[go: up one dir, main page]

CN114398064A - A method and system for OTA upgrading vehicle controller - Google Patents

A method and system for OTA upgrading vehicle controller Download PDF

Info

Publication number
CN114398064A
CN114398064A CN202210112368.1A CN202210112368A CN114398064A CN 114398064 A CN114398064 A CN 114398064A CN 202210112368 A CN202210112368 A CN 202210112368A CN 114398064 A CN114398064 A CN 114398064A
Authority
CN
China
Prior art keywords
controller
vehicle
upgrade package
submaster
ota
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210112368.1A
Other languages
Chinese (zh)
Other versions
CN114398064B (en
Inventor
王士鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chongqing Changan Automobile Co Ltd
Original Assignee
Chongqing Changan Automobile Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chongqing Changan Automobile Co Ltd filed Critical Chongqing Changan Automobile Co Ltd
Priority to CN202210112368.1A priority Critical patent/CN114398064B/en
Publication of CN114398064A publication Critical patent/CN114398064A/en
Application granted granted Critical
Publication of CN114398064B publication Critical patent/CN114398064B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/61Installation
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/70Software maintenance or management
    • G06F8/71Version control; Configuration management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Stored Programmes (AREA)

Abstract

The invention relates to a method and a system for upgrading a vehicle controller by OTA, wherein the method comprises the following steps: the OTA server side uploads a controller upgrade package organized by a private protocol; the PKI server encrypts the controller upgrading packet by a symmetric algorithm; the PKI server calculates the HASH value of the controller upgrading packet, and encrypts the HASH value through an asymmetric algorithm private key corresponding to the corresponding service certificate ID according to the HASH value to serve as a signature of the upgrading packet; the vehicle end networking equipment collects the relevant version information of the vehicle controller and communicates with the OTA server end through a configuration private network according to an SSL standard link protocol; the vehicle end networking equipment sends the relevant version information of the vehicle controller to the OTA server side; the OTA server side judges whether the version information related to the vehicle controller is the latest version, and if not, the OTA server side informs the vehicle side internet connection equipment to download the controller upgrading package; and the vehicle-end networking equipment checks the integrity of the upgrading packet of the controller. The invention effectively improves the information security performance of the OTA and ensures the security of OTA upgrade of vehicles.

Description

一种OTA升级车辆控制器的方法及系统A method and system for OTA upgrading vehicle controller

技术领域technical field

本发明涉及车辆的OTA升级技术领域,具体涉及OTA升级车辆控制器的技术。The invention relates to the technical field of OTA upgrade of vehicles, in particular to the technology of OTA upgrade of vehicle controllers.

背景技术Background technique

OTA技术的英文全称是Over the Air Technology,空中下载技术,就是通过移动通信技术来进行系统升级,车端系统的OTA则是指针对车辆相关系统以及控制器进行升级。The full English name of OTA technology is Over the Air Technology. Over-the-air download technology is to upgrade the system through mobile communication technology. The OTA of the vehicle-end system refers to the upgrade of vehicle-related systems and controllers.

汽车上的控制器在越变越多,功能越来越复杂,部分控制器随整车出厂后或者在用户的使用过程中发现软件存在缺陷在所难免,通过OTA技术对已出厂的车辆的相关控制器进行升级和缺陷修复,能够为厂商提升用户体验,降低运营成本,车辆控制器的OTA升级趋于频繁,搭载实现整车OTA的车型也不断涌现,而OTA相关的法律法规尚未完善,汽车针对安全问题尤其需要慎重,与客户的生命财产安全直接相关,针对OTA升级的信息安全隐患在应用中逐渐凸显。There are more and more controllers on the car, and the functions are more and more complicated. It is inevitable for some controllers to find software defects after leaving the factory with the whole vehicle or during the user's use. Controller upgrades and defect repairs can improve user experience and reduce operating costs for manufacturers. OTA upgrades of vehicle controllers tend to be frequent, and models equipped with OTA for complete vehicles are also emerging. However, OTA-related laws and regulations have not been perfected. In particular, it is necessary to be cautious about security issues, which are directly related to the safety of customers' lives and property. The hidden dangers of information security for OTA upgrades are gradually becoming prominent in the application.

发明内容SUMMARY OF THE INVENTION

本发明的目的是提供一种OTA升级车辆控制器的方法及系统,解决的技术问题:相关技术中通过OTA升级车辆控制器存在安全隐患。The purpose of the present invention is to provide a method and system for OTA upgrading of a vehicle controller, which solves the technical problem: there is a potential safety hazard in the related art to upgrade the vehicle controller through OTA.

为解决上述技术问题,本发明采用的技术方案如下:一种OTA升级车辆控制器的方法,包括以下步骤:In order to solve the above-mentioned technical problems, the technical solution adopted in the present invention is as follows: a method for OTA upgrading a vehicle controller, comprising the following steps:

S01:OTA服务端上传由私有协议组织的控制器升级包;S01: The OTA server uploads the controller upgrade package organized by the private protocol;

S02:PKI服务器对所述控制器升级包进行对称算法加密;S02: the PKI server encrypts the controller upgrade package with a symmetric algorithm;

S03:所述PKI服务器计算所述控制器升级包的HASH值,并根据所述HASH值通过对应的业务证书ID对应的非对称算法私钥加密HASH值作为升级包的签名;S03: the PKI server calculates the HASH value of the controller upgrade package, and encrypts the HASH value by the asymmetric algorithm private key corresponding to the corresponding service certificate ID according to the HASH value as the signature of the upgrade package;

S04:车端网联设备收集车辆控制器相关版本信息,并按照SSL标准链路协议通过配置专网与所述OTA服务端通信;S04: The vehicle-end network connection device collects the relevant version information of the vehicle controller, and communicates with the OTA server through the configuration private network according to the SSL standard link protocol;

S05:所述车端网联设备将所述车辆控制器相关版本信息发送到所述OTA服务端;S05: The in-vehicle network connection device sends the relevant version information of the vehicle controller to the OTA server;

S06:所述OTA服务端判断所述车辆控制器相关版本信息是否为最新版本,如果不是,则通知所述车端网联设备下载所述控制器升级包;S06: The OTA server determines whether the relevant version information of the vehicle controller is the latest version, and if not, notifies the vehicle-end connected device to download the controller upgrade package;

S07:所述车端网联设备校验所述控制器升级包的完整性;S07: The on-board networking device verifies the integrity of the controller upgrade package;

S08:所述车端网联设备根据配置拓扑信息查询待升级控制器对应的SubMaster业务证书信息;S08: The in-vehicle network connection device queries the SubMaster service certificate information corresponding to the controller to be upgraded according to the configuration topology information;

S09:所述车端网联设备将控制器升级包部署到对应的SubMaster设备,所述SubMaster设备对所述控制器升级包用对应的业务证书的非对称算法的公钥进行验签;S09: The vehicle-end networking device deploys the controller upgrade package to the corresponding SubMaster device, and the SubMaster device verifies the controller upgrade package using the public key of the asymmetric algorithm of the corresponding service certificate;

S10:所述车端网联设备查询对应的SubMaster的加密ID,若所述SubMaster设备当前没有控制器升级包解密所需要的密钥,所述车端网联设备向所述SubMaster更新密钥以及对应的初始值信息,所述密钥通过SubMaster设备的业务证书公钥的校验;S10: The in-vehicle network connection device queries the encrypted ID of the corresponding SubMaster. If the SubMaster device currently does not have the key required for decrypting the controller upgrade package, the in-vehicle network connection device updates the key and the SubMaster to the SubMaster. Corresponding initial value information, the key is verified by the public key of the service certificate of the SubMaster device;

S11:当所述控制器升级包及密钥校验通过后,所述SubMaster设备通知车端网联设备准备升级,车端网联设备检查车辆升级条件,进而通知所述SubMaster设备进行升级;S11: After the controller upgrade package and the key verification pass, the SubMaster device notifies the on-board connected device to prepare for upgrade, and the on-board connected device checks the vehicle upgrade condition, and then notifies the SubMaster device to upgrade;

S12:所述SubMaster设备将所述控制器升级包解密并根据私有的升级包组织解析协议解析所述控制器升级包内容,对所述待升级控制器进行刷写升级。S12: The SubMaster device decrypts the controller upgrade package, parses the controller upgrade package content according to a private upgrade package organization and analysis protocol, and flashes and upgrades the to-be-upgraded controller.

优选地,Preferably,

在所述S02中,所述PKI服务器对所述控制器升级包进行对称算法加密,记录并保存对应的密钥ID。In the S02, the PKI server encrypts the controller upgrade package with a symmetric algorithm, and records and saves the corresponding key ID.

优选地,Preferably,

在所述S08中,若SubMaster设备当前没有所述控制器升级包验签所需要的业务证书,则所述车端网联设备向所述SubMaster设备更新业务证书,所述业务证书通过所述SubMaster内置的根证书公钥的校验。In the S08, if the SubMaster device currently does not have the service certificate required for the controller upgrade package verification and signature, the vehicle-end connected device updates the service certificate to the SubMaster device, and the service certificate passes through the SubMaster device. Built-in verification of the root certificate public key.

优选地,Preferably,

在所述S11中,所述车辆升级条件包括车速、发动机状态、车辆电源档位、手刹状态及蓄电池电量。In the S11, the vehicle upgrade conditions include vehicle speed, engine state, vehicle power supply gear, handbrake state, and battery power.

优选地,Preferably,

在所述S12中,所述私有的升级包组织解析协议包括控制器升级包的版本信息、刷写类型、波特率、诊断ID、数据块大小、接收、发送及等待延时。In the S12, the private upgrade package organization and analysis protocol includes version information, flash type, baud rate, diagnostic ID, data block size, receiving, sending and waiting delays of the controller upgrade package.

本发明还提供一种OTA升级车辆控制器的系统,包括:The present invention also provides a system for OTA upgrading the vehicle controller, comprising:

上传模块,用于OTA服务端上传由私有协议组织的控制器升级包;The upload module is used for the OTA server to upload the controller upgrade package organized by the private protocol;

第一加密模块,用于PKI服务器对所述控制器升级包进行对称算法加密;a first encryption module, used for the PKI server to perform symmetric algorithm encryption on the controller upgrade package;

计算模块,用于所述PKI服务器计算所述控制器升级包的HASH值;A calculation module, used for the PKI server to calculate the HASH value of the controller upgrade package;

第二加密模块,用于根据所述HASH值通过对应的业务证书ID对应的非对称算法私钥加密HASH值作为升级包的签名;The second encryption module is used for encrypting the HASH value as the signature of the upgrade package through the asymmetric algorithm private key corresponding to the corresponding service certificate ID according to the HASH value;

收集模块,用于车端网联设备收集车辆控制器相关版本信息;The collection module is used for the vehicle-end connected device to collect the relevant version information of the vehicle controller;

发送模块,用于所述车端网联设备将所述车辆控制器相关版本信息发送到所述OTA服务端;a sending module, used for the vehicle-end connected device to send the relevant version information of the vehicle controller to the OTA server;

第一判断模块,用于所述OTA服务端判断所述车辆控制器相关版本信息是否为最新版本,如果不是,则通知所述车端网联设备下载所述控制器升级包;a first judging module, used for the OTA server to judge whether the relevant version information of the vehicle controller is the latest version, and if not, notify the vehicle-end connected device to download the controller upgrade package;

校验模块,用于所述车端网联设备校验所述控制器升级包的完整性;a verification module, used for the vehicle-end network connection device to verify the integrity of the controller upgrade package;

第一查询模块,用于所述车端网联设备根据拓扑信息查询待升级控制器对应的SubMaster业务证书信息;a first query module, used for the in-vehicle network connection device to query the SubMaster service certificate information corresponding to the controller to be upgraded according to the topology information;

验签模块,用于SubMaster设备对控制器升级包用对应的业务证书的非对称算法的公钥进行验签;The signature verification module is used for the SubMaster device to verify the signature of the controller upgrade package using the public key of the asymmetric algorithm of the corresponding service certificate;

第二查询模块,用于所述车端网联设备查询对应的SubMaster的加密ID,若所述SubMaster设备当前没有控制器升级包解析所需要的密钥,所述车端网联设备向所述SubMaster更新密钥以及对应的初始值信息,且所述密钥通过SubMaster设备的业务证书公钥的校验;The second query module is used for the in-vehicle network connection device to query the encrypted ID of the corresponding SubMaster. If the SubMaster device currently does not have the key required for parsing the controller upgrade package, the in-vehicle network connection device sends the SubMaster updates the key and the corresponding initial value information, and the key passes the verification of the service certificate public key of the SubMaster device;

第二判断模块,用于车端网联设备检查车辆升级条件,进而通知SubMaster设备进行升级;The second judgment module is used for the vehicle-end connected device to check the vehicle upgrade conditions, and then notify the SubMaster device to upgrade;

解密模块,用于所述SubMaster设备将所述控制器升级包解密;a decryption module, used for the SubMaster device to decrypt the controller upgrade package;

解析模块,用于根据私有的升级包组织解析协议解析所述控制器升级包内容。The parsing module is used for parsing the content of the controller upgrade package according to the private upgrade package organization and parsing protocol.

优选地,Preferably,

在所述第一加密模块中,所述PKI服务器对所述控制器升级包进行对称算法加密,记录并保存对应的密钥ID。In the first encryption module, the PKI server encrypts the controller upgrade package with a symmetric algorithm, and records and saves the corresponding key ID.

优选地,Preferably,

在所述第一查询模块中,若SubMaster设备当前没有控制器升级包验签所需要的业务证书,则车端网联设备向SubMaster设备更新业务证书,业务证书通过SubMaster内置的根证书公钥的校验。In the first query module, if the SubMaster device currently does not have the service certificate required for the controller upgrade package verification and signature, the in-vehicle network connection device updates the service certificate to the SubMaster device, and the service certificate is passed through the built-in root certificate public key of the SubMaster. check.

优选地,Preferably,

在所述第二判断模块中,所述车辆升级条件包括车速、发动机状态、车辆电源档位、手刹状态及蓄电池电量。In the second judging module, the vehicle upgrade conditions include vehicle speed, engine state, vehicle power supply gear, handbrake state, and battery power.

优选地,Preferably,

在所述解析模块中,所述私有的升级包组织解析协议包括控制器升级包的版本信息、刷写类型、波特率、诊断ID、数据块大小、接收、发送及等待延时。In the analysis module, the private upgrade package organization analysis protocol includes version information, flash type, baud rate, diagnostic ID, data block size, receiving, sending and waiting delays of the upgrade package of the controller.

通过采用上述技术方案,本发明能达到的有益技术效果:在本发明中,车端的安全升级需要有OTA服务端的配合,OTA服务端针对整体方案提供如下服务:业务证书的生成与更新;对称密钥的生成与更新,针对控制器升级包进行对称加密;车端与OTA服务端在运营商网络下通过专网通信,车端与OTA服务端采用标准SSL协议进行连接,在车端网联设备、SubMaster设备中部署安全芯片,并在安全芯片内置根公钥证书,不可更改,更新业务证书用根证书进行验证替换,在OTA服务端上传控制器升级包后,OTA服务端针对控制器升级包采用对称算法加密,对称密钥存放在SubMaster设备加密芯片中,对称密钥可通过已经验证通过的业务证书的非对称加密算法进行加解密进行更新,每次对称加解密的初始值更新设置,每个升级包在OTA服务器生成签名,传输完成后在SubMaster设备用业务证书进行验签,在OTA服务器上传包格式内容采用私有的协议进行组织,在SubMaster设备进行解析刷写,有效提升OTA的信息安全性能,保障车辆的OTA升级的安全。By adopting the above technical solutions, the present invention can achieve beneficial technical effects: in the present invention, the security upgrade of the vehicle end needs the cooperation of the OTA server, and the OTA server provides the following services for the overall solution: generation and update of business certificates; symmetric encryption The generation and update of the key is performed symmetric encryption for the controller upgrade package; the vehicle terminal and the OTA server communicate through the private network under the operator network, and the vehicle terminal and the OTA server are connected using the standard SSL protocol, and the vehicle terminal is connected to the device. , Deploy the security chip in the SubMaster device, and the root public key certificate is built in the security chip, which cannot be changed. The update service certificate is verified and replaced with the root certificate. After uploading the controller upgrade package on the OTA server, the OTA server updates the controller upgrade package for the controller. Symmetric algorithm encryption is adopted, and the symmetric key is stored in the encryption chip of the SubMaster device. The symmetric key can be updated by encrypting and decrypting the asymmetric encryption algorithm of the service certificate that has passed the verification. The initial value of each symmetric encryption and decryption is updated and set. Each upgrade package generates a signature on the OTA server. After the transmission is completed, the SubMaster device uses the service certificate to verify the signature. The content of the uploaded package format is organized by a private protocol on the OTA server, and is parsed and written on the SubMaster device, effectively improving the information security of OTA. performance, to ensure the safety of the OTA upgrade of the vehicle.

附图说明Description of drawings

图1为本发明的系统安全架构图;1 is a system security architecture diagram of the present invention;

图2为本发明的控制器安全启动校验原理图。FIG. 2 is a schematic diagram of the controller safety startup verification of the present invention.

具体实施方式Detailed ways

下面结合附图对本发明作进一步说明。The present invention will be further described below in conjunction with the accompanying drawings.

如图1所示,OTA服务端/PKI服务器与车端网联设备/Master通过4G/WiFi相互通信,车端网联设备/Master内置HSM,车端网联设备/Master通过CAN/CANFD/Ethernet与各控制器相连。As shown in Figure 1, the OTA server/PKI server communicates with the vehicle-side connected device/Master through 4G/WiFi, the vehicle-side connected device/Master has a built-in HSM, and the vehicle-side connected device/Master uses CAN/CANFD/Ethernet connected to each controller.

具体地,本发明提供的一种OTA升级车辆控制器的方法,包括以下步骤:Specifically, a method for OTA upgrading a vehicle controller provided by the present invention includes the following steps:

第一步,OTA服务端上传由私有协议组织的控制器升级包,OTA服务端/PKI服务器针对控制器升级包进行对称算法加密,记录并保存对应的密钥ID等信息;PKI服务器计算控制器升级包的HASH值并根据HASH值通过对应的业务证书ID对应的非对称算法私钥加密HASH值作为控制器升级包的签名。In the first step, the OTA server uploads the controller upgrade package organized by the private protocol. The OTA server/PKI server encrypts the controller upgrade package with a symmetric algorithm, records and saves the corresponding key ID and other information; the PKI server calculates the controller The HASH value of the upgrade package is encrypted with the private key of the asymmetric algorithm corresponding to the corresponding service certificate ID according to the HASH value as the signature of the controller upgrade package.

第二步,车端网联设备收集车辆控制器相关版本信息,按照SSL标准链路协议通过配置专网与OTA服务端进行通信,将车端的版本信息发动到OTA服务端。In the second step, the vehicle-end network connection device collects the relevant version information of the vehicle controller, communicates with the OTA server through the configuration private network according to the SSL standard link protocol, and sends the version information of the vehicle-end to the OTA server.

第三步,OTA服务端收到并比对后台与车端的版本信息进行比对,如果发现版本信息不是最新的,则通知车端网联设备下载要升级的控制器升级包。In the third step, the OTA server receives and compares the version information between the background and the vehicle. If the version information is not the latest, it notifies the vehicle-connected device to download the controller upgrade package to be upgraded.

第四步,车端网联设备下载控制器升级包,并对控制器升级包的完整性进行校验,如校验不过,需要重新下载。In the fourth step, the vehicle-end networking device downloads the controller upgrade package, and verifies the integrity of the controller upgrade package. If the verification fails, it needs to be downloaded again.

第五步,车端网络设备会根据配置拓扑信息,查询带升级控制器对应的SubMaster业务证书信息,若SubMaster设备当前没有控制器升级包验签所需要的业务证书,则车端网联设备项SubMaster更新业务证书,业务证书要通过SubMater内置的根证书公钥的校验,车端网联设备将控制器升级包部署到对应的SubMaster设备,SubMaster设备对控制器升级包用对应的业务证书的非对称算法的公钥进行验签,如果验签不通过,则需要重新部署控制器升级包重新验签。In the fifth step, the vehicle-end network device will query the SubMaster service certificate information corresponding to the controller with the upgrade according to the configuration topology information. SubMaster updates the service certificate. The service certificate must pass the verification of the built-in root certificate public key of SubMater. The vehicle-end connected device deploys the controller upgrade package to the corresponding SubMaster device, and the SubMaster device uses the corresponding service certificate for the controller upgrade package. The public key of the asymmetric algorithm is used for signature verification. If the signature verification fails, the controller upgrade package needs to be redeployed for signature verification.

第六步,车端网联设备查询对应的SubMaster的加密ID,若SubMaster设备当前没有升级包解密所需要的密钥,则车端网联设备项SubMaster更新密钥以及对应的初始值等信息,密钥要通过SubMaster的业务证书公钥的校验。Step 6: The vehicle-end connected device queries the encrypted ID of the corresponding SubMaster. If the SubMaster device currently does not have the key required for decryption of the upgrade package, the vehicle-end connected device item SubMaster updates the key and the corresponding initial value and other information. The key must pass the verification of the public key of the SubMaster's business certificate.

第七步,控制器升级包以及密钥等校验通过后,SubMaster设备通过Master设备准备升级,Master设备检查车辆升级条件,具体条件依据车辆类型进行设置,包括车速、发送机状态、车辆电源档位、手刹状态、蓄电池电量等,满足条件则通知SubMaster设备进行升级。Step 7: After the controller upgrade package and key verification are passed, the SubMaster device prepares to upgrade through the Master device. The Master device checks the vehicle upgrade conditions. The specific conditions are set according to the vehicle type, including vehicle speed, transmitter status, and vehicle power supply. position, handbrake status, battery power, etc. If the conditions are met, the SubMaster device will be notified to upgrade.

第八步,SubMaster设备将控制器升级包解密并根据私有的升级包组织解析协议解析控制器升级包内容,对待升级控制器进行刷写升级,私有的升级包组织解析协议包括控制器升级包的版本信息、刷写类型、波特率、诊断ID、数据块大小、接收、发送、等待延时等信息,可以根据不同的看给逆止器修改配置文件灵活的构建版本,解析版本内容,控制刷写节奏,可扩展性强,可配置。In the eighth step, the SubMaster device decrypts the controller upgrade package and parses the content of the controller upgrade package according to the private upgrade package organization and analysis protocol, and then flashes and upgrades the controller to be upgraded. The private upgrade package organization and analysis protocol includes the controller upgrade package. Version information, flashing type, baud rate, diagnostic ID, data block size, receiving, sending, waiting delay and other information, can be modified according to different backstop configuration files Flexible build version, parse version content, control Flashing rhythm, strong scalability, configurable.

第九步,控制器启动后,对于Bootloader、应用程序的真实性和完整性进行校验。The ninth step, after the controller is started, verify the authenticity and integrity of the Bootloader and the application.

如图2所示,具体地,控制器通过可引导程序,验证Booloader真实性完整性,然后基于抽样机制验证应用程序真实性完整性,校验通过后方可启动。As shown in Figure 2, specifically, the controller verifies the authenticity and integrity of the Booloader through the bootable program, and then verifies the authenticity and integrity of the application program based on the sampling mechanism, and can be started only after the verification is passed.

本发明还提供一种OTA升级车辆控制器的系统,包括:The present invention also provides a system for OTA upgrading the vehicle controller, comprising:

上传模块,用于OTA服务端上传由私有协议组织的控制器升级包;The upload module is used for the OTA server to upload the controller upgrade package organized by the private protocol;

第一加密模块,用于PKI服务器对控制器升级包进行对称算法加密;The first encryption module is used for the PKI server to perform symmetric algorithm encryption on the controller upgrade package;

计算模块,用于PKI服务器计算控制器升级包的HASH值;The calculation module is used for the PKI server to calculate the HASH value of the controller upgrade package;

第二加密模块,用于根据HASH值通过对应的业务证书ID对应的非对称算法私钥加密HASH值作为升级包的签名;The second encryption module is used to encrypt the HASH value as the signature of the upgrade package through the private key of the asymmetric algorithm corresponding to the corresponding service certificate ID according to the HASH value;

收集模块,用于车端网联设备收集车辆控制器相关版本信息;The collection module is used for the vehicle-end connected device to collect the relevant version information of the vehicle controller;

发送模块,用于车端网联设备将车辆控制器相关版本信息发送到OTA服务端;The sending module is used for the vehicle-end connected device to send the relevant version information of the vehicle controller to the OTA server;

第一判断模块,用于OTA服务端判断车辆控制器相关版本信息是否为最新版本,如果不是,则通知车端网联设备下载控制器升级包;The first judging module is used for the OTA server to judge whether the relevant version information of the vehicle controller is the latest version, and if not, notifying the on-board connected device to download the controller upgrade package;

校验模块,用于车端网联设备校验控制器升级包的完整性;The verification module is used to verify the integrity of the controller upgrade package for the vehicle-end networking equipment;

第一查询模块,用于车端网联设备根据拓扑信息查询待升级控制器对应的SubMaster业务证书信息;The first query module is used for the vehicle-end network connection device to query the SubMaster service certificate information corresponding to the controller to be upgraded according to the topology information;

验签模块,用于SubMaster设备对控制器升级包用对应的业务证书的非对称算法的公钥进行验签;The signature verification module is used for the SubMaster device to verify the signature of the controller upgrade package using the public key of the asymmetric algorithm of the corresponding service certificate;

第二查询模块,用于车端网联设备查询对应的SubMaster的加密ID,若SubMaster设备当前没有控制器升级包解析所需要的密钥,车端网联设备向SubMaster更新密钥以及对应的初始值信息,且密钥通过SubMaster设备的业务证书公钥的校验;The second query module is used for the in-vehicle connected device to query the encrypted ID of the corresponding SubMaster. If the SubMaster device currently does not have the key required for parsing the controller upgrade package, the in-vehicle connected device updates the key and the corresponding initial value to the SubMaster. value information, and the key passes the verification of the service certificate public key of the SubMaster device;

第二判断模块,用于车端网联设备检查车辆升级条件,进而通知SubMaster设备进行升级;The second judgment module is used for the vehicle-end connected device to check the vehicle upgrade conditions, and then notify the SubMaster device to upgrade;

解密模块,用于SubMaster设备将所述控制器升级包解密;a decryption module, used for the SubMaster device to decrypt the controller upgrade package;

解析模块,用于根据私有的升级包组织解析协议解析控制器升级包内容。The parsing module is used for parsing the content of the controller upgrade package according to the private upgrade package organization and parsing protocol.

具体地,specifically,

在第一加密模块中,PKI服务器对控制器升级包进行对称算法加密,记录并保存对应的密钥ID。In the first encryption module, the PKI server encrypts the controller upgrade package with a symmetric algorithm, and records and saves the corresponding key ID.

具体地,specifically,

在第一查询模块中,若SubMaster设备当前没有控制器升级包验签所需要的业务证书,则车端网联设备向SubMaster设备更新业务证书,业务证书通过SubMaster内置的根证书公钥的校验。In the first query module, if the SubMaster device does not currently have the service certificate required for the controller upgrade package verification and signature, the vehicle-end connected device updates the service certificate to the SubMaster device, and the service certificate passes the verification of the built-in root certificate public key of the SubMaster .

具体地,specifically,

在第二判断模块中,车辆升级条件包括车速、发动机状态、车辆电源档位、手刹状态及蓄电池电量。In the second judging module, the vehicle upgrade conditions include vehicle speed, engine state, vehicle power supply gear, handbrake state, and battery power.

具体地,specifically,

在解析模块中,私有的升级包组织解析协议包括控制器升级包的版本信息、刷写类型、波特率、诊断ID、数据块大小、接收、发送及等待延时。In the parsing module, the private upgrade package organization and parsing protocol includes the version information, flash type, baud rate, diagnostic ID, data block size, receiving, sending and waiting delays of the controller upgrade package.

Claims (10)

1.一种OTA升级车辆控制器的方法,其特征在于,包括以下步骤:1. a method for OTA upgrade vehicle controller, is characterized in that, comprises the following steps: S01:OTA服务端上传由私有协议组织的控制器升级包;S01: The OTA server uploads the controller upgrade package organized by the private protocol; S02:PKI服务器对所述控制器升级包进行对称算法加密;S02: the PKI server encrypts the controller upgrade package with a symmetric algorithm; S03:所述PKI服务器计算所述控制器升级包的HASH值,并根据所述HASH值通过对应的业务证书ID对应的非对称算法私钥加密HASH值作为升级包的签名;S03: the PKI server calculates the HASH value of the controller upgrade package, and encrypts the HASH value by the asymmetric algorithm private key corresponding to the corresponding service certificate ID according to the HASH value as the signature of the upgrade package; S04:车端网联设备收集车辆控制器相关版本信息,并按照SSL标准链路协议通过配置专网与所述OTA服务端通信;S04: The vehicle-end network connection device collects the relevant version information of the vehicle controller, and communicates with the OTA server through the configuration private network according to the SSL standard link protocol; S05:所述车端网联设备将所述车辆控制器相关版本信息发送到所述OTA服务端;S05: The in-vehicle network connection device sends the relevant version information of the vehicle controller to the OTA server; S06:所述OTA服务端判断所述车辆控制器相关版本信息是否为最新版本,如果不是,则通知所述车端网联设备下载所述控制器升级包;S06: The OTA server determines whether the relevant version information of the vehicle controller is the latest version, and if not, notifies the vehicle-end connected device to download the controller upgrade package; S07:所述车端网联设备校验所述控制器升级包的完整性;S07: The on-board networking device verifies the integrity of the controller upgrade package; S08:所述车端网联设备根据配置拓扑信息查询待升级控制器对应的SubMaster业务证书信息;S08: The in-vehicle network connection device queries the SubMaster service certificate information corresponding to the controller to be upgraded according to the configuration topology information; S09:所述车端网联设备将控制器升级包部署到对应的SubMaster设备,所述SubMaster设备对所述控制器升级包用对应的业务证书的非对称算法的公钥进行验签;S09: The vehicle-end networking device deploys the controller upgrade package to the corresponding SubMaster device, and the SubMaster device verifies the controller upgrade package using the public key of the asymmetric algorithm of the corresponding service certificate; S10:所述车端网联设备查询对应的SubMaster的加密ID,若所述SubMaster设备当前没有控制器升级包解密所需要的密钥,所述车端网联设备向所述SubMaster更新密钥以及对应的初始值信息,所述密钥通过SubMaster设备的业务证书公钥的校验;S10: The in-vehicle network connection device queries the encrypted ID of the corresponding SubMaster. If the SubMaster device currently does not have the key required for decrypting the controller upgrade package, the in-vehicle network connection device updates the key and the SubMaster to the SubMaster. Corresponding initial value information, the key is verified by the public key of the service certificate of the SubMaster device; S11:当所述控制器升级包及密钥校验通过后,所述SubMaster设备通知车端网联设备准备升级,车端网联设备检查车辆升级条件,进而通知所述SubMaster设备进行升级;S11: After the controller upgrade package and the key verification pass, the SubMaster device notifies the on-board connected device to prepare for upgrade, and the on-board connected device checks the vehicle upgrade condition, and then notifies the SubMaster device to upgrade; S12:所述SubMaster设备将所述控制器升级包解密并根据私有的升级包组织解析协议解析所述控制器升级包内容,对所述待升级控制器进行刷写升级。S12: The SubMaster device decrypts the controller upgrade package, parses the controller upgrade package content according to a private upgrade package organization and analysis protocol, and flashes and upgrades the controller to be upgraded. 2.根据权利要求1所述的OTA升级车辆控制器的方法,其特征在于,2. The method for OTA upgrading vehicle controller according to claim 1, wherein, 在所述S02中,所述PKI服务器对所述控制器升级包进行对称算法加密,记录并保存对应的密钥ID。In the S02, the PKI server encrypts the controller upgrade package with a symmetric algorithm, and records and saves the corresponding key ID. 3.根据权利要求1所述的OTA升级车辆控制器的方法,其特征在于,3. The method for OTA upgrading vehicle controller according to claim 1, wherein, 在所述S08中,若SubMaster设备当前没有所述控制器升级包验签所需要的业务证书,则所述车端网联设备向所述SubMaster设备更新业务证书,所述业务证书通过所述SubMaster内置的根证书公钥的校验。In the S08, if the SubMaster device currently does not have the service certificate required for the controller upgrade package verification and signature, the in-vehicle network connection device updates the service certificate to the SubMaster device, and the service certificate passes through the SubMaster device. Built-in verification of the root certificate public key. 4.根据权利要求1所述的OTA升级车辆控制器的方法,其特征在于,4. The method for OTA upgrading vehicle controller according to claim 1, wherein, 在所述S11中,所述车辆升级条件包括车速、发动机状态、车辆电源档位、手刹状态及蓄电池电量。In the S11, the vehicle upgrade conditions include vehicle speed, engine state, vehicle power supply gear, handbrake state, and battery power. 5.根据权利要求1所述的OTA升级车辆控制器的方法,其特征在于,5. The method for OTA upgrading vehicle controller according to claim 1, wherein, 在所述S12中,所述私有的升级包组织解析协议包括控制器升级包的版本信息、刷写类型、波特率、诊断ID、数据块大小、接收、发送及等待延时。In the S12, the private upgrade package organization and analysis protocol includes version information, flash type, baud rate, diagnostic ID, data block size, receiving, sending and waiting delays of the upgrade package of the controller. 6.一种OTA升级车辆控制器的系统,其特征在于,包括:6. a system for OTA upgrade vehicle controller, is characterized in that, comprises: 上传模块,用于OTA服务端上传由私有协议组织的控制器升级包;The upload module is used for the OTA server to upload the controller upgrade package organized by the private protocol; 第一加密模块,用于PKI服务器对所述控制器升级包进行对称算法加密;a first encryption module, used for the PKI server to perform symmetric algorithm encryption on the controller upgrade package; 计算模块,用于所述PKI服务器计算所述控制器升级包的HASH值;A calculation module, used for the PKI server to calculate the HASH value of the controller upgrade package; 第二加密模块,用于根据所述HASH值通过对应的业务证书ID对应的非对称算法私钥加密HASH值作为升级包的签名;The second encryption module is used for encrypting the HASH value as the signature of the upgrade package through the asymmetric algorithm private key corresponding to the corresponding service certificate ID according to the HASH value; 收集模块,用于车端网联设备收集车辆控制器相关版本信息;The collection module is used for the vehicle-end connected device to collect the relevant version information of the vehicle controller; 发送模块,用于所述车端网联设备将所述车辆控制器相关版本信息发送到所述OTA服务端;a sending module, used for the vehicle-end connected device to send the relevant version information of the vehicle controller to the OTA server; 第一判断模块,用于所述OTA服务端判断所述车辆控制器相关版本信息是否为最新版本,如果不是,则通知所述车端网联设备下载所述控制器升级包;a first judging module, used for the OTA server to judge whether the relevant version information of the vehicle controller is the latest version, and if not, notify the vehicle-end connected device to download the controller upgrade package; 校验模块,用于所述车端网联设备校验所述控制器升级包的完整性;a verification module, used for the vehicle-end network connection device to verify the integrity of the controller upgrade package; 第一查询模块,用于所述车端网联设备根据拓扑信息查询待升级控制器对应的SubMaster业务证书信息;a first query module, used for the in-vehicle network connection device to query the SubMaster service certificate information corresponding to the controller to be upgraded according to the topology information; 验签模块,用于SubMaster设备对控制器升级包用对应的业务证书的非对称算法的公钥进行验签;The signature verification module is used for the SubMaster device to verify the signature of the controller upgrade package using the public key of the asymmetric algorithm of the corresponding service certificate; 第二查询模块,用于所述车端网联设备查询对应的SubMaster的加密ID,若所述SubMaster设备当前没有控制器升级包解析所需要的密钥,所述车端网联设备向所述SubMaster更新密钥以及对应的初始值信息,且所述密钥通过SubMaster设备的业务证书公钥的校验;The second query module is used for the in-vehicle network connection device to query the encrypted ID of the corresponding SubMaster. If the SubMaster device currently does not have the key required for the analysis of the controller upgrade package, the in-vehicle network connection device sends the SubMaster updates the key and the corresponding initial value information, and the key passes the verification of the service certificate public key of the SubMaster device; 第二判断模块,用于车端网联设备检查车辆升级条件,进而通知SubMaster设备进行升级;The second judgment module is used for the vehicle-end connected device to check the vehicle upgrade conditions, and then notify the SubMaster device to upgrade; 解密模块,用于所述SubMaster设备将所述控制器升级包解密;a decryption module, used for the SubMaster device to decrypt the controller upgrade package; 解析模块,用于根据私有的升级包组织解析协议解析所述控制器升级包内容。The parsing module is used for parsing the content of the controller upgrade package according to the private upgrade package organization analysis protocol. 7.根据权利要求6所述的OTA升级车辆控制器的系统,其特征在于,7. The system for OTA upgrading vehicle controller according to claim 6, wherein, 在所述第一加密模块中,所述PKI服务器对所述控制器升级包进行对称算法加密,记录并保存对应的密钥ID。In the first encryption module, the PKI server encrypts the controller upgrade package with a symmetric algorithm, and records and saves the corresponding key ID. 8.根据权利要求6所述的OTA升级车辆控制器的系统,其特征在于,8. The system for OTA upgrading vehicle controller according to claim 6, wherein, 在所述第一查询模块中,若SubMaster设备当前没有控制器升级包验签所需要的业务证书,则车端网联设备向SubMaster设备更新业务证书,业务证书通过SubMaster内置的根证书公钥的校验。In the first query module, if the SubMaster device currently does not have the service certificate required for the controller upgrade package verification and signature, the in-vehicle network connection device updates the service certificate to the SubMaster device, and the service certificate passes through the built-in root certificate public key of the SubMaster. check. 9.根据权利要求6所述的OTA升级车辆控制器的系统,其特征在于,9. The system for OTA upgrading vehicle controller according to claim 6, wherein, 在所述第二判断模块中,所述车辆升级条件包括车速、发动机状态、车辆电源档位、手刹状态及蓄电池电量。In the second judging module, the vehicle upgrade conditions include vehicle speed, engine state, vehicle power supply gear, handbrake state, and battery power. 10.根据权利要求6所述的OTA升级车辆控制器的系统,其特征在于,10. The system for OTA upgrading vehicle controller according to claim 6, wherein, 在所述解析模块中,所述私有的升级包组织解析协议包括控制器升级包的版本信息、刷写类型、波特率、诊断ID、数据块大小、接收、发送及等待延时。In the analysis module, the private upgrade package organization analysis protocol includes version information, flash type, baud rate, diagnostic ID, data block size, receiving, sending and waiting delays of the upgrade package of the controller.
CN202210112368.1A 2022-01-29 2022-01-29 A method and system for OTA upgrading of vehicle controller Active CN114398064B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210112368.1A CN114398064B (en) 2022-01-29 2022-01-29 A method and system for OTA upgrading of vehicle controller

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210112368.1A CN114398064B (en) 2022-01-29 2022-01-29 A method and system for OTA upgrading of vehicle controller

Publications (2)

Publication Number Publication Date
CN114398064A true CN114398064A (en) 2022-04-26
CN114398064B CN114398064B (en) 2024-11-19

Family

ID=81233559

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210112368.1A Active CN114398064B (en) 2022-01-29 2022-01-29 A method and system for OTA upgrading of vehicle controller

Country Status (1)

Country Link
CN (1) CN114398064B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114978692A (en) * 2022-05-18 2022-08-30 中国第一汽车股份有限公司 Hybrid encryption transmission method and system for automobile UDS (Universal data System) diagnosis message
CN115257596A (en) * 2022-07-28 2022-11-01 一汽奔腾轿车有限公司 System and method for switching over-the-air (OTA) upgrading power supply modes of automobile
CN115309425A (en) * 2022-08-05 2022-11-08 苏州菩提树智能清洗设备有限公司 A cover type dishwasher and system with OTA firmware upgrade
CN115421756A (en) * 2022-09-16 2022-12-02 杭州云动智能汽车技术有限公司 Service type gateway upgrading method
CN120848920A (en) * 2025-07-18 2025-10-28 陕西天行健车联网信息技术有限公司 OTA upgrade method, system, device and medium for networkable controller

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111510448A (en) * 2020-04-10 2020-08-07 东风小康汽车有限公司重庆分公司 Communication encryption method, device and system in OTA (over the air) upgrade of automobile
CN111510485A (en) * 2020-04-10 2020-08-07 东风小康汽车有限公司重庆分公司 OTA upgrade package downloading method, device, vehicle end and server
CN111629002A (en) * 2020-05-28 2020-09-04 爱瑟福信息科技(上海)有限公司 OTA (over the air) safety upgrading method and system of vehicle ECU (electronic control Unit)
WO2021136258A1 (en) * 2019-12-30 2021-07-08 华为技术有限公司 Method and apparatus for upgrading software

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021136258A1 (en) * 2019-12-30 2021-07-08 华为技术有限公司 Method and apparatus for upgrading software
CN111510448A (en) * 2020-04-10 2020-08-07 东风小康汽车有限公司重庆分公司 Communication encryption method, device and system in OTA (over the air) upgrade of automobile
CN111510485A (en) * 2020-04-10 2020-08-07 东风小康汽车有限公司重庆分公司 OTA upgrade package downloading method, device, vehicle end and server
CN111629002A (en) * 2020-05-28 2020-09-04 爱瑟福信息科技(上海)有限公司 OTA (over the air) safety upgrading method and system of vehicle ECU (electronic control Unit)

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
谭凡: "智能网联汽车FOTA系统安全机制的研究与实现", 《中国优秀硕士学位论文全文数据库 工程科技II辑》, 15 July 2020 (2020-07-15), pages 035 - 299 *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114978692A (en) * 2022-05-18 2022-08-30 中国第一汽车股份有限公司 Hybrid encryption transmission method and system for automobile UDS (Universal data System) diagnosis message
CN114978692B (en) * 2022-05-18 2024-03-22 中国第一汽车股份有限公司 Method and system for transmitting UDS (Universal description service) diagnostic message in hybrid encryption mode for automobile
CN115257596A (en) * 2022-07-28 2022-11-01 一汽奔腾轿车有限公司 System and method for switching over-the-air (OTA) upgrading power supply modes of automobile
CN115309425A (en) * 2022-08-05 2022-11-08 苏州菩提树智能清洗设备有限公司 A cover type dishwasher and system with OTA firmware upgrade
CN115421756A (en) * 2022-09-16 2022-12-02 杭州云动智能汽车技术有限公司 Service type gateway upgrading method
CN115421756B (en) * 2022-09-16 2023-07-18 杭州云动智能汽车技术有限公司 A service-oriented gateway upgrade method
CN120848920A (en) * 2025-07-18 2025-10-28 陕西天行健车联网信息技术有限公司 OTA upgrade method, system, device and medium for networkable controller

Also Published As

Publication number Publication date
CN114398064B (en) 2024-11-19

Similar Documents

Publication Publication Date Title
CN114398064A (en) A method and system for OTA upgrading vehicle controller
US12217042B2 (en) Method and apparatus for processing upgrade package of vehicle
CN113176902A (en) OTA (over the air) upgrading method of vehicle ECU (electronic control Unit), electronic equipment, vehicle and readable storage medium
US11579865B2 (en) Vehicle information communication system
CN112052017A (en) OTA (over the air) upgrading system and method for automobile CAN (controller area network) controller
CN111190633A (en) OTA (over the air) upgrading system and method for whole electric control unit
CN110351314B (en) Remote upgrade method of automobile controller and computer-readable storage medium
CN111478897A (en) OTA (over the air) upgrading method and system for vehicle ECU (electronic control Unit)
US9916151B2 (en) Multiple-stage secure vehicle software updating
CN103207791B (en) Remote upgrade method, system and data terminal
CN111061499A (en) A file system-based ECU update method and system
CN112534793A (en) Vehicle-mounted equipment upgrading method and related device
CN111585329A (en) Wireless power supply system, vehicle connector, peripheral device, power supply method, and vehicle
US20140052330A1 (en) Methods and Apparatus for Vehicle Computing System Software Updates
CN110378123A (en) A kind of method for upgrading software and system for car-mounted terminal
CN111277477B (en) FOTA system supporting simultaneous upgrading of vehicle-mounted multiple network segments
CN115225699A (en) Vehicle data acquisition method, vehicle telematics processor and storage medium
CN111279310A (en) Vehicle-mounted equipment upgrading method and related equipment
JP7571621B2 (en) Center device and on-board electronic control device
CN113805916A (en) An upgrade method, system, readable storage medium and vehicle
CN115495114A (en) A standardized vehicle OTA vehicle version upgrade method
CN112181449A (en) Vehicle software upgrade method, device, system and storage medium
WO2022226938A1 (en) Software upgrade method and related product
CN114697358A (en) Intelligent automobile FOTA upgrading system and method
CN108282177B (en) An upgrade method based on fault-tolerant design of in-vehicle OTA terminal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant