中央网关处部署的防火墙策略可以包括部署于处理器、交换机和路由器中的一个或多个处的一个或多个防火墙策略,以对从车载诊断单元接收的数据以及经由CAN总线、LIN总线和以太网通道中的一个或多个接收的数据进行检测和拦截Optionally, the central gateway may include: a processor configured to communicatively couple with the OBD via a CAN interface; a switch configured to communicatively couple with the OBD and the processor via Ethernet; and a router configured to is communicatively connected to the switch via Ethernet and transmits data received from the on-board diagnostic unit to the vehicle control unit via the CAN bus and/or the LIN bus. Exemplarily, the firewall policies deployed at the central gateway may include one or more firewall policies deployed at one or more of processors, switches, and routers to Detect and intercept received data from one or more of the , LIN bus, and Ethernet channels

在一个实施例中,在步骤320中,在中央网关处部署的防火墙策略可以包括:基于虚拟局域网技术将车载通信网络划分成第一广播域和第二广播域;检测从车载诊断单元接收的数据,以将所接收的数据识别为访问外部网络的数据和不访问外部网络的数据;以及将划分的第一广播域配置成用于访问外部网络的数据的通信,以及将划分的第二广播域配置成用于不访问外部网络的数据的通信。由此,通过虚拟局域网技术将不会由外部网络访问的数据进行隔离,使得访问外部网络的数据无法直接通过中央网关访问到内部隔离区域内的对应服务。In one embodiment, in step 320, the firewall policy deployed at the central gateway may include: dividing the vehicular communication network into a first broadcast domain and a second broadcast domain based on virtual local area network technology; detecting data received from the vehicular diagnostic unit , to identify the received data as data accessing the external network and data not accessing the external network; and configuring the divided first broadcast domain for communication of data accessing the external network, and the divided second broadcast domain Configured for communication of data that does not access external networks. Therefore, the data that will not be accessed by the external network is isolated through the virtual local area network technology, so that the data that accesses the external network cannot directly access the corresponding services in the internal isolation area through the central gateway.

在一个实施例中,在步骤320中,在中央网关的处理器处,部署的防火墙策略可以包括:预先配置CAN标识符与路由标识符之间的映射表;将经由CAN接口从车载诊断单元接收的数据与预先配置的映射表进行匹配;响应于经由CAN接口从车载诊断单元接收的数据与预先配置的映射表匹配而经由路由器将数据通过CAN总线和/或LIN总线发送到车辆控制单元;以及响应于经由CAN接口从车载诊断单元接收的数据与预先配置的映射表不匹配而丢弃所述数据。可选地,预先配置的CAN标识符与路由标识符之间的映射表可以包括:初始映射表,其配置成建立CAN标识符与对应于路由标识符的数据块之间的映射关系;以及转发映射表,其配置成建立CAN标识符与用于传输对应于路由标识符的数据块的CAN总线之间的映射关系,其定义了CAN报文在CAN总线之间的转发规则。In one embodiment, in step 320, at the processor of the central gateway, the deployed firewall policy may include: pre-configuring a mapping table between CAN identifiers and routing identifiers; matching the data with the preconfigured mapping table; sending the data via the router to the vehicle control unit via the CAN bus and/or the LIN bus in response to the data received from the OBD unit via the CAN interface matching the preconfigured mapping table; and Data received from the on-board diagnostic unit via the CAN interface is discarded in response to the data not matching a pre-configured mapping table. Optionally, the pre-configured mapping table between the CAN identifier and the routing identifier may include: an initial mapping table configured to establish a mapping relationship between the CAN identifier and the data block corresponding to the routing identifier; and forwarding A mapping table configured to establish a mapping relationship between the CAN identifier and the CAN bus for transmitting the data block corresponding to the routing identifier, which defines the forwarding rules of the CAN message between the CAN buses.

在一个实施例中,在步骤320中,在中央网关的处理器处,部署的防火墙策略可以进一步包括:将经由CAN接口从车载诊断单元接收的数据与初始映射表进行匹配;响应于经由CAN接口从车载诊断单元接收的数据与初始映射表不匹配而丢弃所述数据;响应于经由CAN接口从车载诊断单元接收的数据与初始映射表匹配而进一步将所述数据与转发映射表进行匹配;响应于所述数据与所述转发映射表匹配而经由路由器将所述数据通过CAN总线和/或LIN总线发送到车辆控制单元;以及响应于所述数据与所述转发映射表不匹配而丢弃所述数据。通过在中央网关的处理器处部署包括初始映射表和转发映射表的防火墙策略,可以提高对从车载诊断单元接收的数据的检测和拦截的效率和准确性。In one embodiment, in step 320, at the processor of the central gateway, the deployed firewall policy may further include: matching the data received from the OBD via the CAN interface with the initial mapping table; discarding data received from the OBD that does not match the initial mapping table; further matching the data to a forwarding map in response to data received from the OBD via the CAN interface matching the initial mapping table; responding sending the data to a vehicle control unit via a CAN bus and/or a LIN bus via a router if the data matches the forwarding map; and discarding the forwarding map in response to the data not matching the forwarding map data. By deploying a firewall policy including an initial mapping table and a forwarding mapping table at a processor of the central gateway, the efficiency and accuracy of detection and interception of data received from an on-board diagnostic unit can be improved.

在另一个实施例中,在步骤320中,在中央网关的交换机处,防火墙策略可以包括:预先配置IP地址和端口之间的映射表,其表示可访问服务的映射表;识别出经由以太网从车载诊断单元接收的数据的目标IP地址和目标端口;将所识别出的目标IP地址和目标端口与预先配置的IP地址和端口之间的映射表进行匹配;响应于所识别出的目标IP地址和目标端口与预先配置的IP地址和端口之间的映射表匹配而将所述数据通过以太网发送到车辆控制单元;以及响应于所识别出的目标IP地址和目标端口与预先配置的IP地址和端口之间的映射表不匹配而丢弃所述数据。示例性地,可以利用三态内容寻址存储器(TCAM)识别出经由以太网从车载诊断单元接收的数据的来源IP地址、目标IP地址和目标端口。通过利用TCAM来识别经由以太网从车载诊断单元接收的数据的来源IP地址、目标IP地址和目标端口,既能实现精确匹配查找又能实现模糊匹配查找,从而能够缩短数据识别时间并提高数据识别的灵活性。In another embodiment, in step 320, at the switch of the central gateway, the firewall policy may include: pre-configuring a mapping table between IP addresses and ports, which represents a mapping table of accessible services; Destination IP address and destination port of data received from the OBD; matching the identified destination IP address and destination port with a pre-configured mapping table between IP addresses and ports; responding to the identified destination IP sending said data over Ethernet to the vehicle control unit in response to the identified target IP address and target port matching the pre-configured IP address and port mapping table; The mapping table between address and port does not match and the data is discarded. For example, a tri-state content addressable memory (TCAM) may be utilized to identify the source IP address, destination IP address, and destination port of data received from the OBD via Ethernet. By using TCAM to identify the source IP address, destination IP address and destination port of data received from the OBD via Ethernet, both exact match lookup and fuzzy match lookup can be realized, thereby reducing data recognition time and improving data recognition flexibility.

在一个实施例中,为了进一步提高车载通信的安全性,车机端和云端之间的通信可以采取TLS(Transport Layer Security)双向认证和CA证书校验等策略。在TLS双向认证过程中,云端可以将公共密钥发送到车机端,并且车机端可以通过将其公共密钥发送到云端来进行响应。In one embodiment, in order to further improve the security of the vehicle communication, the communication between the vehicle and the cloud can adopt strategies such as TLS (Transport Layer Security) two-way authentication and CA certificate verification. During the TLS two-way authentication process, the cloud can send the public key to the vehicle, and the vehicle can respond by sending its public key to the cloud.

在一个实施例中,为了进一步防止网络攻击者通过车载诊断系统的端口对车辆内部网络中关键服务发起恶意攻击,车机端诊断身份鉴权可以采用AES对称加密技术。In one embodiment, in order to further prevent network attackers from launching malicious attacks on key services in the vehicle's internal network through the port of the on-board diagnostic system, AES symmetric encryption technology can be used for on-board diagnosis identity authentication.

根据本发明的一个方面提出的车载通信方法能够通过在中央网关处部署防火墙策略,使得从车载诊断单元接收的数据在被发送到车辆控制单元之前通过该部署的防火墙策略进行检测和拦截,从而有效阻断网络攻击者通过车载诊断系统的端口对车辆内部网络中关键服务的访问权限,提高了车辆的用户体验和驾乘的安全性能。The vehicle communication method proposed according to one aspect of the present invention can deploy a firewall policy at the central gateway, so that the data received from the vehicle diagnostic unit can be detected and intercepted by the deployed firewall policy before being sent to the vehicle control unit, thereby effectively Blocking network attackers' access to key services in the vehicle's internal network through the port of the on-board diagnostic system improves the user experience of the vehicle and the safety performance of driving.

图4为按照本发明的一个实施例的计算机设备的框图。如图4中所示,计算机设备400包括存储器410、处理器420和存储在存储器410上并可在处理器420上运行的计算机程序430。处理器420执行所述计算机程序430时实现如上所述的车载通信方法的各个步骤。Figure 4 is a block diagram of a computer device according to one embodiment of the present invention. As shown in FIG. 4 , the computer device 400 includes a memory 410 , a processor 420 and a computer program 430 stored on the memory 410 and executable on the processor 420 . When the processor 420 executes the computer program 430, various steps of the above-mentioned vehicle communication method are implemented.

另外,如上所述,本发明也可以被实施为一种计算机存储介质,在其中存储有用于使计算机执行按照本发明的一个方面的车载通信方法的程序。In addition, as described above, the present invention can also be implemented as a computer storage medium in which a program for causing a computer to execute the in-vehicle communication method according to an aspect of the present invention is stored.

在此,作为计算机存储介质,能采用盘类(例如,磁盘、光盘等)、卡类(例如,存储卡、光卡等)、半导体存储器类(例如,ROM、非易失性存储器等)、带类(例如,磁带、盒式磁带等)等各种方式的计算机存储介质。Here, as the computer storage medium, disks (for example, magnetic disks, optical disks, etc.), cards (for example, memory cards, optical cards, etc.), semiconductor memories (for example, ROM, nonvolatile memory, etc.), Computer storage media in various forms such as tapes (eg, magnetic tapes, cassette tapes, etc.).

在可适用的情况下,可以使用硬件、软件或硬件和软件的组合来实现由本公开提供的各种实施例。而且,在可适用的情况下,在不脱离本公开的范围的情况下,本文中阐述的各种硬件部件和/或软件部件可以被组合成包括软件、硬件和/或两者的复合部件。在可适用的情况下,在不脱离本公开的范围的情况下,本文中阐述的各种硬件部件和/或软件部件可以被分成包括软件、硬件或两者的子部件。另外,在可适用的情况下,预期的是,软件部件可以被实现为硬件部件,以及反之亦然。Where applicable, various embodiments provided by the present disclosure may be implemented using hardware, software, or a combination of hardware and software. Also, where applicable, various hardware components and/or software components set forth herein may be combined into composite components comprising software, hardware, and/or both without departing from the scope of the present disclosure. Where applicable, the various hardware components and/or software components set forth herein may be divided into sub-components comprising software, hardware, or both without departing from the scope of the present disclosure. Additionally, where applicable, it is contemplated that software components may be implemented as hardware components, and vice versa.

根据本公开的软件(诸如程序代码和/或数据)可以被存储在一个或多个计算机存储介质上。还预期的是,可以使用联网的和/或以其他方式的一个或多个通用或专用计算机和/或计算机系统来实现本文中标识的软件。在可适用的情况下,本文中描述的各个步骤的顺序可以被改变、被组合成复合步骤和/或被分成子步骤以提供本文中描述的特征。Software according to the present disclosure, such as program code and/or data, may be stored on one or more computer storage media. It is also contemplated that the software identified herein can be implemented using one or more general purpose or special purpose computers and/or computer systems, networked and/or otherwise. Where applicable, the order of individual steps described herein may be changed, combined into compound steps and/or divided into sub-steps to provide features described herein.

提供本文中提出的实施例和示例,以便最好地说明按照本发明及其特定应用的实施例,并且由此使本领域的技术人员能够实施和使用本发明。但是,本领域的技术人员将会知道,仅为了便于说明和举例而提供以上描述和示例。所提出的描述不是意在涵盖本发明的各个方面或者将本发明局限于所公开的精确形式。The embodiments and examples presented herein are provided in order to best illustrate embodiments of the invention and its particular applications in accordance with, and thereby enable those skilled in the art to make and use the invention. However, those skilled in the art will appreciate that the foregoing description and examples are provided for purposes of illustration and example only. The presented description is not intended to be exhaustive or to limit the invention to the precise forms disclosed.

Claims (10)

1. 一种车载通信系统,其特征在于,所述系统包括:1. A vehicle communication system, characterized in that said system comprises: 车载诊断单元;以及on-board diagnostic unit; and 中央网关,其与所述车载诊断单元通信地连接并且部署有防火墙策略,其中所述中央网关配置成从所述车载诊断单元接收数据并基于所述防火墙策略选择性地将所述接收的数据发送到车辆控制单元。a central gateway communicatively coupled to the OBD and deployed with a firewall policy, wherein the central gateway is configured to receive data from the OBD and selectively transmit the received data based on the firewall policy to the vehicle control unit. 2. 根据权利要求1所述的系统,其中所述中央网关进一步配置成:2. The system of claim 1, wherein the central gateway is further configured to: 经由CAN总线、LIN总线和以太网通道中的一个或多个接收数据;以及receiving data via one or more of a CAN bus, a LIN bus, and an Ethernet channel; and 基于所述防火墙策略选择性地将所述接收的数据发送到车辆控制单元,selectively sending said received data to a vehicle control unit based on said firewall policy, 其中所述中央网关包括:Wherein said central gateway includes: 处理器,其配置成经由CAN接口与所述车载诊断单元通信地连接;a processor configured to communicatively couple with the on-board diagnostic unit via a CAN interface; 交换机,其配置成经由以太网与所述车载诊断单元和所述处理器通信地连接;以及a switch configured to communicatively couple with the OBD and the processor via Ethernet; and 路由器,其配置成经由以太网与所述交换机通信地连接并且经由CAN总线和/或LIN总线将所述接收的数据发送到车辆控制单元。A router configured to be communicatively connected to said switch via Ethernet and to transmit said received data to a vehicle control unit via a CAN bus and/or a LIN bus. 3.根据权利要求1所述的系统,其中所述防火墙策略包括:3. The system of claim 1, wherein the firewall policy comprises: 基于虚拟局域网将车载通信网络划分成第一广播域和第二广播域;dividing the vehicle communication network into a first broadcast domain and a second broadcast domain based on a virtual local area network; 检测从所述车载诊断单元接收的数据,以将所述接收的数据识别为访问外部网络的数据和不访问外部网络的数据;以及detecting data received from the OBD to identify the received data as data accessing an external network and data not accessing an external network; and 将所述第一广播域配置成用于访问外部网络的数据的通信,以及将所述第二广播域配置成用于不访问外部网络的数据的通信,configuring the first broadcast domain for communication of data accessing an external network, and configuring the second broadcast domain for communication of data not accessing an external network, 其中在所述中央网关的所述处理器中,所述防火墙策略包括:Wherein in the processor of the central gateway, the firewall policy includes: 预先配置CAN标识符与路由标识符之间的映射表;Pre-configure the mapping table between CAN identifiers and routing identifiers; 将经由CAN接口从所述车载诊断单元接收的数据与所述预先配置的映射表进行匹配;matching data received from the OBD via a CAN interface to the pre-configured mapping table; 响应于经由CAN接口从所述车载诊断单元接收的数据与所述预先配置的映射表匹配而经由所述路由器将所述数据通过CAN总线和/或LIN总线发送到所述车辆控制单元;以及sending data received from the OBD via the CAN interface to the vehicle control unit via the router via a CAN bus and/or a LIN bus in response to the data being received from the OBD matching the preconfigured mapping table; and 响应于经由CAN接口从所述车载诊断单元接收的数据与所述预先配置的映射表不匹配而丢弃所述数据,discarding data received from the OBD via a CAN interface in response to the data not matching the preconfigured mapping table, 其中所述预先配置的CAN标识符与路由标识符之间的映射表包括:Wherein the mapping table between the preconfigured CAN identifier and the routing identifier includes: 初始映射表,其配置成建立所述CAN标识符与对应于所述路由标识符的数据块之间的映射关系;以及an initial mapping table configured to establish a mapping relationship between the CAN identifier and a data block corresponding to the routing identifier; and 转发映射表,其配置成建立所述CAN标识符与用于传输对应于所述路由标识符的数据块的CAN总线之间的映射关系,a forwarding mapping table configured to establish a mapping relationship between the CAN identifier and a CAN bus for transmitting a data block corresponding to the routing identifier, 其中所述防火墙策略进一步包括:Wherein the firewall policy further includes: 将经由CAN接口从所述车载诊断单元接收的数据与所述初始映射表进行匹配;matching data received from the OBD via a CAN interface to the initial mapping table; 响应于经由CAN接口从所述车载诊断单元接收的数据与所述初始映射表不匹配而丢弃所述数据;discarding data received from the OBD via a CAN interface in response to the data not matching the initial mapping table; 响应于经由CAN接口从所述车载诊断单元接收的数据与所述初始映射表匹配而进一步将所述数据与所述转发映射表进行匹配;further matching the data received from the OBD via a CAN interface to the forwarding map in response to the data being received from the OBD matching the initial map; 响应于所述数据与所述转发映射表匹配而经由所述路由器将所述数据通过CAN总线和/或LIN总线发送到所述车辆控制单元;以及sending the data to the vehicle control unit via the router over a CAN bus and/or a LIN bus in response to the data matching the forwarding map; and 响应于所述数据与所述转发映射表不匹配而丢弃所述数据,discarding the data in response to the data not matching the forwarding map, 其中在所述中央网关的所述交换机中,所述防火墙策略包括:Wherein in the switch of the central gateway, the firewall policy includes: 预先配置IP地址和端口之间的映射表;Pre-configure the mapping table between IP address and port; 识别出经由以太网从所述车载诊断单元接收的数据的目标IP地址和目标端口;identifying a destination IP address and destination port for data received from the OBD via Ethernet; 将所述识别出的目标IP地址和目标端口与所述预先配置的IP地址和端口之间的映射表进行匹配;matching the identified target IP address and target port with a mapping table between the pre-configured IP address and port; 响应于所述识别出的目标IP地址和目标端口与所述预先配置的IP地址和端口之间的映射表匹配而将所述数据通过以太网发送到所述车辆控制单元;以及sending the data over Ethernet to the vehicle control unit in response to the identified target IP address and target port matching a mapping table between the pre-configured IP addresses and ports; and 响应于所述识别出的目标IP地址和目标端口与所述预先配置的IP地址和端口之间的映射表不匹配而丢弃所述数据,discarding the data in response to a mismatch between the identified destination IP address and destination port and a mapping table between the preconfigured IP addresses and ports, 其中利用三态内容寻址存储器识别出经由以太网从所述车载诊断单元接收的数据的目标IP地址和目标端口。wherein a destination IP address and a destination port of data received from the OBD via Ethernet are identified using ternary content addressable memory. 4.一种车载通信方法,其特征在于,所述方法包括:4. A vehicle communication method, characterized in that the method comprises: 从车载诊断单元接收数据;receiving data from the on-board diagnostic unit; 在中央网关部署防火墙策略,所述中央网关与所述车载诊断单元通信地连接;以及deploying a firewall policy at a central gateway communicatively coupled to the OBD; and 基于所述防火墙策略选择性地将所述接收的数据发送到车辆控制单元。The received data is selectively sent to a vehicle control unit based on the firewall policy. 5. 根据权利要求4所述的方法,其中所述方法还包括:5. The method of claim 4, wherein the method further comprises: 经由CAN总线、LIN总线和以太网通道中的一个或多个接收数据;以及receiving data via one or more of a CAN bus, a LIN bus, and an Ethernet channel; and 基于所述防火墙策略选择性地将所述接收的数据发送到车辆控制单元,selectively sending said received data to a vehicle control unit based on said firewall policy, 其中所述中央网关包括:Wherein said central gateway includes: 处理器,其配置成经由CAN接口与所述车载诊断单元通信地连接;a processor configured to communicatively couple with the on-board diagnostic unit via a CAN interface; 交换机,其配置成经由以太网与所述车载诊断单元和所述处理器通信地连接;以及a switch configured to communicatively couple with the OBD and the processor via Ethernet; and 路由器,其配置成经由以太网与所述交换机通信地连接并且经由CAN总线和/或LIN总线将所述接收的数据发送到车辆控制单元。A router configured to be communicatively connected to said switch via Ethernet and to transmit said received data to a vehicle control unit via a CAN bus and/or a LIN bus. 6.根据权利要求4所述的方法,其中所述防火墙策略包括:6. The method of claim 4, wherein the firewall policy comprises: 基于虚拟局域网将车载通信网络划分成第一广播域和第二广播域;dividing the vehicle communication network into a first broadcast domain and a second broadcast domain based on a virtual local area network; 检测从所述车载诊断单元接收的数据,以将所述接收的数据识别为访问外部网络的数据和不访问外部网络的数据;以及detecting data received from the OBD to identify the received data as data accessing an external network and data not accessing an external network; and 将所述第一广播域配置成用于访问外部网络的数据的通信,以及将所述第二广播域配置成用于不访问外部网络的数据的通信,configuring the first broadcast domain for communication of data accessing an external network, and configuring the second broadcast domain for communication of data not accessing an external network, 其中在所述中央网关的所述处理器中,所述防火墙策略包括:Wherein in the processor of the central gateway, the firewall policy includes: 预先配置CAN标识符与路由标识符之间的映射表;Pre-configure the mapping table between CAN identifiers and routing identifiers; 将经由CAN接口从所述车载诊断单元接收的数据与所述预先配置的映射表进行匹配;matching data received from the OBD via a CAN interface to the pre-configured mapping table; 响应于经由CAN接口从所述车载诊断单元接收的数据与所述预先配置的映射表匹配而经由所述路由器将所述数据通过CAN总线和/或LIN总线发送到所述车辆控制单元;以及sending data received from the OBD via the CAN interface to the vehicle control unit via the router via a CAN bus and/or a LIN bus in response to the data being received from the OBD matching the preconfigured mapping table; and 响应于经由CAN接口从所述车载诊断单元接收的数据与所述预先配置的映射表不匹配而丢弃所述数据,discarding data received from the OBD via a CAN interface in response to the data not matching the preconfigured mapping table, 其中所述预先配置的CAN标识符与路由标识符之间的映射表包括:Wherein the mapping table between the preconfigured CAN identifier and the routing identifier includes: 初始映射表,其配置成建立所述CAN标识符与对应于所述路由标识符的数据块之间的映射关系;以及an initial mapping table configured to establish a mapping relationship between the CAN identifier and a data block corresponding to the routing identifier; and 转发映射表,其配置成建立所述CAN标识符与用于传输对应于所述路由标识符的数据块的CAN总线之间的映射关系,a forwarding mapping table configured to establish a mapping relationship between the CAN identifier and a CAN bus for transmitting a data block corresponding to the routing identifier, 其中所述防火墙策略进一步包括:Wherein said firewall policy further includes: 将经由CAN接口从所述车载诊断单元接收的数据与所述初始映射表进行匹配;matching data received from the OBD via a CAN interface to the initial mapping table; 响应于经由CAN接口从所述车载诊断单元接收的数据与所述初始映射表不匹配而丢弃所述数据;discarding data received from the OBD via a CAN interface in response to the data not matching the initial mapping table; 响应于经由CAN接口从所述车载诊断单元接收的数据与所述初始映射表匹配而进一步将所述数据与所述转发映射表进行匹配;further matching the data received from the OBD via a CAN interface to the forwarding map in response to the data being received from the OBD matching the initial map; 响应于所述数据与所述转发映射表匹配而经由所述路由器将所述数据通过CAN总线和/或LIN总线发送到所述车辆控制单元;以及sending the data to the vehicle control unit via the router over a CAN bus and/or a LIN bus in response to the data matching the forwarding map; and 响应于所述数据与所述转发映射表不匹配而丢弃所述数据,discarding the data in response to the data not matching the forwarding map, 其中在所述中央网关的所述交换机中,所述防火墙策略包括:Wherein in the switch of the central gateway, the firewall policy includes: 预先配置IP地址和端口之间的映射表;Pre-configure the mapping table between IP address and port; 识别出经由以太网从所述车载诊断单元接收的数据的目标IP地址和目标端口;identifying a destination IP address and destination port for data received from the OBD via Ethernet; 将所述识别出的目标IP地址和目标端口与所述预先配置的IP地址和端口之间的映射表进行匹配;matching the identified target IP address and target port with a mapping table between the pre-configured IP address and port; 响应于所述识别出的目标IP地址和目标端口与所述预先配置的IP地址和端口之间的映射表匹配而将所述数据通过以太网发送到所述车辆控制单元;以及sending the data over Ethernet to the vehicle control unit in response to the identified target IP address and target port matching a mapping table between the pre-configured IP addresses and ports; and 响应于所述识别出的目标IP地址和目标端口与所述预先配置的IP地址和端口之间的映射表不匹配而丢弃所述数据。The data is discarded in response to a mismatch between the identified destination IP address and destination port and the pre-configured mapping table between IP addresses and ports. 7.根据权利要求6所述的方法,其中利用三态内容寻址存储器识别出经由以太网从所述车载诊断单元接收的数据的目标IP地址和目标端口。7. The method of claim 6, wherein a destination IP address and a destination port of data received from the OBD via Ethernet are identified using a ternary content addressable memory. 8.一种计算机存储介质,其特征在于,所述计算机存储介质包括指令,所述指令在运行时执行根据权利要求4至7中任一项所述的车载通信方法。8. A computer storage medium, characterized in that the computer storage medium comprises instructions, and the instructions execute the vehicle communication method according to any one of claims 4 to 7 when running. 9.一种计算机设备,其特征在于,所述计算机设备包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,其特征在于,所述处理器执行所述程序时实现权利要求4至7中任一项所述的车载通信方法。9. A computer device, characterized in that the computer device includes a memory, a processor, and a computer program stored on the memory and operable on the processor, wherein the computer program is implemented when the processor executes the program The vehicle communication method according to any one of claims 4 to 7. 10.一种车辆,其特征在于,包括权利要求1至3中任一项所述的车载通信系统。10. A vehicle, characterized by comprising the in-vehicle communication system according to any one of claims 1 to 3.
CN202211271965.5A 2022-10-18 2022-10-18 Vehicle-mounted communication system and vehicle-mounted communication method Pending CN115834121A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211271965.5A CN115834121A (en) 2022-10-18 2022-10-18 Vehicle-mounted communication system and vehicle-mounted communication method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211271965.5A CN115834121A (en) 2022-10-18 2022-10-18 Vehicle-mounted communication system and vehicle-mounted communication method

Publications (2)

Publication Number Publication Date
CN115834121A true CN115834121A (en) 2023-03-21
CN115834121A8 CN115834121A8 (en) 2023-05-05

Family

ID=85524935

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211271965.5A Pending CN115834121A (en) 2022-10-18 2022-10-18 Vehicle-mounted communication system and vehicle-mounted communication method

Country Status (1)

Country Link
CN (1) CN115834121A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116560342A (en) * 2023-05-25 2023-08-08 无锡车联天下信息技术有限公司 Vehicle fault diagnosis method and device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104185309A (en) * 2014-08-12 2014-12-03 深圳市元征科技股份有限公司 On-board wireless local area network equipment
CN104734980A (en) * 2015-04-10 2015-06-24 常州多维信息科技有限公司 Industrial field bus multi-protocol router and multi-protocol conversion method
CN108696424A (en) * 2017-04-07 2018-10-23 上汽通用汽车有限公司 Vehicle communication system
US20190079842A1 (en) * 2017-09-13 2019-03-14 Hyundai Motor Company Failure diagnosis apparatus and method for in-vehicle control unit
CN111835627A (en) * 2019-04-23 2020-10-27 华为技术有限公司 Communication method of vehicle-mounted gateway, vehicle-mounted gateway and intelligent vehicle

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104185309A (en) * 2014-08-12 2014-12-03 深圳市元征科技股份有限公司 On-board wireless local area network equipment
CN104734980A (en) * 2015-04-10 2015-06-24 常州多维信息科技有限公司 Industrial field bus multi-protocol router and multi-protocol conversion method
CN108696424A (en) * 2017-04-07 2018-10-23 上汽通用汽车有限公司 Vehicle communication system
US20190079842A1 (en) * 2017-09-13 2019-03-14 Hyundai Motor Company Failure diagnosis apparatus and method for in-vehicle control unit
CN111835627A (en) * 2019-04-23 2020-10-27 华为技术有限公司 Communication method of vehicle-mounted gateway, vehicle-mounted gateway and intelligent vehicle

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116560342A (en) * 2023-05-25 2023-08-08 无锡车联天下信息技术有限公司 Vehicle fault diagnosis method and device

Also Published As

Publication number Publication date
CN115834121A8 (en) 2023-05-05

Similar Documents

Publication Publication Date Title
US11651088B2 (en) Protecting a vehicle bus using timing-based rules
US11025632B2 (en) Serial network communication using intelligent access policies
JP7496823B2 (en) Unauthorized frame detection device and unauthorized frame detection method
CN106953796B (en) Security gateway, data processing method and device, vehicle network system and vehicle
US7996894B1 (en) MAC address modification of otherwise locally bridged client devices to provide security
US7873038B2 (en) Packet processing
US8060927B2 (en) Security state aware firewall
US20150351137A1 (en) Method and Device for Connecting a Diagnostic Unit to a Control Unit in a Motor Vehicle
CN110213221B (en) Method for performing diagnostics
CN101543004A (en) Secure network architecture
US20200382446A1 (en) Ethernet switch and method of controlling the same
CN115834121A (en) Vehicle-mounted communication system and vehicle-mounted communication method
US20220278994A1 (en) Sdn-based intrusion response method for in-vehicle network, and system using same
CN106506534A (en) An ARP attack detection method for SDN network
CN101554016B (en) Apparatus and methods for supporting 802.1X in daisy chained devices
Yoon et al. Poster: Address shuffling based moving target defense for in-vehicle software-defined networks
WO2023177893A1 (en) Isolating internet-of-things (iot) devices using a secure overlay network
WO2022153708A1 (en) Service intermediation device, service intermediation method, and program
CN112840610B (en) Resource allocation method, device and system for in-vehicle business slicing
US7404206B2 (en) Network security devices and methods
CN113132364A (en) ARP (Address resolution protocol) draft table item generation method and electronic equipment
CN114422208B (en) Vehicle safety communication method, device, microprocessor and storage medium
US10122686B2 (en) Method of building a firewall for networked devices
EP3979584A1 (en) Security network of connected vehicle
EP3921988B1 (en) Detecting short duration attacks on connected vehicles

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CI02 Correction of invention patent application

Correction item: Inventor

Correct: Wang Qiyan|M. Due to Guan Zuo|R. Ocampo|Y. Cheng|Liang Feng|Zhao Yuhong|Chen Junming

False: Q. Wang|M. Due to Guan Zuo|R. Ocampo|Y. Cheng|Liang Feng|Zhao Yuhong|Chen Junming

Number: 12-01

Page: The title page

Volume: 39

Correction item: Inventor

Correct: Wang Qiyan|M. Due to Guan Zuo|R. Ocampo|Y. Cheng|Liang Feng|Zhao Yuhong|Chen Junming

False: Q. Wang|M. Due to Guan Zuo|R. Ocampo|Y. Cheng|Liang Feng|Zhao Yuhong|Chen Junming

Number: 12-01

Volume: 39

CI02 Correction of invention patent application