CN111813078B - Safety diagnosis method, device, equipment and medium for vehicle - Google Patents

Safety diagnosis method, device, equipment and medium for vehicle Download PDF

Info

Publication number
CN111813078B
CN111813078B CN202010587210.0A CN202010587210A CN111813078B CN 111813078 B CN111813078 B CN 111813078B CN 202010587210 A CN202010587210 A CN 202010587210A CN 111813078 B CN111813078 B CN 111813078B
Authority
CN
China
Prior art keywords
control unit
diagnosis
authentication
diagnostic
electronic control
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010587210.0A
Other languages
Chinese (zh)
Other versions
CN111813078A (en
Inventor
杨威
陈强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Original Assignee
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Topsec Technology Co Ltd, Beijing Topsec Network Security Technology Co Ltd, Beijing Topsec Software Co Ltd filed Critical Beijing Topsec Technology Co Ltd
Priority to CN202010587210.0A priority Critical patent/CN111813078B/en
Publication of CN111813078A publication Critical patent/CN111813078A/en
Application granted granted Critical
Publication of CN111813078B publication Critical patent/CN111813078B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B23/00Testing or monitoring of control systems or parts thereof
    • G05B23/02Electric testing or monitoring
    • G05B23/0205Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults
    • G05B23/0208Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults characterized by the configuration of the monitoring system
    • G05B23/0213Modular or universal configuration of the monitoring system, e.g. monitoring system having modules that may be combined to build monitoring program; monitoring system that can be applied to legacy systems; adaptable monitoring system; using different communication protocols
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/20Pc systems
    • G05B2219/24Pc safety
    • G05B2219/24065Real time diagnostics

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Automation & Control Theory (AREA)
  • Lock And Its Accessories (AREA)

Abstract

The disclosed embodiments relate to a method, apparatus, device and medium for vehicle safety diagnosis, wherein the method is applied to a diagnostic apparatus, comprising: sending a security authentication request to the electronic control unit; receiving a control random number returned by the electronic control unit, and generating first bidirectional authentication information and first session verification information based on the control random number; and if the bidirectional authentication with the electronic control unit is determined to be successful based on the first bidirectional authentication information, sending a diagnosis instruction to the electronic control unit for diagnosis based on the first session verification information. By adopting the technical scheme, the diagnostic instrument and the electronic control unit of the vehicle are added with session verification in the process of diagnosis session on the basis of mutual authentication, so that the session can be prevented from being hijacked and attacked again, and the safety of vehicle diagnosis is greatly improved.

Description

Safety diagnosis method, device, equipment and medium for vehicle
Technical Field
The present disclosure relates to the field of vehicle communication technologies, and in particular, to a method, an apparatus, a device, and a medium for vehicle safety diagnosis.
Background
With the development of the internet of vehicles, data acquired based on a diagnosis interface built in a vehicle is more and more abundant, and diagnosis operation on the vehicle is easier and easier. For example, On Board Diagnostics (OBD) can be used to remotely Control vehicle components such as windows and doors, and can also be used to diagnose, write, modify configuration, and the like, Electronic Control Units (ECUs) in the vehicle.
If the diagnosis interface does not carry out any effective identity verification on the accessed diagnosis instrument, once the diagnosis interface is utilized by an attacker, the attacker can carry out attack and malicious operation on a gateway, a vehicle-mounted information BOX (T-BOX), an electronic control unit and the like, and further, the diagnosis interface can carry out remote attack or remote control and other operations by adding a networking function on the diagnosis equipment, which can bring great risks to the personal safety, vehicles, traffic and the like of a vehicle owner and also can cause negative influence on the brand image of a vehicle factory. Currently, the electronic control unit is generally authenticated for the Diagnostic device through a secure access authentication service in a Universal Diagnostic Services (UDS), and only after the authentication is passed, the electronic control unit can execute the Diagnostic operation. However, the above security authentication method is easily cracked violently, and the security of the diagnosis session is not high, and the security requirement for the vehicle diagnosis cannot be satisfied.
Disclosure of Invention
To solve the technical problems described above or at least partially solve the technical problems, the present disclosure provides a safety diagnosis method, apparatus, device, and medium for a vehicle.
The embodiment of the disclosure provides a safety diagnosis method of a vehicle, which is applied to a diagnostic apparatus and comprises the following steps:
sending a security authentication request to the electronic control unit;
receiving a control random number returned by the electronic control unit, and generating first bidirectional authentication information and first session verification information based on the control random number;
and if the bidirectional authentication with the electronic control unit is determined to be successful based on the first bidirectional authentication information, sending a diagnosis instruction to the electronic control unit for diagnosis based on the first session verification information.
The embodiment of the present disclosure further provides a safety diagnosis method for a vehicle, which is applied to an electronic control unit, and includes:
receiving a safety certification request sent by a diagnostic instrument;
sending a control random number to the diagnostic instrument, and generating second bidirectional authentication information and second session verification information based on the control random number;
and if the bidirectional authentication with the diagnostic instrument is determined to be successful based on the second bidirectional authentication information, receiving a diagnostic instruction sent by the diagnostic instrument, and executing a diagnostic operation corresponding to the diagnostic instruction based on the second session verification information.
The disclosed embodiment also provides a safety diagnosis device for a vehicle, configured in a diagnostic apparatus, comprising:
the authentication request sending module is used for sending a security authentication request to the electronic control unit;
the first authentication information module is used for receiving a control random number returned by the electronic control unit and generating first bidirectional authentication information and first session verification information based on the control random number;
and the diagnosis control module is used for sending a diagnosis instruction to the electronic control unit for diagnosis based on the first session verification information if the bidirectional authentication with the electronic control unit is determined to be successful based on the first bidirectional authentication information.
The disclosed embodiment also provides a safety diagnosis device for a vehicle, configured to an electronic control unit, including:
the authentication request receiving module is used for receiving a safety authentication request sent by the diagnostic instrument;
the second authentication information module is used for sending a control random number to the diagnostic instrument and generating second bidirectional authentication information and second session verification information based on the control random number;
and the diagnosis execution module is used for receiving a diagnosis instruction sent by the diagnosis instrument and executing diagnosis operation corresponding to the diagnosis instruction based on the second session verification information if the bidirectional authentication with the diagnosis instrument is determined to be successful based on the second bidirectional authentication information.
An embodiment of the present disclosure further provides an electronic device, which includes: a processor; a memory for storing the processor-executable instructions; the processor is used for reading the executable instructions from the memory and executing the instructions to realize the safety diagnosis method of the vehicle provided by the embodiment of the disclosure.
The disclosed embodiments also provide a computer-readable storage medium storing a computer program for executing the method for safety diagnosis of a vehicle according to the disclosed embodiments.
Compared with the prior art, the technical scheme provided by the embodiment of the disclosure has the following advantages: according to the safety diagnosis scheme of the vehicle, the diagnosis instrument sends the safety authentication request to the electronic control unit, receives the control random number returned by the electronic control unit, generates the first bidirectional authentication information and the first session verification information based on the control random number, and sends the diagnosis instruction to the electronic control unit for diagnosis based on the first session verification information if the bidirectional authentication with the electronic control unit is determined to be successful based on the first bidirectional authentication information. By adopting the technical scheme, the diagnostic instrument and the electronic control unit of the vehicle are added with session verification in the process of diagnosis session on the basis of mutual authentication, so that the session can be prevented from being hijacked and attacked again, and the safety of vehicle diagnosis is greatly improved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure.
In order to more clearly illustrate the embodiments or technical solutions in the prior art of the present disclosure, the drawings used in the description of the embodiments or prior art will be briefly described below, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without inventive exercise.
Fig. 1 is a schematic flow chart of a safety diagnosis method for a vehicle according to an embodiment of the present disclosure;
FIG. 2 is a schematic flow chart illustrating another vehicle safety diagnostic method provided by an embodiment of the present disclosure;
FIG. 3 is a schematic flow chart illustrating a safety diagnostic method for a vehicle according to an embodiment of the present disclosure;
fig. 4 is a schematic diagram of a bidirectional authentication provided in an embodiment of the present disclosure;
FIG. 5 is a schematic diagram of a safety diagnostic provided by an embodiment of the present disclosure;
fig. 6 is a schematic structural diagram of a safety diagnosis device for a vehicle according to an embodiment of the present disclosure;
fig. 7 is a schematic structural diagram of another vehicle safety diagnosis device provided in the embodiment of the present disclosure;
fig. 8 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure.
Detailed Description
In order that the above objects, features and advantages of the present disclosure may be more clearly understood, aspects of the present disclosure will be further described below. It should be noted that the embodiments and features of the embodiments of the present disclosure may be combined with each other without conflict.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present disclosure, but the present disclosure may be practiced in other ways than those described herein; it is to be understood that the embodiments disclosed in the specification are only a few embodiments of the present disclosure, and not all embodiments.
At present, after the diagnostic device performs security authentication with the electronic control unit of the vehicle, the electronic control unit enters an unlocked state, which allows subsequent diagnostic operations of the diagnostic device to be performed, but cannot identify whether a subsequent diagnostic instruction is the diagnostic device after the security authentication, which causes the risk of hijacking a diagnostic session. In order to solve the above problem, the embodiments of the present disclosure provide a method for vehicle security diagnosis, which can prevent a diagnosis session from being hijacked.
Fig. 1 is a schematic flowchart of a safety diagnosis method for a vehicle according to an embodiment of the present disclosure, which may be performed by a safety diagnosis apparatus for a vehicle, where the apparatus may be implemented by software and/or hardware, and may be generally integrated in an electronic device. As shown in fig. 1, the method is applied to a diagnostic apparatus, comprising:
step 101, sending a security authentication request to an electronic control unit.
The safety certification request is a request for identity certification of the electronic control unit by the diagnostic instrument before diagnosis operation is carried out on the vehicle.
After the diagnostic instrument is connected to a diagnostic interface of the vehicle, a safety authentication request is sent to the electronic control unit so as to request the random number of the electronic control unit to carry out bidirectional authentication.
And 102, receiving a control random number returned by the electronic control unit, and generating first bidirectional authentication information and first session verification information based on the control random number.
The control random number is a random number generated by the electronic control unit, and a specific format is not limited, for example, the control random number may be a 4-byte random number. The first bidirectional authentication information is information used by the diagnostic apparatus for bidirectional authentication, and may include a first diagnostic apparatus authentication code and a second diagnostic apparatus authentication code. The first session verification information is information used by the diagnostic apparatus for performing diagnostic session verification, and may include a diagnostic apparatus session key and a diagnostic apparatus counter value.
The diagnostic apparatus may receive the control random number returned by the electronic control unit, and perform cryptographic operation on the control random number by using a preset authentication key to obtain first bidirectional authentication information and first session verification information. The authentication key may be a symmetric key that is built in the security chip during the production of the diagnostic device. The specific algorithm of the cryptographic operation may adopt algorithms such as a symmetric encryption algorithm and a private key algorithm, and may be specifically set according to an actual situation, for example, in the embodiment of the present disclosure, a national secret SM4 algorithm may be adopted.
And 103, if the bidirectional authentication with the electronic control unit is determined to be successful based on the first bidirectional authentication information, sending a diagnosis instruction to the electronic control unit for diagnosis based on the first session verification information.
The diagnosis instruction is used for diagnosing and controlling the electronic control unit by the diagnostic instrument. Specifically, the determining that the bidirectional authentication with the electronic control unit is successful based on the first bidirectional authentication information may include: sending the first diagnostic instrument authentication code to the electronic control unit so that the electronic control unit returns the second control unit authentication code after passing the authentication of the first diagnostic instrument authentication code based on the first control unit authentication code; and if the second control unit authentication code is received and is the same as the second diagnostic instrument authentication code, determining that the bidirectional authentication with the electronic control unit is successful, and sending bidirectional authentication success information to the electronic control unit.
The first control unit authentication code and the second control unit authentication code are second bidirectional authentication information generated by the electronic control unit based on the control random number. The diagnostic apparatus sends the first diagnostic apparatus authentication code to the electronic control unit, when the electronic control unit determines that the first control unit authentication code is the same as the first diagnostic apparatus authentication code, the second control unit authentication code is returned to the diagnostic apparatus, if the diagnostic apparatus determines that the second diagnostic apparatus authentication code is the same as the second control unit authentication code, the bidirectional authentication is determined to be successful, and bidirectional authentication success information is sent to the electronic control unit, so that the electronic control unit prepares for subsequent diagnosis. If the diagnostic device determines that the second diagnostic device authentication code is different from the second control unit authentication code, the mutual authentication fails, and mutual authentication failure information is sent to the electronic control unit.
In the embodiment of the present disclosure, sending a diagnosis instruction to the electronic control unit for diagnosis based on the first session verification information may include: carrying out password operation based on the diagnostic instrument session key and the diagnostic instrument counter value to determine a diagnostic instrument verification value; and sending the diagnostic instruction to the electronic control unit after the diagnostic instruction is added with the diagnostic instrument verification value, so that the electronic control unit executes the diagnostic operation corresponding to the diagnostic instruction after the diagnostic instrument verification value is verified.
The specific algorithm of the cryptographic operation for determining the diagnostic device verification value may be set according to the actual situation, and for example, the cryptographic SM4 algorithm may be used. After the bidirectional authentication between the diagnostic apparatus and the electronic control unit is successful, the diagnostic apparatus can send a diagnostic instruction added with the diagnostic apparatus verification value to the electronic control unit, if the electronic control unit passes the verification of the diagnostic apparatus verification value, the diagnostic operation corresponding to the diagnostic instruction can be executed, otherwise, the electronic control unit refuses to execute the diagnostic operation. Every instruction of the diagnostic apparatus is verified by the electronic control unit, so that the credible verification of the whole diagnostic process is ensured.
According to the safety diagnosis scheme of the vehicle, the diagnosis instrument sends the safety authentication request to the electronic control unit, receives the control random number returned by the electronic control unit, generates the first bidirectional authentication information and the first session verification information based on the control random number, and sends the diagnosis instruction to the electronic control unit for diagnosis based on the first session verification information if the bidirectional authentication with the electronic control unit is determined to be successful based on the first bidirectional authentication information. By adopting the technical scheme, the diagnostic instrument and the electronic control unit of the vehicle are added with session verification in the process of diagnosis session on the basis of mutual authentication, so that the session can be prevented from being hijacked and attacked again, and the safety of vehicle diagnosis is greatly improved.
In some embodiments, the secure authentication request further includes a diagnostic nonce, and the generating the first bidirectional authentication information and the first session verification information based on the control nonce includes: and carrying out cryptographic operation on the control random number and the diagnosis random number by adopting a preset authentication key to generate first bidirectional authentication information and first session verification information. The safety certification request sent by the diagnostic instrument also comprises a diagnosis random number, and the electronic control unit can obtain the diagnosis random number to carry out subsequent certification. The diagnostic device may perform a cryptographic operation based on the diagnostic random number and the control random number to generate first bidirectional authentication information and first session verification information. The advantage of setting up like this is, increased the random number of diagnostic apparatus and participated in the operation in the mutual authentication of diagnostic apparatus and electronic control unit, increased the difficulty of brute force to crack, further improved the security of diagnosing.
Fig. 2 is a schematic flow chart of another vehicle safety diagnosis method provided in an embodiment of the present disclosure, which may be performed by a vehicle safety diagnosis apparatus, where the apparatus may be implemented by software and/or hardware, and may be generally integrated in an electronic device. As shown in fig. 2, the method is applied to an electronic control unit in a vehicle, and includes:
step 201, receiving a security authentication request sent by a diagnostic instrument.
The electronic control unit can receive a safety certification request sent by the diagnostic instrument so as to carry out bidirectional certification with the diagnostic instrument.
Step 202, sending the control random number to the diagnostic instrument, and generating second bidirectional authentication information and second session verification information based on the control random number.
The second bidirectional authentication information is information used by the electronic control unit for bidirectional authentication, and may include a first control unit authentication code and a second control unit authentication code. The second session authentication information is information used by the electronic control unit to perform diagnostic session authentication and may include a control unit session key and a control unit counter value.
After receiving the security authentication request, the electronic control unit may send a control random number to the diagnostic apparatus, so that the diagnostic apparatus generates first bidirectional authentication information and first session verification information based on the control random number. And the electronic control unit performs cryptographic operation on the control random number by adopting a preset authentication key to obtain second bidirectional authentication information and second session verification information. It can be understood that the authentication keys preset in the electronic control unit and the corresponding diagnostic apparatus are the same authentication key, and based on the authentication key, bidirectional identity authentication between the electronic control unit and the corresponding diagnostic apparatus can be realized.
Optionally, the secure authentication request may further include a diagnosis random number, and the generating of the second bidirectional authentication information and the second session verification information based on the control random number may include: and carrying out cryptographic operation on the control random number and the diagnosis random number by adopting a preset authentication key to generate second bidirectional authentication information and second session verification information. The security authentication request sent by the diagnostic apparatus further includes a diagnostic random number, and the electronic control unit can obtain the diagnostic random number and generate second bidirectional authentication information and second session verification information based on the control random number and the diagnostic random number. The advantage of setting up like this is, increased the random number of diagnostic apparatus and participated in the operation in the mutual authentication of diagnostic apparatus and electronic control unit, increased the difficulty of brute force to crack, further improved the security of diagnosing.
And step 203, if the bidirectional authentication with the diagnostic instrument is determined to be successful based on the second bidirectional authentication information, receiving a diagnostic instruction sent by the diagnostic instrument, and executing a diagnostic operation corresponding to the diagnostic instruction based on the second session verification information.
Specifically, determining that the bidirectional authentication with the diagnostic apparatus is successful based on the second bidirectional authentication information may include: receiving a first diagnostic instrument authentication code sent by a diagnostic instrument; if the first control unit authentication code is the same as the first diagnostic instrument authentication code, returning the second control unit authentication code to the diagnostic instrument, so that the diagnostic instrument returns bidirectional authentication success information after passing the authentication of the second control unit authentication code based on the second diagnostic instrument authentication code; and if the bidirectional authentication success information is received, determining that the bidirectional authentication with the diagnostic instrument is successful.
The electronic control unit can receive a first diagnostic instrument authentication code of the diagnostic instrument, and because the authentication keys are the same, if the first control unit authentication code is the same as the first diagnostic instrument authentication code, the second control unit authentication code is returned to the diagnostic instrument; if the diagnostic apparatus determines that the second diagnostic apparatus authentication code is the same as the second control unit authentication code, the bidirectional authentication is passed, and bidirectional authentication success information is returned to the electronic control unit; and the electronic control unit receives the bidirectional authentication success information and then determines that the bidirectional authentication with the diagnostic instrument is successful. The form of expression of the bidirectional authentication success information is not limited in the embodiment of the present disclosure, and for example, the bidirectional authentication success information may be represented by letters or numbers.
Further, executing a diagnosis operation corresponding to the diagnosis instruction based on the second session verification information may include: performing cryptographic operation based on the control unit session key and the control unit counter value to determine a control unit verification value; and if the control unit verification value is the same as the diagnostic instrument verification value in the diagnostic instruction, executing the diagnostic operation corresponding to the diagnostic instruction.
After the electronic control unit determines that the bidirectional authentication with the diagnostic instrument is successful, the electronic control unit can receive a diagnostic instruction sent by the diagnostic instrument and judge whether a verification value of the local control unit is the same as a verification value of the diagnostic instrument in the diagnostic instruction, if so, the verification is passed, and the diagnostic operation corresponding to the diagnostic instruction is executed, otherwise, the verification is failed, and the diagnostic operation corresponding to the diagnostic instruction is refused to be executed. The electronic control unit verifies each instruction of the diagnostic instrument, and the diagnostic operation is executed after the verification is passed, so that the credible verification of the whole diagnostic process is ensured.
According to the safety diagnosis scheme of the vehicle, the electronic control unit receives a safety authentication request sent by the diagnosis instrument, sends the control random number to the diagnosis instrument, generates second bidirectional authentication information and second session verification information based on the control random number, receives a diagnosis instruction sent by the diagnosis instrument if the bidirectional authentication with the diagnosis instrument is determined to be successful based on the second bidirectional authentication information, and executes diagnosis operation corresponding to the diagnosis instruction based on the second session verification information. By adopting the technical scheme, the diagnostic instrument and the electronic control unit of the vehicle are added with session verification in the process of diagnosis session on the basis of mutual authentication, so that the session can be prevented from being hijacked and attacked again, and the safety of vehicle diagnosis is greatly improved.
Fig. 3 is a schematic flow chart of another vehicle safety diagnosis method according to an embodiment of the present disclosure, and the present embodiment specifically describes the vehicle safety diagnosis method based on the above embodiment. As shown in fig. 3, the method includes:
step 301, the diagnostic device sends a security authentication request to the electronic control unit.
And step 302, the electronic control unit receives a safety certification request sent by the diagnostic instrument and sends a control random number to the diagnostic instrument.
And step 303, the diagnostic device receives the control random number, generates first bidirectional authentication information and first session verification information based on the control random number, and sends a first diagnostic device authentication code to the electronic control unit.
The first bidirectional authentication information comprises a first diagnostic apparatus authentication code and a second diagnostic apparatus authentication code, and the first session verification information comprises a diagnostic apparatus session key and a diagnostic apparatus counter value.
Optionally, the security authentication request may further include a diagnostic apparatus random number, and the diagnostic apparatus may generate the first bidirectional authentication information and the first session verification information based on the diagnostic random number and the control random number.
Step 304, the electronic control unit receives the first diagnostic apparatus authentication code, generates second bidirectional authentication information and second session verification information based on the control random number, and determines whether the first control unit authentication code is the same as the first diagnostic apparatus authentication code, if yes, step 305 is executed; otherwise, step 312 is performed.
The second bidirectional authentication information comprises a first control unit authentication code and a second control unit authentication code, and the second session verification information comprises a control unit session key and a control unit counter value.
Optionally, the security authentication request may further include a diagnostic device random number, and the electronic control unit may generate the second bidirectional authentication information and the second session verification information based on the diagnostic random number and the control random number.
Step 305, the electronic control unit returns the second control unit authentication code to the diagnostic instrument.
Step 306, the diagnostic device receives the second control unit authentication code, and determines whether the second control unit authentication code is the same as the second diagnostic device authentication code, if yes, step 307 is executed; otherwise, step 313 is performed.
And 307, the diagnostic instrument determines that the bidirectional authentication with the electronic control unit is successful, and sends bidirectional authentication success information to the electronic control unit.
And 308, the electronic control unit receives the bidirectional authentication success information and determines that the bidirectional authentication with the diagnostic instrument is successful.
And 309, the diagnostic apparatus performs password operation based on the diagnostic apparatus session key and the diagnostic apparatus counter value, determines a diagnostic apparatus verification value, adds the diagnostic apparatus verification value to the diagnostic instruction and then sends the diagnostic instruction to the electronic control unit.
Step 310, the electronic control unit performs cryptographic operation based on the session key of the control unit and the counter value of the control unit, determines a verification value of the control unit, judges whether the verification value of the control unit is the same as the verification value of the diagnostic apparatus in the diagnostic instruction, and if so, executes step 311; otherwise, step 314 is performed.
And 311, the electronic control unit executes the diagnosis operation corresponding to the diagnosis instruction.
Step 312, the electronic control unit sends the mutual authentication failure information to the diagnostic instrument.
Step 313, the diagnostic device determines that the mutual authentication fails and stops the diagnosis.
And step 314, the electronic control unit refuses to execute the diagnosis operation corresponding to the diagnosis instruction.
In the embodiment of the present disclosure, when the diagnostic device determines the first bidirectional authentication information, the first session verification information, and the diagnostic device verification value, and the electronic control unit determines the second bidirectional authentication information, the second session verification information, and the control unit verification value, a specific algorithm of the cryptographic operation may be set according to an actual situation, for example, the same cryptographic SM4 algorithm may be used for the operation. Illustratively, the SM4 cryptographic algorithm is an iterative block cipher algorithm, and the specific algorithm is as follows: AUTH1 ═ SM4(KEY, R1 | R2 | R1 | R2) [0:4 ]; AUTH2 ═ SM4(KEY, R1 | R2 | R1 | R2) [4:8 ]; COUNT ═ SM4(KEY, R1 | R2 | R1 | R2) [8:12 ]; SKEY ═ SM4(KEY, R2 | R1 | R2 | R1); MAC is SM4(SKEY, DATA + COUNT + PADDING) [0:2], where "AUTH 1" denotes a first diagnostic instrument authentication code or a first control unit authentication code, "AUTH 2" denotes a second diagnostic instrument authentication code or a second control unit authentication code, "SKEY" denotes a diagnostic instrument session key or a control unit session key, "COUNT" denotes a diagnostic instrument counter value or a control unit counter value, and "MAC" denotes a diagnostic instrument verification value or a control unit verification value. "|" represents a byte string connection; "SM 4(a, b)" represents the cryptographic operation of the national cipher SM4, "a" represents the key involved in the operation, "b" represents the data to be encrypted, "b" must be an integer multiple of 16 in length; "S [ a: b ]" represents the bytes between a and b-1 of the truncated byte string S; "KEY" represents an authentication KEY preset in the diagnostic apparatus and the electronic control unit; "DATA" represents a DATA field in a diagnostic message (i.e., a diagnostic instruction); "PADDING" means data PADDING to make the input data satisfy the data length required for the algorithm operation of the cryptographic SM 4.
For example, fig. 4 is a schematic diagram of bidirectional authentication provided in an embodiment of the present disclosure, an authentication key issued by a key system is built in the electronic control unit in the vehicle and the diagnostic device during production, and the authentication key may be stored in a security chip for the purpose of security of the authentication key. Based on the preset authentication key, the diagnostic apparatus and the corresponding electronic control unit can complete bidirectional authentication.
Exemplarily, fig. 5 is a schematic diagram of a safety diagnosis provided in an embodiment of the present disclosure, which may specifically include: step 31, the diagnostic instrument initiates a security authentication request, which carries a random number R1. The diagnostic instrument sends a safety certification request to the electronic control unit, and 4-byte random number R1 is filled in the residual bytes of a Controller Area Network (CAN) frame data domain, so that the random number generated by the diagnostic instrument is increased in the step and is used for the subsequent verification code calculation, and the certification safety is improved. Step 32, the electronic control unit returns the random number R2. The random number R2 is also 4 bytes. Step 33, the diagnostic apparatus sends an authentication code AUTH 1. The diagnostic apparatus performs cryptographic operation on R1 and R2 by using a preset secret key to obtain authentication codes AUTH1, AUTH2, a session secret key SKEY and a counter COUNT, and sends the authentication code AUTH1 to the electronic control unit. The authentication code generated in the step solves the problem of bidirectional identity authentication between the diagnostic instrument and the electronic control unit, and the session key and the counter solve the authenticity and integrity verification and replay attack prevention of the subsequent diagnostic service message after the authentication is passed. Step 34, the electronic control unit returns the authentication result and the authentication code AUTH 2. The electronic control unit receives AUTH1, and performs cryptographic operation on R1 and R2 by using a preset secret key to obtain authentication codes AUTH1, AUTH2, a session key SKEY and a counter COUNT. And then verifying whether AUTH1 sent by the diagnostic instrument is correct, if so, returning an authentication passing mark and AUTH2, and otherwise, returning an authentication failure mark. And step 35, the diagnostic instrument sends a diagnostic instruction and the MAC value. The diagnostic instrument receives AUTH2 sent by the electronic control unit, verifies AUTH2 and continues to execute diagnostic operation if the verification is successful. Preparing the next diagnosis instruction, calculating the MAC value of the diagnosis instruction by using the session key SKEY and the counter COUNT, inserting the MAC value into the end of the diagnosis instruction, and sending the diagnosis instruction. And step 36, the electronic control unit carries out diagnosis instruction response. And after receiving the diagnosis message, the electronic control unit calculates the MAC value by using the session key SKEY and the counter COUNT, verifies the MAC value carried in the diagnosis instruction, executes the diagnosis operation corresponding to the diagnosis instruction if the MAC value is verified, and refuses to execute the diagnosis operation corresponding to the diagnosis instruction if the MAC value is verified.
In the embodiment of the disclosure, when the diagnostic apparatus sends the diagnostic instruction, it needs to perform bidirectional identity authentication with the electronic control unit, and may negotiate a session key after performing identity authentication by using a secure access authentication service and a random challenge response mode based on a symmetric algorithm. After the mutual authentication is passed, the electronic control unit enters an unlocking state, each diagnosis instruction continuously sent by the diagnosis instrument after the mutual authentication is passed is added with a message verification code (MAC value) which is obtained by a session key and a counter and participates in cryptographic operation, the electronic control unit firstly verifies the MAC value after receiving the diagnosis instruction, corresponding diagnosis operation is executed only after the verification is successful, and otherwise, no action is executed.
In the embodiment of the disclosure, a symmetric cryptographic algorithm and a random challenge response mechanism are adopted, and through optimization of a security access authentication service and modification of a diagnosis instruction, identity authentication of two communication parties in a period of a diagnosis session is realized, credible authentication of each message in the whole diagnosis process is ensured, and session hijacking and replay attack are prevented.
Fig. 6 is a schematic structural diagram of a safety diagnosis device for a vehicle, which may be implemented by software and/or hardware, may be generally integrated in an electronic device, and may perform a safety diagnosis on an electronic control unit of the vehicle by performing a safety diagnosis method for the vehicle according to an embodiment of the present disclosure. As shown in fig. 6, the apparatus is provided in a diagnostic instrument, and includes:
an authentication request sending module 401, configured to send a security authentication request to the electronic control unit;
a first authentication information module 402, configured to receive a control random number returned by the electronic control unit, and generate first bidirectional authentication information and first session verification information based on the control random number;
and a diagnosis control module 403, configured to send a diagnosis instruction to the electronic control unit for diagnosis based on the first session verification information if it is determined that the bidirectional authentication with the electronic control unit is successful based on the first bidirectional authentication information.
Optionally, the security authentication request further includes a diagnostic random number, and the first authentication information module 402 is specifically configured to:
and carrying out cryptographic operation on the control random number and the diagnosis random number by adopting a preset authentication key to generate the first bidirectional authentication information and the first session verification information.
Optionally, the first bidirectional authentication information includes a first diagnostic apparatus authentication code and a second diagnostic apparatus authentication code, and the first session verification information includes a diagnostic apparatus session key and a diagnostic apparatus counter value.
Optionally, the diagnosis control module 403 includes a first authentication unit, specifically configured to:
sending the first diagnostic instrument authentication code to the electronic control unit, so that the electronic control unit returns a second control unit authentication code after passing the authentication of the first diagnostic instrument authentication code based on the first control unit authentication code;
and if the second control unit authentication code is received and is the same as the second diagnostic instrument authentication code, determining that the two-way authentication with the electronic control unit is successful, and sending two-way authentication success information to the electronic control unit.
Optionally, the diagnostic control module 403 includes a first verification unit, specifically configured to:
performing cryptographic operation based on the diagnostic instrument session key and the diagnostic instrument counter value to determine a diagnostic instrument verification value;
and sending the diagnosis instruction to the electronic control unit after the diagnosis instrument verification value is added to the diagnosis instruction, so that the electronic control unit executes the diagnosis operation corresponding to the diagnosis instruction after the diagnosis instrument verification value is verified.
According to the safety diagnosis scheme of the vehicle, the diagnosis instrument sends the safety authentication request to the electronic control unit, receives the control random number returned by the electronic control unit, generates the first bidirectional authentication information and the first session verification information based on the control random number, and sends the diagnosis instruction to the electronic control unit for diagnosis based on the first session verification information if the bidirectional authentication with the electronic control unit is determined to be successful based on the first bidirectional authentication information. By adopting the technical scheme, the diagnostic instrument and the electronic control unit of the vehicle are added with session verification in the process of diagnosis session on the basis of mutual authentication, so that the session can be prevented from being hijacked and attacked again, and the safety of vehicle diagnosis is greatly improved.
Fig. 7 is a schematic structural diagram of another vehicle safety diagnosis apparatus provided in an embodiment of the present disclosure, which may be implemented by software and/or hardware, and may be generally integrated in an electronic device. As shown in fig. 7, the apparatus is provided in an electronic control unit, and includes:
an authentication request receiving module 501, configured to receive a security authentication request sent by a diagnostic apparatus;
a second authentication information module 502, configured to send a control random number to the diagnostic apparatus, and generate second bidirectional authentication information and second session verification information based on the control random number;
a diagnosis executing module 503, configured to receive a diagnosis instruction sent by the diagnostic apparatus if it is determined that the bidirectional authentication with the diagnostic apparatus is successful based on the second bidirectional authentication information, and execute a diagnosis operation corresponding to the diagnosis instruction based on the second session verification information.
Optionally, the second bidirectional authentication information includes a first control unit authentication code and a second control unit authentication code, and the second session verification information includes a control unit session key and a control unit counter value.
Optionally, the diagnosis performing module 503 includes a second authentication unit, specifically configured to:
receiving a first diagnostic instrument authentication code sent by the diagnostic instrument;
if the first control unit authentication code is the same as the first diagnostic instrument authentication code, returning the second control unit authentication code to the diagnostic instrument so that the diagnostic instrument returns bidirectional authentication success information after passing the authentication of the second control unit authentication code based on the second diagnostic instrument authentication code;
and if the bidirectional authentication success information is received, determining that the bidirectional authentication with the diagnostic instrument is successful.
Optionally, the diagnosis execution module 503 includes a second verification unit, specifically configured to:
performing cryptographic operation based on the control unit session key and the control unit counter value to determine a control unit verification value;
and if the control unit verification value is the same as the diagnostic instrument verification value in the diagnostic instruction, executing the diagnostic operation corresponding to the diagnostic instruction.
According to the safety diagnosis scheme of the vehicle, an electronic control unit receives a safety authentication request sent by a diagnosis instrument, sends a control random number to the diagnosis instrument, generates second bidirectional authentication information and second session verification information based on the control random number, receives a diagnosis instruction sent by the diagnosis instrument if the bidirectional authentication with the diagnosis instrument is determined to be successful based on the second bidirectional authentication information, and executes diagnosis operation corresponding to the diagnosis instruction based on the second session verification information. By adopting the technical scheme, the diagnostic instrument and the electronic control unit of the vehicle are added with session verification in the process of diagnosis session on the basis of mutual authentication, so that the session can be prevented from being hijacked and attacked again, and the safety of vehicle diagnosis is greatly improved.
Fig. 8 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure. As shown in fig. 8, the electronic device 600 includes one or more processors 601 and memory 602.
The processor 601 may be a Central Processing Unit (CPU) or other form of processing unit having data processing capabilities and/or instruction execution capabilities, and may control other components in the electronic device 600 to perform desired functions.
Memory 602 may include one or more computer program products that may include various forms of computer-readable storage media, such as volatile memory and/or non-volatile memory. The volatile memory may include, for example, Random Access Memory (RAM), cache memory (cache), and/or the like. The non-volatile memory may include, for example, Read Only Memory (ROM), hard disk, flash memory, etc. One or more computer program instructions may be stored on the computer readable storage medium and executed by the processor 601 to implement the vehicle safety diagnostic method of the embodiments of the present disclosure described above and/or other desired functions. Various contents such as an input signal, a signal component, a noise component, etc. may also be stored in the computer-readable storage medium.
In one example, the electronic device 600 may further include: an input device 603 and an output device 604, which are interconnected by a bus system and/or other form of connection mechanism (not shown).
The input device 603 may also include, for example, a keyboard, a mouse, and the like.
The output device 604 may output various information including the determined distance information, direction information, and the like to the outside. The output devices 604 may include, for example, a display, speakers, a printer, and a communication network and remote output devices connected thereto, among others.
Of course, for simplicity, only some of the components of the electronic device 600 relevant to the present disclosure are shown in fig. 8, omitting components such as buses, input/output interfaces, and the like. In addition, electronic device 600 may include any other suitable components depending on the particular application.
In addition to the above methods and apparatus, embodiments of the present disclosure may also be a computer program product comprising computer program instructions that, when executed by a processor, cause the processor to perform a safety diagnostic method of a vehicle as provided by embodiments of the present disclosure.
The computer program product may write program code for carrying out operations for embodiments of the present disclosure in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server.
Furthermore, embodiments of the present disclosure may also be a computer-readable storage medium having stored thereon computer program instructions that, when executed by a processor, cause the processor to perform a safety diagnostic method of a vehicle provided by embodiments of the present disclosure.
The computer-readable storage medium may take any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may include, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
It is noted that, in this document, relational terms such as "first" and "second," and the like, may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The foregoing are merely exemplary embodiments of the present disclosure, which enable those skilled in the art to understand or practice the present disclosure. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the disclosure. Thus, the present disclosure is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (11)

1. A safety diagnosis method of a vehicle is applied to a diagnosis instrument and comprises the following steps:
sending a security authentication request to the electronic control unit;
receiving a control random number returned by the electronic control unit, and generating first bidirectional authentication information and first session verification information based on the control random number;
if the bidirectional authentication with the electronic control unit is determined to be successful based on the first bidirectional authentication information, sending a diagnosis instruction to the electronic control unit for diagnosis based on the first session verification information;
the first session verification information comprises a diagnostic instrument session key and a diagnostic instrument counter value, and the step of sending a diagnostic instruction to the electronic control unit for diagnosis based on the first session verification information comprises the following steps:
performing cryptographic operation based on the diagnostic instrument session key and the diagnostic instrument counter value to determine a diagnostic instrument verification value;
and sending the diagnosis instruction to the electronic control unit after the diagnosis instrument verification value is added to the diagnosis instruction, so that the electronic control unit executes the diagnosis operation corresponding to the diagnosis instruction after the diagnosis instrument verification value is verified.
2. The method of claim 1, wherein the security authentication request further includes a diagnostic nonce, and wherein the generating the first bidirectional authentication information and the first session verification information based on the control nonce comprises:
and carrying out cryptographic operation on the control random number and the diagnosis random number by adopting a preset authentication key to generate the first bidirectional authentication information and the first session verification information.
3. The method of claim 1 or 2, wherein the first bi-directional authentication information comprises a first diagnostic instrument authentication code and a second diagnostic instrument authentication code.
4. The method of claim 3, wherein said determining that the mutual authentication with the electronic control unit is successful based on the first mutual authentication information comprises:
sending the first diagnostic instrument authentication code to the electronic control unit, so that the electronic control unit returns a second control unit authentication code after passing the authentication of the first diagnostic instrument authentication code based on the first control unit authentication code;
and if the second control unit authentication code is received and is the same as the second diagnostic instrument authentication code, determining that the two-way authentication with the electronic control unit is successful, and sending two-way authentication success information to the electronic control unit.
5. A safety diagnosis method for a vehicle, applied to an electronic control unit, includes:
receiving a safety certification request sent by a diagnostic instrument;
sending a control random number to the diagnostic instrument, and generating second bidirectional authentication information and second session verification information based on the control random number;
if the bidirectional authentication with the diagnostic apparatus is determined to be successful based on the second bidirectional authentication information, receiving a diagnostic instruction sent by the diagnostic apparatus, and executing a diagnostic operation corresponding to the diagnostic instruction based on the second session verification information;
the second session verification information includes a control unit session key and a control unit counter value, and the executing the diagnosis operation corresponding to the diagnosis instruction based on the second session verification information includes:
performing cryptographic operation based on the control unit session key and the control unit counter value to determine a control unit verification value;
and if the control unit verification value is the same as the diagnostic instrument verification value in the diagnostic instruction, executing the diagnostic operation corresponding to the diagnostic instruction.
6. The method of claim 5, wherein the second bi-directional authentication information comprises a first control unit authentication code and a second control unit authentication code.
7. The method of claim 6, wherein said determining that the bidirectional authentication with the diagnostic instrument is successful based on the second bidirectional authentication information comprises:
receiving a first diagnostic instrument authentication code sent by the diagnostic instrument;
if the first control unit authentication code is the same as the first diagnostic instrument authentication code, returning the second control unit authentication code to the diagnostic instrument so that the diagnostic instrument returns bidirectional authentication success information after passing the authentication of the second control unit authentication code based on the second diagnostic instrument authentication code;
and if the bidirectional authentication success information is received, determining that the bidirectional authentication with the diagnostic instrument is successful.
8. A safety diagnosis device for a vehicle, which is arranged in a diagnosis instrument, comprising:
the authentication request sending module is used for sending a security authentication request to the electronic control unit;
the first authentication information module is used for receiving a control random number returned by the electronic control unit and generating first bidirectional authentication information and first session verification information based on the control random number;
the diagnosis control module is used for sending a diagnosis instruction to the electronic control unit for diagnosis based on the first session verification information if the bidirectional authentication with the electronic control unit is determined to be successful based on the first bidirectional authentication information;
the diagnostic control module includes a first verification unit specifically configured to: performing cryptographic operation based on the diagnostic instrument session key and the diagnostic instrument counter value to determine a diagnostic instrument verification value; and sending the diagnosis instruction to the electronic control unit after the diagnosis instrument verification value is added to the diagnosis instruction, so that the electronic control unit executes the diagnosis operation corresponding to the diagnosis instruction after the diagnosis instrument verification value is verified.
9. A safety diagnosis device for a vehicle, which is arranged in an electronic control unit, is characterized by comprising:
the authentication request receiving module is used for receiving a safety authentication request sent by the diagnostic instrument;
the second authentication information module is used for sending a control random number to the diagnostic instrument and generating second bidirectional authentication information and second session verification information based on the control random number;
the diagnosis execution module is used for receiving a diagnosis instruction sent by the diagnosis instrument and executing diagnosis operation corresponding to the diagnosis instruction based on the second session verification information if the bidirectional authentication with the diagnosis instrument is determined to be successful based on the second bidirectional authentication information;
the diagnosis execution module comprises a second verification unit, and is specifically configured to: performing cryptographic operation based on the control unit session key and the control unit counter value to determine a control unit verification value; and if the control unit verification value is the same as the diagnostic instrument verification value in the diagnostic instruction, executing the diagnostic operation corresponding to the diagnostic instruction.
10. An electronic device, characterized in that the electronic device comprises:
a processor;
a memory for storing the processor-executable instructions;
the processor is used for reading the executable instructions from the memory and executing the instructions to realize the safety diagnosis method of the vehicle as claimed in any one of the claims 1 to 7.
11. A computer-readable storage medium, characterized in that the storage medium stores a computer program for executing the safety diagnosis method of a vehicle according to any one of claims 1 to 7.
CN202010587210.0A 2020-06-24 2020-06-24 Safety diagnosis method, device, equipment and medium for vehicle Active CN111813078B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010587210.0A CN111813078B (en) 2020-06-24 2020-06-24 Safety diagnosis method, device, equipment and medium for vehicle

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010587210.0A CN111813078B (en) 2020-06-24 2020-06-24 Safety diagnosis method, device, equipment and medium for vehicle

Publications (2)

Publication Number Publication Date
CN111813078A CN111813078A (en) 2020-10-23
CN111813078B true CN111813078B (en) 2021-04-06

Family

ID=72854979

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010587210.0A Active CN111813078B (en) 2020-06-24 2020-06-24 Safety diagnosis method, device, equipment and medium for vehicle

Country Status (1)

Country Link
CN (1) CN111813078B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112653559B (en) * 2021-01-04 2023-01-06 潍柴动力股份有限公司 Electric control unit starting method and device and storage medium
CN113625691B (en) * 2021-08-20 2023-04-07 深圳市元征科技股份有限公司 Vehicle diagnosis method, vehicle diagnosis equipment and vehicle gateway
CN114448684A (en) * 2022-01-12 2022-05-06 阿尔特汽车技术股份有限公司 Method and system for secure access

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107682334A (en) * 2017-09-30 2018-02-09 郑州信大捷安信息技术股份有限公司 A kind of OBD interface data security protection system and data security protection method
CN109714171A (en) * 2018-12-27 2019-05-03 百度在线网络技术(北京)有限公司 Safety protecting method, device, equipment and medium
CN110417808A (en) * 2019-08-08 2019-11-05 深圳市英博超算科技有限公司 Tamper resistant method, device, system and terminal
CN110691359A (en) * 2019-09-24 2020-01-14 中国电力科学研究院有限公司 Safety protection method for power marketing professional Bluetooth communication

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107682334A (en) * 2017-09-30 2018-02-09 郑州信大捷安信息技术股份有限公司 A kind of OBD interface data security protection system and data security protection method
CN109714171A (en) * 2018-12-27 2019-05-03 百度在线网络技术(北京)有限公司 Safety protecting method, device, equipment and medium
CN110417808A (en) * 2019-08-08 2019-11-05 深圳市英博超算科技有限公司 Tamper resistant method, device, system and terminal
CN110691359A (en) * 2019-09-24 2020-01-14 中国电力科学研究院有限公司 Safety protection method for power marketing professional Bluetooth communication

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
一种安全的射频识别双向认证协议;占善华;《计算机工程与应用》;20191231;第83-88、186页 *
基于双向认证和增强型IMC对TNC的改进;宋生宇;《通信技术》;20170831;第1776-1783页 *

Also Published As

Publication number Publication date
CN111813078A (en) 2020-10-23

Similar Documents

Publication Publication Date Title
CN111813078B (en) Safety diagnosis method, device, equipment and medium for vehicle
CN112073188B (en) Authentication method, device, equipment and computer readable storage medium
US20180270052A1 (en) Cryptographic key distribution
CN107358419A (en) Airborne Terminal pays method for authenticating, device and system
CN101291224A (en) Method and system for processing data in communication system
WO2020259169A1 (en) Authentication method, device, and system
EP3148152A1 (en) Cryptographic key distribution
CN112883382A (en) Vehicle flashing method, vehicle networking box, vehicle and storage medium
WO2023185492A1 (en) Diagnostic method and apparatus for a vehicle controller, device, and medium
CN111510448A (en) Communication encryption method, device and system in OTA (over the air) upgrade of automobile
CN114547586A (en) Vehicle-mounted bus message authentication key learning method and system and readable storage medium
CN113766450B (en) Vehicle virtual key sharing method, mobile terminal, server and vehicle
CN110752917A (en) Vehicle access control method, device and system
CN114726606B (en) User authentication method, client, gateway and authentication server
CN116155579A (en) Secure communication method, system, storage medium and vehicle
CN114117400A (en) Registration method, verification method, client device, sending card and display screen
JP4729457B2 (en) Automatic analyzer
CN110166452A (en) A kind of access control method and system based on JavaCard shared interface
GB2544175A (en) Cryptographic key distribution
JP2001357018A (en) Method and device for dynamic password authentication and recording medium with the method recorded thereon
CN116912985B (en) Door lock control method, device, system, equipment and medium based on dynamic password
CN115296813B (en) Identity authentication method and system for automobile Ethernet controller
WO2024016486A1 (en) Data transmission method and apparatus, device, and computer readable storage medium
WO2024098429A1 (en) Method for accessing service and related products
Bae Function-based connection protocol development and verification for secure communication in vehicle environment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant