[go: up one dir, main page]

CN114721680B - Vehicle-mounted applet offline update method and vehicle-mounted applet offline update system - Google Patents

Vehicle-mounted applet offline update method and vehicle-mounted applet offline update system Download PDF

Info

Publication number
CN114721680B
CN114721680B CN202110009731.2A CN202110009731A CN114721680B CN 114721680 B CN114721680 B CN 114721680B CN 202110009731 A CN202110009731 A CN 202110009731A CN 114721680 B CN114721680 B CN 114721680B
Authority
CN
China
Prior art keywords
data packet
applet
vehicle
mcu
security module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110009731.2A
Other languages
Chinese (zh)
Other versions
CN114721680A (en
Inventor
赵伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BYD Co Ltd
Original Assignee
BYD Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BYD Co Ltd filed Critical BYD Co Ltd
Priority to CN202110009731.2A priority Critical patent/CN114721680B/en
Publication of CN114721680A publication Critical patent/CN114721680A/en
Application granted granted Critical
Publication of CN114721680B publication Critical patent/CN114721680B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/61Installation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/70Software maintenance or management
    • G06F8/71Version control; Configuration management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Small-Scale Networks (AREA)

Abstract

The application discloses a vehicle-mounted applet off-line updating method and a vehicle-mounted applet off-line updating system, wherein the vehicle-mounted applet off-line updating method comprises the following steps of after a secure communication channel between the vehicle-mounted applet off-line updating method and an upper computer is established, performing two-way authentication based on the secure communication channel and the upper computer, and receiving an encrypted data packet issued by the upper computer after the two-way authentication is successful; decrypting and format converting the encrypted data packet to generate a TLV format data packet, encrypting the TLV format data packet, and sending the TLV format data packet to the security module so that the applet stored in the security module is updated according to the decrypted TLV format data packet. Therefore, the off-line updating method of the vehicle-mounted applet can rapidly and conveniently update the vehicle-mounted applet off-line, and can not cause failure of updating the vehicle-mounted applet and missing of functions of the vehicle-mounted applet, so that missing of functions of the vehicle can be avoided, and meanwhile, the transmission safety in the data transmission process can be ensured.

Description

Off-line updating method for vehicle-mounted applet and off-line updating system for vehicle-mounted applet
Technical Field
The present invention relates to the field of vehicles, and in particular, to a vehicle-mounted applet offline updating method and a vehicle-mounted applet offline updating system.
Background
In the related art, the update and the fault solution of the vehicle end module software are based on the operation of external equipment, and the software update of the related module can be completed on line or off line after the external equipment is accessed, however, based on the existing diagnosis programming specification, the problem that the update time of the software update of the related module is long and the related module does not contain double backups can cause the update failure of an application program and the software function deletion, thereby causing the vehicle function deletion,
In addition, the updating of the existing vehicle module software is mainly carried out through a CAN network, the transmitted security mechanism is determined based on the diagnosis programming specification, however, for the security level of the encryption and authentication mechanism of the data transmission in the transmission process, the two data transmission parties have no clearly related security level,
In addition, the software functions of the existing vehicle module are mainly concentrated on the main control MCU side, and processing function logic and implementation algorithms are all in the MCU, so that the safety storage with higher encryption level requirements has a certain risk.
Disclosure of Invention
The present invention aims to solve at least one of the technical problems existing in the prior art. Therefore, an object of the present invention is to provide an offline vehicle-mounted applet updating method, which can quickly and conveniently update an offline vehicle-mounted applet, and can not cause failure of the update of the vehicle-mounted applet and missing of functions of the vehicle-mounted applet, so that missing of functions of a vehicle can be avoided, and meanwhile, transmission safety in a data transmission process can be ensured.
The invention further provides an off-line updating method of the vehicle-mounted applet.
The invention further proposes a computer readable storage medium.
The invention further provides a master control MCU.
The invention further provides an upper computer.
The invention further provides an off-line updating system for the vehicle-mounted applet.
The method for offline updating the vehicle-mounted applet comprises the following steps of performing two-way authentication with an upper computer based on a secure communication channel after the secure communication channel is established with the upper computer, receiving an encrypted data packet issued by the upper computer after the two-way authentication is successful, decrypting and converting the encrypted data packet to generate a TLV format data packet, encrypting the TLV format data packet and sending the encrypted TLV format data packet to a secure module, so that the applet stored in the secure module is updated according to the decrypted TLV format data packet.
According to the vehicle-mounted applet offline updating method, the vehicle-mounted applet can be updated offline rapidly and conveniently, and the failure of the update of the vehicle-mounted applet and the loss of functions of the vehicle-mounted applet are avoided, so that the loss of functions of the vehicle can be avoided, and meanwhile, the transmission safety in the data transmission process can be ensured.
In some examples of the invention, establishing a secure communication channel with an upper computer includes receiving an execution secure operation command issued by the upper computer, responding to the execution secure operation command according to a preset secure channel specification requirement to generate a response command, and sending the response command to the upper computer to complete establishment of the secure communication channel.
In some examples of the invention, the two-way authentication is performed with the upper computer based on the secure communication channel, and the two-way authentication comprises the steps of receiving a static key sent by the upper computer, calculating a shared negotiation key pair according to the static key, and completing the two-way authentication according to the shared negotiation key pair.
In some examples of the present invention, after the mutual authentication is completed, the host computer is further configured to interact with the host computer to generate a session key according to the shared negotiation key pair, and decrypt the encrypted data packet according to the session key.
In some examples of the present invention, before receiving the encrypted data packet, the received request packet of the upper computer is converted into an APDU encryption instruction and sent to the security module, and a response packet fed back by the security module is received, and the response packet is format-converted and then uploaded to the upper computer.
The method for offline updating the vehicle-mounted applet comprises the following steps of conducting bidirectional authentication with a main control MCU based on a secure communication channel after the secure communication channel between the main control MCU and the main control MCU is established, encrypting a data packet to be updated to generate an encrypted data packet after the bidirectional authentication is successful, and sending the encrypted data packet to the main control MCU so that the main control MCU can decrypt and convert the encrypted data packet to generate a TLV format data packet, encrypting the TLV format data packet by the main control MCU and sending the encrypted data packet to a security module so that the applet stored in the security module can be updated according to the decrypted TLV format data packet.
In some examples of the invention, establishing the secure communication channel with the master MCU includes sending an execute secure operation command to the master MCU so that the master MCU responds to the execute secure operation command according to a preset secure channel specification requirement to generate a response command, and completing the establishment of the secure communication channel after receiving the response command.
In some examples of the invention, performing mutual authentication with the master MCU based on the secure communication channel includes sending a static key to the master MCU and performing mutual authentication based on the shared negotiation key pair by interacting with the master MCU to calculate the shared negotiation key pair based on the static key.
In some examples of the present invention, after the bidirectional authentication is completed, the master MCU is further configured to interact with the master MCU to generate a session key according to the shared negotiation key pair, and encrypt the data packet to be updated according to the session key.
In some examples of the present invention, before sending the encrypted data packet to the master MCU, an upper computer request packet is further sent to the master MCU, so that the master MCU converts the upper computer request packet into an APDU encryption command and sends the APDU encryption command to the security module, and receives a conversion packet uploaded by the master MCU, where the conversion packet is obtained by performing format conversion on a received response packet fed back by the security module by the master MCU.
In some examples of the present invention, the data packet to be updated is also acquired from the server side before a secure communication channel with the master MCU is established.
The computer-readable storage medium according to the present invention has stored thereon a vehicular applet-based offline update program that, when executed by a processor, implements the vehicular applet offline update method described above.
According to the computer readable storage medium, the vehicle-mounted applet can be updated offline quickly and conveniently, and the failure of the update of the vehicle-mounted applet and the loss of functions of the vehicle-mounted applet are avoided, so that the loss of functions of the vehicle can be avoided, and meanwhile, the transmission safety in the data transmission process can be ensured.
The main control MCU according to the invention comprises a memory, a processor and a vehicular applet off-line updating program which is stored in the memory and can run on the processor, wherein the processor realizes the vehicular applet off-line updating method when executing the vehicular applet off-line updating program.
The upper computer comprises a memory, a processor and a vehicle-mounted applet off-line updating program which is stored in the memory and can run on the processor, wherein the processor realizes the vehicle-mounted applet off-line updating method when executing the vehicle-mounted applet off-line updating program.
The vehicle-mounted applet offline updating system comprises an upper computer, a main control MCU and a safety module, wherein the applet is arranged in the safety module, the upper computer is used for establishing a safety communication channel between the upper computer and the main control MCU, after the safety communication channel is established, bidirectional authentication is carried out according to the safety communication channel and the main control MCU, after the bidirectional authentication is successful, an updating data packet is encrypted to generate an encrypted data packet and the encrypted data packet is sent to the main control MCU, the main control MCU is used for decrypting and converting the encrypted data packet to generate a TLV format data packet, encrypting the TLV format data packet and then sending the TLV format data packet to the safety module, and the safety module is used for receiving and decrypting the encrypted TLV format data packet and updating the applet according to the decrypted TLV format data packet.
According to the vehicle-mounted applet offline updating system, the vehicle-mounted applet can be updated offline rapidly and conveniently, and the failure of the update of the vehicle-mounted applet and the loss of functions of the vehicle-mounted applet are avoided, so that the loss of functions of the vehicle can be avoided, and meanwhile, the transmission safety in the data transmission process can be ensured.
Additional aspects and advantages of the invention will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention.
Drawings
The foregoing and/or additional aspects and advantages of the invention will become apparent and may be better understood from the following description of embodiments taken in conjunction with the accompanying drawings in which:
FIG. 1 is a flowchart of a method for offline updating of an in-vehicle applet, according to an embodiment of the present invention;
FIG. 2 is a flowchart of another embodiment of an in-vehicle applet offline updating method according to an embodiment of the invention;
FIG. 3 is a block diagram illustrating an in-vehicle applet offline updating system according to an embodiment of the present invention;
FIG. 4 is a block diagram of a processor, memory, communication interface, communication bus, according to one embodiment of the invention.
Reference numerals:
the in-vehicle applet offline update system 100;
the system comprises an upper computer 10, a vehicle end PAD11, a diagnosis device 12;
A main control MCU20;
A security module 30;
a server side 40, a cloud server 41, a diagnosis server 42;
Processor 1201, communication interface 1202, memory 1203, and communication bus 1204.
Detailed Description
Embodiments of the present invention are described in detail below, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to like or similar elements or elements having like or similar functions throughout. The embodiments described below by referring to the drawings are illustrative only and are not to be construed as limiting the invention.
An in-vehicle applet offline updating system 100 and an in-vehicle applet offline updating method according to an embodiment of the present invention are described below with reference to fig. 1 to 4.
As shown in fig. 3, the in-vehicle applet offline updating system 100 according to an embodiment of the present invention includes a host computer 10, a main control MCU (Microcontroller unit-micro control unit) 20, and a security module (SE-Secure Element) 30. The applet is provided in the security module 30. The upper computer 10 is configured to establish a secure communication channel with the master MCU20, perform bidirectional authentication with the master MCU20 according to the secure communication channel after the secure communication channel is established, encrypt a data packet to be updated after the bidirectional authentication is successful to generate an encrypted data packet, and send the encrypted data packet to the master MCU20. It should be noted that, the upper computer 10 can establish a secure communication channel with the main control MCU20, after the secure communication channel is established, the upper computer 10 can perform bidirectional authentication with the main control MCU20 according to the secure communication channel, after the bidirectional authentication between the upper computer 10 and the main control MCU20 is successful, the upper computer 10 can encrypt the data packet to be updated to generate an encrypted data packet, and the upper computer 10 can send the encrypted data packet to the main control MCU20.
The main control MCU20 is configured to decrypt and format-convert the encrypted data packet to generate a TLV (TAG LENGTH Value-data format transferred between the card and the terminal) format data packet, encrypt the TLV format data packet, and send the encrypted TLV format data packet to the security module 30. It should be explained that, the master MCU20 may decrypt the encrypted data packet sent from the host computer 10, and the master MCU20 may perform format conversion on the decrypted encrypted data packet to convert the format of the decrypted encrypted data packet into a TLV format data packet, after that, the master MCU20 may encrypt the TLV format data packet, and the master MCU20 may send the encrypted TLV format data packet to the security module 30.
The security module 30 receives and decrypts the encrypted TLV format data packet, and updates the applet according to the decrypted TLV format data packet, and it should be noted that the security module 30 may receive the encrypted TLV format data packet sent by the main control MCU20, the security module 30 may decrypt the TLV format data packet after receiving the encrypted TLV format data packet sent by the main control MCU20, and the security module 30 may update the applet set in the security module 30 according to the decrypted TLV format data packet, so as to complete offline update of the applet.
Specifically, the host computer 10 may include, but is not limited to, a vehicle-end PAD11 and a diagnostic device 12, where the host computer 10 and the master MCU20 may be connected through a CAN (Controller Area Networker controller area network-) bus or a CANFD (CAN With Flexible Data Rate-serial communication protocol based on CAN 2.0 physical layer) bus, the security module 30 may further include a cos system, the security module 30 needs to satisfy the normal functions of the cos system and applet to ensure that the data packet CAN be completely transmitted during the communication process, and the master MCU20 and the security module 30 may be connected through an SPI bus (SERIAL PERIPHERAL INTERFACE-synchronous serial interface) to ensure that the master MCU20 and the security module 30 communicate normally.
The offline vehicle applet updating system 100 may further include a server 40, where the server 40 may include, but is not limited to, a cloud server 41 and a diagnostic server 42, preferably, the server 40 and the host computer 10 may transmit data packets to be updated through a TCP or IP network channel, further, the cloud server 41 and the vehicle PAD11 may transmit data packets to be updated through a TCP or IP network channel, the diagnostic server 42 and the diagnostic device 12 may also transmit data packets to be updated through a TCP or IP network channel, the host computer 10 may obtain the data packets to be updated from the server 40 and load the data packets to be updated into a local memory, the host computer 10 may establish a secure communication channel with the master MCU20, after the secure communication channel is established, the host computer 10 may perform bidirectional authentication with the master MCU20 according to the secure communication channel, after the bidirectional authentication between the host computer 10 and the master MCU20 is successful, the host computer 10 is capable of encrypting a data packet to be updated to generate an encrypted data packet and transmitting the encrypted data packet to the host MCU20, the host MCU20 may decrypt the encrypted data packet transmitted from the host computer 10 and perform format conversion to convert the format of the decrypted encrypted data packet into a TLV format data packet, after that, the host MCU20 may encrypt the TLV format data packet, and the host MCU20 may transmit the encrypted TLV format data packet to the security module 30 through the SPI bus, the security module 30 may decrypt the TLV format data packet after receiving the encrypted TLV format data packet transmitted from the host MCU20, and the security module 30 may update the applet provided in the security module 30 according to the decrypted TLV format data packet to complete offline updating of the applet, further, after the MCU20 receives the encrypted data packet transmitted from the host computer 10, MCU20 may store encrypted data packets and may perform software version detection of an applet of security module 30.
Therefore, the upper computer 10, the main control MCU20 and the safety module 30 cooperate to perform offline updating on the vehicle-mounted applet rapidly and conveniently, and the failure of the updating of the vehicle-mounted applet and the functional loss of the vehicle-mounted applet are avoided, so that the functional loss of a vehicle can be avoided, and meanwhile, the transmission safety in the data transmission process can be ensured.
As some embodiments of the present invention, establishing a secure communication channel with the host computer 10 may include receiving an execution secure operation command issued by the host computer 10, responding to the execution secure operation command according to a preset secure channel specification requirement to generate a response command, and transmitting the response command to the host computer 10 to complete the establishment of the secure communication channel. It should be explained that, the host computer 10 may send an execution security operation command to the master control MCU20, the master control MCU20 may receive the execution security operation command issued by the host computer 10, after receiving the execution security operation command issued by the host computer 10, the master control MCU20 may respond to the execution security operation command according to a preset security channel specification requirement to generate a response command, and after the MCU20 generates the response command, the MCU20 may send the response command to the host computer 10 to establish a security communication channel with the host computer 10, where the preset security channel specification requirement may be a security channel SCP11c (GlobalPlatform card technical security channel protocol "11") specification requirement.
As some embodiments of the present invention, performing the mutual authentication with the upper computer 10 based on the secure communication channel may include receiving a static key transmitted from the upper computer 10, calculating a shared negotiation key pair according to the static key, and performing the mutual authentication according to the shared negotiation key pair. It should be explained that, after the secure communication channel is established, the MCU20 may receive the static key sent by the upper computer 10, and the MCU20 may calculate the shared negotiation key pair (ECKA) according to the static key sent by the upper computer 10, then the MCU20 may perform bidirectional authentication with the upper computer 10 according to the shared negotiation key pair, specifically, the MCU20 may derive a channel session key (AES) according to the shared negotiation key pair, and the MCU20 may generate a response command according to the channel session key and return the response command to the upper computer 10 to perform bidirectional authentication with the upper computer 10, thereby ensuring transmission security in the data transmission process.
As some embodiments of the present invention, after the mutual authentication is completed, the host computer 10 may also interact to generate a session key according to the shared negotiation key pair and decrypt the encrypted data packet according to the session key. It should be noted that, after the MCU20 and the upper computer 10 complete the mutual authentication, the MCU20 may interact with the upper computer 10 to generate a session key according to the shared negotiation key pair, and the MCU20 may decrypt an encrypted data packet transmitted from the upper computer 10 according to the session key, then the MCU20 may perform format conversion on the data packet to generate a TLV format data packet, encrypt the TLV format data packet, and send the encrypted TLV format data packet to the security module 30 through the SPI bus, thereby further ensuring transmission security in the data transmission process.
It should be noted that, the exchange information between the MCU20 and the security module 30 may be protected by a secure messaging of the SCP03 (global platform card technical security channel protocol "03"), and the encrypted data packet is issued to the MCU20 according to the diagnostic specification, in the SCP03 secure communication mechanism, the transmitted data is packaged into APDU (Application Protocol Data Unit-application protocol data unit) commands for encryption processing and transmission, the plaintext command data transmitted by the SCP03 is firstly encrypted by the session key to generate an encrypted command, then encrypted to generate a CMAC value, finally, the encrypted command+cmac value is filled according to the fixed format, and in the channel transmission process, the data is encrypted and retransmitted by the channel session key according to the data security requirement, so as to ensure confidentiality and integrity of the data.
After the data packet is loaded, software version detection of the applet of the security module 30 may be performed, and in addition, according to the diagnostic specification requirement, the programming upgrade of the master MCU20 needs to be performed through stages such as version reading, vehicle silence, security access, entering into a programming diagnostic session mode, data downloading and transmission, and for the upgrade of the security module 30, only part of stages need to be adopted because the data packet forwarding of the master MCU20 needs to be considered.
As some embodiments of the present invention, before receiving the encrypted data packet, the received request message of the upper computer is converted into an APDU encryption command and sent to the security module 30, and the response message fed back by the security module 30 is received, and the response message is format-converted and then uploaded to the upper computer 10.
It should be explained that, regarding each request of the upper computer 10, that is, each time the upper computer 10 sends an upper computer request message (encrypted data packet) to the main control MCU20, the main control MCU20 needs to convert the upper computer request message into an APDU encrypted instruction in a corresponding TLV format and send the APDU encrypted instruction to the security module 30, and the security module 30 needs to set a silent state of the non-programming node, after entering the programming diagnosis session mode, the request is exited through the security access service first, and then directly entering the data downloading, the data transmission, and the request transmission. In the data downloading stage, a data buffer area with a size of 256 bytes CAN be set to store the downloading content, that is, firstly, the encrypted data packet transmitted by the host computer 10 through the CAN or CANFD bus is stored, then the host MCU20 responds successfully, in the later data transmission stage, the host MCU20 adds a header and a trailer to the downloaded encrypted data packet to package, an APDU encryption instruction in a TLV format is formed and sent to the security module 30, after the security module 30 receives the APDU encryption instruction in the TLV format sent by the host MCU20, the security module 30 transmits a completion response message to the host MCU20, the host MCU20 CAN convert the completion response message into a CAN message and transmit the CAN message to the host computer 10, and normally completes issuing the transmitted and withdrawn execution instruction according to specifications, so that the issuing of the encrypted data packet is completed repeatedly.
As some embodiments of the present invention, a sequence counter may be set on the upper computer 10 side and the main control MCU20 side at the same time to perform a counting operation in a data transmission process, and after the count reaches a determined number, a memory check is performed to complete self-updating of an applet of the security module 30, then the security module 30 performs an update status query of the applet, and after the query passes, performs a status reset of the security module 30 to remove a silent status of an un-programmed node, and then the security module 30 packages a diagnostic response and completes the transmission of the response to the main control MCU20, and the main control MCU20 converts the response into CAN data and returns the CAN data to the upper computer 10.
As some embodiments of the present invention, establishing a secure communication channel with the master MCU20 may include transmitting an execution secure operation command to the master MCU20 so that the master MCU20 responds to the execution secure operation command according to a preset secure channel specification requirement to generate a response command, and completing the establishment of the secure communication channel after receiving the response command. It should be noted that, the upper computer 10 may send an execution security operation command to the main control MCU20, after receiving the execution security operation command issued by the upper computer 10, the main control MCU20 may respond to the execution security operation command issued by the upper computer 10 according to a preset security channel specification requirement to generate a response command, then the MCU20 may send the response command to the upper computer 10, and after receiving the response command, the upper computer 10 may complete establishment of a security communication channel with the MCU20, where the preset security channel specification requirement may be a security channel SCP11c (GlobalPlatform card technical security channel protocol "11") specification requirement.
As some embodiments of the present invention, performing the mutual authentication with the master MCU20 based on the secure communication channel may include transmitting a static key to the master MCU20 and calculating a shared negotiation key pair according to the static key by interacting with the master MCU, and performing the mutual authentication according to the shared negotiation key pair. It should be explained that, after the secure communication channel is established, the upper computer 10 may send the static key to the master MCU20, and the upper computer 10 may calculate the shared negotiation key pair according to the static key by interacting with the master MCU, then the upper computer 10 may complete the bidirectional authentication with the MCU20 according to the shared negotiation key pair, specifically, the MCU20 may derive the channel session key according to the shared negotiation key pair, and the MCU20 may generate the response command according to the channel session key, and return the response command to the upper computer 10 to complete the bidirectional authentication with the upper computer 10, thereby ensuring the transmission security in the data transmission process.
As some embodiments of the present invention, after the mutual authentication is completed, the master MCU20 may also interact to generate a session key according to the shared negotiation key pair and encrypt the data packet to be updated according to the session key. It should be noted that, after the upper computer 10 and the MCU20 complete the mutual authentication, the upper computer 10 may interact with the master MCU20 to generate a session key according to the shared negotiation key pair, and the upper computer 10 may encrypt the data packet to be updated according to the session key to generate an encrypted data packet, and the upper computer 10 may send the encrypted data packet to the master MCU20, thereby further ensuring transmission security in the data transmission process.
It should be noted that, the exchange information between the MCU20 and the security module 30 is protected by the transmission of a security message by the SCP03 (global platform card technical security channel protocol "03"), and is issued to the encrypted data packet of the MCU20 according to the diagnostic specification, in the SCP03 security communication mechanism, the transmitted data is packaged into APDU commands for encryption processing and transmission, the plaintext command data transmitted by the SCP03 is firstly encrypted by a session key to generate an encrypted command, then encrypted to generate a CMAC value, finally, the encrypted command+cmac value is filled according to a fixed format, and in the channel transmission process, the data is transmitted by encrypting and retransmitting the fixed format transmission data by a channel session key according to the data security requirement, so as to ensure the confidentiality and integrity of the data.
After the data packet is loaded, software version detection of the applet of the security module 30 may be performed, and in addition, according to the diagnostic specification requirement, the upgrade of the master MCU20 needs to be performed through stages such as version reading, vehicle silence, security access, entering into a programming diagnostic session mode, data downloading and transmission, and for the upgrade of the security module 30, only a partial stage needs to be adopted because the data packet forwarding of the master MCU20 needs to be considered.
As some embodiments of the present invention, before sending the encrypted data packet to the master MCU20, the host request packet is further sent to the master MCU20, so that the master MCU20 converts the host request packet into an APDU encryption command and sends the APDU encryption command to the security module 30, and receives a conversion packet uploaded by the master MCU20, where the conversion packet is obtained by performing format conversion on a response packet fed back by the security module 30 and received by the master MCU 20.
It should be explained that, regarding each request of the upper computer 10, that is, each time the upper computer 10 sends an upper computer request message (encrypted data packet) to the main control MCU20, the main control MCU20 needs to convert the upper computer request message into an APDU encrypted instruction in a corresponding TLV format and send the APDU encrypted instruction to the security module 30, and the security module 30 needs to set a silent state of the non-programming node, after entering the programming diagnosis session mode, the request is exited through the security access service first, and then directly entering the data downloading, the data transmission, and the request transmission. In the data downloading stage, a data buffer area with a size of 256 bytes CAN be set to store the downloading content, that is, firstly, the encrypted data packet transmitted by the host computer 10 through the CAN or CANFD bus is stored, then the host MCU20 responds successfully, in the later data transmission stage, the host MCU20 adds a header and a trailer to the downloaded encrypted data packet to package, an APDU encryption instruction in a TLV format is formed and sent to the security module 30, after the security module 30 receives the APDU encryption instruction in the TLV format sent by the host MCU20, the security module 30 transmits a completion response message to the host MCU20, the host MCU20 CAN convert the completion response message into a CAN message and transmit the CAN message to the host computer 10, and normally completes issuing the transmitted and withdrawn execution instruction according to specifications, so that the issuing of the encrypted data packet is completed repeatedly.
As some embodiments of the present invention, a sequence counter may be set on the upper computer 10 side and the main control MCU20 side at the same time to perform a counting operation in a data transmission process, and after the count reaches a determined number, a memory check is performed to complete self-updating of an applet of the security module 30, then the security module 30 performs an update status query of the applet, and after the query passes, performs a status reset of the security module 30 to remove a silent status of an un-programmed node, and then the security module 30 packages a diagnostic response and completes the transmission of the response to the main control MCU20, and the main control MCU20 converts the response into CAN data and returns the CAN data to the upper computer 10.
As some embodiments of the present invention, before the secure communication channel with the master MCU20 is established, the data packet to be updated is also obtained from the server side 40, and it should be explained that, before the secure communication channel with the master MCU20 is established, the upper computer 10 may obtain the data packet to be updated from the server side 40 and load the data packet to be updated into the local memory, so that the upper computer 10 may obtain the data packet to be updated and store the data packet to be updated.
Fig. 1 is a flowchart of an off-line update method of a vehicle-mounted applet according to an embodiment of the present invention, which can be implemented by the off-line update system of the above embodiment, as shown in fig. 1, the off-line update method of the vehicle-mounted applet includes the steps of:
S1, after a secure communication channel is established with the upper computer, performing bidirectional authentication with the upper computer based on the secure communication channel, and receiving an encrypted data packet issued by the upper computer after the bidirectional authentication is successful. It should be explained that the vehicle-mounted applet offline updating system comprises an upper computer, a main control MCU (Microcontroller unit-micro control unit) and a security module (SE-security Element), wherein the upper computer is used for establishing a security communication channel with the main control MCU, after the security communication channel is established, the upper computer performs bidirectional authentication with the main control MCU according to the security communication channel, encrypts an update data packet to generate an encrypted data packet after the bidirectional authentication is successful, and sends the encrypted data packet to the main control MCU. It should be noted that, the host computer can establish a secure communication channel with the main control MCU, after the secure communication channel is established, the host computer can perform bidirectional authentication with the main control MCU according to the secure communication channel, after the host computer and the main control MCU perform bidirectional authentication successfully, the host computer can encrypt the data packet to be updated so as to generate an encrypted data packet, and the host computer can send the encrypted data packet to the main control MCU.
S2, decrypting and format converting the encrypted data packet to generate a TLV format data packet, encrypting the TLV format data packet, and sending the TLV format data packet to the security module so that the applet stored in the security module can be updated according to the decrypted TLV format data packet. It should be noted that, the master MCU may decrypt the encrypted data packet sent by the upper computer, and the master MCU may perform format conversion on the decrypted encrypted data packet to convert the format of the decrypted encrypted data packet into a TLV format data packet, then, the master MCU may encrypt the TLV format data packet, and the master MCU may send the encrypted TLV format data packet to the security module, the security module may receive the encrypted TLV format data packet sent by the master MCU, and after the security module receives the encrypted TLV format data packet sent by the master MCU, the security module may decrypt the TLV format data packet, and the security module may update the applet set in the security module according to the decrypted TLV format data packet, so as to complete offline update of the applet.
Specifically, the upper computer may include, but is not limited to, a vehicle-end PAD and a diagnostic device, where the upper computer and the master MCU may be connected through a CAN (Controller Area Networker controller area network-) bus or a CANFD (CAN With Flexible Data Rate-serial communication protocol based on CAN 2.0 physical layer) bus, the security module may further include a cos system, the security module needs to satisfy normal functions of the cos system and the applet, so as to ensure that a data packet CAN be completely transmitted in a communication process, and the master MCU and the security module may be connected through an SPI bus (SERIAL PERIPHERAL INTERFACE-synchronous serial interface), so that normal communication between the master MCU and the security module may be ensured.
The vehicle applet offline updating system may further include a server, which may include, but is not limited to, a cloud server and a diagnostic server, preferably, the server and the upper computer may transmit data packets to be updated through a TCP or IP network channel, further, the cloud server and the vehicle PAD may transmit data packets to be updated through a TCP or IP network channel, the diagnostic server and the diagnostic device may also transmit data packets to be updated through a TCP or IP network channel, the upper computer may acquire the data packets to be updated from the server and load the data packets to be updated into a local memory, the upper computer may establish a secure communication channel with the master MCU, after the secure communication channel is established, the upper computer may perform bidirectional authentication with the master MCU according to the secure communication channel, after the bidirectional authentication between the upper computer and the master MCU is successful, the host computer can encrypt the data packet to be updated to generate an encrypted data packet and send the encrypted data packet to the main control MCU, the main control MCU can decrypt the encrypted data packet sent by the host computer and perform format conversion to convert the format of the decrypted encrypted data packet into a TLV format data packet, then the main control MCU can encrypt the TLV format data packet, and the main control MCU can send the encrypted TLV format data packet to the security module through the SPI bus, the security module can decrypt the TLV format data packet after receiving the encrypted TLV format data packet sent by the main control MCU, and the security module can update the applet arranged at the security module according to the decrypted TLV format data packet to complete offline updating of the applet, further, after the MCU receives the encrypted data packet sent by the host computer, the MCU can store the encrypted data packet, and software version detection of the applet of the security module can be performed.
Therefore, the off-line updating method of the vehicle-mounted applet can rapidly and conveniently update the vehicle-mounted applet off-line, and can not cause failure of updating the vehicle-mounted applet and missing of functions of the vehicle-mounted applet, so that missing of functions of the vehicle can be avoided, and meanwhile, the transmission safety in the data transmission process can be ensured.
In some embodiments of the present invention, establishing a secure communication channel with an upper computer may include receiving an execution secure operation command issued by the upper computer, responding to the execution secure operation command according to a preset secure channel specification requirement to generate a response command, and transmitting the response command to the upper computer to complete the establishment of the secure communication channel. It should be explained that, the upper computer may send an execution security operation command to the main control MCU, the main control MCU may receive the execution security operation command issued by the upper computer, and after receiving the execution security operation command issued by the upper computer, the main control MCU may respond to the execution security operation command according to a preset security channel specification requirement to generate a response command, and after the MCU generates the response command, the MCU may send the response command to the upper computer to establish a security communication channel with the upper computer, where the preset security channel specification requirement may be a security channel SCP11c (GlobalPlatform card technical security channel protocol "11") specification requirement.
In some embodiments of the present invention, performing the mutual authentication with the upper computer based on the secure communication channel may include receiving a static key sent by the upper computer, calculating a shared negotiation key pair according to the static key, and performing the mutual authentication according to the shared negotiation key pair. It should be explained that, after the secure communication channel is established, the MCU may receive the static key sent by the upper computer, and the MCU may calculate the shared negotiation key pair (ECKA) according to the static key sent by the upper computer, and then the MCU may perform bidirectional authentication with the upper computer according to the shared negotiation key pair, specifically, the MCU may derive a channel session key (AES) according to the shared negotiation key pair, and the MCU may generate a response command according to the channel session key, and return the response command to the upper computer to perform bidirectional authentication with the upper computer, thereby ensuring transmission security in the data transmission process.
In some embodiments of the present invention, after the mutual authentication is completed, the host computer may interact with the session key pair to generate a session key according to the shared negotiation key pair, and decrypt the encrypted data packet according to the session key. After the MCU and the upper computer complete the mutual authentication, the MCU may interact with the upper computer to generate a session key according to the shared negotiation key pair, and the MCU may decrypt an encrypted data packet transmitted from the upper computer according to the session key, and then the MCU may perform format conversion on the data packet to generate a TLV format data packet, encrypt the TLV format data packet, and send the encrypted TLV format data packet to the security module through the SPI bus, thereby further ensuring transmission security in the data transmission process.
It should be noted that, the exchange information between the MCU and the security module may be protected by a secure messaging of SCP03 (global platform card technical security channel protocol "03"), and the data transmitted in the secure communication mechanism of SCP03 is packaged into APDU (Application Protocol Data Unit-application protocol data unit) commands for encryption processing and transmission, where the clear text command data transmitted by SCP03 is encrypted by a session key to generate an encryption command, then encrypted to generate a CMAC value, finally, the encryption command+cmac value is filled according to a fixed format, and in the channel transmission process, the data transmitted in the fixed format is encrypted by a channel session key according to the data security requirement, so as to ensure confidentiality and integrity of the data.
After the data packet is loaded, software version detection of an applet of the security module can be performed, in addition, according to the requirements of the diagnostic specification, the programming and upgrading of the master control MCU needs to be performed through stages of version reading, vehicle silence, security access, entering a programming diagnosis session mode, data downloading and transmission, and the like.
In some embodiments of the present invention, before receiving the encrypted data packet, the received request message of the upper computer is converted into an APDU encryption instruction and sent to the security module, and the response message fed back by the security module is received, and the response message is format-converted and then uploaded to the upper computer.
It should be explained that, regarding each request of the upper computer, that is, each time the upper computer sends an upper computer request message (encrypted data packet) to the master control MCU, the master control MCU needs to convert the upper computer request message into an APDU encrypted instruction in a corresponding TLV format and send the APDU encrypted instruction to the security module, and the security module needs to set a silent state of the non-programming node. In the data downloading stage, a data buffer area with a size of 256 bytes CAN be set to store downloading content, namely, firstly, an encrypted data packet transmitted by an upper computer through a CAN or a CANFD bus is stored, then a main control MCU responds successfully, in the later data transmission stage, the main control MCU adds a header and a tail to the downloaded encrypted data packet to package, an APDU encryption instruction in a TLV format is formed and is transmitted to a security module, after the security module receives the APDU encryption instruction in the TLV format transmitted by the main control MCU, the security module transmits a completion response message to the main control MCU, the main control MCU CAN convert the completion response message into a CAN message and transmit the CAN message to the upper computer, and normally completes issuing the transmitted and withdrawn execution instruction, thus repeatedly completing issuing the encrypted data packet.
As some embodiments of the invention, a sequence counter CAN be set at the upper computer side and the main control MCU side at the same time to perform counting operation in the data transmission process, after the counting of the determined times is met, memory verification is performed to complete self-updating of the applet of the security module, then the security module performs update state inquiry of the applet, state reset of the security module is performed after the inquiry passes, the silent state of the non-programming node is released, then the security module packages diagnosis response and completes response transmission to the main control MCU, and the main control MCU converts the response into CAN data and returns the CAN data to the upper computer.
Fig. 2 is a flowchart of an off-line update method of an on-vehicle applet according to another embodiment of the present invention, which can be implemented by the off-line update system of the above embodiment, as shown in fig. 2, and includes the steps of:
s201, after a Secure communication channel is established with the main control MCU, two-way authentication is performed with the main control MCU based on the Secure communication channel, and it is to be explained that the vehicle-mounted applet offline updating system comprises an upper computer, the main control MCU (Microcontroller unit-micro control unit) and a Secure module (SE-Secure Element), wherein the applet is arranged in the Secure module. The upper computer is used for establishing a safe communication channel with the main control MCU, and after the safe communication channel is established, the upper computer performs bidirectional authentication with the main control MCU according to the safe communication channel, and it is required to be noted that the upper computer can establish the safe communication channel with the main control MCU, and after the safe communication channel is established, the upper computer can perform bidirectional authentication with the main control MCU according to the safe communication channel.
S202, after the bidirectional authentication is successful, the data packet to be updated is encrypted to generate an encrypted data packet, and the encrypted data packet is sent to the master MCU, so that the master MCU decrypts and converts the format of the encrypted data packet to generate the TLV format data packet. It should be noted that, after the upper computer and the master MCU perform bidirectional authentication successfully, the upper computer can encrypt the data packet to be updated to generate an encrypted data packet, and the upper computer can send the encrypted data packet to the master MCU, the master MCU can decrypt the encrypted data packet sent by the upper computer, and the master MCU can perform format conversion on the decrypted encrypted data packet to convert the format of the decrypted encrypted data packet into a TLV format data packet.
S203, the TLV format data packet is encrypted through the main control MCU and then sent to the security module, so that the applet stored in the security module is updated according to the decrypted TLV format data packet. It should be noted that, the main control MCU may encrypt the TLV format data packet, and the main control MCU may send the encrypted TLV format data packet to the security module, the security module may receive the encrypted TLV format data packet sent by the main control MCU, after the security module receives the encrypted TLV format data packet sent by the main control MCU, the security module may decrypt the TLV format data packet, and the security module may update the applet set in the security module according to the decrypted TLV format data packet, so as to complete offline update of the applet.
Specifically, the upper computer may include, but is not limited to, a vehicle-end PAD and a diagnostic device, where the upper computer and the master MCU may be connected through a CAN (Controller Area Networker controller area network-) bus or a CANFD (CAN With Flexible Data Rate-serial communication protocol based on CAN 2.0 physical layer) bus, the security module may further include a cos system, the security module needs to satisfy normal functions of the cos system and the applet, so as to ensure that a data packet CAN be completely transmitted in a communication process, and the master MCU and the security module may be connected through an SPI bus (SERIAL PERIPHERAL INTERFACE-synchronous serial interface), so that normal communication between the master MCU and the security module may be ensured.
The system may further include a server, the server may include, but is not limited to, a cloud server and a diagnostic server, preferably, the server and the host may transmit the data packet to be updated through a TCP or IP network channel, further, the cloud server and the vehicle PAD may transmit the data packet to be updated through a TCP or IP network channel, the diagnostic server and the diagnostic device may also transmit the data packet to be updated through a TCP or IP network channel, the host may acquire the data packet to be updated from the server and load the data packet to be updated into a local memory, the host may establish a secure communication channel with the master MCU, after the secure communication channel is established, the host may perform two-way authentication with the master MCU according to the secure communication channel, after the two-way authentication is successful between the host and the master MCU, the host may encrypt the data packet to be updated to generate an encrypted data packet and transmit the encrypted data packet to the master MCU through a TCP or IP network channel, the diagnostic device may decrypt and perform a format conversion on the encrypted data packet transmitted from the host, after the host may receive an TLV data packet and may further transmit an TLV data packet to the master MCU after the TLV data packet is decrypted in an MCU, and after the TLV data packet is further encrypted in an MCU is decrypted format, and an MCU may be further encrypted in an MCU format, after the TLV data packet is decrypted and an MCU is further encrypted in an MCU format is decrypted, and software version detection of the applet of the security module can be performed.
Therefore, the off-line updating method for the vehicle-mounted applet can be used for rapidly and conveniently updating the vehicle-mounted applet off-line, and the failure of updating the vehicle-mounted applet and the loss of functions of the vehicle-mounted applet are avoided, so that the loss of functions of the vehicle can be avoided, and meanwhile, the transmission safety in the data transmission process can be ensured.
In some embodiments of the present invention, establishing a secure communication channel with the master MCU may include sending an execute secure operation command to the master MCU so that the master MCU responds to the execute secure operation command according to a preset secure channel specification requirement to generate a response command, and completing the establishment of the secure communication channel after receiving the response command. It should be noted that, the upper computer may send an execution security operation command to the main control MCU, after receiving the execution security operation command issued by the upper computer, the main control MCU may respond to the execution security operation command issued by the upper computer according to a preset security channel specification requirement to generate a response command, then the MCU may send the response command to the upper computer, and after receiving the response command, the upper computer may complete establishment of a security communication channel with the MCU, where the preset security channel specification requirement may be a security channel SCP11c (GlobalPlatform card technical security channel protocol "11") specification requirement.
In some embodiments of the present invention, performing bidirectional authentication with the master MCU based on the secure communication channel may include transmitting a static key to the master MCU and performing bidirectional authentication based on the shared negotiation key pair by interacting with the master MCU to calculate the shared negotiation key pair based on the static key. It should be explained that after the secure communication channel is established, the upper computer may send the static key to the master control MCU, and the upper computer may calculate the shared negotiation key pair according to the static key by interacting with the master control MCU, and then the upper computer may perform bidirectional authentication with the MCU according to the shared negotiation key pair, specifically, the MCU may derive the channel session key according to the shared negotiation key pair, and the MCU may generate a response command according to the channel session key, and return the response command to the upper computer to perform bidirectional authentication with the upper computer, thereby, transmission security in the data transmission process may be ensured.
In some embodiments of the present invention, after the mutual authentication is completed, the master MCU may also interact to generate a session key according to the shared negotiation key pair, and encrypt the data packet to be updated according to the session key. After the upper computer and the MCU finish the mutual authentication, the upper computer can interact with the master control MCU to generate a session key according to the shared negotiation key pair, the upper computer can encrypt the data packet to be updated according to the session key to generate an encrypted data packet, and the upper computer can send the encrypted data packet to the master control MCU, so that the transmission safety in the data transmission process can be further ensured.
It should be noted that, the exchange information between the MCU and the security module is protected by the security message passing of the SCP03 (global platform card technical security channel protocol "03"), and is issued to the MCU according to the diagnostic specification, in the SCP03 security communication mechanism, the transmitted data is packaged into APDU commands for encryption processing and transmission, the plaintext command data transmitted by the SCP03 is firstly encrypted by the session key to generate an encrypted command, then encrypted to generate a CMAC value, finally filled in a fixed format to form an encrypted command+cmac value, in the channel transmission process, the channel session key is used to encrypt and retransmit the fixed format transmission data according to the data security requirement, so as to ensure the confidentiality and integrity of the data.
After the data packet is loaded, software version detection of an applet of the security module can be performed, and in addition, according to the requirements of the diagnostic specification, the upgrade of the master control MCU needs to be performed through stages of version reading, vehicle silence, security access, entering a programming diagnosis session mode, data downloading, transmission and the like, and for the upgrade of the security module, only part of stages need to be adopted because the data packet forwarding of the master control MCU needs to be considered.
In some embodiments of the present invention, before sending the encrypted data packet to the master MCU, the master MCU further sends a request message of the host computer to the master MCU, so that the master MCU converts the request message of the host computer into an APDU encryption command and sends the APDU encryption command to the security module, and receives a conversion message uploaded by the master MCU, where the conversion message is obtained by performing format conversion on a response message fed back by the security module.
It should be explained that, regarding each request of the upper computer, that is, each time the upper computer sends an upper computer request message (encrypted data packet) to the master control MCU, the master control MCU needs to convert the upper computer request message into an APDU encrypted instruction in a corresponding TLV format and send the APDU encrypted instruction to the security module, and the security module needs to set a silent state of the non-programming node. In the data downloading stage, a data buffer area with a size of 256 bytes CAN be set to store downloading content, namely, firstly, an encrypted data packet transmitted by an upper computer through a CAN or a CANFD bus is stored, then a main control MCU responds successfully, in the later data transmission stage, the main control MCU adds a header and a tail to the downloaded encrypted data packet to package, an APDU encryption instruction in a TLV format is formed and is transmitted to a security module, after the security module receives the APDU encryption instruction in the TLV format transmitted by the main control MCU, the security module transmits a completion response message to the main control MCU, the main control MCU CAN convert the completion response message into a CAN message and transmit the CAN message to the upper computer, and normally completes issuing the transmitted and withdrawn execution instruction, thus repeatedly completing issuing the encrypted data packet.
As some embodiments of the invention, a sequence counter CAN be set at the upper computer side and the main control MCU side at the same time to perform counting operation in the data transmission process, after the counting of the determined times is met, memory verification is performed to complete self-updating of the applet of the security module, then the security module performs update state inquiry of the applet, state reset of the security module is performed after the inquiry passes, the silent state of the non-programming node is released, then the security module packages diagnosis response and completes response transmission to the main control MCU, and the main control MCU converts the response into CAN data and returns the CAN data to the upper computer.
In some embodiments of the present invention, before a secure communication channel with the master MCU is established, a data packet to be updated is further obtained from the server side, and it should be explained that, before the secure communication channel with the master MCU is established, the upper computer may obtain the data packet to be updated from the server side and load the data packet to be updated into the local memory, so that the upper computer may obtain the data packet to be updated and store the data packet to be updated.
The computer-readable storage medium according to the embodiment of the present invention, on which a vehicle-based applet offline updating program is stored, can implement the vehicle-based applet offline updating method of the above-described embodiment when the vehicle-based applet offline updating program is executed by a processor.
According to the computer readable storage medium provided by the embodiment of the invention, the vehicle-mounted applet can be updated offline quickly and conveniently, and the failure of the update of the vehicle-mounted applet and the loss of functions of the vehicle-mounted applet are avoided, so that the loss of functions of the vehicle can be avoided, and meanwhile, the transmission safety in the data transmission process can be ensured.
In order to implement the above embodiment, the present invention further provides a main control MCU20, where the main control MCU20 includes a memory, a processor, and an offline update program of a vehicle applet stored in the memory and capable of running on the processor, and the offline update method of the vehicle applet in the above embodiment can be implemented when the processor executes the offline update program of the vehicle applet.
According to the main control MCU20 of the embodiment of the invention, the processor executes the off-line updating program of the vehicle-mounted applet stored in the memory, so that the off-line updating of the vehicle-mounted applet can be quickly and conveniently performed, the failure of the updating of the vehicle-mounted applet and the loss of functions of the vehicle-mounted applet are avoided, the loss of functions of the vehicle can be avoided, and meanwhile, the transmission safety in the data transmission process can be ensured.
In order to implement the above embodiment, the present invention also provides a host computer 10, where the host computer 10 includes a memory, a processor, and a vehicular applet offline update program stored in the memory and capable of running on the processor, and the vehicular applet offline update method of the above embodiment can be implemented when the processor executes the vehicular applet offline update program.
According to the upper computer provided by the embodiment of the invention, the processor executes the off-line updating program of the vehicle-mounted applet stored in the memory, so that the vehicle-mounted applet can be updated off-line quickly and conveniently, the failure of updating the vehicle-mounted applet and the functional loss of the vehicle-mounted applet are avoided, the functional loss of a vehicle is avoided, and meanwhile, the transmission safety in the data transmission process is ensured.
As shown in fig. 4, the host computer 10 and the main control MCU20 may each include at least one processor 1201, at least one communication interface 1202, at least one memory 1203, and at least one communication bus 1204. In the embodiment of the present invention, the number of the processor 1201, the communication interface 1202, the memory 1203, and the communication bus 1204 is at least one, and the processor 1201, the communication interface 1202, and the memory 1203 complete communication with each other through the communication bus 1204.
The Memory 1203 may be, but is not limited to, a random access Memory (Random Access Memory, RAM), a Read Only Memory (ROM), a programmable Read Only Memory (Programmable Read-Only Memory, PROM), an erasable Read Only Memory (Erasable Programmable Read-Only Memory, EPROM), an electrically erasable Read Only Memory (Electric Erasable Programmable Read-Only Memory, EEPROM), etc. The memory 1203 is configured to store a program, and the processor 1201 executes the program after receiving an execution instruction, thereby implementing the steps of the vehicle-mounted applet offline updating method described in the above embodiment.
The processor 1201 may be an integrated circuit chip having signal processing capabilities. The processor may be a general-purpose processor including a central processing unit (Central Processing Unit, CPU), a network processor (NetworkProcessor, NP), etc., or may be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other programmable logic device, discrete gate or transistor logic device, or discrete hardware components. The disclosed methods, steps, and logic blocks in the embodiments of the present invention may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
It should be noted that the logic and/or steps represented in the flowcharts or otherwise described herein, for example, may be considered as a ordered listing of executable instructions for implementing logical functions, and may be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions. For the purposes of this description, a "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device. More specific examples (a non-exhaustive list) of the computer-readable medium would include an electrical connection (an electronic device) having one or more wires, a portable computer diskette (a magnetic device), a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber device, and a portable compact disc read-only memory (CDROM). In addition, the computer readable medium may even be paper or other suitable medium on which the program is printed, as the program may be electronically captured, via, for instance, optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner, if necessary, and then stored in a computer memory.
It is to be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above-described embodiments, the various steps or methods may be implemented in software or firmware stored in a memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, may be implemented using any one or combination of techniques known in the art, discrete logic circuits with logic gates for implementing logic functions on data signals, application specific integrated circuits with appropriate combinational logic gates, programmable Gate Arrays (PGAs), field Programmable Gate Arrays (FPGAs), and the like.
In the description of the present invention, it should be understood that the terms "center", "longitudinal", "lateral", "length", "width", "thickness", "upper", "lower", "front", "rear", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", "clockwise", "counterclockwise", "axial", "radial", "circumferential", etc. indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings are merely for convenience in describing the present invention and simplifying the description, and do not indicate or imply that the device or element being referred to must have a specific orientation, be configured and operated in a specific orientation, and therefore should not be construed as limiting the present invention.
In the description of the invention, a "first feature" or "second feature" may include one or more of such features.
In the description of the present invention, "plurality" means two or more.
In the description of the invention, a first feature "above" or "below" a second feature may include both the first and second features being in direct contact, and may also include the first and second features not being in direct contact but being in contact with each other by another feature therebetween.
In the description of the invention, a first feature being "above," "over" and "on" a second feature includes the first feature being directly above and obliquely above the second feature, or simply indicates that the first feature is higher in level than the second feature.
In the description of the present specification, reference to the terms "one embodiment," "some embodiments," "illustrative embodiments," "examples," "specific examples," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, schematic representations of the above terms do not necessarily refer to the same embodiments or examples. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
Although embodiments of the present invention have been shown and described, it will be understood by those skilled in the art that various changes, modifications, substitutions and alterations can be made therein without departing from the spirit and scope of the invention as defined by the appended claims and their equivalents.

Claims (15)

1. An offline updating method of a vehicular applet, comprising:
After a secure communication channel between the host computer and the host computer is established, performing bidirectional authentication based on the secure communication channel and the host computer, and receiving an encrypted data packet issued by the host computer after the bidirectional authentication is successful;
Decrypting and format converting the encrypted data packet to generate a TLV format data packet, encrypting the TLV format data packet, and sending the encrypted TLV format data packet to a security module so that the applet stored in the security module is updated according to the decrypted TLV format data packet.
2. The offline updating method of the in-vehicle applet according to claim 1, wherein establishing a secure communication channel with the host computer comprises:
Receiving an execution safety operation command issued by the upper computer, responding to the execution safety operation command according to a preset safety channel specification requirement to generate a response command, and sending the response command to the upper computer to complete establishment of the safety communication channel.
3. The offline updating method of the in-vehicle applet according to claim 1 or 2, wherein the bidirectional authentication with the host computer based on the secure communication channel comprises:
And receiving the static key sent by the upper computer, calculating a shared negotiation key pair according to the static key, and finishing bidirectional authentication according to the shared negotiation key pair.
4. The offline updating method of the in-vehicle applet as in claim 3, further comprising generating a session key according to the shared negotiation key pair by interacting with the upper computer after the mutual authentication is completed, and decrypting the encrypted data packet according to the session key.
5. The method of offline updating of a vehicle-mounted applet as in claim 1, wherein the method further comprises converting the received request message from the host computer into an APDU encryption command and transmitting the APDU encryption command to the security module, receiving a response message fed back from the security module, and uploading the response message to the host computer after format conversion, before receiving the encrypted data packet.
6. An offline updating method of a vehicular applet, comprising:
after a secure communication channel between the MCU and a main control MCU is established, performing bidirectional authentication with the main control MCU based on the secure communication channel;
After the bidirectional authentication is successful, encrypting the data packet to be updated to generate an encrypted data packet, and sending the encrypted data packet to the master control MCU so that the master control MCU decrypts and converts the encrypted data packet to generate a TLV format data packet;
And encrypting the TLV format data packet by the main control MCU and sending the encrypted TLV format data packet to a security module so that the applet stored in the security module is updated according to the decrypted TLV format data packet.
7. The offline updating method of the in-vehicle applet according to claim 6, wherein establishing a secure communication channel with the master MCU comprises:
Transmitting an execution safety operation command to the main control MCU so that the main control MCU responds to the execution safety operation command according to a preset safety channel specification requirement to generate a response command;
And after receiving the response command, completing the establishment of the secure communication channel.
8. The offline updating method of the in-vehicle applet according to claim 6 or 7, wherein the bidirectional authentication with the master MCU based on the secure communication channel comprises:
And sending a static key to the main control MCU, and interacting with the main control MCU to calculate a shared negotiation key pair according to the static key, and finishing bidirectional authentication according to the shared negotiation key pair.
9. The offline updating method of the in-vehicle applet according to claim 8, further comprising generating a session key according to the shared negotiation key pair by interacting with the master MCU after the mutual authentication is completed, and encrypting the data packet to be updated according to the session key.
10. The method of claim 6, further comprising issuing a host request message to the master MCU before sending the encrypted data packet to the master MCU, so that the master MCU converts the host request message into an APDU encryption command and sends the APDU encryption command to the security module, and receiving a conversion message uploaded by the master MCU, wherein the conversion message is obtained by performing format conversion on a response message received by the master MCU and fed back by the security module.
11. The offline updating method of the in-vehicle applet according to claim 6, wherein the data packet to be updated is also acquired from a server side before a secure communication channel with the main control MCU is established.
12. A computer-readable storage medium having stored thereon a vehicle-based applet offline update program that, when executed by a processor, implements the vehicle-based applet offline update method according to any one of claims 1-5 or the vehicle-based applet offline update method according to any one of claims 6-11.
13. A master MCU comprising a memory, a processor and a vehicular applet offline update program stored on the memory and executable on the processor, wherein the processor implements the vehicular applet offline update method of any of claims 1-5 when executing the vehicular applet offline update program.
14. A host computer comprising a memory, a processor, and a vehicular applet offline update program stored in the memory and executable on the processor, wherein the processor implements the vehicular applet offline update method according to any one of claims 6-11 when executing the vehicular applet offline update program.
15. An off-line updating system for a vehicle-mounted applet is characterized by comprising an upper computer, a main control MCU and a security module, wherein the applet is arranged in the security module,
The upper computer is used for establishing a secure communication channel with the main control MCU, performing bidirectional authentication with the main control MCU according to the secure communication channel after the secure communication channel is established, encrypting a data packet to be updated after the bidirectional authentication is successful to generate an encrypted data packet, and sending the encrypted data packet to the main control MCU;
the main control MCU is used for decrypting and converting the encrypted data packet to generate a TLV format data packet, encrypting the TLV format data packet and then sending the encrypted data packet to the security module;
The security module receives and decrypts the encrypted TLV format data packet, and updates the applet according to the decrypted TLV format data packet.
CN202110009731.2A 2021-01-05 2021-01-05 Vehicle-mounted applet offline update method and vehicle-mounted applet offline update system Active CN114721680B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110009731.2A CN114721680B (en) 2021-01-05 2021-01-05 Vehicle-mounted applet offline update method and vehicle-mounted applet offline update system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110009731.2A CN114721680B (en) 2021-01-05 2021-01-05 Vehicle-mounted applet offline update method and vehicle-mounted applet offline update system

Publications (2)

Publication Number Publication Date
CN114721680A CN114721680A (en) 2022-07-08
CN114721680B true CN114721680B (en) 2024-12-10

Family

ID=82233449

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110009731.2A Active CN114721680B (en) 2021-01-05 2021-01-05 Vehicle-mounted applet offline update method and vehicle-mounted applet offline update system

Country Status (1)

Country Link
CN (1) CN114721680B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117873539B (en) * 2023-12-28 2024-07-02 四川赛狄信息技术股份公司 MicroBlaze-based FPGA online upgrading method, system and medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20170020137A (en) * 2015-08-13 2017-02-22 삼성전자주식회사 Method for Managing Program and Electronic Device supporting the same
CN109257332A (en) * 2018-08-15 2019-01-22 飞天诚信科技股份有限公司 The creation method and device for the exit passageway that digital cash hardware wallet application updates
CN110072221A (en) * 2019-04-16 2019-07-30 华为技术有限公司 Bluetooth scan method and electronic equipment

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20100054255A (en) * 2008-11-14 2010-05-25 (주)구경통신 System and method for customer-oriented card payment in the non-face-to-face commercial transaction, and convergence terminal for the same
CA2788628A1 (en) * 2012-08-31 2014-02-28 Tweddle Group Systems, methods and articles for providing communications and services involving automobile head units
CN107783777A (en) * 2016-08-29 2018-03-09 深圳市中兴微电子技术有限公司 A kind of upgrade method, equipment and the system of vehicle-mounted integral machine
CN106453269B (en) * 2016-09-21 2021-06-25 东软集团股份有限公司 Internet of vehicles safety communication method, vehicle-mounted terminal, server and system
CN110091829A (en) * 2019-05-16 2019-08-06 广州小鹏汽车科技有限公司 A kind of control method and device of car key

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20170020137A (en) * 2015-08-13 2017-02-22 삼성전자주식회사 Method for Managing Program and Electronic Device supporting the same
CN109257332A (en) * 2018-08-15 2019-01-22 飞天诚信科技股份有限公司 The creation method and device for the exit passageway that digital cash hardware wallet application updates
CN110072221A (en) * 2019-04-16 2019-07-30 华为技术有限公司 Bluetooth scan method and electronic equipment

Also Published As

Publication number Publication date
CN114721680A (en) 2022-07-08

Similar Documents

Publication Publication Date Title
US11662991B2 (en) Vehicle-mounted device upgrade method and related device
CN112055952B (en) A vehicle equipment upgrade method and related equipment
US12217042B2 (en) Method and apparatus for processing upgrade package of vehicle
US11321074B2 (en) Vehicle-mounted device upgrade method and related apparatus
JP6675271B2 (en) Gateway device, in-vehicle network system, and firmware update method
JP6618480B2 (en) Update management method, update management system, and control program
CN112543927B (en) Equipment upgrading method and related equipment
US10812261B2 (en) Vehicle system and key distribution method
US7840321B2 (en) System of control devices in a motor vehicle with protected diagnostics access points and method of using the system
CN110621014B (en) Vehicle-mounted equipment, program upgrading method thereof and server
JP7116204B2 (en) UPDATE MANAGEMENT METHOD, UPDATE MANAGEMENT DEVICE AND CONTROL PROGRAM
CN113439425A (en) Message transmission method and device
JP2016163265A (en) Key management system, key management method, and computer program
CN114721680B (en) Vehicle-mounted applet offline update method and vehicle-mounted applet offline update system
WO2018100789A1 (en) Distribution system, key generation device, in-vehicle computer, data security device, distribution method and computer program
JPWO2020090418A1 (en) Electronic control device, reprogramming method of electronic control device
JP6299039B2 (en) Vehicle information collection system, data security device, vehicle information collection method, and computer program
JP2018057044A (en) Vehicle information collection system, data security device, vehicle information collection device, vehicle information collection method, and computer program
CN118041961A (en) Data transmission method and system of vehicle-mounted domain controller
JP6672243B2 (en) Data providing system, data providing device, data providing method, and data providing program
EP4496264A1 (en) Network block device protocol
CN117378169B (en) A method and device for generating a key
JP2024177943A (en) In-vehicle electronic control device
JP6885305B2 (en) Network system
CN118827221A (en) A certificate filling method and device based on CANFD

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant