[go: up one dir, main page]

CN108073156B - A kind of the security algorithm management method and system of vehicle electronic control unit - Google Patents

A kind of the security algorithm management method and system of vehicle electronic control unit Download PDF

Info

Publication number
CN108073156B
CN108073156B CN201711156500.4A CN201711156500A CN108073156B CN 108073156 B CN108073156 B CN 108073156B CN 201711156500 A CN201711156500 A CN 201711156500A CN 108073156 B CN108073156 B CN 108073156B
Authority
CN
China
Prior art keywords
electronic control
control unit
target electronic
security algorithm
value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201711156500.4A
Other languages
Chinese (zh)
Other versions
CN108073156A (en
Inventor
温小锋
何晔
赖鹃
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Automobile Group Co Ltd
Original Assignee
Guangzhou Automobile Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Automobile Group Co Ltd filed Critical Guangzhou Automobile Group Co Ltd
Priority to CN201711156500.4A priority Critical patent/CN108073156B/en
Publication of CN108073156A publication Critical patent/CN108073156A/en
Application granted granted Critical
Publication of CN108073156B publication Critical patent/CN108073156B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B23/00Testing or monitoring of control systems or parts thereof
    • G05B23/02Electric testing or monitoring
    • G05B23/0205Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults
    • G05B23/0218Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults characterised by the fault detection method dealing with either existing or incipient faults
    • G05B23/0256Electric testing or monitoring by means of a monitoring system capable of detecting and responding to faults characterised by the fault detection method dealing with either existing or incipient faults injecting test signals and analyzing monitored process response, e.g. injecting the test signal while interrupting the normal operation of the monitored system; superimposing the test signal onto a control signal during normal operation of the monitored system
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/20Pc systems
    • G05B2219/24Pc safety
    • G05B2219/24065Real time diagnostics

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Automation & Control Theory (AREA)
  • Combined Controls Of Internal Combustion Engines (AREA)

Abstract

The present invention provides the security algorithm management method and system of a kind of vehicle electronic control unit, wherein security algorithm management method includes: to be retrieved as the respectively arranged mutually different constant value of multiple target electronic control units, and generate the open security algorithm of the multiple target electronic control unit, wherein, the key value of the open security algorithm is that intermediate variable adds seed, and the intermediate variable is obtained by being calculated the corresponding constant value of target electronic control unit using internal security algorithm;The multiple target electronic control unit is respectively configured in the open security algorithm, and sets the corresponding constant value of the target electronic control unit for the value of the diagnostic data identifier of each target electronic control unit.The open security algorithm that each supplier obtains in the embodiment of the present invention is different, realizes confidentiality;Main engine plants' diagnostic device can obtain the open security algorithm of all suppliers by internal security algorithm simultaneously, convenient for management, be easily used.

Description

一种汽车电子控制单元的安全算法管理方法及系统A safety algorithm management method and system for an automotive electronic control unit

技术领域technical field

本发明涉及汽车技术领域,尤其涉及一种汽车电子控制单元的安全算法管理方法及系统。The invention relates to the technical field of automobiles, in particular to a safety algorithm management method and system of an automobile electronic control unit.

背景技术Background technique

汽车电子控制单元(ECU)的安全算法是保护汽车ECU内部信息的重要途径,拥有该安全算法,可以对ECU进行相关信息的修改或配置,安全算法的具体算法是一项重要而且保密的内容,该算法由主机厂来管控。The security algorithm of the automotive electronic control unit (ECU) is an important way to protect the internal information of the automotive ECU. With this security algorithm, the relevant information of the ECU can be modified or configured. The specific algorithm of the security algorithm is an important and confidential content. The algorithm is controlled by the OEM.

但是在汽车行业内部,同一个ECU可能由多个供应商来供货,在对多个供应商进行安全算法管控时,主机厂往往面临着一个矛盾的局面:如果给供应商A和供应商B释放同样的安全算法,那么难以保证安全算法的保密性,也即多个供应商都知道对方ECU的安全算法;如果给供应商A和供应商B释放不同的安全算法,虽然保密性能够保证,但是给主机厂的管控带来了很大的麻烦,主机厂在管理安全算法时会比较混乱。更为麻烦的是,如果在诊断设备开发完成以后再增加供应商,诊断设备软件全部需要更新并长期维护,工作量非常大。However, within the automotive industry, the same ECU may be supplied by multiple suppliers. When controlling the safety algorithm of multiple suppliers, OEMs are often faced with a contradictory situation: if supplier A and supplier B If the same security algorithm is released, it is difficult to guarantee the confidentiality of the security algorithm, that is, multiple suppliers know the security algorithm of the other party's ECU; if different security algorithms are released to supplier A and supplier B, although the confidentiality can be guaranteed, but It has brought a lot of trouble to the management and control of the OEM, and the OEM will be confused when managing the security algorithm. What's more troublesome is that if the supplier is added after the development of the diagnostic equipment is completed, all the software of the diagnostic equipment needs to be updated and maintained for a long time, and the workload is very heavy.

发明内容Contents of the invention

本发明所要解决的技术问题在于,提供一种汽车电子控制单元的安全算法管理方法及系统,既确保各供应商的目标电子控制单元之间的安全算法的保密性,又能便于主机厂管理各目标电子控制单元的安全算法。The technical problem to be solved by the present invention is to provide a safety algorithm management method and system for automotive electronic control units, which not only ensures the confidentiality of the safety algorithms between the target electronic control units of each supplier, but also facilitates the management of each supplier by the OEM. Security algorithm of the target electronic control unit.

为了解决上述技术问题,本发明提供一种汽车电子控制单元的安全算法管理方法,包括:In order to solve the above-mentioned technical problems, the present invention provides a safety algorithm management method of an automotive electronic control unit, comprising:

获取为多个目标电子控制单元分别设置的互不相同的常数值,并生成所述多个目标电子控制单元的公开安全算法,其中,所述公开安全算法的密钥值为中间变量加上种子值,所述中间变量通过将目标电子控制单元对应的常数值采用内部安全算法计算获得;Obtain mutually different constant values respectively set for a plurality of target electronic control units, and generate a public security algorithm of the multiple target electronic control units, wherein the key value of the public security algorithm is an intermediate variable plus a seed value, the intermediate variable is obtained by calculating the constant value corresponding to the target electronic control unit using an internal security algorithm;

将所述公开安全算法分别配置到所述多个目标电子控制单元,并将每一目标电子控制单元的诊断数据标识符的取值设置为所述目标电子控制单元对应的常数值。The public security algorithm is respectively configured to the plurality of target electronic control units, and the value of the diagnostic data identifier of each target electronic control unit is set as a constant value corresponding to the target electronic control unit.

其中,将所述目标电子控制单元对应的常数值采用所述内部安全算法计算获得的中间变量均不相同。Wherein, the intermediate variables obtained by calculating the constant value corresponding to the target electronic control unit using the internal security algorithm are all different.

其中,所述安全算法管理方法还包括:Wherein, the security algorithm management method also includes:

通过诊断设备从所述目标电子控制单元获取其对应的常数值和种子值;以及将所述常数值采用所述内部安全算法计算获得中间变量;以及根据所述中间变量和所述种子值识别出所述目标电子控制单元的公开安全算法。Obtain its corresponding constant value and seed value from the target electronic control unit through a diagnostic device; and calculate the constant value using the internal security algorithm to obtain an intermediate variable; and identify the intermediate variable and the seed value according to the The public security algorithm of the target ECU.

其中,所述常数值的获取方式是:通过诊断设备向所述目标电子控制单元发送诊断指令,从所述目标电子控制单元反馈获得。Wherein, the method of obtaining the constant value is: sending a diagnosis command to the target electronic control unit through a diagnostic device, and obtaining it from the target electronic control unit through feedback.

其中,所述种子值的获取方式是:通过诊断设备向所述目标电子控制单元发送请求种子指令,从所述目标电子控制单元反馈获得。Wherein, the acquisition method of the seed value is: the diagnosis device sends a request seed instruction to the target electronic control unit, and obtains it through feedback from the target electronic control unit.

本发明还提供一种汽车电子控制单元的安全算法管理系统,包括:The present invention also provides a safety algorithm management system of an automotive electronic control unit, comprising:

算法生成模块,用于获取为多个目标电子控制单元分别设置的互不相同的常数值,并生成所述多个目标电子控制单元的公开安全算法,其中,所述公开安全算法的密钥值为中间变量加上种子值,所述中间变量通过将目标电子控制单元对应的常数值采用内部安全算法计算获得;An algorithm generating module, configured to obtain mutually different constant values set for multiple target electronic control units, and generate public security algorithms of the multiple target electronic control units, wherein the key value of the public security algorithm Adding a seed value to the intermediate variable, the intermediate variable is obtained by calculating the constant value corresponding to the target electronic control unit using an internal security algorithm;

算法配置模块,用于将所述公开安全算法分别配置到所述多个目标电子控制单元,并将每一目标电子控制单元的诊断数据标识符的取值设置为所述目标电子控制单元对应的常数值。An algorithm configuration module, configured to respectively configure the public security algorithm to the plurality of target electronic control units, and set the value of the diagnostic data identifier of each target electronic control unit as the value corresponding to the target electronic control unit constant value.

其中,将所述目标电子控制单元对应的常数值采用所述内部安全算法计算获得的中间变量均不相同。Wherein, the intermediate variables obtained by calculating the constant value corresponding to the target electronic control unit using the internal security algorithm are all different.

其中,所述安全算法管理系统还包括:Wherein, the security algorithm management system also includes:

诊断设备,用于从所述目标电子控制单元获取其对应的常数值和种子值,并将所述常数值采用所述内部安全算法计算获得中间变量,再根据所述中间变量和所述种子值识别出所述目标电子控制单元的公开安全算法。The diagnostic equipment is used to obtain the corresponding constant value and seed value from the target electronic control unit, calculate the constant value using the internal security algorithm to obtain an intermediate variable, and then obtain the intermediate variable according to the intermediate variable and the seed value A published security algorithm of the target electronic control unit is identified.

其中,所述常数值的获取方式是:通过所述诊断设备向所述目标电子控制单元发送诊断指令,从所述目标电子控制单元反馈获得。Wherein, the acquisition method of the constant value is: the diagnosis instruction is sent to the target electronic control unit by the diagnostic equipment, and obtained from the target electronic control unit through feedback.

其中,所述种子值的获取方式是:通过所述诊断设备向所述目标电子控制单元发送请求种子指令,从所述目标电子控制单元反馈获得。Wherein, the acquisition method of the seed value is: the diagnosis device sends a request seed instruction to the target electronic control unit, and obtains it from the target electronic control unit.

本发明实施例的有益效果在于:通过公开安全算法和内部安全算法双重加密,对于供应商而言,各个供应商获得的公开安全算法不同,实现了保密性;对主机厂诊断设备而言,可以通过内部安全算法获得所有供应商的公开安全算法,管理方便,易用性强。The beneficial effects of the embodiments of the present invention are: through the double encryption of the public security algorithm and the internal security algorithm, for suppliers, the public security algorithms obtained by each supplier are different, which realizes confidentiality; for the diagnostic equipment of the main engine factory, it can Obtain public security algorithms of all suppliers through internal security algorithms, which is easy to manage and easy to use.

具体实施方式Detailed ways

以下各实施例的说明是用以示例本发明可以用以实施的特定实施例。The following descriptions of the various embodiments are intended to illustrate specific embodiments in which the present invention may be practiced.

本发明实施例一提供一种汽车电子控制单元的安全算法管理方法,包括:Embodiment 1 of the present invention provides a safety algorithm management method of an automotive electronic control unit, including:

获取为多个目标电子控制单元分别设置的互不相同的常数值,并生成所述多个目标电子控制单元的公开安全算法,其中,所述公开安全算法的密钥值为中间变量加上种子值,所述中间变量通过将目标电子控制单元对应的常数值采用内部安全算法计算获得;Obtain mutually different constant values respectively set for a plurality of target electronic control units, and generate a public security algorithm of the multiple target electronic control units, wherein the key value of the public security algorithm is an intermediate variable plus a seed value, the intermediate variable is obtained by calculating the constant value corresponding to the target electronic control unit using an internal security algorithm;

将所述公开安全算法分别配置到所述多个目标电子控制单元,并将每一目标电子控制单元的诊断数据标识符的取值设置为所述目标电子控制单元对应的常数值。The public security algorithm is respectively configured to the plurality of target electronic control units, and the value of the diagnostic data identifier of each target electronic control unit is set as a constant value corresponding to the target electronic control unit.

具体地,本实施例中,常数值设计为const,该常数值可以通过诊断指令从ECU处读取出来,诊断数据标识符(DID)以0x02FF为例。Specifically, in this embodiment, the constant value is designed as const, and the constant value can be read from the ECU through a diagnostic command, and the diagnostic data identifier (DID) is 0x02FF as an example.

对供应商A而言,设置其目标ECU的常数值const_A=0xABCDEF12;对供应商B而言,设置其目标ECU的常数值const_B=0x12345678。相应地,供应商A的目标ECU的诊断DID设置为DID 0x02FF=0xABCDEF12,供应商B的目标ECU的诊断DID设置为DID 0x02FF=0x12345678。可以理解的是,前述为供应商A、供应商B的目标ECU设置的常数值仅为举例,实际应用中可以设置为任意值。For supplier A, set the constant value of its target ECU const_A=0xABCDEF12; for supplier B, set the constant value of its target ECU const_B=0x12345678. Correspondingly, the diagnostic DID of the target ECU of vendor A is set to DID 0x02FF=0xABCDEF12, and the diagnostic DID of the target ECU of vendor B is set to DID 0x02FF=0x12345678. It can be understood that the aforementioned constant values set for the target ECUs of supplier A and supplier B are only examples, and can be set to any value in practical applications.

由于给各个目标ECU设置的常数值互不不同,内部安全算法也不会提供给供应商,将各个目标ECU对应的常数值采用内部安全算法计算获得的中间变量便各不相同,因此,将要提供给各个供应商的目标ECU的公开安全算法的密钥值也各不相同,这就使得各个供应商的目标ECU的公开安全算法各不相同,达到了保密性的目的。Since the constant values set for each target ECU are different, the internal security algorithm will not be provided to the supplier, and the intermediate variables obtained by calculating the constant value corresponding to each target ECU using the internal security algorithm are different. Therefore, it will be provided The key values of the public security algorithms for the target ECUs of each supplier are also different, which makes the public security algorithms of the target ECUs of each supplier different, achieving the purpose of confidentiality.

内部安全算法由主机厂掌握,不会提供给各个供应商。如前所述,为多个目标ECU生成的公开安全算法的密钥值需要通过将各个目标ECU对应的常数值采用内部安全算法计算获得的中间变量,因此,实际上公开安全算法是基于内部安全算法而得。The internal security algorithm is mastered by the OEM and will not be provided to various suppliers. As mentioned above, the key value of the public security algorithm generated for multiple target ECUs needs to be an intermediate variable obtained by calculating the constant value corresponding to each target ECU using the internal security algorithm. Therefore, in fact, the public security algorithm is based on the internal security Arithmetic derived.

将每一目标ECU的诊断数据标识符的取值设置为其对应的常数值的作用在于,主机厂的诊断设备通过诊断指令从所述目标ECU读出其诊断数据标识符的取值,就相当于主机厂的诊断设备获得了该目标ECU的常数值。如前所述,将该常数值采用内部安全算法计算可得该目标ECU的公开安全算法的中间变量,而该目标ECU的公开安全算法的种子值可以通过向该目标ECU发送请求种子指令,然后从该目标ECU反馈获得,这样,该目标ECU的公开安全算法即可被主机厂的诊断设备所识别,进而可以进行下一步的解锁操作。不同供应商提供的目标ECU接入时,主机厂诊断设备均可如前所述自动识别。这就实现了尽管配置到各个目标ECU的公开安全算法各不相同,但在诊断设备上能保证安全算法的唯一性,诊断设备对各个目标ECU都可以调用同一个安全算法,不需要去识别是哪个供应商提供的ECU。The effect of setting the value of the diagnostic data identifier of each target ECU to its corresponding constant value is that the diagnostic equipment of the host factory reads the value of its diagnostic data identifier from the target ECU through a diagnostic command, which is equivalent to The constant value of the target ECU is obtained from the diagnostic equipment of the OEM. As mentioned above, the intermediate variable of the open security algorithm of the target ECU can be obtained by calculating the constant value using the internal security algorithm, and the seed value of the open security algorithm of the target ECU can be sent to the target ECU by requesting the seed instruction, and then Obtained from the feedback of the target ECU, in this way, the public security algorithm of the target ECU can be recognized by the diagnostic equipment of the OEM, and then the next unlocking operation can be performed. When the target ECU provided by different suppliers is connected, the diagnostic equipment of the OEM can automatically identify it as mentioned above. This realizes that although the public security algorithms configured to each target ECU are different, the uniqueness of the security algorithm can be guaranteed on the diagnostic equipment, and the diagnostic equipment can call the same security algorithm for each target ECU without the need to identify Which supplier provided the ECU.

当然,为各个供应商的目标ECU设置的常数值设计为可读,是为了售后诊断设备能够读取,那么供应商也可以读取,即供应商可以获知其目标ECU的具体常数值,但是供应商并不知道常数值到中间变量temp的内部安全算法。Of course, the constant value set for the target ECU of each supplier is designed to be readable, so that the after-sales diagnostic equipment can read it, so the supplier can also read it, that is, the supplier can know the specific constant value of its target ECU, but the supply The quotient does not know the constant value to the internal security algorithm of the intermediate variable temp.

以下再结合前述举例具体说明。内部安全算法可以设计为其密钥值Key=temp+seed,其中中间变量temp = const × 3。可以理解的是,此处中间变量的计算为便于描述仅为举例,实际上的内部安全算法会设计得非常复杂。通过上述内部安全算法计算得到中间变量temp,其中用于供应商A的ECU的公开安全算法的中间变量temp_A=const_A×3=0x0369CD36,用于供应商B的ECU的公开安全算法的中间变量temp_B=const_B×3=0x39D369B6。Hereinafter, it will be described in detail in conjunction with the foregoing examples. The internal security algorithm can be designed as its key value Key=temp+seed, where the intermediate variable temp = const × 3. It can be understood that the calculation of the intermediate variable here is only an example for the convenience of description, and the actual internal security algorithm is designed to be very complex. The intermediate variable temp is calculated through the above internal security algorithm, where the intermediate variable temp_A=const_A×3=0x0369CD36 is used for the public security algorithm of supplier A’s ECU, and the intermediate variable temp_B= for the public security algorithm of supplier B’s ECU const_B×3=0x39D369B6.

最终提供给供应商A的目标ECU的公开安全算法的密钥值Key=0x0369CD36+seed,其诊断数据标识符DID 0x02FF=0xABCDEF12,提供给供应商B的目标ECU的公开安全算法的密钥值Key=0x39D369B6+seed,其诊断数据标识符DID 0x02FF=0x12345678。这样,供应商A的目标ECU和供应商B的目标ECU获得的公开安全算法不同,达到了保密性的目的,而且从其常数值到中间变量temp的这个算法(即内部安全算法)各供应商均不知道,也无法反推破解。The key value Key of the public security algorithm provided to the target ECU of supplier A=0x0369CD36+seed, its diagnostic data identifier DID 0x02FF=0xABCDEF12, the key value Key of the public security algorithm provided to the target ECU of supplier B =0x39D369B6+seed, whose diagnostic data identifier DID 0x02FF=0x12345678. In this way, the public security algorithm obtained by the target ECU of supplier A and the target ECU of supplier B is different, and the purpose of confidentiality is achieved, and the algorithm (that is, the internal security algorithm) from its constant value to the intermediate variable temp (that is, the internal security algorithm) of each supplier They don't know, and they can't deduce it in reverse.

以供应商A提供的目标ECU接入为例,主机厂的诊断设备发送请求种子(requestseed)指令,ECU在接收到请求种子指令以后,反馈一个种子值(seed),该种子值为随机值;同样地,主机厂的诊断设备向ECU发送诊断指令,ECU要返回其DID的值(0x02FF=0xABCDEF12),然后诊断设备将该DID的值放入到内部安全算法中计算,密钥值Key=(0xABCDEF12×3)+seed,得到供应商A的公开安全算法为:密钥值Key=0x0369CD36+seed。有了这个算法,主机厂的诊断设备就可以对供应商A的ECU进行解锁。Taking the target ECU access provided by supplier A as an example, the diagnostic equipment of the OEM sends a request seed command, and the ECU feeds back a seed value (seed) after receiving the request seed command, and the seed value is a random value; Similarly, the diagnostic equipment of the OEM sends a diagnostic command to the ECU, and the ECU should return the value of its DID (0x02FF=0xABCDEF12), and then the diagnostic equipment puts the value of the DID into the internal security algorithm for calculation, and the key value Key=( 0xABCDEF12×3)+seed, the public security algorithm of provider A is obtained: key value Key=0x0369CD36+seed. With this algorithm, the OEM's diagnostic equipment can unlock Supplier A's ECU.

还需说明的是,对于目标ECU,如果后期新增供应商,例如供应商C,则同样为其设置一个常数值const_C=0x22222222,将其诊断DID设置为DID 0x02FF=0x22222222,公开安全算法中的中间变量temp=const_C×3=0x66666666,那么主机厂的诊断设备通过诊断指令获取seed和DID的值之后,就能知道供应商C的ECU的公开安全算法,无需更改诊断设备软件。It should also be noted that for the target ECU, if a new supplier is added later, such as supplier C, a constant value const_C=0x22222222 is also set for it, and its diagnostic DID is set to DID 0x02FF=0x22222222, and the public security algorithm The intermediate variable temp=const_C×3=0x66666666, then the diagnostic equipment of the OEM can know the public security algorithm of the ECU of supplier C after obtaining the values of seed and DID through the diagnostic command, without changing the diagnostic equipment software.

相应于本发明实施例一,本发明实施列二提供一种汽车电子控制单元的安全算法管理系统,包括:Corresponding to Embodiment 1 of the present invention, Embodiment 2 of the present invention provides a safety algorithm management system for an automotive electronic control unit, including:

算法生成模块,用于获取为多个目标电子控制单元分别设置的互不相同的常数值,并生成所述多个目标电子控制单元的公开安全算法,其中,所述公开安全算法的密钥值为中间变量加上种子值,所述中间变量通过将目标电子控制单元对应的常数值采用内部安全算法计算获得;An algorithm generating module, configured to obtain mutually different constant values set for multiple target electronic control units, and generate public security algorithms of the multiple target electronic control units, wherein the key value of the public security algorithm Adding a seed value to the intermediate variable, the intermediate variable is obtained by calculating the constant value corresponding to the target electronic control unit using an internal security algorithm;

算法配置模块,用于将所述公开安全算法分别配置到所述多个目标电子控制单元,并将每一目标电子控制单元的诊断数据标识符的取值设置为所述目标电子控制单元对应的常数值。An algorithm configuration module, configured to respectively configure the public security algorithm to the plurality of target electronic control units, and set the value of the diagnostic data identifier of each target electronic control unit as the value corresponding to the target electronic control unit constant value.

其中,将所述目标电子控制单元对应的常数值采用所述内部安全算法计算获得的中间变量均不相同。Wherein, the intermediate variables obtained by calculating the constant value corresponding to the target electronic control unit using the internal security algorithm are all different.

其中,所述安全算法管理系统还包括:Wherein, the security algorithm management system also includes:

诊断设备,用于从所述目标电子控制单元获取其对应的常数值和种子值,并将所述常数值采用所述内部安全算法计算获得中间变量,再根据所述中间变量和所述种子值识别出所述目标电子控制单元的公开安全算法。The diagnostic equipment is used to obtain the corresponding constant value and seed value from the target electronic control unit, calculate the constant value using the internal security algorithm to obtain an intermediate variable, and then obtain the intermediate variable according to the intermediate variable and the seed value A published security algorithm of the target electronic control unit is identified.

其中,所述常数值的获取方式是:通过所述诊断设备向所述目标电子控制单元发送诊断指令,从所述目标电子控制单元反馈获得。Wherein, the acquisition method of the constant value is: the diagnosis instruction is sent to the target electronic control unit by the diagnostic equipment, and obtained from the target electronic control unit through feedback.

其中,所述种子值的获取方式是:通过所述诊断设备向所述目标电子控制单元发送请求种子指令,从所述目标电子控制单元反馈获得。Wherein, the acquisition method of the seed value is: the diagnosis device sends a request seed instruction to the target electronic control unit, and obtains it from the target electronic control unit.

通过上述说明可知,本发明实施例的有益效果在于:通过公开安全算法和内部安全算法双重加密,对于供应商而言,各个供应商获得的公开安全算法不同,实现了保密性;对主机厂诊断设备而言,可以通过内部安全算法获得所有供应商的公开安全算法,管理方便,易用性强。It can be seen from the above description that the beneficial effects of the embodiments of the present invention are: through the double encryption of the public security algorithm and the internal security algorithm, for suppliers, the public security algorithms obtained by each supplier are different, which realizes confidentiality; As far as the equipment is concerned, the public security algorithms of all suppliers can be obtained through the internal security algorithm, which is easy to manage and easy to use.

以上所揭露的仅为本发明较佳实施例而已,当然不能以此来限定本发明之权利范围,因此依本发明权利要求所作的等同变化,仍属本发明所涵盖的范围。The above disclosures are only preferred embodiments of the present invention, and certainly cannot limit the scope of rights of the present invention. Therefore, equivalent changes made according to the claims of the present invention still fall within the scope of the present invention.

Claims (9)

1.一种汽车电子控制单元的安全算法管理方法,包括:1. A safety algorithm management method for an automotive electronic control unit, comprising: 获取为多个目标电子控制单元分别设置的互不相同的常数值,并生成所述多个目标电子控制单元的公开安全算法,其中,每一目标电子控制单元的公开安全算法的密钥值为中间变量加上种子值,每一目标电子控制单元的公开安全算法所对应的中间变量通过将目标电子控制单元所对应的常数值采用内部安全算法计算获得;每一目标电子控制单元的公开安全算法所对应的中间变量均不相同;Obtain mutually different constant values respectively set for a plurality of target electronic control units, and generate public security algorithms of the multiple target electronic control units, wherein the key value of the public security algorithm of each target electronic control unit is The intermediate variable plus the seed value, the intermediate variable corresponding to the public security algorithm of each target electronic control unit is obtained by calculating the constant value corresponding to the target electronic control unit using the internal security algorithm; the public security algorithm of each target electronic control unit The corresponding intermediate variables are all different; 将生成的所述多个目标电子控制单元的公开安全算法分别配置到所述多个目标电子控制单元,并将每一目标电子控制单元的诊断数据标识符的取值设置为所述目标电子控制单元对应的常数值。configuring the generated public security algorithms of the plurality of target electronic control units to the plurality of target electronic control units respectively, and setting the value of the diagnostic data identifier of each target electronic control unit as the value of the target electronic control unit The constant value corresponding to the cell. 2.根据权利要求1所述的安全算法管理方法,其特征在于,还包括:2. The security algorithm management method according to claim 1, further comprising: 通过诊断设备从所述目标电子控制单元获取其对应的常数值和种子值;以及将所述常数值采用所述内部安全算法计算获得中间变量;以及根据所述中间变量和所述种子值识别出所述目标电子控制单元的公开安全算法。Obtain its corresponding constant value and seed value from the target electronic control unit through a diagnostic device; and calculate the constant value using the internal security algorithm to obtain an intermediate variable; and identify the intermediate variable and the seed value according to the The public security algorithm of the target ECU. 3.根据权利要求2所述的安全算法管理方法,其特征在于,所述常数值的获取方式是:通过诊断设备向所述目标电子控制单元发送诊断指令,从所述目标电子控制单元反馈获得。3. The security algorithm management method according to claim 2, characterized in that, the acquisition method of the constant value is: sending a diagnostic instruction to the target electronic control unit through a diagnostic device, and obtaining from the feedback of the target electronic control unit . 4.根据权利要求2所述的安全算法管理方法,其特征在于,所述种子值的获取方式是:通过诊断设备向所述目标电子控制单元发送请求种子指令,从所述目标电子控制单元反馈获得。4. The security algorithm management method according to claim 2, characterized in that the acquisition of the seed value is: sending a request seed instruction to the target electronic control unit through a diagnostic device, and feedback from the target electronic control unit get. 5.一种汽车电子控制单元的安全算法管理系统,其特征在于,包括:5. A safety algorithm management system for an automotive electronic control unit, characterized in that it comprises: 算法生成模块,用于获取为多个目标电子控制单元分别设置的互不相同的常数值,并生成所述多个目标电子控制单元的公开安全算法,其中,每一目标电子控制单元的公开安全算法的密钥值为中间变量加上种子值,每一目标电子控制单元的公开安全算法所对应的中间变量通过将目标电子控制单元所对应的常数值采用内部安全算法计算获得;每一目标电子控制单元的公开安全算法所对应的中间变量均不相同;An algorithm generating module, configured to acquire mutually different constant values respectively set for multiple target electronic control units, and generate the public security algorithms of the multiple target electronic control units, wherein the public security algorithms of each target electronic control unit The key value of the algorithm is an intermediate variable plus a seed value, and the intermediate variable corresponding to the public security algorithm of each target electronic control unit is obtained by calculating the constant value corresponding to the target electronic control unit using an internal security algorithm; each target electronic control unit The intermediate variables corresponding to the open security algorithms of the control unit are all different; 算法配置模块,用于将生成的所述多个目标电子控制单元的公开安全算法分别配置到所述多个目标电子控制单元,并将每一目标电子控制单元的诊断数据标识符的取值设置为所述目标电子控制单元对应的常数值。An algorithm configuration module, configured to respectively configure the generated public security algorithms of the plurality of target electronic control units to the plurality of target electronic control units, and set the value of the diagnostic data identifier of each target electronic control unit is the constant value corresponding to the target ECU. 6.根据权利要求5所述的安全算法管理系统,其特征在于,将所述目标电子控制单元对应的常数值采用所述内部安全算法计算获得的中间变量均不相同。6. The safety algorithm management system according to claim 5, wherein the intermediate variables obtained by calculating the constant value corresponding to the target electronic control unit using the internal safety algorithm are all different. 7.根据权利要求5所述的安全算法管理系统,其特征在于,还包括:7. The security algorithm management system according to claim 5, further comprising: 诊断设备,用于从所述目标电子控制单元获取其对应的常数值和种子值,并将所述常数值采用所述内部安全算法计算获得中间变量,再根据所述中间变量和所述种子值识别出所述目标电子控制单元的公开安全算法。The diagnostic equipment is used to obtain the corresponding constant value and seed value from the target electronic control unit, calculate the constant value using the internal security algorithm to obtain an intermediate variable, and then obtain the intermediate variable according to the intermediate variable and the seed value A published security algorithm of the target electronic control unit is identified. 8.根据权利要求7所述的安全算法管理系统,其特征在于,所述常数值的获取方式是:通过所述诊断设备向所述目标电子控制单元发送诊断指令,从所述目标电子控制单元反馈获得。8. The security algorithm management system according to claim 7, characterized in that, the acquisition method of the constant value is: sending a diagnostic instruction to the target electronic control unit through the diagnostic device, and receiving a diagnostic command from the target electronic control unit Feedback is obtained. 9.根据权利要求7所述的安全算法管理系统,其特征在于,所述种子值的获取方式是:通过所述诊断设备向所述目标电子控制单元发送请求种子指令,从所述目标电子控制单元反馈获得。9. The security algorithm management system according to claim 7, characterized in that, the acquisition method of the seed value is: sending a request seed instruction to the target electronic control unit through the diagnostic device, and receiving a request from the target electronic control unit Unit feedback is obtained.
CN201711156500.4A 2017-11-20 2017-11-20 A kind of the security algorithm management method and system of vehicle electronic control unit Active CN108073156B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711156500.4A CN108073156B (en) 2017-11-20 2017-11-20 A kind of the security algorithm management method and system of vehicle electronic control unit

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711156500.4A CN108073156B (en) 2017-11-20 2017-11-20 A kind of the security algorithm management method and system of vehicle electronic control unit

Publications (2)

Publication Number Publication Date
CN108073156A CN108073156A (en) 2018-05-25
CN108073156B true CN108073156B (en) 2019-11-01

Family

ID=62157478

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711156500.4A Active CN108073156B (en) 2017-11-20 2017-11-20 A kind of the security algorithm management method and system of vehicle electronic control unit

Country Status (1)

Country Link
CN (1) CN108073156B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113094691A (en) * 2021-03-24 2021-07-09 东风电驱动系统有限公司 Whole vehicle ECU device safety access method and system
CN115600222A (en) * 2022-08-31 2023-01-13 武汉光庭信息技术股份有限公司(Cn) Automobile safety level unlocking method, ECU (electronic control Unit) to be flashed and system

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP6377143B2 (en) * 2014-05-08 2018-08-22 パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカPanasonic Intellectual Property Corporation of America In-vehicle network system, electronic control unit, and update processing method
US20160099806A1 (en) * 2014-10-07 2016-04-07 GM Global Technology Operations LLC Distributing secret keys for managing access to ecus
EP3412514B1 (en) * 2014-11-12 2019-12-04 Panasonic Intellectual Property Corporation of America Update management method, update management device, and control program
JP6502832B2 (en) * 2015-11-13 2019-04-17 株式会社東芝 Inspection apparatus, communication system, mobile unit and inspection method
CN106027260B (en) * 2016-05-12 2019-04-02 成都信息工程大学 Automobile ECU integrity verification and encryption communication method based on cipher key pre-distribution

Also Published As

Publication number Publication date
CN108073156A (en) 2018-05-25

Similar Documents

Publication Publication Date Title
AU2019262007B2 (en) Cloaking authority system
CN107925660B (en) Data access and ownership management
US8681973B2 (en) Methods, systems, and computer program products for performing homomorphic encryption and decryption on individual operations
JP2021022395A (en) Secure provisioning and management of devices
CN108073156B (en) A kind of the security algorithm management method and system of vehicle electronic control unit
US11516194B2 (en) Apparatus and method for in-vehicle network communication
JP2019517228A (en) Internet of Things (IoT) Security and Management System and Method
US10402561B2 (en) Apparatus and method for protection of critical embedded system components via hardware-isolated secure element-based monitor
CN102945356A (en) Access control method and system for search engine under cloud environment
TW201923646A (en) Integrated circuit personalisation
US20210167956A1 (en) Method for the vehicle-internal management of cryptographic keys
JP2021184584A (en) Semiconductor devices and electronic systems using them
US11513507B2 (en) Systems and methods for distributed control of manufacturing processes
Lee et al. Fine-grained access control-enabled logging method on ARM TrustZone
CN114338081A (en) Multi-block chain unified identity authentication method and device and computer equipment
Kim et al. Introducing attribute-based access control to AUTOSAR
CN112988888A (en) Key management method, key management device, electronic equipment and storage medium
CN117579325A (en) Digital certificate verification method and related device
EP4479868A1 (en) Computing systems featuring centralized attestation device
EP3699802B1 (en) Security data processing device
CN113298982A (en) Bluetooth lock binding method and related control system
CN114254383A (en) Blockchain-based data security management system and method for intelligent networked vehicles
US20130238898A1 (en) Method for Providing Information for a Controller
CN117640255B (en) Anti-fraud and searchable Internet of Things data sharing method and system
CN119961967A (en) Data storage method, device, electronic device and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant