CN110912690A - Data encryption and decryption method, vehicle and storage medium - Google Patents
Data encryption and decryption method, vehicle and storage medium Download PDFInfo
- Publication number
- CN110912690A CN110912690A CN201911061115.0A CN201911061115A CN110912690A CN 110912690 A CN110912690 A CN 110912690A CN 201911061115 A CN201911061115 A CN 201911061115A CN 110912690 A CN110912690 A CN 110912690A
- Authority
- CN
- China
- Prior art keywords
- data
- key
- seed information
- original
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 74
- 238000004891 communication Methods 0.000 claims abstract description 89
- 238000004422 calculation algorithm Methods 0.000 claims description 33
- 230000005540 biological transmission Effects 0.000 claims description 21
- 230000009466 transformation Effects 0.000 claims description 13
- 238000006243 chemical reaction Methods 0.000 claims description 8
- 238000004590 computer program Methods 0.000 claims description 7
- 238000006467 substitution reaction Methods 0.000 claims description 3
- 238000003745 diagnosis Methods 0.000 abstract description 17
- 238000005516 engineering process Methods 0.000 abstract description 6
- 230000007246 mechanism Effects 0.000 abstract description 6
- 230000008569 process Effects 0.000 description 22
- 238000010586 diagram Methods 0.000 description 16
- 230000009286 beneficial effect Effects 0.000 description 4
- 238000004364 calculation method Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000000694 effects Effects 0.000 description 2
- 239000000284 extract Substances 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 239000013307 optical fiber Substances 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 206010033799 Paralysis Diseases 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000008707 rearrangement Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a data encryption and decryption method, a vehicle and a storage medium. The method comprises the following steps: generating corresponding key seed information according to the randomly generated original random number; sending the first frame protocol data unit PDU carrying the key seed information to the second communication equipment so that the second communication node generates a corresponding decryption key; encrypting original upgrading data by using a pre-generated target encryption key to obtain encrypted upgrading data; and sending the encrypted upgrading data to the second communication equipment so that the second communication node decrypts the encrypted upgrading data by using the decryption key to obtain corresponding original upgrading data. The embodiment of the invention realizes a key protection confusion mechanism by using the key seed information on the basis of the prior diagnosis technology, and effectively protects the encryption and decryption keys, thereby ensuring the security of the original upgrade data.
Description
Technical Field
The embodiment of the invention relates to the automotive electronics technology, in particular to a data encryption and decryption method, a vehicle and a storage medium.
Background
In the field of vehicle-mounted Electronic Control Units (ECUs), an ECU can be upgraded through an automobile diagnostic device, and the vehicle-mounted diagnostic device conforms to a Universal Diagnostic Services (UDS) protocol standard in the upgrading process. However, in the upgrading process, the security and confidentiality of the upgrading file are not considered, so that an attacker can tamper the upgrading packet file in the upgrading process, extract the information of the upgrading packet, write the Trojan horse system in a flashing manner, and finally achieve the effect of controlling the vehicle.
Disclosure of Invention
In view of this, the present invention provides a data encryption and decryption method, a vehicle, and a storage medium, which achieve effective encryption protection of original upgrade data and prevent the original upgrade data from being stolen.
In a first aspect, an embodiment of the present invention provides a data encryption method, applied to a first communication device, including:
generating corresponding key seed information according to the randomly generated original random number;
sending the first frame protocol data unit PDU carrying the key seed information to a second communication device so that the second communication node generates a corresponding decryption key;
encrypting original upgrading data by using a pre-generated target encryption key to obtain encrypted upgrading data;
and sending the encrypted upgrading data to second communication equipment so that the second communication node decrypts the encrypted upgrading data by using the decryption key to obtain corresponding original upgrading data.
In a second aspect, an embodiment of the present invention further provides a data decryption method, which is applied to a second communication device, and includes:
receiving a first frame PDU carrying secret key seed information;
analyzing the key seed information to obtain a corresponding original random number;
calculating the original random number by using a second preset digest algorithm to generate a corresponding decryption key;
and decrypting the received encrypted upgrading data by using the decryption key to obtain the original upgrading data.
In a third aspect, an embodiment of the present invention further provides a vehicle, including: the system comprises a memory, a first communication device, a second communication device and one or more vehicle control units;
a memory for storing one or more programs;
the first communication equipment is used for encrypting the original upgrading data;
the second communication equipment is used for decrypting the encrypted upgrading data;
when the one or more programs are executed by the one or more vehicle controllers, the one or more processing modules are caused to implement the data encryption method according to the first aspect or the data decryption method according to the second aspect.
In a fourth aspect, a computer-readable storage medium has stored thereon a computer program that, when executed by a vehicle control unit, implements the data encryption method according to the first aspect, or the data decryption method according to the second aspect.
Generating corresponding key seed information according to a randomly generated original random number; sending the first frame protocol data unit PDU carrying the key seed information to the second communication equipment so that the second communication node generates a corresponding decryption key; encrypting original upgrading data by using a pre-generated target encryption key to obtain encrypted upgrading data; and sending the encrypted upgrading data to the second communication equipment so that the second communication node decrypts the encrypted upgrading data by using the decryption key to obtain corresponding original upgrading data. The embodiment of the invention realizes a key protection confusion mechanism by using the key seed information on the basis of the prior diagnosis technology, and effectively protects the encryption and decryption keys, thereby ensuring the security of the original upgrade data.
Drawings
FIG. 1 is a flow chart of an upgrade of automotive diagnostics provided by the prior art;
fig. 2 is a flowchart of a data encryption method according to an embodiment of the present invention;
fig. 3 is a flowchart of generating key seed information according to an embodiment of the present invention;
FIG. 4 is a flow chart of target encryption key generation according to an embodiment of the present invention;
fig. 5 is a schematic diagram of a format of a first frame PDU according to an embodiment of the present invention;
fig. 6 is a schematic diagram of a format of a continuous frame PDU according to an embodiment of the present invention;
FIG. 7 is a flow chart of a data decryption method provided by an embodiment of the invention;
fig. 8 is a flowchart illustrating a process of parsing key seed information according to an embodiment of the present invention;
FIG. 9 is a timing diagram of an encryption upgrade based on the UDS diagnostic protocol according to an embodiment of the present invention;
FIG. 10 is a schematic diagram illustrating the interaction principle between various modules in a diagnostic device and an ECU according to an embodiment of the present invention;
fig. 11 is a flowchart illustrating an AES algorithm according to an embodiment of the present invention;
fig. 12 is a schematic diagram of an encryption/decryption module according to an embodiment of the present invention;
fig. 13 is a block diagram of a data encryption apparatus according to an embodiment of the present invention;
fig. 14 is a block diagram of a data decryption apparatus according to an embodiment of the present invention;
fig. 15 is a schematic hardware structure diagram of a vehicle according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
CAN is short for Controller Area Network, namely Controller Area Network. CAN bus is a bus technology that is commonly used in vehicles today. In recent years, a news event attacking a CAN bus of a vehicle-mounted network occurs occasionally, and the security of the vehicle-mounted network gradually becomes a hot topic. The UDS diagnosis is a diagnosis standard widely applied to the vehicle-mounted ECU at present, the vehicle diagnosis equipment can write the ECU in the vehicle through the UDS diagnosis protocol, but the data is possibly tampered and attacked when the vehicle ECU is upgraded due to lack of security protection in the process, so that the ECU is paralyzed, and more serious consequences are caused.
Fig. 1 is a flowchart of an upgrade of automobile diagnosis provided in the prior art. As shown in fig. 1, a flowchart for upgrading automobile diagnosis in the prior art includes the following steps:
and S110, sending a downloading request.
And S120, feeding back a downloading request response.
And S130, transmitting data.
And S140, sending a transmission quitting request.
And S150, feeding back a transmission quit response.
Specifically, the diagnostic device sends a download request (denoted as RequestDownload _ req) requesting a download service, and the service ID is 34; after receiving the request for downloading service, the ECU performs the preparation for upgrading, and after the preparation is completed, returns a downloading request feedback (recorded as RequestDownload _ rsp) to the diagnostic equipment; the diagnostic device sends upgrade data to the ECU in the form of consecutive frames, with a service ID of 36; after receiving the upgrading data, the ECU carries out upgrading operation; after the upgrade is completed, the diagnostic equipment sends a transmission quitting request (marked as RequestTransferExit _ req) requesting transmission quitting service, quitting the upgrade mode, and the service ID is 37; after receiving the request for transmission exit service, the ECU replies transmission exit request feedback (marked as RequestTransferExit _ rsp), which indicates that the transmission is successful and the transmission is completed.
In the automobile diagnosis upgrading process shown in fig. 1, the diagnosis equipment is not authenticated, the identity of the ECU is not authenticated, and an attacker can copy the diagnosis equipment to write on the ECU in a flash manner and tamper the ECU; and, lacking protection to the upgrade data during the upgrade process, an attacker can steal, monitor and tamper the upgrade data.
In view of this, the present application provides a data encryption method, which implements that in a continuous frame for transmitting upgrade data, an encryption/decryption algorithm and a key obfuscation algorithm are used to protect the upgrade data, thereby preventing the upgrade data from being stolen.
Fig. 2 is a flowchart of a data encryption method according to an embodiment of the present invention, which may be applied to a situation how to ensure security of originally upgraded data in an upgrade process of an automotive EDU, and the method may be executed by a data encryption device, where the method may be implemented by hardware and/or software, and may be generally integrated in a first communication device. Alternatively, the first communication device may be an on-board diagnostic device.
As shown in fig. 2, the method specifically includes the following steps:
s210, generating corresponding key seed information according to the randomly generated original random number.
Wherein the original random number is a 2-byte random number. In an embodiment, a random number generation module is used to randomly generate an original random number. In the process of upgrading the vehicle-mounted ECU every time, an original random number is randomly generated every time, and in each upgrading, each vehicle-mounted ECU is different, so that the effect of upgrading once and encrypting once is achieved. The key seed information is used for providing a key confusion protection mechanism, and the key can be effectively protected through the mechanism, so that the data security is ensured.
S220, sending a first frame Protocol Data Unit (PDU) carrying the key seed information to the second communication device, so that the second communication node generates a corresponding decryption key.
The first frame PDU is composed of other data and key seed information, and the key seed information occupies the last two bytes of the first frame PDU. In the embodiment, before sending the upgrade data, the first communication device generates the key seed information to form a first frame PDU, and then sends the first frame PDU carrying the key seed information to the second communication device. After the second communication device receives the key seed information, the key seed information is analyzed to obtain a corresponding original random number, and the original random number is used for generating a corresponding decryption key, so that the transmission of the decryption key in the data transmission process is avoided, and the stealing of data information is avoided.
And S230, encrypting the original upgrading data by using a pre-generated target encryption key to obtain encrypted upgrading data.
The target encryption key is used for encrypting the original upgrading data. In an embodiment, after the first communication device obtains a pre-generated target encryption key, the encryption and decryption module is called, and the original upgrade data is encrypted through the target encryption key to obtain encrypted upgrade data.
S240, the encrypted upgrading data are sent to the second communication device, so that the second communication node decrypts the encrypted upgrading data by using the decryption key, and corresponding original upgrading data are obtained.
In the embodiment, the encrypted upgrade data is inserted into the continuous frame PDU, and the continuous frame PDU carrying the encrypted upgrade data is sent to the second communication device. After the second communication device receives the continuous frame PDU, the encrypted upgrading data in the continuous frame PDU is decrypted by using the decryption key generated by the second communication device, so that the corresponding original upgrading data is obtained, and the second communication device is upgraded by using the original upgrading data.
According to the technical scheme of the embodiment, corresponding key seed information is generated according to the randomly generated original random number; sending the first frame protocol data unit PDU carrying the key seed information to the second communication equipment so that the second communication node generates a corresponding decryption key; encrypting original upgrading data by using a pre-generated target encryption key to obtain encrypted upgrading data; and sending the encrypted upgrading data to the second communication equipment so that the second communication node decrypts the encrypted upgrading data by using the decryption key to obtain corresponding original upgrading data. The embodiment of the invention realizes a key protection confusion mechanism by using the key seed information on the basis of the prior diagnosis technology, and effectively protects the encryption and decryption keys, thereby ensuring the security of the original upgrade data.
In one embodiment, generating corresponding key seed information from a randomly generated original random number includes: splitting the randomly generated original random number to obtain a sub-original random number; and sequentially performing twice Substitution table (SBOX) conversion and one cycle left shift operation on the sub-original random numbers to obtain corresponding key seed information.
Fig. 3 is a flowchart of generating key seed information according to an embodiment of the present invention. As shown in fig. 3, the flowchart for generating the key seed information includes the following steps:
s310, generating an original random number of 2 bytes.
And S320, executing the 1 st SBOX conversion.
And S330, executing the 2 nd SBOX conversion.
And S340, circularly moving the left by 4 bits.
And S350, generating 2 bytes of key seed information.
In an embodiment, a random number generation module is utilized to generate 2 bytes of original random numbers, a splitting operation is performed on the 2 bytes of original random numbers, and optionally, the 2 bytes of original random numbers are equally divided, and SBOX transformation and circular left shift operations are performed twice on each byte respectively. The SBOX boxes corresponding to the two SBOX conversions are different, the 2 nd SBOX conversion is carried out after the first SBOX conversion, then the converted result is circularly moved to the left by 4 bits, and finally the two bytes after the two circular left shifts are integrated to form 2-byte key seed information. Among them, the SBOX transform, which is a basic component in the field of cryptography, functions to implement nonlinear permutation of data.
On the basis of the above embodiment, the generation method of the target encryption key includes: calculating the randomly generated original random number by using a first preset digest algorithm to generate an original encryption key; and performing interception operation on the original encryption key to obtain a corresponding target encryption key.
Fig. 4 is a flowchart of generating a target encryption key according to an embodiment of the present invention. As shown in fig. 4, the generation flow of the target encryption key includes the following steps:
and S410, starting.
And S420, generating an original random number.
And S430, performing summary calculation.
S440, obtaining a target encryption key.
And S450, ending.
In the embodiment, an original random number of 2 bytes is generated by using a random number generation module, and then the original random number is calculated by a key generation module to generate an original encryption key. The key generation module mainly comprises a digest calculation module, namely, the digest calculation module calculates an original random number to generate an original encryption key of 32 bytes, and then performs interception operation on the original encryption key of 32 bytes to obtain a target encryption key. Optionally, the first 16 bytes of the original encryption key are selected as the target encryption key.
On the basis of the above embodiment, sending the encrypted upgrade data to the second communication device includes: inserting the encrypted upgrade data into the continuous frame PDU; the successive frame PDUs are sent to the second communication device.
In an embodiment, the first communication device inserts the encrypted upgrade data into the last 7 bytes of the consecutive frame PDU, and sends the consecutive frame PDU carrying the encrypted upgrade data to the second communication device.
On the basis of the above embodiment, the format of the first frame PDU includes eight bytes; the high 4 bits of the first byte are used for representing a multi-frame transmission first frame, the low 4 bits and the second bit of the first byte represent the length of upgrading data, the third byte represents transmission data service, the fourth byte represents a first frame identifier, the high 4 bits of the fifth byte represent a version number, the low 4 bits of the fifth byte represent an encryption identifier, the high 4 bits of the sixth byte represent an encryption algorithm identifier, and the seventh byte and the eighth byte represent key seed information.
Fig. 5 is a schematic diagram of a format of a first frame PDU according to an embodiment of the present invention. As shown in fig. 5, the first frame PDU includes eight bytes, wherein the high 4 bits of the first byte are 1, which represents the first frame of multi-frame transmission; the lower 4 bits of the first byte and the second byte represent the length of the upgrade data, and the length of the data is the sum of the length of the original upgrade data and the length of 4 bytes after the first frame; the third byte represents a transport data service, illustratively, the transport data service ID may be 36; the fourth byte represents the head frame identifier, which may be 01 for example; the high 4 bits of the fifth byte represent the version number, and the low 4 bits represent whether the mark is encrypted; the high 4 bits of the sixth byte represent an encryption algorithm identifier; the seventh byte and the eighth byte represent key seed information, and generate a corresponding encryption key according to the key seed information. Illustratively, table 1 is a table of correspondence between encryption algorithm identifications and encryption algorithms provided in the embodiments of the present application, and as shown in table 1, the encryption algorithm identifications are 0x01-0x06, and each encryption algorithm identification corresponds to one encryption algorithm.
TABLE 1A table of correspondences between encryption algorithm identifications and encryption algorithms
Encryption algorithm identification | Encryption algorithm |
0x01 | RC4_128 |
0x02 | AES_CTR_128 |
0x03 | AES_ECB_128 |
0x04 | AES_CBC_128 |
0x05 | RSA_PKCS5_2048 |
0x06 | RSA_NOPADDING_2048 |
On the basis of the above embodiment, the format of the consecutive frames PDU includes eight bytes, where the high 4 bits of the first byte represent consecutive frames transmitted by multiple frames, the low 4 bits of the first byte represent frame serial number, and the second byte to the eighth byte represent service data content corresponding to the encrypted upgrade data.
Fig. 6 is a schematic diagram of a format of a consecutive frame PDU according to an embodiment of the present invention. As shown in fig. 6, the consecutive frame PDU includes eight bytes, wherein the upper 4 bits of the first byte are 1, which represents the consecutive frames of the multi-frame transmission, and the lower 4 bits are the frame number (for example, from 0 to F). The frame number of the first continuous frame is 1, the number of the subsequent continuous frames is increased one by one, and when the number of the frame number is greater than F, the frame number starts from 0 again; the rest bytes are service data contents corresponding to the encrypted upgrade data, the encryption mode can encrypt the service data contents by using a corresponding encryption algorithm, and the unused data can be filled in FF.
Fig. 7 is a flowchart of a data decryption method according to an embodiment of the present invention. The present embodiment is applied to the second communication device. Alternatively, the second communication device may be an ECU.
As shown in fig. 7, the method in this embodiment includes the following steps:
s510, receiving the first frame PDU carrying the key seed information.
S520, analyzing the key seed information to obtain a corresponding original random number.
S530, calculating the original random number by using a second preset digest algorithm to generate a corresponding decryption key.
S540, decrypting the received encrypted upgrading data by using the decryption key to obtain the original upgrading data.
In the embodiment, after the second communication node receives the first frame PDU carrying the key seed information, the key seed information is analyzed to obtain a corresponding original random number, the original random number is calculated by using a second preset digest algorithm to generate a corresponding decryption key, then the encrypted upgrade data sent by the first communication device is received, the encrypted upgrade data is decrypted by using the decryption key to obtain the original upgrade data, and the original upgrade data is used for upgrading the second communication node.
On the basis of the above embodiment, analyzing the key seed information to obtain a corresponding original random number, includes: splitting the key seed information to obtain sub-key seed information; and sequentially executing the circulation right movement operation and the two times of SBOX inverse transformation on the sub-key seed information to obtain the corresponding original random number.
Fig. 8 is a flowchart of parsing key seed information according to an embodiment of the present invention. As shown in fig. 8, the parsing flowchart of the key seed information includes the following steps:
s610, obtaining 2 bytes of key seed information.
And S620, executing circulation right shift by 4 bits.
And S630, performing the 1 st SBOX inverse transformation.
And S640, performing the 2 nd SBOX inverse transformation.
S650, obtaining an original random number of 2 bytes.
It should be noted that the parsing process of the key seed information is the inverse process of the key seed information generation process, and the original random number is obtained by parsing the key seed information, and the true decryption key is obtained by the key generation process. In the embodiment, firstly, 2 bytes of key seed information is obtained from a data head frame, and then the key seed information is equally divided into two sub-key seed information, namely equally divided into two parts; then the same operation is performed for each part of the key seed information, i.e., S620-S640 are performed. Specifically, the 4-bit circular right shift is performed, then the 1 st SBOX inverse transformation is performed, the SBOX inverse transformation is the 2 nd SBOX inverse transformation in the key seed generation process, and then the 2 nd SBOX inverse transformation is performed, the SBOX inverse transformation is the 1 st SBOX inverse transformation in the key seed generation process; and then integrating the two parts of key seed information after inverse transformation to form an original random number of 2 bytes.
Fig. 9 is a timing diagram of encryption upgrade based on the UDS diagnostic protocol according to an embodiment of the present invention. Illustratively, the first communication device is taken as a diagnosis device, and the second communication device is taken as an ECU. As shown in fig. 9, the method in this embodiment includes the following steps:
s710, the diagnosis device calls the key management component to generate key seed information.
And S720, the diagnostic equipment sends the first frame of the upgrading data to the ECU.
The first frame content comprises an encryption algorithm identification and key seed information.
And S730, the ECU analyzes the first frame data, calls a key management component to extract key seed information, and calculates and acquires a real decryption key.
And S740, the diagnostic equipment encrypts the ECU upgrading data by using the target encryption key to obtain encrypted upgrading data.
And S750, the diagnosis device sends the encrypted upgrade data to the ECU in a form of continuous frames.
And S760, the ECU receives the encrypted upgrading data and decrypts and upgrades the encrypted upgrading data by using the decryption key.
In the encryption upgrading time sequence flow in the above embodiment, the encryption upgrading time sequence flow mainly relates to a key management module, a data frame format design module, and an encryption and decryption module. Fig. 10 is a schematic diagram of interaction principles of various modules in a diagnostic device and an ECU according to an embodiment of the present invention. As shown in fig. 10, the diagnostic apparatus includes a key management module for generating an original random number, key seed information, and a target encryption key; the ECU comprises an encryption module and a decryption module, wherein the decryption module is used for analyzing the key seed information to obtain an original random number; the encryption module is used for encrypting the original random number to obtain a corresponding decryption key; the decryption module is used for decrypting the encrypted upgrading data to obtain the original upgrading data.
In an embodiment, the key management module comprises: the device comprises a random number generation module, a key seed information generation module and a key generation module. Before sending upgrade data, a diagnosis module generates key seed information to form a first frame PDU, wherein the first frame PDU refers to part 8 bytes in CAN message data transmitted between ECUs; then the ECU analyzes the key seed information, extracts an original random number from the key seed information, and generates a corresponding decryption key by using a key generation module; then the diagnostic equipment generates a target encryption key through a key generation module, calls an encryption and decryption module to carry out confidentiality on original upgrade data to obtain corresponding encrypted upgrade data, and sends the corresponding encrypted upgrade data to the ECU; and the ECU decrypts the encrypted upgrading data by using the decryption key through the encryption and decryption module to obtain corresponding original upgrading data, and upgrades the ECU by using the original upgrading data.
The key management module comprises three processes, namely a key generation process, a key seed information generation process and a key seed information analysis process. The execution processes of the three processes are described in the above embodiments, and are not described herein again.
In the embodiment, the encryption and decryption module is mainly responsible for encrypting the original upgrade data and decrypting the encrypted upgrade data. Illustratively, an Advanced Encryption Standard (AES) symmetric Encryption algorithm (e.g., AES128 algorithm) may be adopted, and the key generation module is adopted to generate a corresponding target Encryption key and decryption key for encrypting and decrypting corresponding data, so as to ensure the security of the upgraded data. The AES algorithm mainly uses a CounTeR mode (CountER, CTR), and the encryption principle in the mode is to encrypt an input CounTeR by using a secret key and then obtain a ciphertext by XOR with a plaintext; the decryption principle is to encrypt the input counter by a key and then obtain a plaintext by XOR with the encrypted text. The use of the CTR mode has several advantages: padding is not needed; and the method adopts a stream key mode for encryption and decryption and is suitable for parallel operation. Exemplarily, fig. 11 is a flowchart for executing an AES algorithm according to an embodiment of the present invention. As shown in fig. 11, the CTR mode is used to encrypt and decrypt data. The detailed procedure of the AES algorithm is not explained here, and the description of the AES algorithm in the prior art can be referred to.
Fig. 12 is a schematic diagram of an encryption/decryption module according to an embodiment of the present invention. As shown in fig. 12, the original upgrade data is input to the encryption and decryption module, and the original upgrade data is encrypted by using the target encryption key, so as to obtain corresponding encrypted upgrade data; correspondingly, the encrypted upgrading data are input into the encryption and decryption module, and the encrypted upgrading data are decrypted by using the decryption key, so that the corresponding original upgrading data can be obtained.
Fig. 13 is a block diagram of a data encryption apparatus according to an embodiment of the present invention, which is suitable for ensuring the security of the original upgrade data during the upgrade process of the EDU of the vehicle, and the apparatus may be implemented by hardware/software, and may be generally integrated in the first communication device. As shown in fig. 13, the apparatus includes: a first generation module 810, a first transmission module 820, a second generation module 830, and a second transmission module 840.
The first generating module 810 is configured to generate corresponding key seed information according to a randomly generated original random number;
a first sending module 820, configured to send a first frame protocol data unit PDU carrying the key seed information to the second communications device, so that the second communications node generates a corresponding decryption key;
a second generating module 830, configured to encrypt the original upgrade data by using a pre-generated target encryption key to obtain encrypted upgrade data;
the second sending module 840 is configured to send the encrypted upgrade data to the second communication device, so that the second communication node decrypts the encrypted upgrade data by using the decryption key to obtain corresponding original upgrade data.
According to the technical scheme of the embodiment, corresponding key seed information is generated according to the randomly generated original random number; sending the first frame protocol data unit PDU carrying the key seed information to the second communication equipment so that the second communication node generates a corresponding decryption key; encrypting original upgrading data by using a pre-generated target encryption key to obtain encrypted upgrading data; and sending the encrypted upgrading data to the second communication equipment so that the second communication node decrypts the encrypted upgrading data by using the decryption key to obtain corresponding original upgrading data. The embodiment of the invention realizes a key protection confusion mechanism by using the key seed information on the basis of the prior diagnosis technology, and effectively protects the encryption and decryption keys, thereby ensuring the security of the original upgrade data.
On the basis of the above embodiment, the first generation module includes:
the first generation unit is used for splitting the randomly generated original random number to obtain a sub-original random number;
and the second generation unit is used for sequentially carrying out two times of SBOX conversion and one time of circulating left movement operation on the sub-original random numbers to obtain corresponding key seed information.
On the basis of the above embodiment, the generation method of the target encryption key includes:
calculating the randomly generated original random number by using a first preset digest algorithm to generate an original encryption key;
and performing interception operation on the original encryption key to obtain a corresponding target encryption key.
On the basis of the above embodiment, the encrypted upgrade data is sent to the second communication device, and specifically configured to:
inserting the encrypted upgrade data into the continuous frame PDU;
the successive frame PDUs are sent to the second communication device.
On the basis of the above embodiment, the format of the first frame PDU includes eight bytes; the high 4 bits of the first byte are used for representing a multi-frame transmission first frame, the low 4 bits and the second bit of the first byte represent the length of upgrading data, the third byte represents transmission data service, the fourth byte represents a first frame identifier, the high 4 bits of the fifth byte represent a version number, the low 4 bits of the fifth byte represent an encryption identifier, the high 4 bits of the sixth byte represent an encryption algorithm identifier, and the seventh byte and the eighth byte represent key seed information.
On the basis of the above embodiment, the format of the consecutive frames PDU includes eight bytes, where the high 4 bits of the first byte represent consecutive frames transmitted by multiple frames, the low 4 bits of the first byte represent frame serial number, and the second byte to the eighth byte represent service data content corresponding to the encrypted upgrade data.
The data encryption device can execute the data encryption method provided by any embodiment of the invention, and has corresponding functional modules and beneficial effects of the execution method.
Fig. 14 is a block diagram of a data decryption apparatus according to an embodiment of the present invention, which may be implemented by hardware/software and may be generally integrated in a second communication device. As shown in fig. 14, the apparatus includes: a first receiving module 910, a parsing module 920, a third generating module 930, and a fourth generating module 940.
The first receiving module 910 is configured to receive a first frame PDU carrying key seed information;
the parsing module 920 is configured to parse the key seed information to obtain a corresponding original random number;
a third generating module 930, configured to calculate the original random number by using a second preset digest algorithm, and generate a corresponding decryption key;
a fourth generating module 940, configured to decrypt the received encrypted upgrade data with the decryption key to obtain the original upgrade data.
On the basis of the above embodiment, the parsing module includes:
the splitting unit is used for performing splitting operation on the key seed information to obtain sub-key seed information;
and the generating unit is used for sequentially executing the circulation right movement operation and the two times of SBOX inverse transformation on the sub-key seed information to obtain a corresponding original random number.
The data decryption device can execute the data decryption method provided by any embodiment of the invention, and has corresponding functional modules and beneficial effects of the execution method.
Fig. 15 is a schematic hardware structure diagram of a vehicle according to an embodiment of the present invention. As shown in fig. 15, a vehicle according to an embodiment of the present invention includes: the vehicle control unit 1010, the memory 1020, the input device 1030, the output device 1040, the first communication device 1050, and the second communication device 1060. The vehicle controller 1010 may be one or more, fig. 15 illustrates one vehicle controller 1010, the memory 1020, the input device 1030, the output device 1040, the first communication device 1050, and the second communication device 1060 may be connected by a bus or in another manner, and fig. 15 illustrates connection by a bus.
The memory 1020 in the vehicle, which is a computer-readable storage medium, may be used to store one or more programs, which may be software programs, computer-executable programs, and modules, corresponding to program instructions/modules for data encryption (e.g., modules in the data encryption apparatus shown in fig. 13, including the first generating module 810, the first transmitting module 820, the second generating module 830, and the second transmitting module 840) provided by embodiments of the present invention. The vehicle control unit 1010 executes various functional applications and data processing of the vehicle by running software programs, instructions and modules stored in the memory 1020, that is, implements the data encryption method in the above-described method embodiment.
The memory 1020 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to use of devices configured in the vehicle, and the like. Further, the memory 1020 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some examples, memory 1020 may further include memory located remotely from vehicle control unit 1010, which may be connected to devices configured in the vehicle via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The input device 1030 may be used to receive numeric or character information input by a user to generate key signal inputs related to user settings and function control of the vehicle. Output device 1040 may include a display device such as a display screen. The first communication equipment is used for encrypting the original upgrading data; and the second communication equipment is used for decrypting the encrypted upgrading data. And, when one or more programs included in the above-mentioned vehicle are executed by one or more vehicle control unit 1010, the programs perform the following operations:
generating corresponding key seed information according to the randomly generated original random number; sending the first frame protocol data unit PDU carrying the key seed information to the second communication equipment so that the second communication node generates a corresponding decryption key; encrypting original upgrading data by using a pre-generated target encryption key to obtain encrypted upgrading data; and sending the encrypted upgrading data to the second communication equipment so that the second communication node decrypts the encrypted upgrading data by using the decryption key to obtain corresponding original upgrading data.
The first communication device in the vehicle can execute the data encryption method provided by any embodiment of the invention, and has corresponding functional modules and beneficial effects of the execution method.
The second communication node in the vehicle provided by the embodiment of the invention can execute the data decryption method provided by any embodiment of the invention, and has corresponding functional modules and beneficial effects of the execution method.
An embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a first communication node, implements a data encryption method provided in an embodiment of the present invention, and the method includes: generating corresponding key seed information according to the randomly generated original random number; sending the first frame protocol data unit PDU carrying the key seed information to the second communication equipment so that the second communication node generates a corresponding decryption key; encrypting original upgrading data by using a pre-generated target encryption key to obtain encrypted upgrading data; and sending the encrypted upgrading data to the second communication equipment so that the second communication node decrypts the encrypted upgrading data by using the decryption key to obtain corresponding original upgrading data.
An embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a second communication node, implements a data decryption method provided in the embodiment of the present invention, and the method includes: receiving a first frame PDU carrying secret key seed information; analyzing the key seed information to obtain a corresponding original random number; calculating the original random number by using a second preset digest algorithm to generate a corresponding decryption key; and decrypting the received encrypted upgrading data by using the decryption key to obtain the original upgrading data.
Computer storage media for embodiments of the invention may employ any combination of one or more computer-readable media. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + +, or the like, as well as conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments illustrated herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.
Claims (10)
1. A data encryption method applied to a first communication device, comprising:
generating corresponding key seed information according to the randomly generated original random number;
sending the first frame protocol data unit PDU carrying the key seed information to a second communication device so that the second communication node generates a corresponding decryption key;
encrypting original upgrading data by using a pre-generated target encryption key to obtain encrypted upgrading data;
and sending the encrypted upgrading data to second communication equipment so that the second communication node decrypts the encrypted upgrading data by using the decryption key to obtain corresponding original upgrading data.
2. The method according to claim 1, wherein generating corresponding key seed information from the randomly generated original random number comprises:
splitting the randomly generated original random number to obtain a sub-original random number;
and sequentially executing twice substitution table SBOX conversion and one cycle left movement operation on the sub-original random numbers to obtain corresponding key seed information.
3. The method of claim 1, wherein the target encryption key is generated in a manner that comprises:
calculating the randomly generated original random number by using a first preset digest algorithm to generate an original encryption key;
and performing interception operation on the original encryption key to obtain a corresponding target encryption key.
4. The method of claim 1, wherein sending the encrypted upgrade data to a second communication device comprises:
inserting the encrypted upgrade data into a continuous frame PDU;
and sending the continuous frame PDU to a second communication device.
5. The method of claim 1, wherein the format of the first frame PDU comprises eight bytes; the high 4 bits of the first byte are used for representing a multi-frame transmission first frame, the low 4 bits and the second bit of the first byte represent the length of upgrading data, the third byte represents transmission data service, the fourth byte represents a first frame identifier, the high 4 bits of the fifth byte represent a version number, the low 4 bits of the fifth byte represent an encryption identifier, the high 4 bits of the sixth byte represent an encryption algorithm identifier, and the seventh byte and the eighth byte represent key seed information.
6. The method of claim 4, wherein the format of the consecutive frame PDU comprises eight bytes, wherein the first byte with a high bit of 4 indicates consecutive frames of a multi-frame transmission, the first byte with a low bit of 4 indicates a frame number, and the second byte to the eighth byte indicate the service data content corresponding to the encrypted upgrade data.
7. A data decryption method, applied to a second communication device, comprising:
receiving a first frame PDU carrying secret key seed information;
analyzing the key seed information to obtain a corresponding original random number;
calculating the original random number by using a second preset digest algorithm to generate a corresponding decryption key;
and decrypting the received encrypted upgrading data by using the decryption key to obtain the original upgrading data.
8. The method of claim 7, wherein the parsing the key seed information to obtain a corresponding original random number comprises:
splitting the key seed information to obtain sub-key seed information;
and sequentially executing the circulation right movement operation and the two times of SBOX inverse transformation on the seed information of the sub-key to obtain a corresponding original random number.
9. A vehicle, characterized by comprising: the system comprises a memory, a first communication device, a second communication device and one or more vehicle control units;
a memory for storing one or more programs;
the first communication equipment is used for encrypting the original upgrading data;
the second communication equipment is used for decrypting the encrypted upgrading data;
when executed by the one or more vehicle control units, cause the one or more processing modules to implement the data encryption method of any of claims 1-6, or the data decryption method of any of claims 7-8.
10. A computer-readable storage medium, on which a computer program is stored, which, when executed by a vehicle control unit, implements a data encryption method according to any one of claims 1 to 6, or a data decryption method according to any one of claims 7 to 8.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911061115.0A CN110912690A (en) | 2019-11-01 | 2019-11-01 | Data encryption and decryption method, vehicle and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911061115.0A CN110912690A (en) | 2019-11-01 | 2019-11-01 | Data encryption and decryption method, vehicle and storage medium |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110912690A true CN110912690A (en) | 2020-03-24 |
Family
ID=69816296
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911061115.0A Pending CN110912690A (en) | 2019-11-01 | 2019-11-01 | Data encryption and decryption method, vehicle and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110912690A (en) |
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111431917A (en) * | 2020-03-31 | 2020-07-17 | 上海涵润汽车电子有限公司 | Upgrade package encryption method and device and upgrade package decryption method and device |
CN111817849A (en) * | 2020-06-30 | 2020-10-23 | 宝能(广州)汽车研究院有限公司 | Electronic control unit ECU and safe communication method and system thereof |
CN112068528A (en) * | 2020-08-28 | 2020-12-11 | 深圳市元征科技股份有限公司 | Diagnostic device verification method, vehicle, device and server |
CN112115491A (en) * | 2020-08-20 | 2020-12-22 | 恒安嘉新(北京)科技股份公司 | Symmetric encryption key protection method, device, equipment and storage medium |
CN112602303A (en) * | 2020-08-28 | 2021-04-02 | 华为技术有限公司 | Data transmission method and device |
CN112749402A (en) * | 2021-01-07 | 2021-05-04 | 苍穹数码技术股份有限公司 | Electronic data processing method and device, electronic equipment and storage medium |
CN112765616A (en) * | 2020-12-18 | 2021-05-07 | 百度在线网络技术(北京)有限公司 | Multi-party security calculation method and device, electronic equipment and storage medium |
CN113031626A (en) * | 2020-05-15 | 2021-06-25 | 东风柳州汽车有限公司 | Safety authentication method, device and equipment based on automatic driving and storage medium |
CN114422209A (en) * | 2021-12-30 | 2022-04-29 | 中国长城科技集团股份有限公司 | Data processing method, device and storage medium |
CN114448684A (en) * | 2022-01-12 | 2022-05-06 | 阿尔特汽车技术股份有限公司 | Method and system for secure access |
CN114495474A (en) * | 2022-02-16 | 2022-05-13 | 青岛克莱玛物联技术有限公司 | Wireless remote control device |
CN114584282A (en) * | 2022-03-15 | 2022-06-03 | 深圳前海微众银行股份有限公司 | Message recommendation optimization method, electronic device, medium, and program product |
CN114594912A (en) * | 2022-03-14 | 2022-06-07 | 中国第一汽车股份有限公司 | Information protection method, device, equipment and medium for vehicle instrument system |
CN114978692A (en) * | 2022-05-18 | 2022-08-30 | 中国第一汽车股份有限公司 | Hybrid encryption transmission method and system for automobile UDS (Universal data System) diagnosis message |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101793115A (en) * | 2009-12-20 | 2010-08-04 | 姜君凯 | Electronic lock and key and workflow control |
CN104268458A (en) * | 2014-09-23 | 2015-01-07 | 潍柴动力股份有限公司 | Vehicle program encrypting and verifying method and device |
CN105049401A (en) * | 2015-03-19 | 2015-11-11 | 浙江大学 | Secure communication method based on intelligent vehicle |
CN106648626A (en) * | 2016-11-29 | 2017-05-10 | 郑州信大捷安信息技术股份有限公司 | Secure remote upgrade system and upgrade method for vehicles |
CN107357624A (en) * | 2017-07-28 | 2017-11-17 | 黑龙江连特科技有限公司 | The program renewing device and update method of a kind of mobile unit |
CN108566381A (en) * | 2018-03-19 | 2018-09-21 | 百度在线网络技术(北京)有限公司 | A kind of security upgrading method, device, server, equipment and medium |
CN109429222A (en) * | 2017-08-22 | 2019-03-05 | 马鞍山明阳通信科技有限公司 | A kind of pair of Wireless Communication Equipment upgrade procedure and the method for communication data encryption |
CN109714315A (en) * | 2018-11-27 | 2019-05-03 | 安徽华盈汽车技术有限公司 | Ethernet-based remote upgrading method for electric automobile controller program |
CN110071794A (en) * | 2019-04-28 | 2019-07-30 | 苏州国芯科技股份有限公司 | A kind of information ciphering method based on aes algorithm, system and associated component |
-
2019
- 2019-11-01 CN CN201911061115.0A patent/CN110912690A/en active Pending
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101793115A (en) * | 2009-12-20 | 2010-08-04 | 姜君凯 | Electronic lock and key and workflow control |
CN104268458A (en) * | 2014-09-23 | 2015-01-07 | 潍柴动力股份有限公司 | Vehicle program encrypting and verifying method and device |
CN105049401A (en) * | 2015-03-19 | 2015-11-11 | 浙江大学 | Secure communication method based on intelligent vehicle |
CN106648626A (en) * | 2016-11-29 | 2017-05-10 | 郑州信大捷安信息技术股份有限公司 | Secure remote upgrade system and upgrade method for vehicles |
CN107357624A (en) * | 2017-07-28 | 2017-11-17 | 黑龙江连特科技有限公司 | The program renewing device and update method of a kind of mobile unit |
CN109429222A (en) * | 2017-08-22 | 2019-03-05 | 马鞍山明阳通信科技有限公司 | A kind of pair of Wireless Communication Equipment upgrade procedure and the method for communication data encryption |
CN108566381A (en) * | 2018-03-19 | 2018-09-21 | 百度在线网络技术(北京)有限公司 | A kind of security upgrading method, device, server, equipment and medium |
CN109714315A (en) * | 2018-11-27 | 2019-05-03 | 安徽华盈汽车技术有限公司 | Ethernet-based remote upgrading method for electric automobile controller program |
CN110071794A (en) * | 2019-04-28 | 2019-07-30 | 苏州国芯科技股份有限公司 | A kind of information ciphering method based on aes algorithm, system and associated component |
Non-Patent Citations (1)
Title |
---|
詹克旭: "基于UDS协议的PEPS系统安全认证方法", 《计算机系统应用》 * |
Cited By (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111431917A (en) * | 2020-03-31 | 2020-07-17 | 上海涵润汽车电子有限公司 | Upgrade package encryption method and device and upgrade package decryption method and device |
CN113031626A (en) * | 2020-05-15 | 2021-06-25 | 东风柳州汽车有限公司 | Safety authentication method, device and equipment based on automatic driving and storage medium |
CN111817849A (en) * | 2020-06-30 | 2020-10-23 | 宝能(广州)汽车研究院有限公司 | Electronic control unit ECU and safe communication method and system thereof |
CN112115491A (en) * | 2020-08-20 | 2020-12-22 | 恒安嘉新(北京)科技股份公司 | Symmetric encryption key protection method, device, equipment and storage medium |
CN112115491B (en) * | 2020-08-20 | 2024-03-22 | 恒安嘉新(北京)科技股份公司 | Symmetric encryption key protection method, device, equipment and storage medium |
CN112068528A (en) * | 2020-08-28 | 2020-12-11 | 深圳市元征科技股份有限公司 | Diagnostic device verification method, vehicle, device and server |
CN112602303A (en) * | 2020-08-28 | 2021-04-02 | 华为技术有限公司 | Data transmission method and device |
CN112765616A (en) * | 2020-12-18 | 2021-05-07 | 百度在线网络技术(北京)有限公司 | Multi-party security calculation method and device, electronic equipment and storage medium |
CN112765616B (en) * | 2020-12-18 | 2024-02-02 | 百度在线网络技术(北京)有限公司 | Multiparty secure computing method, multiparty secure computing device, electronic equipment and storage medium |
CN112749402B (en) * | 2021-01-07 | 2024-04-23 | 苍穹数码技术股份有限公司 | Electronic data processing method and device, electronic equipment and storage medium |
CN112749402A (en) * | 2021-01-07 | 2021-05-04 | 苍穹数码技术股份有限公司 | Electronic data processing method and device, electronic equipment and storage medium |
CN114422209A (en) * | 2021-12-30 | 2022-04-29 | 中国长城科技集团股份有限公司 | Data processing method, device and storage medium |
CN114422209B (en) * | 2021-12-30 | 2024-04-19 | 中国长城科技集团股份有限公司 | Data processing method, device and storage medium |
CN114448684A (en) * | 2022-01-12 | 2022-05-06 | 阿尔特汽车技术股份有限公司 | Method and system for secure access |
CN114495474A (en) * | 2022-02-16 | 2022-05-13 | 青岛克莱玛物联技术有限公司 | Wireless remote control device |
CN114594912A (en) * | 2022-03-14 | 2022-06-07 | 中国第一汽车股份有限公司 | Information protection method, device, equipment and medium for vehicle instrument system |
CN114584282A (en) * | 2022-03-15 | 2022-06-03 | 深圳前海微众银行股份有限公司 | Message recommendation optimization method, electronic device, medium, and program product |
CN114584282B (en) * | 2022-03-15 | 2024-08-23 | 深圳前海微众银行股份有限公司 | Message recommendation optimization method, electronic device, medium and program product |
CN114978692B (en) * | 2022-05-18 | 2024-03-22 | 中国第一汽车股份有限公司 | Method and system for transmitting UDS (Universal description service) diagnostic message in hybrid encryption mode for automobile |
CN114978692A (en) * | 2022-05-18 | 2022-08-30 | 中国第一汽车股份有限公司 | Hybrid encryption transmission method and system for automobile UDS (Universal data System) diagnosis message |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110912690A (en) | Data encryption and decryption method, vehicle and storage medium | |
US9032208B2 (en) | Communication terminal, communication system, communication method and communication program | |
KR100957121B1 (en) | Key distribution method and authentication server | |
CN109218825B (en) | Video encryption system | |
US20170118020A1 (en) | Data communication method, system and gateway for in-vehicle network including a plurality of subnets | |
EP3476078B1 (en) | Systems and methods for authenticating communications using a single message exchange and symmetric key | |
CN109151508B (en) | Video encryption method | |
CN109168162B (en) | Bluetooth communication encryption method and device and intelligent security equipment | |
CN112597523B (en) | File processing method, file conversion encryption machine, terminal, server and medium | |
JP2005287039A (en) | Common scramble processing | |
CN111740942A (en) | Login/registration method, device, system, electronic equipment and storage medium | |
US20110113443A1 (en) | IP TV With DRM | |
CN112653719A (en) | Automobile information safety storage method and device, electronic equipment and storage medium | |
CN112073115A (en) | Lora-based low-orbit satellite Internet of things registration security verification method, Internet of things terminal, network server and user server | |
KR20220000537A (en) | System and method for transmitting and receiving data based on vehicle network | |
JP2005244534A (en) | Device and method for cipher communication | |
CN108924596B (en) | Media data transmission method, device and storage medium | |
CN112738037B (en) | Data encryption communication method | |
CN112073193B (en) | Information safety processing method, device and system and engineering vehicle | |
KR20080007678A (en) | System and method for efficient encryption and decryption of drm rights objects | |
CN111277802B (en) | Video code stream processing method, device, equipment and storage medium | |
CN110912941A (en) | Transmission processing method and device for multicast data | |
CN114285557A (en) | Communication encryption method, system and device | |
JPH10161535A (en) | Cipher communication device | |
CN111555875A (en) | Key synchronization method, device, equipment and medium for centralized meter reading system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200324 |
|
RJ01 | Rejection of invention patent application after publication |