Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Vehicle-mounted network security protection system and application method thereof

A vehicle-mounted network and protection system technology, which is applied in the field of vehicle-mounted network information security protection systems of intelligent networked vehicles, can solve the problems of low adaptability, counterfeit communication nodes, and failure of vehicle-mounted network information security protection to form a systematic and comprehensive network information security problems such as methods and systems to achieve the effect of reducing the difficulty of implementation and realizing unified management

Inactive Publication Date: 2021-08-10
北京云驰未来科技有限公司
View PDF0 Cites 12 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] 1) The traditional automobile bus realizes inter-node communication based on message broadcasting and priority-based arbitration mechanism; the intruder monitors the bus message and cracks the protocol by dismantling the vehicle; after that, it can remotely invade the same type of vehicle through the vehicle network; obtain After managing authority, impersonate communication nodes, send illegal commands or monopolize the bus bandwidth with high priority to implement flooding attacks; bring great safety hazards to the safe driving of cars;
[0004] 2) A car contains a large number of automotive electronic control units (ECUs) and vehicle information system units, each of which undertakes different functional responsibilities. The supplier system is huge. Although it follows a unified functional safety standard, there is no corresponding information security implementation specification ;
[0005] 3) The technical field of automotive embedded systems has its own uniqueness and specialization; the methods and practices in the traditional Internet security field cannot be copied as they are, and the information security implementation of automotive embedded systems lacks reference methods and reusable resources;
[0006] At present, in the field of in-vehicle network information security technology, various technical solutions are only aimed at a specific business requirement, such as data encryption, system and application reinforcement, OTA, encrypted communication protocols, etc., and there is no systematic system for in-vehicle network information security protection. , comprehensive network information security methods and systems; there are also some technical solutions that copy the methods and systems in the field of Internet information security technology, but do not take into account the professionalism and particularity of the automotive embedded system technology ecology. The dilemma of low level, few available resources, and difficult implementation of the plan

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0037] This embodiment aims to provide a system for network information security protection on an embedded system, the system has a security engine module, an application program interface module, an authentication module, a secure communication module, a data encryption module, an attack protection module, Intrusion detection module, log system module.

[0038] The security engine module is the dispatching center of the vehicle-mounted network information security protection system. By taking over the vehicle-mounted network communication protocol stack, the processing flow and management rule set of the vehicle-mounted network message are established; the vehicle-mounted network communication protocol stack includes the vehicle-mounted Ethernet communication protocol stack and a vehicle-mounted CAN bus communication protocol stack; the processing flow and management rule set include a packet filtering mechanism, a redirection mechanism, a hook mechanism, and a callback mechan...

Embodiment 2

[0041] On the basis of the first embodiment, this embodiment provides a method for using the network information security protection system.

[0042] Step 1: Extract common technical features for the automotive embedded system environment and communication services, and identify security risks;

[0043] Step 2: Establish a lightweight security engine architecture adapted to the heterogeneous network of automotive embedded systems;

[0044] Step 3: Provide security services such as data encryption and decryption, certificate and secret key management for automotive communication services;

[0045] Step 4: Establish a security audit coordination mechanism;

[0046] Step 5: Establish and update the log system and security policy library.

[0047] In this embodiment, step 1 and step 2 are the steps of establishing a security engine module to identify and process abnormal behaviors to protect the safety of the vehicle network, and steps 3 to 5 are steps to establish a security po...

Embodiment 3

[0049] This embodiment is made on the basis of the second embodiment, wherein the further preferred subdivision of step 2 is:

[0050] Step 1: Extract common technical features for the automotive embedded system environment and communication services, and identify security risks;

[0051] Step 2: Establish a lightweight security engine architecture adapted to the heterogeneous network of automotive embedded systems;

[0052] Step 211: Take over the vehicle Ethernet communication protocol stack;

[0053] Step 212: Real-time mapping and redundant backup of network messages;

[0054] Step 213: Transmission encryption of the vehicle network transport layer communication protocol;

[0055] Step 214: Identify abnormal traffic and abnormal behavior based on protocol standards and security rule sets;

[0056] Step 215: Match and take effect the attack protection strategy;

[0057] Step 3: Provide security services such as data encryption and decryption, certificate and secret key ma...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a vehicle-mounted network information security protection system, which comprises a security engine module, an application program interface module, an authentication module, a security communication module, a data encryption module, an attack protection module, an intrusion detection module and a log system module,wherein the security engine module is a dispatching center of the vehicle-mounted network information security protection system, and is used for establishing a processing flow and a management rule set of the vehicle-mounted network message; the application program interface module is used for providing data encryption and decryption services for an application program; the secure communication module is used for realizing network transmission encryption based on a vehicle-mounted network transmission layer communication protocol and an SSL / TSL encryption transmission protocol; the data encryption module provides algorithm support for data encryption and decryption; the intrusion detection module is used for collecting necessary data and information through methods of real-time mapping, redundant backup and the like of vehicle-mounted network messages; and the log system module is responsible for recording system operation, network flow and operation behaviors.

Description

technical field [0001] The invention relates to a vehicle-mounted network information security protection system, in particular to a vehicle-mounted network information security protection system of an intelligent networked vehicle. Background technique [0002] As automobiles become more and more intelligent and connected, the security threats they face are also greatly increasing. Each connection path of a connected car may be exploited to enable remote attack and control of the car. Intelligent networked vehicles usually face the following information security issues: [0003] 1) The traditional automobile bus realizes inter-node communication based on message broadcasting and priority-based arbitration mechanism; the intruder monitors the bus message and cracks the protocol by dismantling the vehicle; after that, it can remotely invade the same type of vehicle through the vehicle network; obtain After managing authority, impersonate communication nodes, send illegal co...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L29/08
CPCH04L63/02H04L63/0428H04L63/0823H04L63/083H04L63/10H04L63/1408H04L63/1416H04L63/1425H04L63/20H04L67/12
Inventor 郑强卞军李哲曾剑隽
Owner 北京云驰未来科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com