Security upgrading method and system, server and vehicle-mounted terminal

A technology for security upgrades and in-vehicle terminals, which is applied in the field of Internet of Vehicles and can solve the problem of vehicles exposed to security risks.

Active Publication Date: 2019-10-25
GUANGZHOU XIAOPENG MOTORS TECH CO LTD
View PDF9 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Once the OTA server node where the key is stored is compromised, the attacker may obtain the key used for encryption and signing, resulting in the security-processed upgrade package still being cracked by the attacker, causing the car to be exposed to security risks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Security upgrading method and system, server and vehicle-mounted terminal
  • Security upgrading method and system, server and vehicle-mounted terminal
  • Security upgrading method and system, server and vehicle-mounted terminal

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0091] see figure 2 , figure 2 It is a schematic flowchart of a security upgrade method disclosed in an embodiment of the present invention. figure 2 The security upgrade method shown can be applied as figure 1 Upgrade system shown. Such as figure 2 As shown, the security upgrade method may include the following steps:

[0092] 201. The data plane server uses the first private key to sign the original upgrade package to obtain the security upgrade package, and transmits the download policy of the security upgrade package to the control plane server.

[0093] First, the configuration of the key pair in the embodiment of the present invention is introduced. Among them, the first private key and the first public key are a set of corresponding key pairs, the following second private key and the second public key are another set of corresponding key pairs, and each set of key pairs has a unique ID number as identification. Specifically, the private key in the key pair an...

Embodiment 2

[0117] see image 3 , image 3 It is a schematic flowchart of another security upgrade method disclosed in the embodiment of the present invention. like image 3 As shown, the security upgrade method may include:

[0118] 301. The data plane server loads private keys stored offline to the data plane server, and selects a first private key from the private keys loaded to the data plane server.

[0119] In this embodiment of the present invention, the data plane server may be a server located in an internal local area network. The closedness of the internal LAN is relatively high, and it is relatively difficult for external attackers to attack the servers in the internal LAN. Moreover, the private key used by the data plane server is stored offline, and then loaded into the data plane server when used. In this way, even if the data plane server is compromised, it is difficult for the attacker to obtain the private key used by the data plane server when signing.

[0120] In...

Embodiment 3

[0143] see Figure 4 , Figure 4 It is a schematic structural diagram of a server disclosed in an embodiment of the present invention. Figure 4 The server shown may be a control plane server. Optionally, the control plane server may be located in a public network. like Figure 4 As shown, the server can include:

[0144] The generating unit 401 is configured to generate initial upgrade activity data including a security upgrade package download policy; wherein, the security upgrade package is obtained after the data plane server signs the original upgrade package with a first private key; the data plane server and the control plane Servers are separate and distinct servers.

[0145] The first signing unit 402 is configured to use the second private key to sign the above-mentioned initial upgrade activity data to obtain signed upgrade activity data;

[0146] In the embodiment of the present invention, as an optional implementation, the first signing unit 402 may also be ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a security upgrade method and system, a server and a vehicle-mounted terminal, and the method comprises the steps that a data plane server signs an original upgrade package through a first private key, and obtains a security upgrade package; the control plane server generates initial upgrade activity data containing a security upgrade package downloading strategy, signs theinitial upgrade activity data by using a second private key different from the first private key, and issues the signed upgrade activity data to the vehicle-mounted terminal; the vehicle-mounted terminal verifies the signature of the signed upgrading activity data by using a second public key; if the signature verification is passed, the vehicle-mounted terminal downloads the security upgrade package according to the indication of the downloading strategy, and verifies the signature of the security upgrade package by using the first public key; and if the signature verification is passed, thevehicle-mounted terminal restores the original upgrade package from the security upgrade package, and the vehicle-mounted system of the vehicle-mounted terminal is upgraded by utilizing the originalupgrade package, so that the security risk caused by the attack of the server node can be reduced, and the security of upgrading the vehicle-mounted system is improved.

Description

technical field [0001] The present invention relates to the technical field of Internet of Vehicles, in particular to a security upgrade method, system, server and vehicle-mounted terminal. Background technique [0002] With the gradual development of automobiles towards intelligence and networking, OTA (Over The Air, online upgrade) is an essential function of the vehicle system. Internet-connected cars that can access the Internet can use the OTA function to update the on-board firmware, on-board applications, and on-board system configuration. The method is generally to first transmit the upgrade package to the Internet-connected car through the Internet interface or USB interface, and then upload it to the Internet-connected car. The upgrade package is flashed to the target location. [0003] However, in practice, it has been found that the above-mentioned upgrade method is easy to cause information leakage: attackers can obtain the upgrade package through network inter...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/51G06F8/65
CPCG06F8/65G06F21/51
Inventor 王辉
Owner GUANGZHOU XIAOPENG MOTORS TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products