CN105704102B - Vehicle network access control method and device - Google Patents
Vehicle network access control method and device Download PDFInfo
- Publication number
- CN105704102B CN105704102B CN201410699168.6A CN201410699168A CN105704102B CN 105704102 B CN105704102 B CN 105704102B CN 201410699168 A CN201410699168 A CN 201410699168A CN 105704102 B CN105704102 B CN 105704102B
- Authority
- CN
- China
- Prior art keywords
- external equipment
- vehicle network
- access
- handshake protocol
- identity
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Small-Scale Networks (AREA)
Abstract
The invention discloses a kind of vehicle network access control method and device, this method, which specifically includes that, receives the access request that external equipment is sent;Whether judgement currently needs to establish connection according to Handshake Protocol and external equipment, and the Handshake Protocol includes that the identification of external equipment and vehicle network activate;If it is judged that then identifying the identity of external equipment according to Handshake Protocol to need;When the identity for identifying external equipment is legitimate device, according to the vehicle network that Handshake Protocol activates external equipment to be requested access to, so that the vehicle network after activation receives the access operation of external equipment.It can prevent illegality equipment from accessing vehicle network using technical solution of the present invention, reduce a possibility that illegality equipment cracks genuine agreement.
Description
Technical field
The present invention relates to telematics field more particularly to a kind of vehicle network access control methods and device.
Background technique
Currently, in order to pay close attention to the state and fault message of vehicle in real time to car owner, the vehicle that is filled after gradually carrying out on the market
Metadata acquisition tool.And these tools acquisition data are by car diagnostic interface (On-Board Diagnostic, abbreviation OBD
Interface) vehicle bus and diagnostic data are obtained, and real-time display is on sound equipment screen.Since only discharge is a small amount of outward for OBD interface
Information, covering surface is very narrow, and the system informations such as bodywork system, instrument, air-conditioning, sound equipment, door module on vehicle are not discharged outward.
In order to improve the compatibility and competitiveness of sampling instrument, these Worktools Inc., which can try every possible means, cracks the communications protocol of former depot,
Vehicle network is accessed, obtains more data, for example such as car door car window state, door lock state, seat belt status, key status
Etc..
The bus of former depot and the normal work of diagnostic data definition format and its former vehicle are not known due to Hou Zhuan company
Make logic, only goes to crack certain signals and diagnosis message by rule of thumb.While in order to display in real time data, the acquisition of Hou Zhuan company
Tool can constantly be sent on bus message and diagnosis message to vehicle network, and the access of high frequency time will necessarily be caused to in-vehicle network
Certain pressure causes automotive networking unstable, increases vehicle network load, also will have a direct impact on vehicle normal work when situation is serious
Make.
Summary of the invention
The many aspects of the embodiment of the present invention propose a kind of vehicle network access control method and device, can prevent from illegally setting
Standby access vehicle network, reduces a possibility that illegality equipment cracks genuine agreement.
In a first aspect, the embodiment of the present invention provides a kind of vehicle network access control method, comprising:
Receive the access request that external equipment is sent;
Whether judgement currently needs to establish connection according to Handshake Protocol and the external equipment, and the Handshake Protocol includes outer
The identification of portion's equipment and vehicle network activate;
If it is judged that then identifying the identity of the external equipment according to the Handshake Protocol to need;
When the identity for identifying the external equipment is legitimate device, the external equipment is activated according to the Handshake Protocol
The vehicle network requested access to, so that the vehicle network after activation receives the access operation of the external equipment.
With reference to first aspect, described that institute is identified according to the Handshake Protocol under the first implementation of first aspect
State the identity of external equipment, comprising:
The first service information that the external equipment is sent is received, the first service information includes the external equipment
Identification code;
According to the identification code of the external equipment, inquiry is prestored with the presence or absence of identical identification code in code database, if deposited
, it is determined that the identity of the external equipment is otherwise legitimate device refuses the access request of the external equipment.
With reference to first aspect, described when the body for identifying the external equipment under second of implementation of first aspect
When part being legitimate device, the vehicle network that activates the external equipment to be requested access to according to the Handshake Protocol, comprising:
The second service information that the external equipment is sent is received, the second service information includes the external equipment institute
The vehicle network information requested access to;
According to the vehicle network information, the vehicle network for activating the external equipment to be requested access to.
With reference to first aspect or the first or second kind implementation of first aspect, in the third realization side of first aspect
Under formula, whether the judgement currently needs to establish connection according to Handshake Protocol and the external equipment, comprising:
Judge whether the current value of counter is zero;The counter is provided with initial value in advance;
It needs to establish connection according to Handshake Protocol and the external equipment if so, determining;
If it is not, activated vehicle network is then made to receive the access operation of the external equipment, and work as the counter
Preceding value subtracts 1.The third implementation with reference to first aspect, under the 4th kind of implementation of first aspect, it is described
The vehicle network of activation receives after the access operation of the external equipment, further includes:
Start timing, records the access time of the external equipment;
When the access time being more than preset time threshold, the vehicle network is shielded, and according to the association of shaking hands
View re-recognizes the identity of the external equipment;
When the identity for identifying the external equipment is legitimate device, the external equipment is activated according to the Handshake Protocol
The vehicle network requested access to, so that the vehicle network after activation receives the access operation of the external equipment;
When the identity for identifying the external equipment is illegality equipment, refuse the access request of the external equipment.
The third implementation with reference to first aspect has swashed under the 5th kind of implementation of first aspect described
Vehicle network living receives after the access operation of the external equipment, further includes:
Judge whether the external equipment is completed to access, if so, shielding the vehicle network.
Second aspect, the embodiment of the invention provides a kind of vehicle network access control apparatus, comprising:
Receiving module, for receiving the access request of external equipment transmission;
Judgment module, it is described for judging currently whether need to establish connection according to Handshake Protocol and the external equipment
Handshake Protocol includes that the identification of external equipment and vehicle network activate;
Identification module needs to be established according to the Handshake Protocol and the external equipment for determining in the judgment module
When connection, the identity of the external equipment is identified according to the Handshake Protocol;With,
Network activation module, when for identifying that the identity of the external equipment is legitimate device in the identification module, root
According to the vehicle network that the Handshake Protocol activates the external equipment to be requested access to, so that the vehicle network after activation receives institute
State the access operation of external equipment.
In conjunction with second aspect, under the first implementation, the identification module includes:
First receiving unit is needed for determining in the judgment module according to the Handshake Protocol and the external equipment
When establishing connection, the first service information that the external equipment is sent is received, the first service information includes that the outside is set
Standby identification code;With,
Identity recognizing unit, for the identification code according to the external equipment, inquiry is prestored in code database with the presence or absence of phase
Same identification code, if it is present determining that the identity of the external equipment is otherwise legitimate device refuses the external equipment
Access request.
In conjunction with second aspect, under second of implementation, the network activation module includes:
Second receiving unit, the second service information sent for receiving the external equipment, the second service information
The vehicle network information requested access to comprising the external equipment;With,
Network activation unit is used for according to the vehicle network information, the vehicle for activating the external equipment to be requested access to
Network.
In conjunction with the first or second kind implementation of second aspect or second aspect, in the third realization side of second aspect
Under formula, the judgment module includes:
Judging unit is counted, for judging whether the current value of counter is zero;The counter is provided in advance initially
Value;
Determination unit is counted, for determining when the counting judging unit determines that the current value of the counter is zero
It needs to establish connection according to Handshake Protocol and the external equipment;With,
Operation acceptance unit, for making when the counting judging unit determines that the current value of the counter is not zero
Activated vehicle network receives the access operation of the external equipment, and the value for keeping the counter current subtracts 1.
In conjunction with the third implementation of second aspect, under the 4th kind of implementation, the vehicle network access control
Device further include:
Timer, for starting after the activated vehicle network receives the access operation of the external equipment
Timing records the access time of the external equipment;With,
First network screen unit, for shielding the vehicle when the access time being more than preset time threshold
Network, and re-recognize according to the Handshake Protocol identity of the external equipment;
The first network screen unit includes:
First activation unit, for being held according to described when the identity for re-recognizing the external equipment is legitimate device
The vehicle network that external equipment described in hand protocol activating is requested access to is set so that the vehicle network after activation receives the outside
Standby access operation;With,
First request refusal unit when the identity for the external equipment described in equipment is illegality equipment, is refused described outer
The access request of portion's equipment.
In conjunction with the third implementation of second aspect, under the 5th kind of implementation, the vehicle network access control
Device further include:
Judgment module is accessed, for judging whether the external equipment is completed to access;With,
Second net mask unit, for shielding after the access judgment module determines that the external equipment completes access
State vehicle network in covert.
Therefore the implementation of the embodiments of the present invention has the following beneficial effects:
A kind of vehicle network access control method provided in an embodiment of the present invention is asked in the access for receiving external equipment transmission
When asking, whether judgement currently needs to establish connection according to Handshake Protocol and the external equipment, which sets including outside
Standby identification and vehicle network activates.If necessary according to Handshake Protocol to external equipment progress identification, and
When the identity for determining external equipment is legitimate device, the vehicle network that is requested access to of external equipment is activated according to Handshake Protocol,
So that the vehicle network after activation receives the access operation of external equipment.External equipment is after allowing to access vehicle network, with vehicle
It is communicated, obtains vehicle data and realize diagnosis or other function.Message is diagnosed using constantly transmission compared with the prior art
Former depot's agreement is cracked to obtain more acquisition data, technical solution of the present invention can prevent illegality equipment from accessing vehicle network, prevent
Only illegality equipment accesses the related diagnostic data that do not discharge, and reduces the interference to former depot's network.
It further, whether is zero according to the value of counter when judging whether to need to establish connection according to Handshake Protocol
To be judged.Calculator is provided with initial value in advance.When vehicle does not dispatch from the factory also, initial value 0xFF, all external equipments
Vehicle network can be directly accessed, but every access is primary, the value of counter subtracts 1, needs according to Handshake Protocol again after reducing to 0
It establishes connection just and can be carried out communication.And the value of counter is reset after dispatching from the factory, it is ensured that after factory, external equipment one train of every access
Network is required to establish connection according to Handshake Protocol, is not only avoided that before factory that access is both needed to the case where establishing connection every time,
Access time is reduced, the efficiency of access is improved, and illegality equipment is further prevented to access vehicle network.
Further, after activated vehicle network receives the access operation of external equipment, the record access time is being visited
When asking that the time is more than preset time threshold, vehicle network is shielded, the identity of external equipment is re-recognized according to Handshake Protocol, and
When the identity for redefining external equipment is legitimate device, the requested vehicle of external equipment is reactivated according to Handshake Protocol
Network can access for a long time vehicle network to avoid external equipment, prevent the illegality equipment operating time too long.
Further, after external equipment completes access, the activation vehicle network of the external equipment is shielded, is needing to visit
It is activated when asking further according to Handshake Protocol, further decreases illegality equipment access vehicle network possibility.
On the other hand, the embodiment of the invention provides a kind of vehicle network access control apparatus, external equipment is in counter
Value when being zero, after needing to establish connection according to Handshake Protocol with access control apparatus, vehicle network could be accessed, make illegally to set
It is standby that vehicle network can not directly be accessed by OBD interface.And except all diagnostic messages that OBD is independently discharged outward, other are examined
Disconnected information requires to obtain by access control apparatus, shields vehicle bus signals, prevents from illegally cracking network data.It compares
Vehicle network can be directly accessed by OBD interface in prior art external equipment, more acquisition data are obtained, using the present invention
The access control apparatus of embodiment can prevent illegality equipment from accessing vehicle network, and the correlation for preventing illegality equipment access from not discharging is examined
Disconnected data, reduce the interference to former depot's network.
Detailed description of the invention
Fig. 1 is the flow diagram of one embodiment of vehicle network access control method provided in an embodiment of the present invention;
Fig. 2 is the process signal of another embodiment of vehicle network access control method provided in an embodiment of the present invention
Figure;
Fig. 3 is the process signal of another embodiment of vehicle network access control method provided in an embodiment of the present invention
Figure;
Fig. 4 is the process signal of the still another embodiment of vehicle network access control method provided in an embodiment of the present invention
Figure;
Fig. 5 is a kind of structural schematic diagram of vehicle network access control apparatus provided in an embodiment of the present invention;
Fig. 6 is the structural schematic diagram of one embodiment of identification module provided in an embodiment of the present invention;
Fig. 7 is the structural schematic diagram of one embodiment of network activation module provided in an embodiment of the present invention;
Fig. 8 is the structural representation of another embodiment of vehicle network access control apparatus provided in an embodiment of the present invention
Figure;
Fig. 9 is the structural representation of another embodiment of vehicle network access control apparatus provided in an embodiment of the present invention
Figure;
Figure 10 is the structural schematic diagram of one embodiment of first network screen unit provided in an embodiment of the present invention;
Figure 11 is that the structure of the still another embodiment of vehicle network access control apparatus provided in an embodiment of the present invention is shown
It is intended to.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
Embodiment 1
It is the process of one embodiment of vehicle network access control method provided in an embodiment of the present invention referring to Fig. 1, Fig. 1
Schematic diagram, method includes the following steps:
Step 101: receiving the access request that external equipment is sent.
In the present embodiment, external equipment sends access request to vehicle, vehicle network is requested access to, to be diagnosed
Or other access operations.
Step 102: whether judgement currently needs to establish connection according to Handshake Protocol and external equipment, which includes
The identification of external equipment and vehicle network activate.If so, 103 are thened follow the steps, it is no to then follow the steps 105.
In the present embodiment, it is checked on by the access operation to external equipment, in the visit for receiving external equipment transmission
When asking request, whether judgement currently needs to establish connection according to Handshake Protocol and external equipment, performs the next step if necessary
Suddenly, otherwise, activated vehicle network is made to receive the access operation of external equipment.
Step 103: the identity of external equipment is identified according to Handshake Protocol.
In the present embodiment, Handshake Protocol can be, but not limited to the identification for including: external equipment and vehicle network swashs
It is living.
In the present embodiment, the identification of external equipment specifically: the first service information that external equipment is sent is received,
The first service information includes the identification code of external equipment.A code database is stored in advance in vehicle, which defines often
It is a to identify corresponding identification code.For example define 0xAA are as follows: Guangzhou Automobile Workshop's off-line test equipment;0xBB are as follows: Guangzhou Automobile Workshop's diagnostic equipment after sale;0xCC
Are as follows: Guangzhou Automobile Workshop develops testing tool;0xDD are as follows: the other equipment of Guangzhou Automobile Workshop;Other are encoded to illegality equipment.Vehicle is believed according to first service
Identification code in breath inquires and whether there is identical identification code in predictive coding library, if it is present determining the external equipment
Identity is legitimate device, otherwise, it determines the identity of the external equipment is illegality equipment, refuses the access request of the external equipment.
Step 104: when the identity for identifying external equipment is legitimate device, activating external equipment to be asked according to Handshake Protocol
Seek the vehicle network of access.
In the present embodiment, when identifying external equipment is legitimate device, external equipment is activated to be asked according to Handshake Protocol
The vehicle network of access is sought, specifically: the second service information that external equipment is sent is received, which includes outside
The vehicle network information that equipment is requested access to.External equipment can request to activate some network or all-network, vehicle according to
The vehicle network information, the vehicle network that activation external equipment requests access to.Vehicle interior can be, but not limited to each network into
Row definition makes the corresponding coding of each network, when requesting activation, according to the corresponding network of ciphering activation.For example: definition
0x00,0x06-0xff are as follows: All channel Disabled;Define 0x01 are as follows: PCAN channel Enabled;Definition
0x02 are as follows: ACAN channel Enabled;Define 0x03 are as follows: SCAN channel Enabled;Define 0x04 are as follows: BCAN
channel Enabled;Define 0x05 are as follows: Diag routing Enabled.By default, the access of all-network is all
It is shielding, avoids the unauthorized access of external equipment.
In the present embodiment, the first service information and second service information that external equipment is sent can synthesize same
Information on services improves working efficiency without sending twice.
Step 105: the vehicle network after making activation receives the access operation of external equipment.
In the present embodiment, after external equipment is by identification and network activation, external equipment can visit vehicle
It asks operation, obtains vehicle data, realize diagnosis or other function.External equipment carries out vehicle to be diagnosed as the prior art, herein
It repeats no more.
Therefore a kind of vehicle network access control method provided in an embodiment of the present invention, receiving external equipment hair
When the access request sent, whether judgement currently needs to establish connection according to Handshake Protocol and external equipment, which includes
The identification of external equipment and vehicle network activate.Identity knowledge is carried out to external equipment according to Handshake Protocol if necessary
Not, and when the identity for determining external equipment is legitimate device, the vehicle that is requested access to of external equipment is activated according to Handshake Protocol
Network, so that the vehicle network after activation receives the access operation of external equipment.External equipment is allowing to access vehicle network
Afterwards, it is communicated with vehicle, obtains vehicle data and realize diagnosis or other function.It is examined compared with the prior art using constantly transmission
Disconnected message cracks former depot's agreement to obtain more acquisition data, and technical solution of the present invention can prevent illegality equipment from accessing vehicle net
Network prevents illegality equipment from accessing non-discharge related diagnostic data, reduces the interference to former depot's network.
Embodiment 2
Referring to fig. 2, Fig. 2 is the stream of another embodiment of vehicle network access control method provided in an embodiment of the present invention
Journey schematic diagram.As shown in Fig. 2, the present embodiment the difference from embodiment 1 is that, step 202: whether judging the current value of counter
It is zero, counter is provided with initial value in advance, it needs to establish connection according to Handshake Protocol and external equipment if it is, determining,
Step 103 is executed, otherwise, it determines not needing to establish connection according to Handshake Protocol and external equipment, step 206 is executed: making to have swashed
Vehicle network living receives the access operation of external equipment, and the value for keeping counter current subtracts 1.
In the present embodiment, counter: Counter is defined, counter preset configuration has initial value.Counter is set
It can prevent illegality equipment from accessing vehicle network, but bring simultaneously to the off-line test equipment of genuine and test development equipment tired
It disturbs.Because diagnosis requires once to be shaken hands every time, the time is expended, diagnosis efficiency is influenced.Solution are as follows: supplier send part
When to main engine plants, counter Counter can be set to 0xFF, all access informations, which all do not need Handshake Protocol, to visit
It asks, but the every access of counter is primary, numerical value will subtract 1, and when the value of counter is 0, external equipment is needed according to association of shaking hands
View is established after connection with vehicle network and can just be accessed.And in the offline vehicle release of production line, if Counter is not equal to
0, then it needs to be reset Counter with off-line test equipment, all external device access vehicle datas hereafter require basis
Handshake Protocol carries out identification and network activation.Working efficiency was not influenced when not only can guarantee genuine detection in this way, but also can be in vehicle
The access of illegality equipment is prevented after factory.
It whether is zero according to the value of counter therefore when judging whether to need to establish connection according to Handshake Protocol
To be judged.Calculator is provided with initial value in advance.When vehicle does not dispatch from the factory also, initial value 0xFF, all external equipments
Vehicle network can be directly accessed, but every access is primary, the value of counter subtracts 1, needs according to Handshake Protocol again after reducing to 0
It establishes connection just and can be carried out communication.And the value of counter is reset after dispatching from the factory, it is ensured that after factory, external equipment one train of every access
Network is required to be connected according to Handshake Protocol, is not only avoided that before factory that access is both needed to the case where establishing connection every time, is reduced
Access time, the efficiency of access is improved, and illegality equipment is further prevented to access vehicle network.
Embodiment 3
Referring to Fig. 3, Fig. 3 is the stream of another embodiment of vehicle network access control method provided in an embodiment of the present invention
Journey schematic diagram.As shown in figure 3, the present embodiment the difference from example 2 is that, further include after step 105 and step 206
Step 301: starting timing, record the access time of external equipment;It executes step 302: being more than the preset time in access time
When threshold value, vehicle network is shielded, and re-recognizes the identity of external equipment according to Handshake Protocol, step 303: judging to set outside this
Whether standby identity is legitimate device, however, it is determined that is legitimate device, thens follow the steps 304: activation external equipment is requested access to
Vehicle network so that the vehicle network after activation receives the access operation of external equipment.If it is determined that being illegality equipment, then execute
Step 305: refusing the access request of external equipment.
In the present embodiment, if access time is not above time threshold, vehicle network continues to receive external equipment
Access operation.
In the present embodiment, in order to avoid external equipment accesses vehicle network for a long time, vehicle network load excessive is caused,
An access time can be being defined, limit external equipment admissible access time.Receive external equipment and access operation
Afterwards, start timing, and record the access time.If access time is greater than preset time threshold, external equipment needs basis
Handshake Protocol re-establishes connection, that is, re-recognizes identity and reactivate vehicle network.When illegality equipment successful access vehicle
When network, timer is avoided that illegality equipment access vehicle network for a long time, and re-recognizes so that illegality equipment need to be known again
Other identity refuses the access request of the equipment if identifying that the equipment is illegality equipment.
In the present embodiment, in order to guarantee that the timing reasonability of timer, the value of access time can pass through diagnostic command
It is adjusted, when there is specific demand in the either former depot of exploitation test phase, the value can be arranged by the equipment of former depot
For infinity, almost without the operating time of limitation external equipment.After diagnosis, then the value is restored to default value.Both it protected
The actual demand of Zheng Yuan depot, and the illegality equipment operating time can be prevented too long.
Therefore after activated vehicle network receives the access operation of external equipment, the record access time is being visited
When asking that the time is more than preset time threshold, vehicle network is shielded, the identity of external equipment is re-recognized according to Handshake Protocol, and
When the identity for redefining external equipment is legitimate device, the requested vehicle of external equipment is reactivated according to Handshake Protocol
Network can access for a long time vehicle network to avoid external equipment, prevent the illegality equipment operating time too long.
Embodiment 4
Referring to fig. 4, Fig. 4 is the still another embodiment of vehicle network access control method provided in an embodiment of the present invention
Flow diagram.As shown in figure 4, the difference of Fig. 4 and Fig. 2 is, further include step 401 after step 105 and step 206:
Judge whether external equipment is completed to access, if so, then follow the steps 402, otherwise return step 105.
Step 402: shielding vehicle network.
Therefore after external equipment completes access, the activation vehicle network of the external equipment is shielded, is needing to visit
It is activated when asking further according to Handshake Protocol, further decreases illegality equipment access vehicle network possibility, avoid illegality equipment
Diagnosis message is constantly sent, vehicle network is interfered, influences vehicle normal work.
Embodiment 5
Referring to Fig. 5, Fig. 5 is a kind of structural schematic diagram of vehicle network access control apparatus provided in an embodiment of the present invention.
The access control apparatus can mask vehicle bus signals, prevent from illegally cracking network data, at the same for diagnosis request into
Capable operation of checking on.The access control apparatus includes:
Receiving module 501, for receiving the access request of external equipment transmission.
Judgment module 502 is electrically connected with receiving module 501, for judging currently whether need according to Handshake Protocol and institute
It states external equipment and establishes connection, the Handshake Protocol includes that the identification of external equipment and vehicle network activate.
Identification module 503 is electrically connected with judgment module 502, is needed for determining in judgment module 502 according to Handshake Protocol
When establishing connection with external equipment, the identity of external equipment is identified according to Handshake Protocol.
Network activation module 504 is electrically connected with judgment module 502, for determining the body of external equipment in identification module 503
When part is legitimate device, according to the vehicle network that Handshake Protocol activates external equipment to be requested access to, so that the vehicle after activation
Network receives the access operation of external equipment.
It is the structural schematic diagram of one embodiment of identification module referring to Fig. 6, Fig. 6 as a kind of citing of the present embodiment,
Identification module 503 includes: the first receiving unit 601 and identity recognizing unit 602.First receiving unit 601 is for judging mould
When block 502 determines that needs establish connection according to Handshake Protocol and external equipment, the first service information that external equipment is sent is received,
The first service information includes the identification code of external equipment.Identity recognizing unit 602 is electrically connected with the first receiving unit 601, is used
In the identification code according to external equipment, inquiry is prestored with the presence or absence of identical identification code in code database, if it is present determining outer
The identity of portion's equipment is otherwise legitimate device refuses the access request of external equipment.
As a kind of citing of the present embodiment, referring to Fig. 7, Fig. 7 is that the structure of one embodiment of network activation module is shown
It is intended to.Network activation module 504 includes: the second receiving unit 701 and network activation unit 702.Second receiving unit 701 is used for
The second service information that external equipment is sent is received, which includes the vehicle network that external equipment is requested access to
Information.Network activation unit 702 is electrically connected with the second receiving unit 701, for according to vehicle network information, activation is external to be set
The standby vehicle network requested access to.
The working principle of the present embodiment can be, but not limited to the related record referring to embodiment 1 to steps flow chart.
Therefore the embodiment of the invention provides a kind of vehicle network access control apparatus, external equipment needs basis
After Handshake Protocol and access control apparatus establish connection, vehicle network could be accessed, makes illegality equipment can not be straight by OBD interface
Vehicle network is asked in receiving.And except all diagnostic messages that OBD is independently discharged outward, other diagnostic messages require to pass through access
Control device obtains, and shields vehicle bus signals, prevents from illegally cracking network data.External equipment energy compared with the prior art
Vehicle network is directly accessed by OBD interface, more acquisition data are obtained, using the access control apparatus energy of the embodiment of the present invention
It prevents illegality equipment from accessing vehicle network, prevents illegality equipment from accessing the related diagnostic data that do not discharge, reduce to former depot's net
The interference of network
Embodiment 6
Referring to Fig. 8, Fig. 8 is the knot of another embodiment of vehicle network access control apparatus provided in an embodiment of the present invention
Structure schematic diagram.The present embodiment and the difference of embodiment 5 be, access control apparatus further include: counter 801, judgment module 502
Including counting judging unit 802, counting determination unit 803 and operation acceptance unit 804.
Judging unit 802 is counted to be electrically connected with counter 801, it, should for judging whether the current value of counter 801 is zero
Counter 801 is provided with initial value in advance.
It counts determination unit 803 and is electrically connected with judging unit 802 is counted, counted for being determined in counting judging unit 802
When the current value of device 801 is zero, determines and need to establish connection according to Handshake Protocol and the external equipment.
Operation acceptance unit 804 is electrically connected with judging unit 802 is counted, for counting the determining counting of judging unit 802
When the current value of device 801 is not zero, activated vehicle network is made to receive the access operation of external equipment, and makes counter 801
Current value subtracts 1.
The more detailed working principle of the present embodiment can be, but not limited to the related record referring to embodiment 2 to steps flow chart.
Therefore using this implementation technical solution, counter 801 is provided in vehicle network access control apparatus,
When judging whether to need to establish connection according to Handshake Protocol, judged according to whether the value of counter 801 is zero.It counts
Device 801 is provided with initial value in advance.When vehicle does not dispatch from the factory also, initial value 0xFF, all external equipments can be visited directly
Ask vehicle network, but every access is primary, the value of counter subtracts 1, and external equipment needs are built again according to Handshake Protocol after reducing to 0
Vertical connection just can be carried out communication.And the value of counter is reset after dispatching from the factory, it is ensured that after factory, an external equipment vehicle of every access
Network is required to establish connection according to Handshake Protocol, is not only avoided that before factory that access is both needed to the case where establishing connection every time, subtracts
Few access time, the efficiency of access is improved, and illegality equipment is further prevented to access vehicle network.
Embodiment 7
Referring to Fig. 9, Fig. 9 is the knot of another embodiment of vehicle network access control apparatus provided in an embodiment of the present invention
Structure schematic diagram.The present embodiment and the difference of embodiment 6 be, access control apparatus further include: timer 901 and first network screen
Cover unit 902.Timer 901 is electrically connected with network activation module 504, first network screen unit 902, for activated
After vehicle network receives the access operation of external equipment, starts timing, record the access time of external equipment.
First network screen unit 902 is used for when access time being more than preset time threshold, shields vehicle network, and
The identity of external equipment is re-recognized according to Handshake Protocol.
It is the structural schematic diagram of one embodiment of first network screen unit referring to Figure 10, Figure 10.First network shielding
Unit 902 includes: the first activation unit 9021 and the first request refusal unit 9022.First activation unit 9021 is used for again
When the identity for identifying external equipment is legitimate device, the vehicle network that is requested access to of external equipment is activated according to Handshake Protocol,
So that the vehicle network after activation receives the access operation of external equipment;
First request refusal unit 9022 is used to refuse external equipment when the identity for identifying external equipment is illegality equipment
Access request.
The more detailed working principle of the present embodiment can be, but not limited to the related record referring to embodiment 3 to steps flow chart.
Therefore access control apparatus passes through after activated vehicle network receives the access operation of external equipment
The 901 record access time of timer, when access time being more than preset time threshold, first network screen unit 902 is shielded
Vehicle network re-recognizes the identity of external equipment, and when the identity for redefining external equipment is legitimate device, swashs again
The requested vehicle network of external equipment living receives external device access operation, can access for a long time vehicle to avoid external equipment
Network prevents the illegality equipment operating time too long.
Embodiment 8
Referring to Figure 11, Figure 11 is the still another embodiment of vehicle network access control apparatus provided in an embodiment of the present invention
Structural schematic diagram.The present embodiment and the difference of embodiment 7 be, vehicle network access control apparatus further include: access judgement
Module 1101 and the second net mask unit 1102.Access judgment module 1101 is electrically connected with network activation module 504, is used for
Judge whether external equipment is completed to access.Second net mask unit 1102 is electrically connected with access judgment module 1001, is used for
It accesses judgment module 1101 and determines that external equipment is completed after accessing, shield vehicle network.
The more detailed working principle of the present embodiment and process step can be, but not limited to referring to embodiment 3 and embodiment 4
Correlation is recorded.
Therefore vehicle network access control apparatus has shielded the external equipment after external equipment completes access
Vehicle network is activated, is activated again when needing to access, illegality equipment access vehicle network possibility is further decreased.
Those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, being can be with
Relevant hardware is instructed to complete by computer program, the program can be stored in a computer-readable storage medium
In, the program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein, the storage medium can be magnetic
Dish, CD, read-only memory (Read-Only Memory, ROM) or random access memory (Random Access
Memory, RAM) etc..
The above is a preferred embodiment of the present invention, it is noted that for those skilled in the art
For, various improvements and modifications may be made without departing from the principle of the present invention, these improvements and modifications are also considered as
Protection scope of the present invention.
Claims (8)
1. a kind of vehicle network access control method characterized by comprising
Receive the access request that external equipment is sent;
Whether judgement currently needs to establish connection according to Handshake Protocol and the external equipment, and the Handshake Protocol is set including outside
Standby identification and vehicle network activates;
If it is judged that then identifying the identity of the external equipment according to the Handshake Protocol to need;
When the identity for identifying the external equipment is legitimate device, the external equipment is activated to be asked according to the Handshake Protocol
The vehicle network of access is sought, so that the vehicle network after activation receives the access operation of the external equipment;
After the access operation that activated vehicle network receives the external equipment, further includes: judge the external equipment
Whether completion accesses, if so, shielding the vehicle network;
It is described when the identity for identifying the external equipment is legitimate device, the external equipment is activated according to the Handshake Protocol
The vehicle network requested access to, comprising:
The second service information that the external equipment is sent is received, the second service information includes that the external equipment is requested
The vehicle network information of access;
According to the vehicle network information, the vehicle network for activating the external equipment to be requested access to.
2. vehicle network access control method according to claim 1, which is characterized in that described according to the Handshake Protocol
Identify the identity of the external equipment, comprising:
The first service information that the external equipment is sent is received, the first service information includes the identification of the external equipment
Code;
According to the identification code of the external equipment, inquiry is prestored with the presence or absence of identical identification code in code database, if it is present
The identity for determining the external equipment is otherwise legitimate device refuses the access request of the external equipment.
3. according to claim 1 to 2 described in any item vehicle network access control methods, which is characterized in that the judgement is worked as
It is preceding whether to need to establish connection according to Handshake Protocol and the external equipment, comprising:
When vehicle does not dispatch from the factory, judge whether the current value of counter is zero;The counter is provided with initial value in advance;
It needs to establish connection according to Handshake Protocol and the external equipment if so, determining;
If it is not, activated vehicle network is then made to receive the access operation of the external equipment, and keep the counter current
Value subtracts 1.
4. vehicle network access control method according to claim 3, which is characterized in that in the activated vehicle net
Network receives after the access operation of the external equipment, further includes:
Start timing, records the access time of the external equipment;
When the access time being more than preset time threshold, the vehicle network is shielded, and according to the Handshake Protocol weight
Newly identify the identity of the external equipment;
When the identity for identifying the external equipment is legitimate device, the external equipment is activated to be asked according to the Handshake Protocol
The vehicle network of access is sought, so that the vehicle network after activation receives the access operation of the external equipment;
When the identity for identifying the external equipment is illegality equipment, refuse the access request of the external equipment.
5. a kind of vehicle network access control apparatus characterized by comprising
Receiving module, for receiving the access request of external equipment transmission;
Judgment module, it is described to shake hands for judging currently whether need to establish connection according to Handshake Protocol and the external equipment
Agreement includes that the identification of external equipment and vehicle network activate;
Identification module needs to establish connection according to the Handshake Protocol and the external equipment for determining in the judgment module
When, the identity of the external equipment is identified according to the Handshake Protocol;
Network activation module, when for identifying that the identity of the external equipment is legitimate device in the identification module, according to institute
The vehicle network that Handshake Protocol activates the external equipment to be requested access to is stated, so that the vehicle network after activation receives outside described
The access operation of portion's equipment;
Judgment module is accessed, for judging whether the external equipment is completed to access;With,
Second net mask unit, for shielding institute after the access judgment module determines that the external equipment completes access
State vehicle network;
The network activation module includes:
Second receiving unit, the second service information sent for receiving the external equipment, the second service information include
The vehicle network information that the external equipment is requested access to;With,
Network activation unit, the vehicle net for activating the external equipment to be requested access to according to the vehicle network information
Network.
6. vehicle network access control apparatus according to claim 5, which is characterized in that the identification module includes:
First receiving unit needs to be established according to the Handshake Protocol and the external equipment for determining in the judgment module
When connection, the first service information that the external equipment is sent is received, the first service information includes the external equipment
Identification code;With,
Identity recognizing unit, for the identification code according to the external equipment, inquiry is prestored in code database with the presence or absence of identical
Identification code, if it is present determining that the identity of the external equipment is otherwise legitimate device refuses the visit of the external equipment
Ask request.
7. according to the described in any item vehicle network access control apparatus of claim 5 to 6, which is characterized in that the judgement mould
Block includes:
Judging unit is counted, for when vehicle does not dispatch from the factory, judging whether the current value of counter is zero;The counter is preparatory
Configured with initial value;
Determination unit is counted, for determining and needing when the counting judging unit determines that the current value of the counter is zero
Connection is established according to Handshake Protocol and the external equipment;With,
Operation acceptance unit, for making to have swashed when the counting judging unit determines that the current value of the counter is not zero
Vehicle network living receives the access operation of the external equipment, and the value for keeping the counter current subtracts 1.
8. vehicle network access control apparatus according to claim 7, which is characterized in that the vehicle network access control
Device further include:
Timer, for starting timing after the activated vehicle network receives the access operation of the external equipment,
Record the access time of the external equipment;With,
First network screen unit, for shielding the vehicle network when the access time being more than preset time threshold,
And the identity of the external equipment is re-recognized according to the Handshake Protocol;
The first network screen unit includes:
First activation unit, for the identity for re-recognizing the external equipment be legitimate device when, according to the association of shaking hands
The vehicle network that view activates the external equipment to be requested access to, so that the vehicle network after activation receives the external equipment
Access operation;With,
First request refusal unit, for refusing the outside and setting when the identity for identifying the external equipment is illegality equipment
Standby access request.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410699168.6A CN105704102B (en) | 2014-11-26 | 2014-11-26 | Vehicle network access control method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410699168.6A CN105704102B (en) | 2014-11-26 | 2014-11-26 | Vehicle network access control method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105704102A CN105704102A (en) | 2016-06-22 |
| CN105704102B true CN105704102B (en) | 2019-06-07 |
Family
ID=56294481
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410699168.6A Active CN105704102B (en) | 2014-11-26 | 2014-11-26 | Vehicle network access control method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105704102B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106372545B (en) * | 2016-08-29 | 2020-09-11 | 北京新能源汽车股份有限公司 | Data processing method, vehicle-mounted automatic diagnosis system OBD controller and vehicle |
| CN108688616A (en) * | 2017-04-06 | 2018-10-23 | 上海汽车集团股份有限公司 | A kind of method, apparatus and system of vehicle anti-theft alarm |
| CN113741393B (en) * | 2021-09-03 | 2023-03-24 | 东风汽车集团股份有限公司 | Vehicle safety network architecture based on central gateway and diagnosis method thereof |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101150403A (en) * | 2007-11-01 | 2008-03-26 | 奇瑞汽车有限公司 | Control method for diagnosing protocol security validation status machine |
| CN101166087A (en) * | 2007-09-30 | 2008-04-23 | 奇瑞汽车有限公司 | A secure validation method for car diagnosis communication |
| CN101199183A (en) * | 2005-06-15 | 2008-06-11 | 大众汽车有限公司 | Method and device enabling the component of a motor vehicle to reliably communicate with an external communication partner by means of a wireless communications connection |
| CN101291229A (en) * | 2007-02-23 | 2008-10-22 | 通用汽车环球科技运作公司 | System and method for controlling mobile platform information access |
| CN102045309A (en) * | 2009-10-14 | 2011-05-04 | 上海可鲁***软件有限公司 | Method and device for preventing computer from being attacked by virus |
| CN102098326A (en) * | 2010-12-13 | 2011-06-15 | 斯必克机电产品(苏州)有限公司 | Method and system for automobile network diagnosis |
| CN102393888A (en) * | 2011-07-21 | 2012-03-28 | 广州汽车集团股份有限公司 | ECU (Electric Control Unit) security access processing method |
| CN102857573A (en) * | 2012-09-17 | 2013-01-02 | 广州杰赛科技股份有限公司 | Safety identification method and safety identification system for onboard communication |
| CN103455022A (en) * | 2012-06-01 | 2013-12-18 | 北汽福田汽车股份有限公司 | Method and device for diagnosing vehicle-mounted electronic control devices |
| CN103529823A (en) * | 2013-10-17 | 2014-01-22 | 北奔重型汽车集团有限公司 | Security access control method for vehicle diagnosis system |
| CN103914059A (en) * | 2013-01-09 | 2014-07-09 | 上海通用汽车有限公司 | Remote bus diagnostic method and system |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP4701977B2 (en) * | 2005-10-06 | 2011-06-15 | 株式会社デンソー | In-vehicle network diagnosis system and in-vehicle control device |
| CN101587576A (en) * | 2009-04-10 | 2009-11-25 | 重庆市公安局 | Public inquiring and supervising system of public security cases |
| DE102010008816A1 (en) * | 2010-02-22 | 2011-08-25 | Continental Automotive GmbH, 30165 | Method for online communication |
| JP5900390B2 (en) * | 2013-01-31 | 2016-04-06 | 株式会社オートネットワーク技術研究所 | Access restriction device, in-vehicle communication system, and communication restriction method |
-
2014
- 2014-11-26 CN CN201410699168.6A patent/CN105704102B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101199183A (en) * | 2005-06-15 | 2008-06-11 | 大众汽车有限公司 | Method and device enabling the component of a motor vehicle to reliably communicate with an external communication partner by means of a wireless communications connection |
| CN101291229A (en) * | 2007-02-23 | 2008-10-22 | 通用汽车环球科技运作公司 | System and method for controlling mobile platform information access |
| CN101166087A (en) * | 2007-09-30 | 2008-04-23 | 奇瑞汽车有限公司 | A secure validation method for car diagnosis communication |
| CN101150403A (en) * | 2007-11-01 | 2008-03-26 | 奇瑞汽车有限公司 | Control method for diagnosing protocol security validation status machine |
| CN102045309A (en) * | 2009-10-14 | 2011-05-04 | 上海可鲁***软件有限公司 | Method and device for preventing computer from being attacked by virus |
| CN102098326A (en) * | 2010-12-13 | 2011-06-15 | 斯必克机电产品(苏州)有限公司 | Method and system for automobile network diagnosis |
| CN102393888A (en) * | 2011-07-21 | 2012-03-28 | 广州汽车集团股份有限公司 | ECU (Electric Control Unit) security access processing method |
| CN103455022A (en) * | 2012-06-01 | 2013-12-18 | 北汽福田汽车股份有限公司 | Method and device for diagnosing vehicle-mounted electronic control devices |
| CN102857573A (en) * | 2012-09-17 | 2013-01-02 | 广州杰赛科技股份有限公司 | Safety identification method and safety identification system for onboard communication |
| CN103914059A (en) * | 2013-01-09 | 2014-07-09 | 上海通用汽车有限公司 | Remote bus diagnostic method and system |
| CN103529823A (en) * | 2013-10-17 | 2014-01-22 | 北奔重型汽车集团有限公司 | Security access control method for vehicle diagnosis system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105704102A (en) | 2016-06-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9805520B2 (en) | Method and system for providing vehicle security service | |
| US9646427B2 (en) | System for detecting the operational status of a vehicle using a handheld communication device | |
| CN105144140B (en) | The system and method for controlling and communicating for remote information | |
| CN107428294A (en) | Abnormal detected rule update method, abnormal detection electronic control unit and vehicle netbios | |
| CN107792009A (en) | Vehicle starting method and device based on driver identity certification | |
| CN107943488A (en) | Determine whether Vehicular system renewal is installed in the car | |
| CN103903091B (en) | A kind of control method of the vehicle ignition control device based on cloud computing platform | |
| CN107139868A (en) | The system that a kind of autonomous driving vehicle judges passenger identity | |
| CN105704102B (en) | Vehicle network access control method and device | |
| WO2021237648A1 (en) | Vehicle diagnosis method, system, and device, and server | |
| CN106878303B (en) | A kind of vehicle-mounted T Box Information Security Defending Systems and method for teleinstruction | |
| CN110061984A (en) | Account switching method, onboard system and the vehicle of onboard system | |
| CN113183916B (en) | Remote vehicle locking and anti-dismantling method, device, equipment and storage medium | |
| CN110242151A (en) | Control method, device and automobile is automatically closed in a kind of automobile tail gate | |
| CN103679821A (en) | For-hire vehicle operation state monitoring system and method | |
| CN105701386A (en) | Security certification method and device | |
| CN109733327B (en) | Early warning method for demolition of intelligent positioner | |
| KR101736296B1 (en) | Telematics service quality inspection system | |
| CN107451921A (en) | For authorizing the vehicle computer system of insurance and registration insurance policy | |
| McCarthy et al. | Access to in-vehicle data and resources | |
| CN110659798A (en) | Risk management method and device | |
| Berghel | Vehicle telematics: The good, bad and ugly | |
| CN105700507B (en) | A kind of vehicle network diagnosis control method and device | |
| CN108830971A (en) | Multi-party collaborative vehicle share system and its sharing method based on car networking | |
| CN102704764A (en) | Door lock system for cab, door lock unlocking control method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |