技术领域technical field
本申请涉及网络数据处理领域,特别涉及实现ECU的安全访问方法、ECU及上位机。This application relates to the field of network data processing, in particular to a method for implementing secure access to an ECU, an ECU and a host computer.
背景技术Background technique
ECU(电子控制单元,Electronic Contol Unit),又称“行车电脑”、“车载电脑”等。ECU和普通的电脑一样,由微处理器(CPU)、存储器(ROM、RAM)、输入\输出接口(I/O)、模数转换器(A/D)以及整形、驱动等大规模集成电路组成。也因此对于ECU的安全访问就显得至关重要,而现有技术并不存在一种能够有效控制对ECU的安全访问的方案。ECU (Electronic Control Unit, Electronic Contol Unit), also known as "driving computer", "vehicle computer" and so on. Like ordinary computers, ECU consists of microprocessor (CPU), memory (ROM, RAM), input/output interface (I/O), analog-to-digital converter (A/D), and large-scale integrated circuits such as shaping and driving. composition. Therefore, it is very important for the safe access to the ECU, but there is no solution in the prior art that can effectively control the safe access to the ECU.
发明内容Contents of the invention
本申请所要解决的技术问题是提供一种实现ECU的安全访问方法,用以解决现有技术中无法实现对ECU进行安全访问的技术问题,从而提高ECU访问的安全性。The technical problem to be solved by this application is to provide a method for implementing secure access to ECUs, which is used to solve the technical problem that the prior art cannot implement secure access to ECUs, thereby improving the security of ECU access.
本申请还提供了一种ECU及上位机,用以保证上述方法在实际中的实现及应用。The present application also provides an ECU and a host computer to ensure the realization and application of the above method in practice.
为了解决上述问题,本申请公开了一种实现ECU的安全访问方法,该方法应用于ECU上,包括:In order to solve the above problems, the application discloses a method for implementing secure access to an ECU, which is applied to the ECU, including:
响应于接收上位机的安全访问请求,生成随机数并发送给所述上位机;In response to receiving a security access request from an upper computer, generate a random number and send it to the upper computer;
依据所述随机数和预先设置的链接变量的移位参数来计算第一MD5值,并将所述第一MD5值与所述上位机返回的第二MD5值进行比较;calculating a first MD5 value according to the random number and the preset shift parameter of the link variable, and comparing the first MD5 value with the second MD5 value returned by the host computer;
根据比较结果进行安全访问控制。Perform security access control based on comparison results.
可选的,所述根据比较结果进行安全访问控制,包括:Optionally, performing security access control according to the comparison result includes:
判断所述第一MD5值与所述第二MD5值是否相等,如果是,则通过所述上位机的安全访问请求,如果否,则拒绝所述上位机的安全访问请求。Judging whether the first MD5 value is equal to the second MD5 value, if yes, passing the security access request of the host computer, and rejecting the security access request of the host computer if not.
可选的,所述依据所述随机数和预先设置的链接变量的移位参数来计算第一MD5值,包括:Optionally, the calculating the first MD5 value according to the random number and the preset shift parameter of the link variable includes:
将所述随机数确定为MD5算法的输入参数;The random number is determined as an input parameter of the MD5 algorithm;
将所述移位参数对32进行取整,以得到移位的位数;The shift parameter is rounded to 32 to obtain the number of shifted bits;
将所述MD5算法中的链接变量循环左移所述位数位;The link variable in the MD5 algorithm is circularly shifted to the left by the digit position;
利用所述输入参数和移位后的链接变量来计算所述第一MD5值。The first MD5 value is calculated using the input parameter and the shifted link variable.
本申请公开了一种ECU,包括:The application discloses a kind of ECU, comprising:
生成单元,用于响应于接收上位机的安全访问请求,生成随机数并发送给所述上位机;A generating unit, configured to generate a random number and send it to the upper computer in response to receiving a security access request from the upper computer;
第一计算单元,用于依据所述随机数和预先设置的链接变量的移位参数来计算第一MD5值;The first calculation unit is used to calculate the first MD5 value according to the random number and the preset shift parameter of the link variable;
比较单元,用于将所述第一MD5值与所述上位机返回的第二MD5值进行比较;A comparison unit, configured to compare the first MD5 value with the second MD5 value returned by the host computer;
安全访问控制单元,用于根据比较结果进行安全访问控制。The security access control unit is used for performing security access control according to the comparison result.
可选的,所述安全访问控制单元包括:Optionally, the security access control unit includes:
判断模块,用于判断所述第一MD5值与所述第二MD5值是否相等;A judging module, configured to judge whether the first MD5 value is equal to the second MD5 value;
第一控制模块,用于在所述判断模块的结果为是的情况下,通过所述上位机的安全访问请求;A first control module, configured to pass the security access request of the upper computer when the result of the judging module is yes;
第二控制模块,用于在所述判断模块的结果为否的情况下,拒绝所述上位机的安全访问请求。The second control module is configured to reject the security access request of the upper computer when the result of the judging module is negative.
可选的,所述第一计算单元包括:Optionally, the first computing unit includes:
第一确定模块,用于将所述随机数确定为MD5算法的输入参数;The first determining module is used to determine the random number as an input parameter of the MD5 algorithm;
第一取整模块,用于将所述移位参数对32进行取整,以得到移位的位数;The first rounding module is used to round the shift parameter to 32 to obtain the number of shifted bits;
第一移位模块,用于将所述MD5算法中的链接变量循环左移所述位数位;The first shift module is used to circularly shift the link variable in the MD5 algorithm to the left by the number of digits;
第一计算模块,用于利用所述输入参数和移位后的链接变量来计算所述第一MD5值。A first calculating module, configured to calculate the first MD5 value by using the input parameter and the shifted link variable.
本申请还公开了另一种实现ECU的安全访问方法,该方法应用于上位机中,包括:This application also discloses another method for realizing the safe access of ECU, which method is applied in the upper computer, including:
向ECU发送安全访问请求;Send a security access request to the ECU;
接收所述ECU响应于安全访问请求返回的随机数;receiving the random number returned by the ECU in response to the security access request;
依据所述随机数和预先设置的链接变量的移位参数来计算第二MD5值,并将所述第二MD5值发送给所述ECU,以便所述ECU依据所述第一MD5值和第二MD5值的比较结果进行安全访问控制。calculating a second MD5 value based on the random number and the preset shift parameter of the link variable, and sending the second MD5 value to the ECU, so that the ECU can calculate the second MD5 value based on the first MD5 value and the second MD5 value comparison results for security access control.
可选的,所述依据所述随机数和预先设置的链接变量的移位参数来计算第二MD5值,包括:Optionally, the calculating the second MD5 value according to the random number and the preset shift parameter of the link variable includes:
将所述随机数确定为MD5算法的输入参数;The random number is determined as an input parameter of the MD5 algorithm;
将所述移位参数对32进行取整,以得到移位的位数;The shift parameter is rounded to 32 to obtain the number of shifted bits;
将所述MD5算法中的链接变量循环左移所述位数位;The link variable in the MD5 algorithm is circularly shifted to the left by the digit position;
利用所述输入参数和移位后的链接变量来计算所述第二MD5值。The second MD5 value is calculated using the input parameter and the shifted link variable.
本申请还公开了一种上位机,包括:The application also discloses a host computer, including:
发送请求单元,用于向ECU发送安全访问请求;A sending request unit is used to send a security access request to the ECU;
接收单元,用于接收所述ECU响应于安全访问请求返回的随机数;a receiving unit, configured to receive the random number returned by the ECU in response to the security access request;
第二计算单元,用于依据所述随机数和预先设置的链接变量的移位参数来计算第二MD5值;The second calculation unit is used to calculate the second MD5 value according to the random number and the preset shift parameter of the link variable;
发送MD5值单元,用于将所述第二MD5值发送给所述ECU,以便所述ECU依据所述第一MD5值和第二MD5值的比较结果进行安全访问控制。The sending MD5 value unit is configured to send the second MD5 value to the ECU, so that the ECU performs security access control according to a comparison result between the first MD5 value and the second MD5 value.
可选的,所述第二计算单元包括:Optionally, the second calculation unit includes:
第二确定模块,用于将所述随机数确定为MD5算法的输入参数;The second determination module is used to determine the random number as an input parameter of the MD5 algorithm;
第二取整模块,用于将所述移位参数对32进行取整,以得到移位的位数;The second rounding module is used to round the shift parameter to 32 to obtain the number of shifted bits;
第二移位模块,用于将所述MD5算法中的链接变量循环左移所述位数位;The second shift module is used to circularly shift the link variable in the MD5 algorithm to the left by the number of digits;
第二计算模块,用于利用所述输入参数和移位后的链接变量来计算所述第二MD5值。A second calculating module, configured to calculate the second MD5 value by using the input parameter and the shifted link variable.
与现有技术相比,本申请包括以下优点:Compared with the prior art, the present application includes the following advantages:
在本申请中,引入了移位参数,利用预先设置的移位参数对MD5算法中的链接变量进行了移位,使得MD5算法更加灵活,同时,因为采用改进的MD5算法实现安全访问,也使得上位机对ECU的访问较为安全,并且提高了ECU安全访问的灵活性和可操控性。In this application, the shift parameter is introduced, and the link variable in the MD5 algorithm is shifted by using the preset shift parameter, which makes the MD5 algorithm more flexible. At the same time, because the improved MD5 algorithm is used to achieve safe access, it also makes The access of the upper computer to the ECU is relatively safe, and the flexibility and controllability of the ECU security access are improved.
附图说明Description of drawings
为了更清楚地说明本申请实施例中的技术方案,下面将对实施例描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings that need to be used in the description of the embodiments will be briefly introduced below. Obviously, the drawings in the following description are only some embodiments of the present application. For those skilled in the art, other drawings can also be obtained based on these drawings without any creative effort.
图1是本申请的一种实现ECU的安全访问方法实施例1的流程图;Fig. 1 is a kind of flowchart of embodiment 1 of the safe access method that realizes ECU of the present application;
图2是本申请的一种实现ECU的安全访问方法实施例2的流程图;Fig. 2 is a kind of flowchart of embodiment 2 of the safe access method that realizes ECU of the present application;
图3是本申请的一种ECU实施例的结构框图;Fig. 3 is a structural block diagram of a kind of ECU embodiment of the present application;
图4是本申请的一种上位机的实施例的结构框图。Fig. 4 is a structural block diagram of an embodiment of a host computer of the present application.
具体实施方式Detailed ways
下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。The following will clearly and completely describe the technical solutions in the embodiments of the application with reference to the drawings in the embodiments of the application. Apparently, the described embodiments are only some of the embodiments of the application, not all of them. Based on the embodiments in this application, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the scope of protection of this application.
本申请可用于众多通用或专用的计算装置环境或配置中。例如:个人计算机、服务器计算机、手持设备或便携式设备、平板型设备、多处理器装置、包括以上任何装置或设备的分布式计算环境等等。The application is applicable to numerous general purpose or special purpose computing device environments or configurations. For example: personal computer, server computer, handheld or portable device, tablet type device, multiprocessor device, distributed computing environment including any of the above devices or devices, etc.
本申请可以在由计算机执行的计算机可执行指令的一般上下文中描述,例如程序模块。一般地,程序模块包括执行特定任务或实现特定抽象数据类型的例程、程序、对象、组件、数据结构等等。也可以在分布式计算环境中实践本申请,在这些分布式计算环境中,由通过通信网络而被连接的远程处理设备来执行任务。在分布式计算环境中,程序模块可以位于包括存储设备在内的本地和远程计算机存储介质中。This application may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The application may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including storage devices.
参考图1,示出了本申请一种实现ECU的安全访问方法实施例1的流程图,可以包括以下步骤:Referring to Fig. 1, it shows a flow chart of Embodiment 1 of a method for secure access to an ECU in the present application, which may include the following steps:
步骤101:ECU响应于接收上位机的安全访问请求,生成随机数并发送给所述上位机。Step 101: The ECU generates a random number and sends it to the host computer in response to receiving a security access request from the host computer.
在实际英语中,用户如果触发了对ECU的安全访问请求,上位机将响应于用户发送的安全访问请求,再将安全访问请求发送给ECU,ECU在接收到对自己的安全访问请求之后,会生成一随机数,并且为了保证上位机也能根据该随机数计算MD5值,还会将随机数发送给上位机。In actual English, if the user triggers a security access request to the ECU, the host computer will respond to the security access request sent by the user, and then send the security access request to the ECU. After the ECU receives the security access request for itself, it will Generate a random number, and in order to ensure that the host computer can also calculate the MD5 value based on the random number, it will also send the random number to the host computer.
其中,MD5(Message Digest Algorithm5,)算法主要用于确保信息传输完整一致,它是计算机广泛使用的杂凑算法之一。而杂凑算法的基础原理是将数据(如汉字)运算为另一个固定长度值。Among them, the MD5 (Message Digest Algorithm5,) algorithm is mainly used to ensure the integrity and consistency of information transmission, and it is one of the hash algorithms widely used by computers. The basic principle of the hash algorithm is to calculate data (such as Chinese characters) into another fixed-length value.
步骤102:ECU依据所述随机数和预先设置的链接变量的移位参数来计算第一MD5值。Step 102: The ECU calculates the first MD5 value according to the random number and the preset shift parameter of the link variable.
ECU在生成随机数之后,将该随机数作为MD5算法中的输入参数,并将预先设置的移位参数args决定的位数来对链接变量进行移位,再按照输入参数和移位后的链接变量来利用MD5算法计算第一MD5值。After the ECU generates the random number, it uses the random number as the input parameter in the MD5 algorithm, and shifts the link variable by the number of digits determined by the preset shift parameter args, and then according to the input parameter and the shifted link variable to use the MD5 algorithm to calculate the first MD5 value.
在具体实现时,步骤102在实际应用中具体可以包括:During specific implementation, step 102 may specifically include in practical applications:
步骤A1:ECU将所述随机数确定为MD5算法的输入参数。Step A1: The ECU determines the random number as an input parameter of the MD5 algorithm.
步骤A2:ECU将所述移位参数对32进行取整,以得到移位的位数;Step A2: The ECU rounds the shift parameter to 32 to obtain the number of shifted bits;
因为在MD5算法中,有四个32位被称作链接变量(Chaining Variable)的整数参数,他们分别为:A=0x01234567,B=0x89abcdef,C=0xfedcba98,D=0x76543210。例如已知移位参数args,对于十六进制来讲,那么移位数就是args的值对16取整,即int s=args%32。对哪一个数值进行取整决定与计算机的操作倍数。Because in the MD5 algorithm, there are four 32-bit integer parameters called Chaining Variable, they are: A=0x01234567, B=0x89abcdef, C=0xfedcba98, D=0x76543210. For example, the shift parameter args is known. For hexadecimal, the shift number is the value of args rounded to 16, that is, int s=args%32. Which value is rounded depends on the operation multiple of the computer.
步骤A3:ECU将所述MD5算法中的链接变量循环左移所述位数位;Step A3: the ECU cyclically shifts the link variable in the MD5 algorithm to the left by the number of digits;
在得到链接变量需要移位的位数之后,即将四个链接变量循环左移所述位数位。以上面的例子来讲,移位后的链接变量分别为:A=0x67452301(A=A<<s|A>>(32-s)),B=0xefcdab89(B=B<<s|B>>(32-s)),C=0x98badcfe(C=C<<s|C>>(32-s)),D=0x10325476(D=D<<s|D>>(32-s))。After obtaining the number of bits that need to be shifted by the link variables, the four link variables are cyclically shifted to the left by the number of bits. Taking the above example as an example, the shifted link variables are: A=0x67452301 (A=A<<s|A>>(32-s)), B=0xefcdab89 (B=B<<s|B> >(32-s)), C=0x98badcfe(C=C<<s|C>>(32-s)), D=0x10325476(D=D<<s|D>>(32-s)).
步骤A4:ECU利用所述输入参数和移位后的链接变量来计算所述第一MD5值。Step A4: The ECU calculates the first MD5 value by using the input parameter and the shifted link variable.
ECU再利用输入参数和移位后的链接变量来计算第一MD5值。The ECU then uses the input parameters and the shifted link variable to calculate the first MD5 value.
具体在实现时,可以在编程时将UInt32[]bits的第args%4个值转化为一个长度为4的byte[]数组,作为返回值。如果计算机为十六进制,当args为0或者16的倍数时,采用本实施例的计算结果就会与未进行移位操作的MD5算法的结果重合,因此,本领域技术人员可以将MD5的四轮主循环中的第一个循环中FF第一步的“循环左移s11”与最后一步的“左移s14”互换,互换后,在第一个循环中FF第一步为循环左移s14位,最后一步则为左循环s11位。Specifically during implementation, the args% 4th value of UInt32[]bits can be converted into a byte[] array with a length of 4 as the return value during programming. If the computer is in hexadecimal, when args is a multiple of 0 or 16, the calculation result of this embodiment will overlap with the result of the MD5 algorithm without the shift operation. Therefore, those skilled in the art can use the MD5 In the first cycle of the four-round main cycle, the "cycle left shift s11" of the first step of FF is interchanged with the "left shift s14" of the last step. After the swap, the first step of FF in the first cycle is a cycle Shift s14 bits to the left, and the last step is to rotate s11 bits to the left.
步骤103:ECU将所述第一MD5值与所述上位机返回的第二MD5值进行比较。Step 103: The ECU compares the first MD5 value with the second MD5 value returned by the host computer.
ECU在计算出第一MD5值之和,将自己计算得到的第一MD5值与上位机返回的第二MD5值进行比较,其中,上位机计算第二MD5值的方式与步骤102中的介绍相同。When the ECU calculates the sum of the first MD5 values, it compares the first MD5 value calculated by itself with the second MD5 value returned by the host computer, wherein the way the host computer calculates the second MD5 value is the same as the introduction in step 102 .
步骤104:ECU根据比较结果进行安全访问控制。Step 104: The ECU performs security access control according to the comparison result.
在不同的实施例中,步骤104在实际应用中具体可以包括:In different embodiments, step 104 may specifically include in practical applications:
步骤B1:判断所述第一MD5值与所述第二MD5值是否相等,如果是,则进入步骤B2,如果否,则进入步骤B3。Step B1: judging whether the first MD5 value is equal to the second MD5 value, if yes, go to step B2, if not, go to step B3.
ECU判断第一MD5值和第二MD5值是否相等,如果相等,说明本次访问是安全的,则通过上位机的安全访问请求。如果不等,则说明本次访问可能不是安全的,此时则拒绝上位机的安全访问请求。The ECU judges whether the first MD5 value and the second MD5 value are equal, and if they are equal, it means that the current access is safe, and then passes the security access request of the host computer. If not, it means that this access may not be safe, and at this time, the security access request of the upper computer is rejected.
步骤B2:通过所述上位机的安全访问请求。Step B2: passing the security access request of the upper computer.
步骤B3:拒绝所述上位机的安全访问请求。Step B3: rejecting the security access request of the host computer.
采用本发明实施例,通过预先设置的移位参数,可以对MD5算法中的链接变量进行了移位,使得MD5算法更加灵活,同时,因为采用改进的MD5算法实现安全访问,也使得上位机对ECU的访问较为安全,并且提高了ECU安全访问的灵活性和可操控性。By adopting the embodiment of the present invention, the link variables in the MD5 algorithm can be shifted through the preset shift parameters, so that the MD5 algorithm is more flexible. ECU access is relatively safe, and the flexibility and controllability of ECU security access is improved.
参考图2,示出了本申请一种ECU的安全访问方法实施例2的流程图,可以包括以下步骤:Referring to FIG. 2 , it shows a flow chart of Embodiment 2 of a secure access method for an ECU of the present application, which may include the following steps:
步骤201:上位机向ECU发送安全访问请求。Step 201: The upper computer sends a security access request to the ECU.
上位机在接收到用户触发的对ECU的访问时,将安全访问请求发送给ECU。When the upper computer receives the access to the ECU triggered by the user, it sends a security access request to the ECU.
步骤202:上位机接收所述ECU响应于安全访问请求返回的随机数。Step 202: The upper computer receives the random number returned by the ECU in response to the security access request.
上位机接收到ECU返回的随机数。The host computer receives the random number returned by the ECU.
步骤203:上位机依据所述随机数和链接变量的移位参数来计算第二MD5值。Step 203: The host computer calculates the second MD5 value according to the random number and the shift parameter of the link variable.
上位机将该随机数作为MD5算法中中的输入参数,并依据输入参数和链接变量的移位参数来计算第二MD5值。具体的计算方式可以参考步骤102的介绍,在此不再赘述。The host computer uses the random number as an input parameter in the MD5 algorithm, and calculates the second MD5 value according to the input parameter and the shift parameter of the link variable. For the specific calculation method, reference may be made to the introduction of step 102, which will not be repeated here.
其中,在不同的实施例中,所述步骤203具体可以包括:Wherein, in different embodiments, the step 203 may specifically include:
步骤C1:将所述随机数确定为MD5算法的输入参数;Step C1: determining the random number as an input parameter of the MD5 algorithm;
步骤C2:将所述移位参数对32进行取整,以得到移位的位数。Step C2: Round the shift parameter to 32 to obtain the number of shifted bits.
步骤C3:将所述MD5算法中的链接变量循环左移所述位数位。Step C3: circularly shift the link variable in the MD5 algorithm to the left by the number of digits.
步骤C4:利用所述输入参数和移位后的链接变量来计算所述第二MD5值。Step C4: Calculate the second MD5 value by using the input parameter and the shifted link variable.
步骤204:上位机将所述第二MD5值发送给所述ECU,以便所述ECU依据所述第一MD5值和第二MD5值的比较结果进行安全访问控制。Step 204: The host computer sends the second MD5 value to the ECU, so that the ECU performs security access control according to the comparison result between the first MD5 value and the second MD5 value.
上位机再将第二MD5值发送给所述ECU,ECU依据所述第一MD5值和第二MD5值的比较结果进行安全访问控制,具体的安全访问控制过程可以参考步骤104中的介绍,在此不再赘述。The upper computer sends the second MD5 value to the ECU again, and the ECU performs security access control according to the comparison result of the first MD5 value and the second MD5 value. The specific security access control process can refer to the introduction in step 104. This will not be repeated here.
需要说明的是,本实施例与前一个实施例的不同之处仅在于执行主体,因此,未尽之处可以参考前一个实施例的相关介绍。It should be noted that the difference between this embodiment and the previous embodiment is only in the execution subject, therefore, for unfinished parts, reference may be made to the relevant introduction of the previous embodiment.
采用本发明实施例,利用预先设置的移位参数,对MD5算法中的链接变量进行了移位,使得MD5算法更加灵活,同时,因为采用改进的MD5算法实现安全访问,也使得上位机对ECU的访问较为安全,并且提高了ECU安全访问的灵活性和可操控性。By adopting the embodiment of the present invention, the link variables in the MD5 algorithm are shifted by using the preset shift parameters, so that the MD5 algorithm is more flexible, and at the same time, because the improved MD5 algorithm is used to realize safe access, the upper computer is also able to control the ECU. The access of ECU is more secure, and the flexibility and controllability of ECU security access are improved.
对于前述的各方法实施例,为了简单描述,故将其都表述为一系列的动作组合,但是本领域技术人员应该知悉,本申请并不受所描述的动作顺序的限制,因为依据本申请,某些步骤可以采用其他顺序或者同时进行。其次,本领域技术人员也应该知悉,说明书中所描述的实施例均属于优选实施例,所涉及的动作和模块并不一定是本申请所必须的。For the aforementioned method embodiments, for the sake of simple description, they are expressed as a series of action combinations, but those skilled in the art should know that the application is not limited by the described action sequence, because according to the application, Certain steps may be performed in other orders or simultaneously. Secondly, those skilled in the art should also know that the embodiments described in the specification belong to preferred embodiments, and the actions and modules involved are not necessarily required by this application.
与上述本申请一种实现ECU的安全访问方法实施例1所提供的方法相对应,参见图3,本申请还提供了一种ECU实施例,在本实施例中,可以包括:Corresponding to the method provided in Embodiment 1 of a method for implementing a secure access to an ECU in the present application, referring to FIG. 3 , the present application also provides an ECU embodiment. In this embodiment, it may include:
生成单元301,用于响应于接收上位机的安全访问请求,生成随机数并发送给所述上位机。The generating unit 301 is configured to generate a random number and send it to the upper computer in response to receiving a security access request from the upper computer.
第一计算单元302,用于依据所述随机数和预先设置的链接变量的移位参数来计算第一MD5值。The first calculation unit 302 is configured to calculate a first MD5 value according to the random number and a preset shift parameter of a link variable.
在不同的实施例中,所述第一计算单元302具体可以包括:In different embodiments, the first calculation unit 302 may specifically include:
第一确定模块,用于将所述随机数确定为MD5算法的输入参数;第一取整模块,用于将所述移位参数对32进行取整,以得到移位的位数;第一移位模块,用于将所述MD5算法中的链接变量循环左移所述位数位;以及,第一计算模块,用于利用所述输入参数和移位后的链接变量来计算所述第一MD5值。The first determining module is used to determine the random number as the input parameter of the MD5 algorithm; the first rounding module is used to round the shift parameter to 32 to obtain the number of shifted bits; the first A shift module, for circularly shifting the link variable in the MD5 algorithm to the left by the number of digits; and, a first calculation module, for calculating the first link variable by using the input parameter and the shifted link variable MD5 value.
比较单元303,用于将所述第一MD5值与所述上位机返回的第二MD5值进行比较。A comparing unit 303, configured to compare the first MD5 value with the second MD5 value returned by the host computer.
安全访问控制单元304,用于根据比较结果进行安全访问控制。A security access control unit 304, configured to perform security access control according to the comparison result.
在不同的实施例中,所述安全访问控制单元304具体可以包括:In different embodiments, the security access control unit 304 may specifically include:
判断模块,用于判断所述第一MD5值与所述第二MD5值是否相等;第一控制模块,用于在所述判断模块的结果为是的情况下,通过所述上位机的安全访问请求;以及,第二控制模块,用于在所述判断模块的结果为否的情况下,拒绝所述上位机的安全访问请求。A judging module, configured to judge whether the first MD5 value is equal to the second MD5 value; a first control module, configured to access securely through the host computer when the result of the judging module is yes request; and a second control module, configured to reject the security access request of the upper computer when the result of the judging module is negative.
本实施例中的ECU对MD5算法中的链接变量进行了移位,使得MD5算法更加灵活,同时,因为采用改进的MD5算法实现安全访问,也使得上位机对ECU的访问较为安全,并且提高了ECU安全访问的灵活性和可操控性。The ECU in this embodiment has shifted the link variables in the MD5 algorithm, making the MD5 algorithm more flexible. At the same time, because the improved MD5 algorithm is used to achieve safe access, it also makes the host computer's access to the ECU safer, and improves Flexibility and controllability of ECU security access.
与上述本申请一种实现ECU的安全访问方法实施例2所提供的方法相对应,参见图4,本申请还提供了一种上位机实施例,在本实施例中,可以包括:Corresponding to the method provided in Embodiment 2 of a method for implementing a secure access to an ECU in the present application, referring to FIG. 4 , the present application also provides an embodiment of a host computer. In this embodiment, it may include:
发送请求单元401,用于向ECU发送安全访问请求。A sending request unit 401, configured to send a security access request to the ECU.
接收单元402,用于接收所述ECU响应于安全访问请求返回的随机数。The receiving unit 402 is configured to receive the random number returned by the ECU in response to the security access request.
第二计算单元403,用于依据所述随机数和预先设置的链接变量的移位参数来计算第二MD5值。The second calculation unit 403 is configured to calculate a second MD5 value according to the random number and a preset shift parameter of a link variable.
在不同的实施例中,所述第二计算单元403具体可以包括:In different embodiments, the second calculation unit 403 may specifically include:
第二确定模块,用于将所述随机数确定为MD5算法的输入参数;第二取整模块,用于将所述移位参数对32进行取整,以得到移位的位数;第二移位模块,用于将所述MD5算法中的链接变量循环左移所述位数位;以及,第二计算模块,用于利用所述输入参数和移位后的链接变量来计算所述第二MD5值。The second determining module is used to determine the random number as the input parameter of the MD5 algorithm; the second rounding module is used to round the shift parameter to 32 to obtain the number of bits shifted; the second A shift module, for circularly shifting the link variable in the MD5 algorithm to the left by the number of digits; and, a second calculation module, for calculating the second link variable by using the input parameter and the shifted link variable MD5 value.
发送MD5值单元404,用于将所述第二MD5值发送给所述ECU,以便所述ECU依据所述第一MD5值和第二MD5值的比较结果进行安全访问控制。The sending MD5 value unit 404 is configured to send the second MD5 value to the ECU, so that the ECU performs security access control according to the comparison result between the first MD5 value and the second MD5 value.
本实施例中的上位机对MD5算法中的链接变量进行了移位,使得MD5算法更加灵活,同时,因为采用改进的MD5算法实现安全访问,也使得上位机对ECU的访问较为安全,并且提高了ECU安全访问的灵活性和可操控性。The upper computer in this embodiment has shifted the link variables in the MD5 algorithm, making the MD5 algorithm more flexible. At the same time, because the improved MD5 algorithm is used to achieve safe access, it also makes the upper computer's access to the ECU safer, and improves It improves the flexibility and controllability of ECU security access.
需要说明的是,本说明书中的各个实施例均采用递进的方式描述,每个实施例重点说明的都是与其他实施例的不同之处,各个实施例之间相同相似的部分互相参见即可。对于装置类实施例而言,由于其与方法实施例基本相似,所以描述的比较简单,相关之处参见方法实施例的部分说明即可。It should be noted that each embodiment in this specification is described in a progressive manner, and each embodiment focuses on the differences from other embodiments. For the same and similar parts in each embodiment, refer to each other, that is, Can. As for the device-type embodiments, since they are basically similar to the method embodiments, the description is relatively simple, and for related parts, please refer to part of the description of the method embodiments.
最后,还需要说明的是,在本文中,诸如第一和第二等之类的关系术语仅仅用来将一个实体或者操作与另一个实体或操作区分开来,而不一定要求或者暗示这些实体或操作之间存在任何这种实际的关系或者顺序。而且,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括所述要素的过程、方法、物品或者设备中还存在另外的相同要素。Finally, it should also be noted that in this text, relational terms such as first and second etc. are only used to distinguish one entity or operation from another, and do not necessarily require or imply that these entities or operations, any such actual relationship or order exists. Furthermore, the term "comprises", "comprises" or any other variation thereof is intended to cover a non-exclusive inclusion such that a process, method, article, or apparatus comprising a set of elements includes not only those elements, but also includes elements not expressly listed. other elements of or also include elements inherent in such a process, method, article, or device. Without further limitations, an element defined by the phrase "comprising a ..." does not exclude the presence of additional identical elements in the process, method, article or apparatus comprising said element.
以上对本申请所提供的一种ECU的安全访问方法、ECU及上位机进行了详细介绍,本文中应用了具体个例对本申请的原理及实施方式进行了阐述,以上实施例的说明只是用于帮助理解本申请的方法及其核心思想;同时,对于本领域的一般技术人员,依据本申请的思想,在具体实施方式及应用范围上均会有改变之处,综上所述,本说明书内容不应理解为对本申请的限制。The security access method of a kind of ECU provided by this application, ECU and upper computer have been introduced in detail above, and the principle and implementation mode of this application have been explained by using specific examples in this paper. The description of the above embodiment is only for helping Understand the method of this application and its core idea; at the same time, for those of ordinary skill in the art, according to the idea of this application, there will be changes in the specific implementation and scope of application. In summary, the content of this specification does not It should be understood as a limitation on the present application.
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410309182.0ACN104134047B (en) | 2014-07-01 | 2014-07-01 | Realize ECU safety access method, ECU and host computer |
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410309182.0ACN104134047B (en) | 2014-07-01 | 2014-07-01 | Realize ECU safety access method, ECU and host computer |
| Publication Number | Publication Date |
|---|---|
| CN104134047Atrue CN104134047A (en) | 2014-11-05 |
| CN104134047B CN104134047B (en) | 2018-01-02 |
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410309182.0AActiveCN104134047B (en) | 2014-07-01 | 2014-07-01 | Realize ECU safety access method, ECU and host computer |
| Country | Link |
|---|---|
| CN (1) | CN104134047B (en) |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106101111A (en)* | 2016-06-24 | 2016-11-09 | 郑州信大捷安信息技术股份有限公司 | Vehicle electronics safe communication system and communication means |
| CN113094691A (en)* | 2021-03-24 | 2021-07-09 | 东风电驱动系统有限公司 | Whole vehicle ECU device safety access method and system |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101166087A (en)* | 2007-09-30 | 2008-04-23 | 奇瑞汽车有限公司 | A secure validation method for car diagnosis communication |
| US20080209226A1 (en)* | 2007-02-28 | 2008-08-28 | Microsoft Corporation | User Authentication Via Biometric Hashing |
| US20110202776A1 (en)* | 2004-08-06 | 2011-08-18 | Broadcom Corporation | Storage Device Content Authentication |
| CN102393888A (en)* | 2011-07-21 | 2012-03-28 | 广州汽车集团股份有限公司 | ECU (Electric Control Unit) security access processing method |
| CN103685214A (en)* | 2011-10-28 | 2014-03-26 | 通用汽车环球科技运作有限责任公司 | Security access method for automotive electronic control units |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110202776A1 (en)* | 2004-08-06 | 2011-08-18 | Broadcom Corporation | Storage Device Content Authentication |
| US20080209226A1 (en)* | 2007-02-28 | 2008-08-28 | Microsoft Corporation | User Authentication Via Biometric Hashing |
| CN101166087A (en)* | 2007-09-30 | 2008-04-23 | 奇瑞汽车有限公司 | A secure validation method for car diagnosis communication |
| CN102393888A (en)* | 2011-07-21 | 2012-03-28 | 广州汽车集团股份有限公司 | ECU (Electric Control Unit) security access processing method |
| CN103685214A (en)* | 2011-10-28 | 2014-03-26 | 通用汽车环球科技运作有限责任公司 | Security access method for automotive electronic control units |
| Title |
|---|
| 小新BGG: ""实验三 MD5算法"", 《百度文库》* |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106101111A (en)* | 2016-06-24 | 2016-11-09 | 郑州信大捷安信息技术股份有限公司 | Vehicle electronics safe communication system and communication means |
| CN106101111B (en)* | 2016-06-24 | 2019-10-25 | 郑州信大捷安信息技术股份有限公司 | Vehicle electronics safe communication system and communication means |
| CN113094691A (en)* | 2021-03-24 | 2021-07-09 | 东风电驱动系统有限公司 | Whole vehicle ECU device safety access method and system |
| Publication number | Publication date |
|---|---|
| CN104134047B (en) | 2018-01-02 |
| Publication | Publication Date | Title |
|---|---|---|
| CN110083606A (en) | Across chain storage method, terminal and storage medium | |
| CN102833259B (en) | The anti-tamper detection method of inter-system data, verification code generating method and device | |
| TWI724809B (en) | Method, device and electronic equipment for determining model parameters | |
| CN110517147A (en) | Transaction data processing method, apparatus, system and computer-readable storage medium | |
| WO2021082340A1 (en) | Data processing method, apparatus, system, and storage medium | |
| CN109493054B (en) | Multi-chain information management method, device, storage medium and block chain identity analyzer | |
| CN107688733B (en) | Service interface calling method, apparatus, user terminal and readable storage medium | |
| CN107729409A (en) | Method and device for generating short links | |
| CN110611568B (en) | Dynamic encryption and decryption method, device and equipment based on multiple encryption and decryption algorithms | |
| TW202018645A (en) | Blockchain-based data processing method and apparatus, and server | |
| WO2019001125A1 (en) | Method and device for processing transaction files, storage medium, and computer apparatus | |
| CN109145651B (en) | Data processing method and device | |
| CN104134047B (en) | Realize ECU safety access method, ECU and host computer | |
| US20180063116A1 (en) | Method and apparatus for generating an intelligent primary key facilitating faster object retrieval | |
| WO2023240986A1 (en) | Method and apparatus for obtaining effective quantum key | |
| CN115361376A (en) | Government affair file uploading method and device, electronic equipment and storage medium | |
| WO2021134898A1 (en) | Blockchain transaction data proof supervision method and system, and related device | |
| CN112580077B (en) | Information processing method, device, equipment and storage medium | |
| CN110781503B (en) | Data calling method, device and computer readable storage medium | |
| CN107947944B (en) | A Lattice-Based Incremental Signature Method | |
| CN108846672B (en) | Personalized address generation method and device, electronic equipment and storage medium | |
| WO2017071192A1 (en) | Identity verification method and apparatus | |
| CN109559225B (en) | Transaction method and device | |
| CN105683982B (en) | Techniques for extending the communication chain of trust to client applications | |
| CN110401541A (en) | Threshold voting method, system and related equipment based on EC-Schnoor signature algorithm |
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |