Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Safety upgrade method, system, server and vehicle-mounted terminal

A security upgrade and vehicle-mounted terminal technology, which is applied in the field of Internet of Vehicles, can solve the problems of vehicles being exposed to safety risks, and achieve the effect of raising technical thresholds, reducing safety risks, and improving safety

Active Publication Date: 2021-06-04
GUANGZHOU XIAOPENG MOTORS TECH CO LTD
View PDF9 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Once the OTA server node where the key is stored is compromised, the attacker may obtain the key used for encryption and signing, resulting in the security-processed upgrade package still being cracked by the attacker, causing the car to be exposed to security risks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Safety upgrade method, system, server and vehicle-mounted terminal
  • Safety upgrade method, system, server and vehicle-mounted terminal
  • Safety upgrade method, system, server and vehicle-mounted terminal

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0091] see figure 2 , figure 2 It is a schematic flowchart of a security upgrade method disclosed in an embodiment of the present invention. figure 2 The security upgrade method shown can be applied as figure 1 Upgrade system shown. Such as figure 2 As shown, the security upgrade method may include the following steps:

[0092] 201. The data plane server uses the first private key to sign the original upgrade package to obtain the security upgrade package, and transmits the download policy of the security upgrade package to the control plane server.

[0093] First, the configuration of the key pair in the embodiment of the present invention is introduced. Among them, the first private key and the first public key are a set of corresponding key pairs, the following second private key and the second public key are another set of corresponding key pairs, and each set of key pairs has a unique ID number as identification. Specifically, the private key in the key pair an...

Embodiment 2

[0117] see image 3 , image 3 It is a schematic flowchart of another security upgrade method disclosed in the embodiment of the present invention. Such as image 3 As shown, the security upgrade method may include:

[0118] 301. The data plane server loads private keys stored offline to the data plane server, and selects a first private key from the private keys loaded to the data plane server.

[0119] In this embodiment of the present invention, the data plane server may be a server located in an internal local area network. The closedness of the internal LAN is relatively high, and it is relatively difficult for external attackers to attack the servers in the internal LAN. Moreover, the private key used by the data plane server is stored offline, and then loaded into the data plane server when used. In this way, even if the data plane server is compromised, it is difficult for the attacker to obtain the private key used by the data plane server when signing.

[0120]...

Embodiment 3

[0143] see Figure 4 , Figure 4 It is a schematic structural diagram of a server disclosed in an embodiment of the present invention. Figure 4 The server shown may be a control plane server. Optionally, the control plane server may be located in a public network. Such as Figure 4 As shown, the server can include:

[0144] The generating unit 401 is configured to generate initial upgrade activity data including a security upgrade package download policy; wherein, the security upgrade package is obtained after the data plane server signs the original upgrade package with a first private key; the data plane server and the control plane Servers are separate and distinct servers.

[0145] The first signing unit 402 is configured to use the second private key to sign the above-mentioned initial upgrade activity data to obtain signed upgrade activity data;

[0146] In the embodiment of the present invention, as an optional implementation, the first signing unit 402 may also...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A security upgrade method, system, server, and vehicle-mounted terminal, the method comprising: a data plane server uses a first private key to sign an original upgrade package to obtain a security upgrade package; a control plane server generates an initial update including a download strategy for the security upgrade package For activity data, use a second private key different from the first private key to sign the initial upgrade activity data, and send the signed upgrade activity data to the vehicle-mounted terminal; the vehicle-mounted terminal uses the second public key to sign the upgraded activity The data is verified; if the verification is passed, the vehicle-mounted terminal downloads the security upgrade package according to the instructions of the download policy, and uses the first public key to verify the security upgrade package; if the verification passes, the vehicle-mounted terminal restores the The original upgrade package uses the original upgrade package to upgrade the vehicle-mounted system of the vehicle-mounted terminal, thereby reducing the security risk caused by server nodes being attacked and improving the security of the vehicle-mounted system upgrade.

Description

technical field [0001] The present invention relates to the technical field of Internet of Vehicles, in particular to a security upgrade method, system, server and vehicle-mounted terminal. Background technique [0002] With the gradual development of automobiles towards intelligence and networking, OTA (Over The Air, online upgrade) is an essential function of the vehicle system. Internet-connected cars that can access the Internet can use the OTA function to update the on-board firmware, on-board applications, and on-board system configuration. The method is generally to first transmit the upgrade package to the Internet-connected car through the Internet interface or USB interface, and then upload it to the Internet-connected car. The upgrade package is flashed to the target location. [0003] However, in practice, it has been found that the above-mentioned upgrade method is easy to cause information leakage: attackers can obtain the upgrade package through network inter...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/51G06F8/65
CPCG06F8/65G06F21/51
Inventor 王辉
Owner GUANGZHOU XIAOPENG MOTORS TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com