CN115002168A

CN115002168A - Safety detection method for vehicle remote control and vehicle-mounted system

Info

Publication number: CN115002168A
Application number: CN202210904323.8A
Authority: CN
Inventors: 吴天海
Original assignee: Ningbo Joynext Technology Corp
Current assignee: Ningbo Joynext Technology Corp
Priority date: 2022-07-29
Filing date: 2022-07-29
Publication date: 2022-09-02

Abstract

The application discloses a safety detection method for vehicle remote control and a vehicle-mounted system, wherein the vehicle-mounted system comprises a main control module for data processing and function control of a vehicle, a hardware safety module for storing secret key information and an auxiliary control module for data safety control of the vehicle, and the main control module receives a remote control command from a remote background and sends the remote control command to the auxiliary control module; the auxiliary control module acquires key information and decrypts the remote control command from the hardware security module to acquire remote data information, wherein the remote data information comprises user information, a vehicle identification number and a control command identifier; the auxiliary control module judges whether the vehicle identification number is consistent with the vehicle and whether the remote control command is in the user authority; if the current state of the vehicle-mounted equipment is consistent with the current state of the vehicle-mounted equipment, the auxiliary control module or the main control module carries out first safety detection on the vehicle-mounted equipment function indicated by the control command identification to obtain a first detection result representing the initial running state of the equipment function; thereby enabling security detection based on accurate data.

Description

Safety detection method for vehicle remote control and vehicle-mounted system

Technical Field

The application relates to the field of vehicle control, in particular to a safety detection method for vehicle remote control and a vehicle-mounted system.

Background

With the rapid development of vehicle engineering technology, vehicle remote control technology is widely applied. At present, the most common vehicle remote control mode is that a remote control instruction is sent to a vehicle machine system installed in a vehicle through a control terminal such as a mobile phone APP, and after the identity authentication is successful, the vehicle machine system executes the received remote control instruction. Vehicle information security is the most important part of vehicle remote control.

At present, in order to ensure vehicle information safety, a control module in a vehicle machine system realizes vehicle data safety in a software encryption mode while performing a data processing function. However, when the vehicle data security is realized, the control module judges the control command only by judging the encrypted and decrypted control information through simple logic, and directly executes the control command after the decryption is successful, so that the vehicle-mounted machine system is easily attacked, and risks of data leakage and vehicle control exist.

Disclosure of Invention

The purpose of the application is: the safety detection method and the vehicle-mounted system for vehicle remote control are provided, so that accurate safety detection can be carried out on the basis of guaranteeing data safety.

The technical scheme of the application is as follows: in a first aspect, the present application provides a security detection method for vehicle remote control, which is applied to an on-board system, where the on-board system includes a main control module and a hardware security module, where the main control module is at least used for data processing and function control of a vehicle, the hardware security module is at least used for storing key information, the on-board system further includes an auxiliary control module, the auxiliary control module is at least used for vehicle data security control, and the method includes:

the main control module receives a remote control command from a far-end background and sends the remote control command to the auxiliary control module;

the auxiliary control module acquires key information from the hardware security module;

the auxiliary control module decrypts the remote control command based on the secret key information to obtain remote data information, wherein the remote data information comprises user information, a vehicle identification number and a control command identifier;

the auxiliary control module judges whether the vehicle identification number is consistent with the vehicle, and judges whether the remote control command is in the user authority based on the user information and the control command identification;

if the vehicle identification number is consistent with the vehicle and the remote control command is within the user authority, the auxiliary control module or the main control module performs corresponding first safety detection on the vehicle-mounted equipment function indicated by the control command identification to obtain a first detection result, and the first detection result is used for representing the initial operation state of the equipment function.

In a preferred embodiment, before the in-vehicle system further includes a network access module, the network access module is used for network access of the in-vehicle system, and the main control module receives a remote control command from a remote backend, and sends the remote control command to the auxiliary control module, the method further includes:

the auxiliary control module generates a secret key when the vehicle-mounted system is started;

the network access module judges whether the current network state of the vehicle-mounted system meets a preset condition or not;

if the current network state meets a preset condition, the auxiliary control module sends the secret key to the far-end background; the secret key is sent when the network state is stable, the success rate of sending the secret key is guaranteed, and the problem that the data safety efficiency is low due to the fact that the secret key is delayed when the network condition is poor is avoided.

In a preferred embodiment, an encryption and decryption unit is disposed in the secondary control module, and the secondary control module generates a key when the vehicle-mounted system is started, including:

the encryption and decryption unit generates a secret key when the vehicle-mounted system is started;

after the auxiliary control module generates a secret key when the vehicle-mounted system is started, the method further comprises the following steps:

the auxiliary control module sends the secret key to the hardware security module;

the hardware security module stores the secret key; the generation, the transmission and the storage of the secret key are separated, so that the data security control efficiency of the auxiliary module is improved, and the security of the secret key is guaranteed.

In a preferred embodiment, a safety detection unit is disposed in the auxiliary control module or the main control module, and the auxiliary control module or the main control module performs corresponding first safety detection on the vehicle-mounted device function indicated by the control command identifier to obtain a first detection result, including:

the safety detection unit inquires a vehicle-mounted equipment function corresponding to the control command identification from a locally stored control command list;

if the matching is successful, the safety detection unit acquires first detection data based on a sensor corresponding to the function of the vehicle-mounted equipment;

the safety detection unit obtains the first detection result based on the first detection data analysis;

if the matching fails, the safety detection unit records the remote control command into a risk log; safety detection is carried out on the functions of the vehicle-mounted equipment, and vehicle damage caused by the fact that the vehicle-mounted equipment is executed when the functions of the vehicle-mounted equipment are failed is avoided.

In a preferred embodiment, after the secondary control module or the primary control module performs corresponding first security detection on the device function indicated by the control command identifier to obtain a first detection result, the method further includes:

the safety detection unit periodically performs corresponding second safety detection on the vehicle-mounted equipment function to obtain a second detection result, and the second detection result is used for representing the real-time running state of the vehicle-mounted equipment function;

the main control module maintains or adjusts the operation of the functions of the vehicle-mounted equipment according to the second detection result; safety detection is regularly carried out in the function execution process of the vehicle-mounted equipment, and equipment damage and even safety accidents caused by the fact that the vehicle-mounted equipment is continuously executed after function operation faults are avoided.

In a preferred embodiment, the identifying, by the control command, that the indicated vehicle-mounted device function is an automatic parking function, and the acquiring, by the safety detection unit, first detection data based on a sensor corresponding to the vehicle-mounted device function includes:

the safety detection unit acquires initial picture data of the environment where the vehicle is located based on the vehicle-mounted camera corresponding to the automatic parking function;

the safety detection unit obtains the first detection result based on the first detection data analysis, and comprises:

the safety detection unit obtains a current parking environment detection result based on the initial picture data analysis;

the method further comprises the following steps:

if the current parking environment detection result is safe, the main control module executes the automatic parking function;

if the current parking environment detection result is unsafe, the main control module controls the vehicle to move to the next parking environment; parking is carried out when the parking environment is safe, and the parking environment is replaced when the parking environment is unsafe, so that the parking accident is avoided.

In a preferred embodiment, the periodically performing, by the security detection unit, a corresponding second security detection on the vehicle-mounted device function to obtain a second detection result includes:

the safety detection unit periodically acquires real-time picture data of the environment where the vehicle is located, which is transmitted by the vehicle-mounted camera;

the safety detection unit obtains a parking environment real-time detection result based on the real-time picture data analysis of the environment where the vehicle is located;

the main control module maintains or adjusts the operation of the functions of the vehicle-mounted equipment according to the second detection result, and the method comprises the following steps:

if the parking environment real-time detection result is safe, the main control module maintains the current running state of the functions of the vehicle-mounted equipment;

if the parking environment real-time detection result is unsafe, the main control module controls the vehicle to move to the next parking environment and sends a warning message to the user side through the remote background; the vehicle is moved after the parking environment is changed into the unsafe environment, so that accidents are avoided, and the user is warned through the far-end background, so that the user is prevented from being unable to find the vehicle after the parking place is changed.

In a preferred embodiment, the identifying, by the control command, that the indicated vehicle-mounted device function is to control the target vehicle-mounted device to warm to the target temperature, and the acquiring, by the safety detection unit, first detection data based on a sensor corresponding to the vehicle-mounted device function includes:

the safety detection unit acquires first temperature data based on a temperature sensor corresponding to the vehicle-mounted equipment function indicated by the control command identification;

the safety detection unit obtains a first detection result based on the first detection data analysis, and comprises:

the safety detection unit judges whether the first temperature data is consistent with the ambient temperature;

the method further comprises the following steps:

if the first detection result is consistent with the first detection result, the first detection result is determined to be safe, and the main control module executes the operation of controlling the temperature of the target vehicle-mounted equipment to be controlled to the target temperature;

if not, determining that the first detection result is unsafe, and the main control module does not execute the operation of controlling the temperature of the target vehicle-mounted equipment to reach the target temperature; and the vehicle-mounted equipment is controlled to be heated to the target temperature under the condition that the first detection result is safe, so that the vehicle energy is prevented from being wasted and safety accidents are avoided.

In a preferred embodiment, the periodically performing, by the safety detection unit, a corresponding second safety detection on the vehicle-mounted device function to obtain a second detection result includes:

the safety detection unit periodically acquires second temperature data transmitted by the temperature sensor, wherein the second temperature data is real-time temperature detection data of the temperature sensor;

the safety detection unit judges whether the difference value between the second temperature data and the target temperature is within a preset threshold range;

if so, determining that the second detection result is safe, and maintaining the current operation state of the functions of the vehicle-mounted equipment by the main control module;

if not, determining that the second detection result is unsafe, and stopping executing the operation of controlling the temperature of the target vehicle-mounted equipment to be controlled to the target temperature by the main control module; safety detection is carried out in the operation process of the heating equipment, safety accidents such as fire hazard and the like caused by continuous heating after heating faults are avoided, and energy waste caused by invalid heating is avoided.

In a second aspect, the present application further provides an on-board system, comprising a main control module and a hardware security module, wherein the main control module is at least used for data processing and function control of a vehicle, and the hardware security module is at least used for storing key information, wherein the on-board system further comprises an auxiliary control module, the auxiliary control module is at least used for data security control of the vehicle, wherein,

the main control module is used for receiving a remote control command from a far-end background and sending the remote control command to the auxiliary control module;

the auxiliary control module is used for acquiring secret key information from the hardware security module; decrypting the remote control command based on the key information to obtain remote data information, wherein the remote data information comprises user information, a vehicle identification number and a control command identifier; judging whether the vehicle identification number is consistent with the vehicle, and judging whether the remote control command is in user authority or not based on the user information and the control command identification;

if the vehicle identification number is consistent with the vehicle and the remote control command is within the user authority, the auxiliary control module or the main control module is further used for carrying out corresponding first safety detection on the vehicle-mounted equipment function indicated by the control command identification to obtain a first detection result, and the first detection result is used for representing the initial operation state of the equipment function.

The application has the advantages that: the method is applied to a vehicle-mounted system, the vehicle-mounted system comprises a main control module and a hardware safety module, wherein the main control module is at least used for data processing and function control of a vehicle, the hardware safety module is at least used for storing secret key information, the vehicle-mounted system further comprises an auxiliary control module, the auxiliary control module is at least used for vehicle data safety control, and the method comprises the following steps: the main control module receives a remote control command from a far-end background and sends the remote control command to the auxiliary control module; the auxiliary control module acquires key information from the hardware security module; the auxiliary control module decrypts the remote control command based on the secret key information to obtain remote data information, wherein the remote data information comprises user information, a vehicle identification number and a control command identifier; the auxiliary control module judges whether the vehicle identification number is consistent with the vehicle, and judges whether the remote control command is in the user authority based on the user information and the control command identification; if the vehicle identification number is consistent with the vehicle and the remote control command is within the user authority, the auxiliary control module or the main control module performs corresponding first safety detection on the vehicle-mounted equipment function indicated by the control command identification to obtain a first detection result, wherein the first detection result is used for representing the initial running state of the equipment function; this application sets up the supplementary control module who is used for vehicle data safety control outside main control module and hardware security module alone, main control module receives after the remote control order from the distal end backstage and conveys it to supplementary control module, by supplementary control module to remote control order decipher and authentication processing, pass through after the authentication and assist control module or main control module to carry out safety inspection with the operating condition of confirming the equipment function to the mobile unit function that remote control order instructed, supplementary control module is responsible for data safety alone, combine the authentication mode that vehicle identification number and user information combine to carry out safety inspection on the basis of guarantee data safety, effectively improve the accuracy that detects. In addition, safety detection is carried out before the remote control command is executed, so that the damage to the vehicle or the occurrence of safety accidents caused by the execution of vehicle function operation under the condition that the vehicle function is unsafe can be effectively avoided.

Drawings

In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.

Fig. 1 is a schematic architecture diagram of a vehicle-mounted system according to an embodiment of the present application;

fig. 2 is a first flowchart of a safety detection method for a vehicle remote control according to a second embodiment of the present application;

fig. 3 is a second flowchart of a safety detection method for a vehicle remote control according to a second embodiment of the present application;

fig. 4 is an architecture diagram of a vehicle-mounted terminal according to a fourth embodiment of the present application.

Detailed Description

In order to make the purpose, technical solutions and advantages of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.

As described in the background art, in the prior art, a vehicle uses a control module in a vehicle-mounted device system to receive a remote control instruction sent by a remote background, the control module obtains and executes the remote control instruction in a software encryption manner while executing a data processing function of the vehicle, and the control module executes both data processing and obtaining, decrypting and executing of the remote control instruction, so that data is easily leaked, the vehicle-mounted device system is easily attacked, and the vehicle is controlled by an error. Moreover, only the control command is encrypted and decrypted, when the remote command is wrong, the vehicle-mounted computer system is difficult to distinguish, and if an unauthorized third-party control command is received, the corresponding function failure of the vehicle end can be caused, the vehicle is damaged, and the user experience is poor.

In order to solve the above problems, the present application creatively provides a safety detection method for vehicle remote control and a vehicle-mounted system, wherein an auxiliary control module is separately arranged outside a main control module in charge of vehicle-mounted device function control in the vehicle-mounted system for data safety control, the main control module receives a remote control command transmitted by a far-end background and then transmits the remote control command to the auxiliary control module, the auxiliary control module decrypts the remote control command to obtain user information, a vehicle identification number and a control command identifier, the auxiliary control module performs feature matching on the vehicle identification number, judges whether the remote control command is the same as the vehicle, authenticates the user information and the control command identifier, judges whether the user has a control command authority corresponding to the control command identifier, and judges whether the remote control command is the command of the vehicle or not, whether the user sending the control command has the control authority or not in combination with the control command, after the feature matching and the authentication all pass through, the main control module or the auxiliary control module performs authentication on the control command authority indicated by the control command identifier The shown vehicle-mounted equipment function carries out corresponding first safety detection to obtain a first detection result representing the initial operation state of the vehicle-mounted equipment function. Therefore, the main control module performs corresponding control operation according to the first detection result, the main control module is effectively prevented from executing a control command which is not corresponding to the vehicle and does not have authority, the main control module is prevented from executing the control command under the condition that the vehicle function is in risk, the safety of remote control is effectively improved, and the user experience is improved. The embodiments of the present application will be described in detail below with reference to the drawings and various embodiments.

The first embodiment is as follows: the present embodiment introduces the architecture of the in-vehicle system in the present application.

The vehicle is provided with an on-board system, and the on-board system comprises a main control Module and a Hardware Security Module (HSM). The vehicle-mounted system further comprises an auxiliary control module independent of the main control module and the hardware safety module, and the auxiliary control module is at least used for vehicle data safety control. The vehicle-mounted system also comprises a network access module, and the network access module is used for network access of the vehicle-mounted system. The Network Access module may be a Network Access Device (NAD) or a wireless communication module, which is not limited in this embodiment. The architecture of the vehicle-mounted system of the present application may be set according to fig. 1 (a) or fig. 1 (b), and of course, the present application may also be applied to architectures of other vehicle-mounted systems, and the present application is not limited thereto. As shown in fig. 1, an encryption/decryption unit may be disposed in the auxiliary control module for performing encryption/decryption operations on data. In addition, a safety detection unit can be arranged in the vehicle-mounted system and used for carrying out safety detection on the functions of the vehicle-mounted equipment. Specifically, the safety detection unit may be provided in the main control module, as shown with reference to fig. 1 (a); alternatively, the safety detection unit may be provided in the sub control module, as shown in fig. 1 (b).

In an example, the vehicle-mounted System may include a vehicle-mounted machine System, the main control module may be a System on a Chip (SOC) and/or a Micro Controller Unit (MCU), the auxiliary control module may be an SOC and/or an MCU other than the main control module, the hardware security module may be an HSM disposed in the vehicle-mounted machine System, and the network access module may be an NAD disposed in the vehicle-mounted machine System.

In another example, the vehicle-mounted system may include a vehicle-mounted system and a remote terminal (T-BOX), the main control module may be an SOC and/or an MCU, the auxiliary control module may be an SOC and/or an MCU other than the main control module, the hardware security module may be an HSM disposed in the T-BOX, and the network access module may be an NAD disposed in the T-BOX.

After the vehicle is started, the vehicle-mounted terminal is started, a vehicle-mounted system installed in the vehicle-mounted terminal is started, an encryption and decryption unit in the auxiliary control module generates a key and sends the generated key to the hardware security module for storage, wherein the key can be used for data encryption by adopting a symmetric encryption mode (for example, AES + based 64) or an asymmetric encryption mode. The network access module is accessed to a network and judges whether the current network state meets the requirement of sending the secret key or not, if the current network state meets the requirement of sending the secret key, the auxiliary control module sends the secret key to a remote background, and if the network state does not meet the requirement of sending the secret key, the network state is monitored in real time until the network state meets the requirement of sending the secret key. Specifically, when the secret key is asymmetrically encrypted, for example, when RSA + based64 is used for data encryption, the encryption and decryption unit in the auxiliary control module generates a pair of public and private keys (a first public key and a first private key), and after the network access module determines that the current network state of the vehicle-mounted system meets the requirement for sending the secret key, the first public key is sent to the remote background, and the first private key is sent to the hardware security module for storage. The remote background successfully receives the first public key and then stores the first public key to generate a paired second public key and a paired second private key, the remote background returns a first response message to the auxiliary control module, the first response message carries the second public key encrypted by the first public key, the auxiliary control module receives the first response message returned by the remote background and then obtains the first private key from the hardware security module to decrypt the first private key to obtain the second public key and stores the second public key into the hardware security module, the auxiliary control module sends the second response message to the remote background, the second response message is encrypted by the second public key, the remote background receives the second response message and then shows that the secret key transmission is completed, and RSA + based64 is only used for encoding and decoding to ensure the integrity of data transmission.

After the auxiliary control module sends the secret key to the far-end background, the auxiliary control module waits for receiving the secret key receiving response message returned by the far-end background and checks the secret key receiving response message to confirm that the far-end background successfully receives the secret key, if the secret key receiving response message is not received after a preset time period, the step of generating the secret key is returned, the secret key is stored in the hardware security module after the step of generating the secret key is returned, and the stored secret key is replaced by the newly generated secret key. The main control module receives a remote control command sent by a far-end background and sends the remote control command to the auxiliary control module. The auxiliary control module obtains the secret key information from the hardware security module after receiving the remote control command, and the encryption and decryption unit decrypts the remote control command based on the secret key information stored in the hardware security module to obtain remote data information, wherein the remote data information comprises user information, a vehicle identification number and a control command identifier. The auxiliary control module performs feature matching by using the vehicle identification number, performs authentication processing on the user information, records a risk information log if the matching is wrong or the authentication is not passed, and discards the remote data information; if the matching and the authentication are both passed, a safety detection unit arranged in the main control module or the auxiliary control module carries out first safety detection on the vehicle-mounted equipment function indicated by the control command identification to obtain a first detection result, the first detection result is used for representing the initial operation state of the vehicle-mounted equipment function, if the initial operation state is safe, the main control module executes the vehicle-mounted equipment function indicated by the control command identification, and if the initial operation state is unsafe, the main control module does not execute the vehicle-mounted equipment function indicated by the control command identification.

When the initial operation state of the vehicle-mounted equipment function represented by the first detection result is safe, after the main control module executes the vehicle-mounted equipment function indicated by the control command, the safety detection unit also periodically performs second safety detection on the vehicle-mounted equipment function indicated by the control command identification to obtain a second detection result, wherein the second detection result is used for representing the real-time operation state of the vehicle-mounted equipment function, if the real-time operation state is safe, the main control module maintains the operation of the vehicle-mounted equipment function, and if the real-time operation state is unsafe, the main control module immediately adjusts the operation of the vehicle-mounted equipment function, so that the vehicle damage or safety accidents caused by the fact that the vehicle-mounted equipment function is still executed under the condition that the vehicle-mounted equipment function is unsafe are effectively avoided.

The second embodiment: based on the architecture of the vehicle-mounted system described in the first embodiment, the present embodiment describes a safety detection process of vehicle remote control in the present application with reference to fig. 2 to 3.

Specifically, referring to fig. 2 to 3, a vehicle performs a safety detection process of vehicle remote control based on the safety detection method of vehicle remote control disclosed by the present application, including:

S2A0, the auxiliary control module generates a secret key and sends the secret key to a remote background, and the method comprises the following steps:

S2A0-1, the auxiliary control module generates a secret key when the vehicle-mounted system is started.

Specifically, after the vehicle is started, the vehicle-mounted system is started, and the auxiliary control module generates the secret key.

Preferably, the auxiliary control module is provided with an encryption and decryption unit, and the secret key is generated by the encryption and decryption unit when the vehicle-mounted system is started. After the encryption and decryption unit generates the secret key, the auxiliary control module sends the secret key to the hardware security module, and the secret key is stored by the hardware security module.

S2A0-2, the network access module judges whether the current network state of the vehicle-mounted system meets the preset condition; if yes, the process goes to S2A0-3 and starts timing.

Specifically, the vehicle-mounted system is automatically connected with the network after being started, the auxiliary control module generates a secret key and stores the secret key by the hardware security module, the network access module judges whether the current network state meets the requirement of sending the secret key, if so, the vehicle-mounted system enters S2A0-3, and if not, the vehicle-mounted system monitors the current network state in real time until the current network state meets the requirement of sending the secret key.

And S2A0-3, the auxiliary control module sends the secret key to the remote background.

Specifically, when the network state meets the requirement of sending the secret key, the auxiliary control module sends the secret key to the far-end background. In this embodiment, the key is AES + based64 for data encryption.

And S2A0-4, judging whether a key receiving response message returned by the far-end background is received or not after the preset time period is timed.

Specifically, the auxiliary control module starts timing after sending the secret key to the far-end background, and waits for the secret key returned by the far-end background to receive the response message. Illustratively, the auxiliary control module determines whether a key receiving message returned by the remote background is received or not after the key is sent and the time is counted for 5 minutes, if so, the auxiliary control module verifies the message returned by the remote background, if the verification is successful, the remote background successfully receives the key, if the verification is failed, the auxiliary control module returns to the step S2a0-1 to regenerate the key, because the key is regenerated, the key generated by the encryption and decryption unit when the vehicle machine system is started is stored in the hardware security module, and at this time, the stored key is replaced by the regenerated key.

If the key reception response message returned by the remote background is not received after the preset time period, the procedure returns to step S2a0-1 to regenerate the key and store it, and in the same way, the stored key is replaced with the regenerated key.

S210, the main control module receives a remote control command from a far-end background and sends the remote control command to the auxiliary control module.

Specifically, the main control module receives a remote control command from the remote background, where the remote control command is remote data information encrypted by the remote background based on a key successfully received by the remote background. The main control module is communicated with the far-end background, and sends the remote control command to the auxiliary control module which is in charge of vehicle data safety control for processing after receiving the remote control command.

S220, the auxiliary control module acquires the secret key information from the hardware security module.

Specifically, the latest key information is stored in the hardware security module, the key information is acquired from the hardware security module in the auxiliary control module, and the encryption and decryption unit decrypts the remote control command by using the key information acquired from the hardware security module.

And S230, the auxiliary control module decrypts the remote control command based on the secret key information to obtain remote data information, wherein the remote data information comprises user information, a vehicle identification number and a control command identifier.

Specifically, the user information may be information capable of uniquely identifying the user, such as a user name, a user identifier, or a user code, which is not limited in this embodiment. The vehicle-mounted system locally stores a control command list, the control command list stores control command identifications and control commands corresponding to the control command identifications, for example, the control command identifications 001, 002 and 003 … … 010 are stored in the control command list, the control command corresponding to 001 is to heat the seat to 22 ℃, the control command corresponding to 002 is to heat the seat to 26 ℃ and the control command corresponding to 003 is to automatically park … …

S240, the auxiliary control module judges whether the vehicle identification number is consistent with the vehicle, and judges whether the remote control command is in the user authority based on the user information and the control command identification.

Specifically, whether the vehicle identification number is the vehicle identification number of the vehicle is judged, one vehicle corresponds to one vehicle identification number, the vehicle identification number has uniqueness, and the auxiliary control module judges whether the remote control command is the remote control command for the vehicle according to the feature matching of the vehicle identification number.

The vehicle-mounted system is locally stored with a user authority list, one vehicle corresponds to one or more users, each user has a corresponding control authority, each user information and a control command authority corresponding to each user information are stored in the user authority list, and the control commands are stored in a control command identification mode. If the vehicle identification number is not consistent with the vehicle, or the remote control command is not in the user authority, the remote control command is a risk command, the remote control command is recorded in a risk log, and the remote data information is discarded. If the vehicle identification number is consistent with the vehicle and the remote control command is within the user authority, the process goes to S250.

Illustratively, the user authority list stores two users corresponding to the vehicle: the user a and the user B have control command identifications 001-. The remote data information received by the auxiliary control module comprises the following information: and if the vehicle identification number and the users B and 005 are in the user authority list and the user B corresponds to the authority, the characteristic matching and the user authentication are passed, and if the vehicle identification number and the users B and 005 are not in the authority corresponding to the user B, the remote control command is recorded into a risk log and the remote data information is discarded.

And S250, the auxiliary control module or the main control module performs corresponding first safety detection on the vehicle-mounted equipment function indicated by the control command identification to obtain a first detection result, and the first detection result is used for representing the initial operation state of the vehicle-mounted equipment function.

Specifically, a safety detection unit is arranged in the auxiliary control module or the main control module, after the auxiliary control module is matched with the vehicle identification number and the user passes the authentication, the safety detection unit carries out a first safety detection result on the vehicle-mounted equipment function indicated by the control command identification, whether the initial operation state of the vehicle-mounted equipment function is safe or not is judged, if yes, the main control module executes the vehicle-mounted equipment function, and if not, the vehicle-mounted equipment function is not executed, so that the vehicle damage or the safety accident caused by the execution of the vehicle-mounted equipment function under the condition that the vehicle-mounted equipment function is unsafe is avoided.

The method comprises the following steps:

and S251, the safety detection unit inquires the vehicle-mounted equipment function corresponding to the matched control command identifier from the locally stored control command list. If the matching is successful, the step S252 is entered; if the matching fails, the process proceeds to S254.

Illustratively, the control command identifications include 001 and 002, and the vehicle-mounted device function corresponding to 001 in the control command list corresponding to the current user information is searched and matched from the locally stored control command list, namely the seat is heated to 22 ℃, and the vehicle-mounted device function corresponding to 002 is the air-conditioning heating temperature of 26 ℃, so that the matching is successful. In another example, the control command identifier includes 011, and if the control command list corresponding to the current user information is not found to be matched in the query in the locally stored control command list, the matching fails.

The safety detection unit is used for carrying out safety detection on the initial running states of the seat heating equipment and the air conditioner and acquiring the sensing data of the temperature sensors in the seat and the air conditioner.

And S252, the safety detection unit acquires first detection data based on the sensor corresponding to the vehicle-mounted equipment function.

In one example, the control command identifier includes 001, in S251, the safety detection unit queries, from the locally stored control command list, that the vehicle-mounted device function corresponding to 001 in the control command list corresponding to the current user information is to heat the seat to 22 ℃, and if the matching is successful, the safety detection unit obtains the first temperature data based on the temperature sensor corresponding to the seat heating function.

In another example, the control command identifier includes 002, in S251, the safety detection unit queries, from the locally stored control command list, that the vehicle-mounted device function corresponding to 002 in the control command list corresponding to the current user information is the air-conditioning heating temperature of 26 ℃, and if the matching is successful, the safety detection unit obtains the first temperature data based on the temperature sensor corresponding to the air-conditioning heating temperature of 26 ℃.

In another example, the control command identifier includes 003, in S251, the security detection unit queries, from the locally stored control command list, that the in-vehicle device function corresponding to 003 in the control command list corresponding to the current user information is auto parking, and if the matching is successful, the security detection unit obtains initial picture data of the environment where the host vehicle is located based on the in-vehicle camera corresponding to the auto parking function.

And S253, the safety detection unit obtains a first detection result based on the first detection data analysis.

The first detection result indicates an initial operation state of the in-vehicle apparatus function.

In one example, the first detection data is first temperature data acquired by a temperature sensor corresponding to a function of heating the seat to 22 ℃, and the safety detection unit judges whether the first temperature data is consistent with the ambient temperature; if the first detection result is consistent with the second detection result, the first detection result is determined to be safe, and the main control module executes the operation of heating the seat;

if not, the first detection result is determined to be unsafe, and the main control module does not execute the operation of heating the seat.

In another example, the first detection data is first temperature data acquired by a temperature sensor corresponding to the air-conditioning temperature of 26 ℃, and the safety detection unit judges whether the first temperature data is consistent with the ambient temperature; if the first detection result is consistent with the second detection result, the first detection result is determined to be safe, and the main control module executes the operation of heating the air conditioner to 26 ℃;

if not, the first detection result is determined to be unsafe, and the main control module does not execute the operation of heating the air conditioner to 26 ℃.

In yet another example, the first detection data is initial picture data of an environment where the host vehicle is located, and the safety detection unit obtains a current parking environment detection result based on analysis of the initial picture data of the environment where the host vehicle is located. If the current parking environment detection result is safe, the main control module executes an automatic parking function;

and if the current parking environment detection result is unsafe, the main control module controls the vehicle to move to the next parking environment.

And S254, the safety detection unit records the remote control command into a risk log.

And S2B0-1, the safety detection unit periodically performs corresponding second safety detection on the vehicle-mounted equipment function to obtain a second detection result, and the second detection result is used for representing the real-time operation state of the vehicle-mounted equipment function.

In one example, the in-vehicle device function is to heat the seat to 22 ℃, this step comprising:

the safety detection unit periodically acquires second temperature data transmitted by a temperature sensor corresponding to the function of heating the seat to 22 ℃, wherein the second temperature data is real-time temperature detection data of the temperature sensor corresponding to the function of heating the seat to 22 ℃;

the safety detection unit judges whether the difference value between the second temperature data and the target temperature of 22 ℃ is within a preset threshold range; if so, determining that the second detection result is safe; if not, determining that the second detection result is unsafe.

In another example, the vehicle-mounted equipment functions as an air conditioner heating temperature of 26 ℃, and the step comprises the following steps:

the safety detection unit periodically acquires second temperature data transmitted by a temperature sensor corresponding to the 26 ℃ air-conditioning temperature function, wherein the second temperature data is real-time temperature detection data of the temperature sensor corresponding to the 26 ℃ air-conditioning temperature function;

the safety detection unit judges whether the difference value between the second temperature data and the target temperature at 26 ℃ is within a preset threshold range; if so, determining that the second detection result is safe; if not, determining that the second detection result is unsafe.

In yet another example, the in-vehicle device functions as an automatic parking, and the step includes:

and the safety detection unit obtains a parking environment real-time detection result based on the real-time picture data analysis of the environment where the vehicle is located.

And S2B0-2, the main control module maintains or adjusts the operation of the functions of the vehicle-mounted equipment according to the second detection result.

In one example, the in-vehicle device functions to heat the seat to 22 ℃, this step includes: if the second detection result is safe, the main control module maintains the operation state of heating the seat to 22 ℃;

if the second detection result is unsafe, the main control module stops heating the seat to 22 ℃.

if the second detection result is safe, the main control module maintains the operation of the air conditioner heating function at 26 ℃;

if the second detection result is unsafe, the main control module stops executing the operation of heating the air conditioner to 26 ℃.

and if the real-time parking environment detection result is unsafe, the main control module controls the vehicle to move to the next parking environment and sends a warning message to the user side through the remote background.

Example three: in correspondence with the first to second embodiments, the vehicle-mounted system provided by the present application will be described below. The system may be implemented by hardware or software, or by a combination of hardware and software, and the present application is not limited thereto.

In one example, the present application provides an in-vehicle system comprising a primary control module for at least data processing and functional control of a vehicle, and a hardware security module for at least storing key information, and a secondary control module for at least data security of the vehicle, wherein,

if the vehicle identification number is consistent with the vehicle and the remote control command is within the user authority, the auxiliary control module or the main control module is further used for carrying out corresponding first safety detection on the vehicle-mounted equipment function indicated by the control command identification to obtain a first detection result, and the first detection result is used for representing the initial operation state of the vehicle-mounted equipment function.

Preferably, the vehicle-mounted system further comprises a network access module, and the network access module is used for network access of the vehicle-mounted system; before the main control module sends a remote control command from a remote background fund to the auxiliary control module, the auxiliary control module is also used for generating a secret key when the vehicle-mounted system is started; the network access module is also used for judging whether the current network state of the vehicle-mounted system meets a preset condition or not;

and if the current network state meets a preset condition, the auxiliary control module is further used for sending the secret key to the far-end background.

More preferably, an encryption and decryption unit is arranged in the auxiliary control module, and the encryption and decryption unit is used for generating a secret key when the vehicle-mounted system is started;

after the auxiliary control module generates a secret key when the vehicle-mounted system is started, the auxiliary control module is further used for sending the secret key to the hardware security module;

the hardware security module is used for storing the secret key.

Preferably, a safety detection unit is arranged in the auxiliary control module or the main control module, and the safety detection unit is used for inquiring the vehicle-mounted device function corresponding to the control command identifier from a locally stored control command list;

if the matching is successful, the safety detection unit is further used for acquiring first detection data based on a sensor corresponding to the function of the vehicle-mounted equipment;

the safety detection unit is also used for analyzing and obtaining the first detection result based on the first detection data;

and if the matching fails, the safety detection unit is also used for recording the remote control command into a risk log.

More preferably, after the auxiliary control module or the main control module performs corresponding first safety detection on the device function indicated by the control command identifier to obtain a first detection result, the safety detection unit is further configured to periodically perform corresponding second safety detection on the vehicle-mounted device function to obtain a second detection result, where the second detection result is used to indicate a real-time operation state of the vehicle-mounted device function;

and the main control module is also used for maintaining or adjusting the operation of the functions of the vehicle-mounted equipment according to the second detection result.

More preferably, the function of the vehicle-mounted device indicated by the control command identifier is an automatic parking function, and the safety detection unit is configured to obtain initial picture data of an environment where the vehicle is located based on a vehicle-mounted camera corresponding to the automatic parking function;

the safety detection unit is also used for obtaining a current parking environment detection result based on the initial picture data analysis;

if the current parking environment detection result is safe, the main control module is also used for executing the automatic parking function;

and if the current parking environment detection result is unsafe, the main control module is also used for controlling the vehicle to move to the next parking environment.

More preferably, the safety detection unit is further configured to periodically acquire real-time picture data of an environment where the vehicle is located, which is transmitted by the vehicle-mounted camera;

the safety detection unit is also used for analyzing real-time picture data of the environment where the vehicle is located to obtain a parking environment real-time detection result;

if the real-time detection result of the parking environment is safe, the main control module is also used for maintaining the current running state of the functions of the vehicle-mounted equipment;

and if the real-time parking environment detection result is unsafe, the main control module is further used for controlling the vehicle to move to the next parking environment and sending a warning message to the user side through the remote background.

More preferably, the control command identifies that the indicated vehicle-mounted device function is to control the target vehicle-mounted device to warm up to the target temperature,

the safety detection unit is further used for acquiring first temperature data based on the temperature sensor corresponding to the vehicle-mounted equipment function indicated by the control command identification;

the safety detection unit is also used for judging whether the first temperature data is consistent with the ambient temperature;

if the first detection result is consistent with the second detection result, the first detection result is determined to be safe, and the main control module is further used for executing the operation of controlling the temperature of the target vehicle-mounted equipment to be controlled to the target temperature;

and if the temperature of the target vehicle-mounted equipment is not consistent with the target temperature, determining that the first detection result is unsafe, and not executing the operation of controlling the temperature of the target vehicle-mounted equipment to be controlled to the target temperature by the main control module.

More preferably, the safety detection is further used for periodically acquiring second temperature data transmitted by the temperature sensor by the unit, and the second temperature data is real-time temperature detection data of the temperature sensor;

the safety detection unit is further used for judging whether the difference value between the second temperature data and the target temperature is within a preset threshold range;

if so, determining that the second detection result is safe, and the main control module is further used for maintaining the current operation state of the functions of the vehicle-mounted equipment;

and if not, determining that the second detection result is unsafe, and stopping executing the operation of controlling the temperature of the target vehicle-mounted equipment to be controlled to the target temperature by the main control module.

Example four: corresponding to the three phases of the first to third embodiments, the vehicle-mounted terminal provided by the present application will be described with reference to fig. 4. As shown in fig. 4 in one example, the present application provides a vehicle-mounted terminal including:

one or more processors;

and memory associated with the one or more processors for storing program instructions that, when read and executed by the one or more processors, perform operations comprising:

the auxiliary control module judges whether the vehicle identification number is consistent with the vehicle, and judges whether the remote control command is in the user authority based on the user information and the control command identification number;

if the vehicle identification number is consistent with the vehicle and the remote control command is within the user authority, the auxiliary control module or the main control module performs corresponding first safety detection on the vehicle-mounted equipment function indicated by the control command identification to obtain a first detection result, and the first detection result is used for representing the initial operation state of the vehicle-mounted equipment function.

When the program instructions are read and executed by the one or more processors, operations corresponding to the steps in the foregoing method embodiments may also be executed, which may refer to the above description and are not described herein again. Referring to fig. 4, an exemplary architecture of a vehicle-mounted terminal is shown, which may specifically include a processor 410, a video display adapter 411, a disk drive 412, an input/output interface 413, a network interface 414, and a memory 420. The processor 410, the video display adapter 411, the disk drive 412, the input/output interface 413, the network interface 414, and the memory 420 may be communicatively connected by a communication bus 430.

The processor 410 may be implemented by a general Central Processing Unit (CPU), a microprocessor, an Application Specific Integrated Circuit (ASIC), or one or more Integrated circuits, and is configured to execute related programs to implement the technical solution provided in the present Application.

The Memory 420 may be implemented in the form of a Read Only Memory (ROM), a Random Access Memory (RAM), a static storage device, a dynamic storage device, or the like. The memory 420 may store an operating system 421 for controlling the operation of the in-vehicle terminal 400, and a Basic Input Output System (BIOS)422 for controlling low-level operations of the in-vehicle terminal 400. In addition, a web browser 423, a data storage management 424, and an icon font processing system 425, and the like, may also be stored. The icon font processing system 425 may be an application program that implements the operations of the foregoing steps in this embodiment of the application. In summary, when the technical solution provided in the present application is implemented by software or firmware, the relevant program code is stored in the memory 420 and called to be executed by the processor 410.

The input/output interface 413 is used for connecting an input/output module to realize information input and output. The i/o module may be configured as a component in a device (not shown) or may be external to the device to provide a corresponding function. The input devices may include a keyboard, a mouse, a touch screen, a microphone, various sensors, etc., and the output devices may include a display, a speaker, a vibrator, an indicator light, etc.

The network interface 414 is used to connect a communication module (not shown in the figure) to implement communication interaction between the present device and other devices. The communication module can realize communication in a wired mode (such as USB, network cable and the like) and also can realize communication in a wireless mode (such as mobile network, WIFI, Bluetooth and the like).

Bus 430 includes a path that transfers information between the various components of the device, such as processor 410, video display adapter 411, disk drive 412, input/output interface 413, network interface 414, and memory 420.

In addition, the in-vehicle terminal 400 may also obtain information of specific pickup conditions from the virtual resource object pickup condition information database 441 for performing condition judgment, and the like.

It should be noted that although the vehicle-mounted terminal 400 only shows the processor 410, the video display adapter 411, the disk drive 412, the input/output interface 413, the network interface 414, the memory 420, the bus 430 and the like, in a specific implementation process, the vehicle-mounted terminal may further include other components necessary for normal operation. Furthermore, it will be understood by those skilled in the art that the apparatus described above may also include only the components necessary to implement the solution of the present application, and not necessarily all of the components shown in the figures.

From the above description of the embodiments, it is clear to those skilled in the art that the present application can be implemented by software plus necessary general hardware platform. Based on such understanding, the technical solutions of the present application may be embodied in the form of a software product, which may be stored in a storage medium, such as a ROM/RAM, a magnetic disk, an optical disk, or the like, and includes several instructions for enabling a computer device (which may be a personal computer, a cloud server, or a network device) to execute the method according to the embodiments or some parts of the embodiments of the present application.

The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the apparatus embodiment, since it is substantially similar to the method embodiment, it is relatively simple to describe, and reference may be made to some descriptions of the method embodiment for relevant points. The above-described embodiments of the apparatus are merely illustrative, wherein the modules described as separate parts may or may not be physically separate, and the parts displayed as modules may or may not be physical modules, may be located in one place, or may be distributed on a plurality of network modules. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.

The above embodiments are merely illustrative of the technical concepts and features of the present application, and the purpose of the embodiments is to enable those skilled in the art to understand the content of the present application and implement the present application, and not to limit the protection scope of the present application. All modifications made according to the spirit of the main technical scheme of the present application shall be covered by the protection scope of the present application.

Claims

1. A safety detection method for vehicle remote control is applied to a vehicle-mounted system, the vehicle-mounted system comprises a main control module and a hardware safety module, wherein the main control module is at least used for data processing and function control of a vehicle, the hardware safety module is at least used for storing secret key information, the vehicle-mounted system is characterized by further comprising an auxiliary control module, and the auxiliary control module is at least used for data safety control of the vehicle, and the method comprises the following steps:

2. The vehicle remote control security detection method of claim 1, wherein before the vehicle system further comprises a network access module for network access of the vehicle system, the main control module receives a remote control command from a remote back-end and sends the remote control command to the auxiliary control module, the method further comprises:

and if the current network state meets a preset condition, the auxiliary control module sends the secret key to the far-end background.

3. The safety detection method for the remote control of the vehicle according to claim 2, wherein an encryption and decryption unit is provided in the auxiliary control module, and the auxiliary control module generates a key when the vehicle-mounted system is started, and the method includes:

after the auxiliary control module generates a key when the vehicle-mounted system is started, the method further comprises the following steps:

the hardware security module stores the key.

4. The safety detection method for vehicle remote control according to any one of claims 1 to 3, wherein a safety detection unit is disposed in the auxiliary control module or the main control module, and the auxiliary control module or the main control module performs corresponding first safety detection on the vehicle-mounted device function indicated by the control command identifier to obtain a first detection result, including:

the safety detection unit inquires the vehicle-mounted equipment function corresponding to the control command identification from a locally stored control command list;

and if the matching fails, the safety detection unit records the remote control command into a risk log.

5. The safety detection method for the vehicle remote control according to claim 4, wherein after the auxiliary control module or the main control module performs corresponding first safety detection on the vehicle-mounted device function indicated by the control command identifier to obtain a first detection result, the method further comprises:

the safety detection unit periodically performs corresponding second safety detection on the vehicle-mounted equipment function to obtain a second detection result, and the second detection result is used for representing the real-time operation state of the vehicle-mounted equipment function;

and the main control module maintains or adjusts the operation of the functions of the vehicle-mounted equipment according to the second detection result.

6. The safety detection method for the remote control of the vehicle according to claim 5, wherein the control command identifies that the indicated vehicle-mounted device function is an automatic parking function, and the safety detection unit acquires first detection data based on a sensor corresponding to the vehicle-mounted device function, and includes:

the method further comprises the following steps:

7. The vehicle remote control safety detection method according to claim 6, wherein the safety detection unit periodically performs corresponding second safety detection on the vehicle-mounted device function to obtain a second detection result, and the method comprises the following steps:

8. The vehicle remote control safety detection method according to claim 5, wherein the control command identifies that the indicated vehicle-mounted device function is a control target vehicle-mounted device temperature control to a target temperature, and the safety detection unit acquires first detection data based on a sensor corresponding to the vehicle-mounted device function, and includes:

the method further comprises the following steps:

if the first detection result is consistent with the second detection result, the first detection result is determined to be safe, and the main control module executes the operation of controlling the temperature of the target vehicle-mounted equipment to be controlled to the target temperature;

and if not, determining that the first detection result is unsafe, and the main control module does not execute the operation of controlling the temperature of the target vehicle-mounted equipment to reach the target temperature.

9. The vehicle remote control safety detection method according to claim 8, wherein the safety detection unit periodically performs corresponding second safety detection on the vehicle-mounted device function to obtain a second detection result, and the method comprises the following steps:

if yes, the second detection result is determined to be safe, and the main control module maintains or adjusts the operation of the functions of the vehicle-mounted equipment according to the second detection result, wherein the operation comprises the following steps:

the main control module maintains the current running state of the functions of the vehicle-mounted equipment;

if not, determining that the second detection result is unsafe, and maintaining or adjusting the operation of the functions of the vehicle-mounted equipment by the main control module according to the second detection result, wherein the operation comprises the following steps:

and the main control module stops executing the operation of controlling the temperature of the target vehicle-mounted equipment to reach the target temperature.

10. An on-board system comprising a main control module for at least data processing and functional control of a vehicle and a hardware security module for at least storing key information, characterized in that the on-board system further comprises an auxiliary control module for at least data security control of a vehicle, wherein,