CN117294437B - Communication encryption and decryption method and device, terminal equipment and storage medium - Google Patents

Communication encryption and decryption method and device, terminal equipment and storage medium Download PDF

Info

Publication number
CN117294437B
CN117294437B CN202311589490.9A CN202311589490A CN117294437B CN 117294437 B CN117294437 B CN 117294437B CN 202311589490 A CN202311589490 A CN 202311589490A CN 117294437 B CN117294437 B CN 117294437B
Authority
CN
China
Prior art keywords
communication
key
initial
encryption
ecu
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202311589490.9A
Other languages
Chinese (zh)
Other versions
CN117294437A (en
Inventor
钟泽明
曾亮
马克迪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Farben Information Technology Co ltd
Original Assignee
Shenzhen Farben Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Farben Information Technology Co ltd filed Critical Shenzhen Farben Information Technology Co ltd
Priority to CN202311589490.9A priority Critical patent/CN117294437B/en
Publication of CN117294437A publication Critical patent/CN117294437A/en
Application granted granted Critical
Publication of CN117294437B publication Critical patent/CN117294437B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • H04L9/0897Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/84Vehicles

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a communication encryption and decryption method, a device, terminal equipment and a storage medium, wherein the method comprises the following steps: generating a key based on a preset asymmetric encryption algorithm, and acquiring an initial public key and an initial private key; the initial private key is sent to a preset memory for storage, the initial public key is sent to a target ECU through a public channel, and the target ECU generates a communication ciphertext through the initial public key; and receiving a communication ciphertext sent by the target ECU, and carrying out communication processing through the initial private key to obtain a communication result. The invention realizes the encryption and decryption of the communication, solves the problem that the communication encryption and decryption uses the secret key generated by the external equipment to carry out the communication with higher risk, and improves the security of the communication encryption and decryption.

Description

Communication encryption and decryption method and device, terminal equipment and storage medium
Technical Field
The present invention relates to the field of information security technologies, and in particular, to a communication encryption and decryption method, a device, a terminal device, and a storage medium.
Background
As vehicles are increasingly used, the frequency of use of communication between the vehicle interior is also becoming higher, but a series of related problems are also generated, and because the ECU in the vehicle plays a vital role in controlling the vehicle, the communication between the ECU and related devices may be attacked by an attacker, and at this time, the safety of passengers in the vehicle is threatened.
However, at present, the safety protection of the ECU of the vehicle is mostly carried out by encrypting communication information through external equipment, and then the encrypted information is sent to the ECU of the vehicle for storage, so that the safety problem is solved to a certain extent.
Therefore, a communication encryption and decryption method is needed for carrying out communication encryption and decryption of vehicles, so as to solve the problems that external equipment is needed for key generation and the key is relatively fixed.
The foregoing is provided merely for the purpose of facilitating understanding of the technical solutions of the present invention and is not intended to represent an admission that the foregoing is prior art.
Disclosure of Invention
The invention mainly aims to provide a communication encryption and decryption method, a device, terminal equipment and a storage medium, and aims to solve the technical problem that a key generated by external equipment is used for communication and has high risk.
In order to achieve the above object, the present invention provides a communication encryption and decryption method, which is applied to a source ECU of a source electronic control unit, comprising the steps of:
generating a key based on a preset asymmetric encryption algorithm, and acquiring an initial public key and an initial private key;
the initial private key is sent to a preset memory for storage, the initial public key is sent to a target ECU through a public channel, and the target ECU generates a communication ciphertext through the initial public key;
and receiving a communication ciphertext sent by the target ECU, and carrying out communication processing through the initial private key to obtain a communication result.
Optionally, the step of generating the key based on the preset asymmetric encryption algorithm to obtain the initial public key and the initial private key includes:
product calculation is carried out through the first parameter and the second parameter which are obtained in advance, and a calculation result is obtained;
acquiring an encryption key and a decryption key according to the calculation result;
and calculating according to the calculation result, the encryption key and the decryption key to obtain an initial public key and an initial private key.
Optionally, the step of receiving the communication ciphertext sent by the target ECU, performing communication processing through the initial private key, and obtaining a communication result includes:
receiving a communication ciphertext sent by the target ECU;
the communication ciphertext is sent to the memory, and the communication ciphertext is decrypted through a decryption algorithm according to the initial private key to obtain a communication plaintext;
and carrying out communication processing according to the communication plaintext to obtain a communication result.
Optionally, the step of receiving the communication ciphertext sent by the target ECU, performing communication processing through the initial private key, and obtaining a communication result further includes:
reading preset configuration information to obtain key updating time;
when the key updating time is up, deleting the initial private key by using the initial public key, and generating a key through the asymmetric encryption algorithm to obtain a final public key and a final private key;
and sending the final private key to the memory for storage, and sending the final public key to a target ECU through a public channel.
The invention also provides a communication encryption and decryption method, which is applied to a target ECU of a target electronic control unit and comprises the following steps:
receiving an initial public key sent by a source ECU through a public channel;
and responding to the operation of a user, generating a communication ciphertext according to the initial public key, sending the communication ciphertext to the source ECU, and carrying out communication processing on the communication ciphertext by the source ECU to obtain a communication result.
Optionally, the step of generating the communication ciphertext according to the initial public key and sending the communication ciphertext to the source ECU in response to the operation of the user includes:
responding to the operation of a user, and acquiring a communication plaintext;
encrypting the communication plaintext through an encryption algorithm according to the initial public key to obtain a communication ciphertext;
and sending the communication ciphertext to the source ECU through the public channel.
Optionally, the step of responding to the operation of the user, generating a communication ciphertext according to the initial public key and sending the communication ciphertext to the source ECU, and performing communication processing on the communication ciphertext by the source ECU, and after the step of obtaining a communication result, further includes:
message monitoring is carried out on the source ECU through the public channel;
and deleting the initial public key and receiving a final public key sent by the source ECU when the source ECU is monitored to send key updating information.
The embodiment of the invention also provides a communication encryption and decryption device, the communication encryption and decryption method is applied to a source Electronic Control Unit (ECU), and the communication encryption and decryption device comprises:
the acquisition module is used for generating a key based on a preset asymmetric encryption algorithm and acquiring an initial public key and an initial private key;
the sending module is used for sending the initial private key to a preset memory for storage, sending the initial public key to a target ECU through a public channel, and generating a communication ciphertext through the initial public key by the target ECU;
and the communication module is used for receiving the communication ciphertext sent by the target ECU, and carrying out communication processing through the initial private key to obtain a communication result.
The embodiment of the invention also provides a terminal device which comprises a memory, a processor and a communication encryption and decryption program which is stored in the memory and can run on the processor, wherein the communication encryption and decryption program realizes the steps of the communication encryption and decryption method when being executed by the processor.
The embodiment of the invention also provides a computer readable storage medium, wherein the computer readable storage medium stores a communication encryption and decryption program, and the communication encryption and decryption program realizes the steps of the communication encryption and decryption method when being executed by a processor.
The embodiment of the invention provides a communication encryption and decryption method, a device, terminal equipment and a storage medium, which are used for generating a secret key based on a preset asymmetric encryption algorithm to acquire an initial public key and an initial private key; the initial private key is sent to a preset memory for storage, the initial public key is sent to a target ECU through a public channel, and the target ECU generates a communication ciphertext through the initial public key; and receiving a communication ciphertext sent by the target ECU, and carrying out communication processing through the initial private key to obtain a communication result. Therefore, the source ECU generates the public key and the private key based on the asymmetric encryption algorithm, the private key is sent to the memory for storage for subsequent decryption, the public key is sent to the target ECU, and the target ECU generates the communication ciphertext according to the public key and returns the communication ciphertext to the source ECU, so that encryption and decryption of communication are realized, the problem that communication encryption and decryption have higher risk by using the secret key generated by the external equipment is solved, and the security of communication encryption and decryption is improved.
Drawings
FIG. 1 is a schematic diagram of functional modules of a terminal device to which a communication encryption and decryption device of the present invention belongs;
FIG. 2 is a flow chart of an exemplary embodiment of a communication encryption and decryption method of the present invention;
FIG. 3 is an overall schematic diagram of a communication encryption and decryption method of the present invention;
FIG. 4 is a flowchart illustrating a communication encryption and decryption method according to another exemplary embodiment of the present invention;
fig. 5 is a flowchart of another exemplary embodiment of the communication encryption and decryption method of the present invention.
The achievement of the objects, functional features and advantages of the present invention will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Detailed Description
It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
The main solutions of the embodiments of the present invention are: product calculation is carried out through the first parameter and the second parameter which are obtained in advance, and a calculation result is obtained; acquiring an encryption key and a decryption key according to the calculation result; and calculating according to the calculation result, the encryption key and the decryption key to obtain an initial public key and an initial private key. Receiving a communication ciphertext sent by the target ECU; the communication ciphertext is sent to the memory, and the communication ciphertext is decrypted through a decryption algorithm according to the initial private key to obtain a communication plaintext; and carrying out communication processing according to the communication plaintext to obtain a communication result. Reading preset configuration information to obtain key updating time; when the key updating time is up, deleting the initial private key by using the initial public key, and generating a key through the asymmetric encryption algorithm to obtain a final public key and a final private key; and sending the final private key to the memory for storage, and sending the final public key to a target ECU through a public channel. Receiving an initial public key sent by a source ECU through a public channel; and responding to the operation of a user, generating a communication ciphertext according to the initial public key, sending the communication ciphertext to the source ECU, and carrying out communication processing on the communication ciphertext by the source ECU to obtain a communication result. Responding to the operation of a user, and acquiring a communication plaintext; encrypting the communication plaintext through an encryption algorithm according to the initial public key to obtain a communication ciphertext; and sending the communication ciphertext to the source ECU through the public channel. Message monitoring is carried out on the source ECU through the public channel; and deleting the initial public key and receiving a final public key sent by the source ECU when the source ECU is monitored to send key updating information. Therefore, the problem that the secret key generated by the external equipment is used for communication and has high risk is solved, encryption and decryption of communication are realized, and the security of communication encryption and decryption is improved. Based on the scheme of the invention, the ECU in the vehicle plays a vital role in controlling the vehicle, the communication between the ECU and related equipment is possibly attacked by an attacker, and the safety of passengers in the vehicle is threatened at the moment, so that the problem of lower safety is solved.
Technical terms related to the embodiment of the invention:
and (3) ECU: the ECU is an electronic control unit, also called a travelling computer, a vehicle-mounted computer and the like, and is composed of a microprocessor, a memory, an input/output interface, an analog-to-digital converter, a shaping and driving large-scale integrated circuit and the like, as with a common computer.
Asymmetric encryption algorithm: asymmetric encryption refers to an encryption technique integrated into a blockchain to meet security requirements and ownership verification requirements, and generally uses two asymmetric ciphers, respectively called public and private keys, in the encryption and decryption processes, the asymmetric key pair has two characteristics: firstly, after encrypting information by one key (public key or private key), only the other corresponding key can be unlocked; and the public key can be disclosed to other people, the private key is kept secret, and other people cannot calculate the corresponding private key through the public key.
HSM Hardware Security Module, hardware security module, is a tamper-proof and intrusion-proof hardware for protecting storage keys while allowing authorized users to use, and acts as a Trust anchor in the system;
NVRAM, non-Volatile Random Access Memory, nonvolatile random access memory, refers to a RAM that retains data after power is turned off.
The embodiment of the invention considers that when the related technology encrypts and decrypts communication information through external equipment, and then sends the encrypted information to the ECU of the vehicle for storage, the mode has a certain security threat because the external equipment generates and returns to the ECU or has a certain security threat, and the generated secret key is relatively fixed, and the higher the frequency of updating the secret key, the communication is not smooth, so the mode has the problem of low security.
Therefore, the embodiment of the invention designs a communication encryption and decryption method from the problem that the safety of passengers in the vehicle is threatened and the safety is lower because the ECU in the vehicle plays a vital role in controlling the vehicle in reality and the communication between the ECU and related equipment is possibly attacked by an attacker, verifies the effectiveness of the communication encryption and decryption method when encrypting and decrypting the communication, and finally obviously improves the safety of the communication encryption and decryption by the method.
Specifically, referring to fig. 1, fig. 1 is a schematic diagram of a functional block of a terminal device to which the communication encryption and decryption device of the present invention belongs. The communication encryption and decryption device can be independent of a device of the terminal equipment, which can carry out communication encryption and decryption, and can be carried on the terminal equipment in a form of hardware or software. The terminal equipment can be intelligent mobile equipment with a data processing function such as a mobile phone and a tablet personal computer, and can also be fixed terminal equipment or a server with a data processing function.
In this embodiment, the terminal device to which the communication encryption and decryption apparatus belongs at least includes an output module 110, a processor 120, a memory 130, and a communication module 140.
The memory 130 stores an operating system and a communication encryption and decryption program, and the communication encryption and decryption device can generate a key based on a preset asymmetric encryption algorithm to obtain an initial public key and an initial private key; the initial private key is sent to a preset memory for storage, the initial public key is sent to a target ECU through a public channel, and the target ECU generates a communication ciphertext through the initial public key; and receiving a communication ciphertext sent by the target ECU, and carrying out communication processing through the initial private key to obtain a communication result. The communication encryption and decryption program performs communication encryption and decryption, and information such as encryption and decryption results is obtained and stored in the memory 130; the output module 110 may be a display screen or the like. The communication module 140 may include a WIFI module, a mobile communication module, a bluetooth module, and the like, and communicates with an external device or a server through the communication module 140.
Wherein the communication encryption and decryption program in the memory 130 when executed by the processor performs the steps of:
generating a key based on a preset asymmetric encryption algorithm, and acquiring an initial public key and an initial private key;
the initial private key is sent to a preset memory for storage, the initial public key is sent to a target ECU through a public channel, and the target ECU generates a communication ciphertext through the initial public key;
and receiving a communication ciphertext sent by the target ECU, and carrying out communication processing through the initial private key to obtain a communication result.
Further, the communication encryption and decryption program in the memory 130 when executed by the processor further realizes the following steps:
product calculation is carried out through the first parameter and the second parameter which are obtained in advance, and a calculation result is obtained;
acquiring an encryption key and a decryption key according to the calculation result;
and calculating according to the calculation result, the encryption key and the decryption key to obtain an initial public key and an initial private key.
Further, the communication encryption and decryption program in the memory 130 when executed by the processor further realizes the following steps:
receiving a communication ciphertext sent by the target ECU;
the communication ciphertext is sent to the memory, and the communication ciphertext is decrypted through a decryption algorithm according to the initial private key to obtain a communication plaintext;
and carrying out communication processing according to the communication plaintext to obtain a communication result.
Further, the communication encryption and decryption program in the memory 130 when executed by the processor further realizes the following steps:
reading preset configuration information to obtain key updating time;
when the key updating time is up, deleting the initial private key by using the initial public key, and generating a key through the asymmetric encryption algorithm to obtain a final public key and a final private key;
and sending the final private key to the memory for storage, and sending the final public key to a target ECU through a public channel.
Further, the communication encryption and decryption program in the memory 130 when executed by the processor further realizes the following steps:
receiving an initial public key sent by a source ECU through a public channel;
and responding to the operation of a user, generating a communication ciphertext according to the initial public key, sending the communication ciphertext to the source ECU, and carrying out communication processing on the communication ciphertext by the source ECU to obtain a communication result.
Further, the communication encryption and decryption program in the memory 130 when executed by the processor further realizes the following steps:
responding to the operation of a user, and acquiring a communication plaintext;
encrypting the communication plaintext through an encryption algorithm according to the initial public key to obtain a communication ciphertext;
and sending the communication ciphertext to the source ECU through the public channel.
Further, the communication encryption and decryption program in the memory 130 when executed by the processor further realizes the following steps:
message monitoring is carried out on the source ECU through the public channel;
and deleting the initial public key and receiving a final public key sent by the source ECU when the source ECU is monitored to send key updating information.
According to the scheme, the key generation is carried out on the basis of a preset asymmetric encryption algorithm, and the initial public key and the initial private key are obtained; the initial private key is sent to a preset memory for storage, the initial public key is sent to a target ECU through a public channel, and the target ECU generates a communication ciphertext through the initial public key; and receiving a communication ciphertext sent by the target ECU, and carrying out communication processing through the initial private key to obtain a communication result. The source ECU generates a public key and a private key based on an asymmetric encryption algorithm, the private key is sent to a memory for storage for subsequent decryption, the public key is sent to the target ECU, and the target ECU generates a communication ciphertext according to the public key and returns the communication ciphertext to the source ECU, so that the problem that higher risk exists in communication by using the secret key generated by external equipment can be solved. Based on the scheme of the invention, the ECU in the vehicle plays a vital role in controlling the vehicle, the communication between the ECU and related equipment is possibly attacked by an attacker, and the safety of passengers in the vehicle is threatened at the moment, so that the problem of lower safety is solved.
The method embodiments of the present invention are presented based on the above-described terminal device architecture but not limited to the above-described framework.
Referring to fig. 2, fig. 2 is a flowchart of an exemplary embodiment of a communication encryption and decryption method according to the present invention. The communication encryption and decryption method is applied to a source Electronic Control Unit (ECU), and comprises the following steps:
step S01, key generation is carried out based on a preset asymmetric encryption algorithm, and an initial public key and an initial private key are obtained;
the execution body of the method of the embodiment may be a communication encryption and decryption device, or may be a communication encryption and decryption terminal device or a server, and the embodiment uses the communication encryption and decryption device as an example, and the communication encryption and decryption device may be integrated on a terminal device with a data processing function.
It should be clear that the problem to be solved in this embodiment is that the ECU of the vehicle is protected by encrypting communication information through external devices, and then sending the encrypted information to the ECU of the vehicle for storage, so that the security problem is solved to a certain extent, but the security problem is solved in this way, because the external devices are generated and then returned to the ECU, or the security threat is still present, and the generated secret key is relatively fixed;
the source ECU adopted in this embodiment generates a public key and an initial key, and the specific steps may be that the source ECU generates the key by performing an asymmetric encryption algorithm based on an encryption technology integrated into a blockchain to satisfy security requirements and ownership verification requirements, where the asymmetric encryption generally uses two asymmetric passwords in the encryption and decryption processes, respectively referred to as a public key and a private key, and the asymmetric key pair has two characteristics: firstly, after encrypting information by one key (public key or private key), only the other corresponding key can be unlocked; and the public key can be disclosed to other people, the private key is kept secret, and other people cannot calculate the corresponding private key through the public key.
Step S02, the initial private key is sent to a preset memory for storage, the initial public key is sent to a target ECU through a public channel, and the target ECU generates a communication ciphertext through the initial public key;
after the source ECU generates an initial private key and an initial public key, the initial private key is sent to a memory for storage, wherein the memory is an NVRAM area of an HSM module of the source ECU in this embodiment, the HSM module is a hardware security module, is a tamper-proof and intrusion-proof hardware for protecting the storage key, and simultaneously allows an authorized user to use the storage key, the NVRAM is a nonvolatile random access memory, and refers to a RAM which can still hold data after power failure, and the initial public key is sent to a target ECU through a public channel, wherein the target ECU can be one or a plurality of target ECUs and should be sent according to actual service requirements;
after the target ECU receives the initial public key, the target ECU encrypts a communication plaintext through the initial public key when communicating to obtain a communication ciphertext, and sends the communication ciphertext back to the source ECU.
And S03, receiving a communication ciphertext sent by the target ECU, and carrying out communication processing through the initial private key to obtain a communication result.
After the source ECU receives the communication ciphertext, the communication ciphertext is decrypted through the initial private key, a communication plaintext is obtained, and corresponding communication processing is carried out according to the communication plaintext, so that a communication result is obtained.
Specifically, in step S01, the step of generating a key based on a preset asymmetric encryption algorithm, and the step of obtaining an initial public key and an initial private key includes:
step S011, performing product calculation through a first parameter and a second parameter which are acquired in advance, and acquiring a calculation result;
step S012, obtaining encryption key and decryption key according to the calculation result;
and step S013, calculating according to the calculation result, the encryption key and the decryption key, and obtaining an initial public key and an initial private key.
In this embodiment, the steps of generating the initial public key and the initial private key may be as follows:
the HSM module of the source ECU generates a private key and a public key based on an RSA algorithm, where RSA is one of asymmetric algorithms, and in other embodiments, elgamal, ECC (elliptic curve encryption algorithm), and the like;
firstly, arbitrarily selecting two different large prime numbers p and q as a first parameter and a second parameter;
then, performing product calculation by using the first parameter and the second parameter to obtain n;
then, a large integer e is arbitrarily selected to satisfyThe integer e is used as an encryption key where e is easily chosen, e.g. all primes larger than p and q are available;
then, the determined decryption key d satisfiesI.e. +.>Is an arbitrary integer; therefore, if e and +.>D is easy to calculate;
finally, the public key and the private key are generated, namely (n, e) is the public key, and (n, d) is the private key.
More specifically, the process of performing communication using the public key and the private key is the step S03, and in step S03, the step of receiving the communication ciphertext sent by the target ECU, performing communication processing through the initial private key, and obtaining the communication result specifically further includes:
step S031, receiving a communication ciphertext sent by the target ECU;
step S032, the communication ciphertext is sent to the memory, and the communication ciphertext is decrypted through a decryption algorithm according to the initial private key to obtain a communication plaintext;
and step S033, carrying out communication processing according to the communication plaintext to obtain a communication result.
It should be clear that the communication ciphertext returned by the target ECU is encrypted by the public key, and is sent to the memory with the private key after being received due to the nature of the asymmetric algorithm;
decrypting the communication ciphertext by a private key pre-stored in the memory, specifically, by a decryption algorithmWherein, (n, d) is a private key, c is a decrypted ciphertext, and m is a plaintext;
after the communication plaintext is acquired, corresponding communication processing is carried out according to the communication plaintext, and a communication result is obtained.
Further, the overall steps of the embodiment may be shown in fig. 3, and fig. 3 is an overall schematic diagram of the communication encryption and decryption method of the present invention.
Firstly, a source ECU generates a private key and a public key, the private key is sent to NVRAM for storage, and the public key is sent to a target ECU through a public channel;
then, after receiving the public key, the target ECU encrypts the public key to obtain a communication ciphertext, and sends the communication ciphertext to the source ECU;
finally, the source ECU receives the communication ciphertext and decrypts the communication ciphertext through the private key stored in the NVRAM to obtain the communication plaintext.
According to the scheme, the key generation is carried out on the basis of a preset asymmetric encryption algorithm, and the initial public key and the initial private key are obtained; the initial private key is sent to a preset memory for storage, the initial public key is sent to a target ECU through a public channel, and the target ECU generates a communication ciphertext through the initial public key; and receiving a communication ciphertext sent by the target ECU, and carrying out communication processing through the initial private key to obtain a communication result. Therefore, encryption and decryption communication between the source ECU and the target ECU is realized, the problem that higher risk exists in communication by using a secret key generated by external equipment is solved, and the security of communication encryption and decryption is improved.
Referring to fig. 4, fig. 4 is a flowchart of another exemplary embodiment of the communication encryption and decryption method according to the present invention. The communication encryption and decryption method is applied to a target Electronic Control Unit (ECU), and comprises the following steps:
step S07, receiving an initial public key sent by the source ECU through a public channel;
and step S08, responding to the operation of a user, generating a communication ciphertext according to the initial public key, sending the communication ciphertext to the source ECU, and carrying out communication processing on the communication ciphertext by the source ECU to obtain a communication result.
Specifically, in order to generate the communication ciphertext by the target ECU, the following steps are performed:
firstly, receiving an initial public key sent by a source ECU through a public channel and storing the initial public key so as to encrypt the initial public key when the initial public key is communicated with the source ECU;
then, when a user initiates communication to the source ECU, encrypting a communication ciphertext to be communicated through an initial public key to obtain the communication ciphertext;
and finally, sending the communication ciphertext to the source ECU, and carrying out communication processing on the communication ciphertext by the source ECU to obtain a communication result.
More specifically, step S08, in response to a user operation, the step of generating a communication ciphertext from the initial public key and transmitting the communication ciphertext to the source ECU includes:
step S081, responding to the operation of the user, and obtaining a communication plaintext;
step S082, encrypting the communication plaintext through an encryption algorithm according to the initial public key to obtain a communication ciphertext;
and step S083, the communication ciphertext is sent to the source ECU through the public channel.
In response to the operation of the user, obtaining a communication plaintext to be communicated, and then encrypting the communication plaintext by an encryption algorithm according to an initial public key sent by a previous source ECU, wherein the method specifically comprises the following steps: will be plaintext m (m<n is an integer) is encrypted into ciphertext c and transmitted to the source ECU via the public channel, wherein the encryption algorithm is
After the communication ciphertext is obtained, the communication ciphertext can be correspondingly decrypted by a private key, and the communication ciphertext is sent to a source ECU in a public channel mode, wherein the public channel in the ECU is usually called an OBD-II (On-Board Diagnostics II) interface, which is a standard interface for diagnosing and monitoring a vehicle system On an automobile, the OBD-II interface is usually positioned in a vehicle cab, diagnostic information and real-time data of the vehicle can be accessed through the interface, in the OBD-II interface, a plurality of standard public channels are arranged, which are usually used for reading key information such as fault codes, engine rotating speed, vehicle speed, engine load, cooling liquid temperature and the like of the vehicle, and besides the standard public channels, a plurality of vehicle manufacturers can also provide additional manufacturer specific channels for reading more vehicle parameters and data, and the information is very important for diagnosing the vehicle faults, optimizing engine performance and monitoring the vehicle.
According to the scheme, the initial public key sent by the source ECU is received through the public channel; and responding to the operation of a user, generating a communication ciphertext according to the initial public key, sending the communication ciphertext to the source ECU, and carrying out communication processing on the communication ciphertext by the source ECU to obtain a communication result. Therefore, the target ECU encrypts the communication plaintext and sends the communication plaintext to the source ECU, the problem that the communication is carried out by using the secret key generated by the external equipment is at high risk is solved, and the security of communication encryption and decryption is improved.
Referring to fig. 5, fig. 5 is a flowchart of another exemplary embodiment of the communication encryption and decryption method according to the present invention.
Based on the embodiment shown in fig. 2, in step S03, the step of receiving the communication ciphertext sent by the target ECU, performing communication processing through the initial private key, and obtaining the communication result further includes:
step S04, reading preset configuration information to obtain key updating time;
step S05, deleting the initial private key by the initial public key when the key updating time is reached, and generating a key by the asymmetric encryption algorithm to obtain a final public key and a final private key;
and step S06, the final private key is sent to the memory for storage, and the final public key is sent to the target ECU through a public channel.
In particular, since the public key may be attacked for too long a time for information transmission in the public channel, the private key and the public key may be updated:
the step of updating the private key and the public key should be set according to actual service requirements, for example, the effective time of the current private key and the public key is set to be one hour, or one week, at this time, time configuration can be performed in advance, and the updated time is configured;
reading the configuration information to obtain the updating time of the key, deleting the initial key and the initial public key when the updating time of the key is reached, and generating the key through an asymmetric encryption algorithm to obtain a final public key and a final private key;
after the final public key and the final private key are obtained, the final private key is sent to a memory for storage, and the final public key is sent to the target ECU.
More specifically, after the source ECU updates the private key and the public key, the target ECU also needs to update the public key for communication, so in the embodiment shown in fig. 4, in step S08, in response to the operation of the user, a communication ciphertext is generated according to the initial public key and sent to the source ECU, and the source ECU performs communication processing on the communication ciphertext, and the step of obtaining the communication result further includes:
step S09, monitoring the message of the source ECU through the public channel;
and step S10, deleting the initial public key and receiving the final public key sent by the source ECU when the source ECU sends the key updating information.
After the source ECU finishes updating the secret key, the target ECU does not acquire the final public key at the moment, and does not know whether the current source ECU is updated or not;
the target ECU monitors the source ECU through the public channel, deletes the original initial public key when the source ECU monitors that the source ECU sends the key updating information, and receives the final public key sent by the source ECU.
According to the scheme, the key updating time is obtained by reading the preset configuration information; when the key updating time is up, deleting the initial private key by using the initial public key, and generating a key through the asymmetric encryption algorithm to obtain a final public key and a final private key; and sending the final private key to the memory for storage, and sending the final public key to a target ECU through a public channel. Therefore, the private key and the public key are updated, the problem that the private key and the public key cannot be updated to cause security attack is solved, and the security of communication encryption and decryption is improved.
In addition, the embodiment of the invention also provides a communication encryption and decryption device, the communication encryption and decryption method is applied to a source Electronic Control Unit (ECU), and the communication encryption and decryption device comprises:
the acquisition module is used for generating a key based on a preset asymmetric encryption algorithm and acquiring an initial public key and an initial private key;
the sending module is used for sending the initial private key to a preset memory for storage, sending the initial public key to a target ECU through a public channel, and generating a communication ciphertext through the initial public key by the target ECU;
and the communication module is used for receiving the communication ciphertext sent by the target ECU, and carrying out communication processing through the initial private key to obtain a communication result.
In addition, the embodiment of the invention also provides a terminal device, which comprises a memory, a processor and a communication encryption and decryption program stored on the memory and capable of running on the processor, wherein the communication encryption and decryption program realizes the steps of the communication encryption and decryption method when being executed by the processor.
Because the communication encryption and decryption program is executed by the processor, all the technical schemes of all the embodiments are adopted, at least all the beneficial effects brought by all the technical schemes of all the embodiments are provided, and the detailed description is omitted.
In addition, the embodiment of the invention also provides a computer readable storage medium, wherein the computer readable storage medium stores a communication encryption and decryption program, and the communication encryption and decryption program realizes the steps of the communication encryption and decryption method when being executed by a processor.
Because the communication encryption and decryption program is executed by the processor, all the technical schemes of all the embodiments are adopted, at least all the beneficial effects brought by all the technical schemes of all the embodiments are provided, and the detailed description is omitted.
Compared with the prior art, the communication encryption and decryption method, the device, the terminal equipment and the storage medium provided by the embodiment of the invention are used for generating the secret key based on the preset asymmetric encryption algorithm to acquire the initial public key and the initial private key; the initial private key is sent to a preset memory for storage, the initial public key is sent to a target ECU through a public channel, and the target ECU generates a communication ciphertext through the initial public key; and receiving a communication ciphertext sent by the target ECU, and carrying out communication processing through the initial private key to obtain a communication result. Therefore, the problem that the secret key generated by the external equipment is used for communication and has high risk is solved, encryption and decryption of communication are realized, and the security of communication encryption and decryption is improved. Based on the scheme of the invention, the ECU in the vehicle plays a vital role in controlling the vehicle, the communication between the ECU and related equipment is possibly attacked by an attacker, and the safety of passengers in the vehicle is threatened at the moment, so that the problem of lower safety is solved.
Compared with the prior art, the embodiment of the invention has the following advantages:
1. the source ECU HSM module is used for selecting a private key meeting the requirements of an asymmetric encryption algorithm based on a certain asymmetric encryption algorithm and storing the private key into an HSM NVRAM area;
2. the source ECU automatically selects and updates a private key to store in an HSM NVRAM area at regular or irregular intervals according to a certain strategy;
3. the HSM module of the source ECU broadcasts and transmits a public key corresponding to the private key to a target ECU with communication requirements for the ECU through a public channel;
4. the target ECU records and stores public key information corresponding to the source ECU;
5. the target ECU encrypts plaintext to be transmitted to the source ECU through public key information corresponding to the source ECU to obtain ciphertext, and transmits the ciphertext to the source ECU through a public channel (public key encryption);
6. and the source ECU transmits the ciphertext sent by the target ECU to the HSM module, and the HSM decrypts the plaintext by using the private key stored in the NVRAM area to obtain the plaintext.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The foregoing embodiment numbers of the present invention are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (e.g. ROM/RAM, magnetic disk, optical disk) as above, comprising instructions for causing a terminal device (which may be a mobile phone, a computer, a server, a controlled terminal, or a network device, etc.) to perform the method of each embodiment of the present invention.
The foregoing description is only of the preferred embodiments of the present invention, and is not intended to limit the scope of the invention, but rather is intended to cover any equivalents of the structures or equivalent processes disclosed herein or in the alternative, which may be employed directly or indirectly in other related arts.

Claims (7)

1. The communication encryption and decryption method is characterized by being applied to a source Electronic Control Unit (ECU), and comprises the following steps:
generating a key based on a preset asymmetric encryption algorithm, and acquiring an initial public key and an initial private key;
the step of generating the key based on the preset asymmetric encryption algorithm and obtaining the initial public key and the initial private key comprises the following steps:
product calculation is carried out through the first parameter and the second parameter which are obtained in advance, and a calculation result is obtained;
acquiring an encryption key and a decryption key according to the calculation result;
calculating according to the calculation result, the encryption key and the decryption key to obtain an initial public key and an initial private key;
the initial private key is sent to a preset memory for storage, the initial public key is sent to a target ECU through a public channel, and the target ECU generates a communication ciphertext through the initial public key;
the memory is an NVRAM area of an HSM module of the source ECU;
receiving a communication ciphertext sent by the target ECU, and carrying out communication processing through the initial private key to obtain a communication result;
the step of receiving the communication ciphertext sent by the target ECU, performing communication processing through the initial private key, and obtaining a communication result further comprises the following steps:
reading preset configuration information to obtain key updating time;
when the key updating time is up, deleting the initial private key by using the initial public key, and generating a key through the asymmetric encryption algorithm to obtain a final public key and a final private key;
and sending the final private key to the memory for storage, and sending the final public key to a target ECU through a public channel.
2. The method for encrypting and decrypting communications according to claim 1, wherein the step of receiving the ciphertext transmitted by the target ECU, performing communication processing by using the initial private key, and obtaining the communication result includes:
receiving a communication ciphertext sent by the target ECU;
the communication ciphertext is sent to the memory, and the communication ciphertext is decrypted through a decryption algorithm according to the initial private key to obtain a communication plaintext;
and carrying out communication processing according to the communication plaintext to obtain a communication result.
3. The communication encryption and decryption method is characterized by being applied to a target ECU of a target electronic control unit and comprising the following steps of:
receiving an initial public key sent by a source ECU through a public channel;
responding to the operation of a user, generating a communication ciphertext according to the initial public key, sending the communication ciphertext to the source ECU, and carrying out communication processing on the communication ciphertext by the source ECU to obtain a communication result;
the step of responding to the operation of the user, generating a communication ciphertext according to the initial public key and sending the communication ciphertext to the source ECU, wherein the source ECU performs communication processing on the communication ciphertext, and the step of obtaining a communication result further comprises the following steps:
message monitoring is carried out on the source ECU through the public channel;
and deleting the initial public key and receiving a final public key sent by the source ECU when the source ECU is monitored to send key updating information.
4. A communication encrypting/decrypting method according to claim 3, wherein said step of generating a communication ciphertext from said initial public key and transmitting it to said source ECU in response to an operation of a user comprises:
responding to the operation of a user, and acquiring a communication plaintext;
encrypting the communication plaintext through an encryption algorithm according to the initial public key to obtain a communication ciphertext;
and sending the communication ciphertext to the source ECU through the public channel.
5. The utility model provides a communication encryption and decryption device which characterized in that, communication encryption and decryption device is applied to source electronic control unit source ECU, communication encryption and decryption device includes:
the acquisition module is used for generating a key based on a preset asymmetric encryption algorithm and acquiring an initial public key and an initial private key;
wherein, the acquisition module is further used for: product calculation is carried out through the first parameter and the second parameter which are obtained in advance, and a calculation result is obtained;
acquiring an encryption key and a decryption key according to the calculation result;
calculating according to the calculation result, the encryption key and the decryption key to obtain an initial public key and an initial private key;
the sending module is used for sending the initial private key to a preset memory for storage, sending the initial public key to a target ECU through a public channel, and generating a communication ciphertext through the initial public key by the target ECU;
the communication module is used for receiving the communication ciphertext sent by the target ECU, and carrying out communication processing through the initial private key to obtain a communication result;
the communication module is also used for reading preset configuration information and acquiring key updating time;
when the key updating time is up, deleting the initial private key by using the initial public key, and generating a key through the asymmetric encryption algorithm to obtain a final public key and a final private key;
and sending the final private key to the memory for storage, and sending the final public key to a target ECU through a public channel.
6. A terminal device, characterized in that the terminal device comprises a memory, a processor and a communication encryption and decryption program stored on the memory and operable on the processor, the communication encryption and decryption program when executed by the processor implementing the steps of the communication encryption and decryption method according to any one of claims 1-4.
7. A computer-readable storage medium, wherein a communication encryption/decryption program is stored on the computer-readable storage medium, and the communication encryption/decryption program, when executed by a processor, implements the steps of the communication encryption/decryption method according to any one of claims 1 to 4.
CN202311589490.9A 2023-11-27 2023-11-27 Communication encryption and decryption method and device, terminal equipment and storage medium Active CN117294437B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311589490.9A CN117294437B (en) 2023-11-27 2023-11-27 Communication encryption and decryption method and device, terminal equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311589490.9A CN117294437B (en) 2023-11-27 2023-11-27 Communication encryption and decryption method and device, terminal equipment and storage medium

Publications (2)

Publication Number Publication Date
CN117294437A CN117294437A (en) 2023-12-26
CN117294437B true CN117294437B (en) 2024-02-20

Family

ID=89244829

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311589490.9A Active CN117294437B (en) 2023-11-27 2023-11-27 Communication encryption and decryption method and device, terminal equipment and storage medium

Country Status (1)

Country Link
CN (1) CN117294437B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2016092811A (en) * 2014-10-29 2016-05-23 Kddi株式会社 Key management system, key management server device, management device, vehicle, key management method and computer program
CN109076078A (en) * 2016-02-22 2018-12-21 大陆汽车***公司 Method to establish and update the key of the In-vehicle networking communication for safety
CN113612617A (en) * 2021-08-06 2021-11-05 兰州理工大学 CAN-based in-vehicle communication protocol security improvement method
EP3913880A1 (en) * 2020-05-19 2021-11-24 Continental Teves AG & Co. OHG Method of and system for secure data export from an automotive engine control unit
CN113938304A (en) * 2021-10-14 2022-01-14 吉林大学 Data encryption transmission method based on CAN bus
CN116527301A (en) * 2023-02-20 2023-08-01 重庆长安汽车股份有限公司 Anti-counterfeiting method, device, vehicle and system for controller

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2016092811A (en) * 2014-10-29 2016-05-23 Kddi株式会社 Key management system, key management server device, management device, vehicle, key management method and computer program
CN109076078A (en) * 2016-02-22 2018-12-21 大陆汽车***公司 Method to establish and update the key of the In-vehicle networking communication for safety
EP3913880A1 (en) * 2020-05-19 2021-11-24 Continental Teves AG & Co. OHG Method of and system for secure data export from an automotive engine control unit
CN113612617A (en) * 2021-08-06 2021-11-05 兰州理工大学 CAN-based in-vehicle communication protocol security improvement method
CN113938304A (en) * 2021-10-14 2022-01-14 吉林大学 Data encryption transmission method based on CAN bus
CN116527301A (en) * 2023-02-20 2023-08-01 重庆长安汽车股份有限公司 Anti-counterfeiting method, device, vehicle and system for controller

Also Published As

Publication number Publication date
CN117294437A (en) 2023-12-26

Similar Documents

Publication Publication Date Title
US9947153B2 (en) Secure smartphone based access and start authorization system for vehicles
CN102546155B (en) On-demand safe key generates method and system
KR101740957B1 (en) Data certification and acquisition method for vehicle
CN105635147A (en) Vehicle-mounted-special-equipment-system-based secure data transmission method and system
CN113114668B (en) Information transmission method, mobile terminal, storage medium and electronic equipment
US20140075186A1 (en) Multiple Access Key Fob
CN108306727A (en) For encrypting, decrypting and the method and apparatus of certification
CN113781678B (en) Vehicle Bluetooth key generation and authentication method and system in networking-free environment
CN113794734A (en) Vehicle-mounted CAN bus encryption communication method, control device and readable storage medium
CN111294795B (en) System for realizing communication in vehicle
CN115396121A (en) Security authentication method for security chip OTA data packet and security chip device
CN109698746A (en) Negotiate the method and system of the sub-key of generation bound device based on master key
CN108377184B (en) Distributed authentication encryption method for internal network of intelligent automobile
CN113115309B (en) Data processing method and device for Internet of vehicles, storage medium and electronic equipment
CN111294771A (en) In-vehicle device, system for implementing in-vehicle communication and related method
CN109617899A (en) A kind of data transmission method and system
CN113194139A (en) Vehicle remote control method, device and system, electronic equipment and storage medium
CN108259160B (en) Data communication encryption method and device
CN117294437B (en) Communication encryption and decryption method and device, terminal equipment and storage medium
JP7331563B2 (en) Terminal, vehicle operation system, vehicle operation method and program
CN112311746B (en) Data sharing method and device and computer storage medium
CN114978692A (en) Hybrid encryption transmission method and system for automobile UDS (Universal data System) diagnosis message
CN110213764B (en) Wireless safety communication method and device
CN114500903B (en) Encryption and decryption control method, device, equipment and medium based on image processing
US20220030426A1 (en) Control of a Motor Vehicle

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant