FOTA upgrade method, device and equipment for vehicle safety and storage medium

By parsing and verifying the encrypted software upgrade package of the vehicle system, the problem of tampering with the software upgrade package during transmission and installation is solved, ensuring the security of FOTA upgrades for automobiles.

CN115643564BActive Publication Date: 2026-06-09SAIC GM WULING AUTOMOBILE CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
SAIC GM WULING AUTOMOBILE CO LTD
Filing Date
2022-09-27
Publication Date
2026-06-09

AI Technical Summary

Technical Problem

In-vehicle system software upgrade packages are easily tampered with during transmission or installation, leading to cyberattacks and security threats.

Method used

The software upgrade package is encrypted, and the key information and initial message authentication code are used for parsing, reliability verification, and integrity verification to ensure the reliability and integrity of the software upgrade package.

Benefits of technology

By parsing and verifying encrypted software upgrade packages, the tampering of software upgrade packages during installation is prevented, thus improving the security of FOTA (Firmware Over-The-Air) upgrades for automotive safety.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN115643564B_ABST
    Figure CN115643564B_ABST
Patent Text Reader

Abstract

The application discloses a kind of FOTA upgrade method, device and equipment of car safety and storage medium, involve over-the-air downloading technical field, method includes: receiving the encrypted software upgrade package issued by cloud platform, and encrypted software upgrade package includes key information and initial message authentication code;According to key information, the encrypted software upgrade package is parsed, and the parsed software upgrade package and target digital signature are obtained, and key information includes preset key pair, fixed symmetric key and random symmetric key;According to the digital signature received and target digital signature, the parsed software upgrade package is carried out reliability verification;According to preset key pair, fixed symmetric key and initial message authentication code, the parsed software upgrade package is carried out integrity verification;If the parsed software upgrade package passes through reliability verification and integrity verification, then according to the parsed software upgrade package, target automobile software is upgraded.The application avoids the problem that software upgrade package is tampered in installation process.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of over-the-air (OTA) download technology, and in particular to a method, apparatus, device, and storage medium for FOTA (Firmware Over-The-Air) upgrades for automotive safety. Background Technology

[0002] Currently, in-vehicle system software upgrades are typically completed using FOTA (Firmware Over-The-Air) technology. However, internet security threats such as cyberattacks, Trojan viruses, and data theft are gradually extending into the automotive field. When an in-vehicle system suffers a cyberattack, the software upgrade package is often tampered with during the installation process. Summary of the Invention

[0003] The main objective of this invention is to provide a method, apparatus, device, and storage medium for FOTA (Firmware Over-The-Air) upgrades for automotive security, aiming to solve the technical problem of software upgrade packages being tampered with during transmission or installation.

[0004] To achieve the above objectives, the present invention adopts the following technical solution:

[0005] In a first aspect, the present invention provides a method for FOTA (Firmware Over-The-Air) upgrade of automotive security, applied to an in-vehicle system, the method comprising:

[0006] Receive the encryption software upgrade package issued by the cloud platform. The encryption software upgrade package includes key information and initial message authentication code.

[0007] The encrypted software upgrade package is parsed based on the key information to obtain the parsed software upgrade package and the target digital signature. The key information includes a preset key pair, a fixed symmetric key, and a random symmetric key.

[0008] Based on the received digital signature and the target digital signature, the reliability of the parsed software upgrade package is verified.

[0009] The integrity of the parsed software upgrade package is verified based on the pre-set key pair, fixed symmetric key, and initial message authentication code.

[0010] If the parsed software upgrade package passes the reliability and integrity verification, then the target vehicle software is upgraded based on the parsed software upgrade package.

[0011] Optionally, the step of parsing the encrypted software upgrade package based on the key information to obtain the parsed software upgrade package and the target digital signature includes:

[0012] The encrypted software upgrade package is parsed using a pre-set key to obtain the intermediate software upgrade package and the target digital signature;

[0013] The intermediate software upgrade package is parsed using a random symmetric key to obtain the parsed software upgrade package.

[0014] Optionally, the integrity of the parsed software upgrade package is verified based on the preset key pair, the fixed symmetric key, and the initial message authentication code, including:

[0015] The target message authentication code of the parsed software upgrade package is calculated based on the preset key pair and the fixed symmetric key.

[0016] The integrity of the parsed software upgrade package is verified based on whether the initial message authentication code and the target message authentication code are consistent.

[0017] Optionally, after upgrading the target vehicle software according to the parsed software upgrade package, the method further includes:

[0018] Update the version number information of the target vehicle software, and store the parsed software upgrade package and key information.

[0019] Optionally, before the step of receiving the encryption software upgrade package issued by the cloud platform, the method further includes:

[0020] Send vehicle identity information to the cloud platform so that the cloud platform can authenticate the vehicle system based on the vehicle identity information;

[0021] If the vehicle system passes identity authentication, it establishes a communication connection with the cloud platform and executes the step of receiving the encrypted software upgrade package issued by the cloud platform.

[0022] Optionally, vehicle identity information is sent to the cloud platform so that the cloud platform can authenticate the in-vehicle system based on the vehicle identity information, including:

[0023] Send vehicle identity information to the cloud platform;

[0024] If the vehicle identity information exists in the cloud platform's identity database, then the cloud server certificate issued by the cloud platform will be received.

[0025] Verify the cloud server certificate;

[0026] If the cloud server certificate is verified, the vehicle server certificate is sent to the cloud platform so that the cloud platform can verify the vehicle server certificate.

[0027] If the in-vehicle system successfully authenticates its identity and establishes a communication connection with the cloud platform, the steps include:

[0028] If the vehicle-side server certificate is verified, a communication connection is established with the cloud platform.

[0029] Optionally, after verifying the cloud server certificate, the method also includes:

[0030] If the cloud server certificate or the vehicle server certificate fails verification, a communication connection will not be established with the cloud platform.

[0031] Secondly, the present invention also provides an FOTA (Firmware Over-The-Air) upgrade device for automotive safety, the device comprising:

[0032] The upgrade package receiving module is used to receive the encryption software upgrade package issued by the cloud platform. The encryption software upgrade package includes key information and initial message authentication code.

[0033] The parsing module is used to parse the encrypted software upgrade package according to the key information to obtain the parsed software upgrade package and the target digital signature. The key information includes a preset key pair, a fixed symmetric key, and a random symmetric key.

[0034] The reliability verification module is used to verify the reliability of the parsed software upgrade package based on the received digital signature and the target digital signature.

[0035] The integrity verification module is used to perform integrity verification on the parsed software upgrade package based on the preset key pair, fixed symmetric key and initial message authentication code;

[0036] The software upgrade module is used to upgrade the target vehicle software based on the parsed software upgrade package if the parsed software upgrade package passes the reliability and integrity verification.

[0037] Thirdly, the present invention also provides a vehicle safety FOTA upgrade device, the device comprising: a memory, a processor, and a vehicle safety FOTA upgrade program stored on the memory and executable on the processor, wherein the vehicle safety FOTA upgrade program is configured to implement the steps of any of the above-described vehicle safety FOTA upgrade methods.

[0038] Fourthly, the present invention also provides a computer-readable storage medium storing an over-the-air (FOTA) update program for vehicle safety, which, when executed by a processor, implements the steps of the vehicle safety FOTA update method as described above.

[0039] This invention provides a method, apparatus, device, and storage medium for over-the-air (FOTA) software upgrades for automotive security. The method involves receiving an encrypted software upgrade package from a cloud platform, the package including key information and an initial message authentication code; parsing the encrypted software upgrade package based on the key information to obtain a parsed software upgrade package and a target digital signature, the key information including a preset key pair, a fixed symmetric key, and a random symmetric key; verifying the reliability of the parsed software upgrade package based on the received digital signature and the target digital signature; verifying the integrity of the parsed software upgrade package based on the preset key pair, the fixed symmetric key, and the initial message authentication code; and upgrading the target vehicle software based on the parsed software upgrade package if it passes both the reliability and integrity verifications.

[0040] Therefore, this application receives an encrypted software upgrade package and uses the key information, initial message authentication code, and received digital signature in the encrypted software upgrade package to parse, verify reliability, and verify integrity of the encrypted software upgrade package before upgrading the target vehicle software. This ensures the reliability and integrity of the software upgrade package, avoids the technical problem of the software upgrade package being tampered with during the installation process, and improves the security of FOTA upgrades for vehicle security. Attached Figure Description

[0041] To more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are only some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on the structures shown in these drawings without creative effort.

[0042] Figure 1 This is a schematic diagram of the FOTA (Firmware Over-The-Air) upgrade device for automotive safety according to the present invention;

[0043] Figure 2 This is a flowchart illustrating the first embodiment of the FOTA (Firmware Over-The-Air) upgrade method for vehicle safety according to the present invention.

[0044] Figure 3 This is a flowchart illustrating the second embodiment of the FOTA (Firmware Over-The-Air) upgrade method for vehicle safety according to the present invention;

[0045] Figure 4 This is a flowchart illustrating the third embodiment of the FOTA (Firmware Over-The-Air) upgrade method for vehicle safety according to the present invention.

[0046] Figure 5 This is a schematic diagram of the first embodiment of the FOTA (Firmware Over-The-Air) upgrade device for automotive safety of the present invention.

[0047] The realization of the objective, functional features and advantages of the present invention will be further explained in conjunction with the embodiments and with reference to the accompanying drawings. Detailed Implementation

[0048] To make the objectives, technical solutions, and advantages of this invention clearer, the technical solutions of the embodiments of this invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only a part of the embodiments of this invention, and not all of them. Based on the embodiments of this invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of this invention.

[0049] It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.

[0050] In this invention, the terms "comprising," "including," or any other variations thereof are intended to cover a non-exclusive inclusion, such that an apparatus or system comprising a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such an apparatus or system. Without further limitation, an element defined by the phrase "comprising..." does not exclude the presence of other identical elements in the apparatus or system that includes that element.

[0051] In view of the technical problem that software upgrade packages can be tampered with during transmission or installation, this invention provides a method for FOTA (Firmware Over-The-Air) upgrades for automotive security, the overall idea of ​​which is as follows:

[0052] The method, applied to in-vehicle systems, includes: receiving an encrypted software upgrade package from a cloud platform, the encrypted software upgrade package including key information and an initial message authentication code; parsing the encrypted software upgrade package according to the key information to obtain a parsed software upgrade package and a target digital signature, the key information including a preset key pair, a fixed symmetric key, and a random symmetric key; performing reliability verification on the parsed software upgrade package based on the received digital signature and the target digital signature; performing integrity verification on the parsed software upgrade package based on the preset key pair, the fixed symmetric key, and the initial message authentication code; and upgrading the target vehicle software based on the parsed software upgrade package if the parsed software upgrade package passes both the reliability and integrity verifications.

[0053] This invention provides a method for FOTA (Firmware Over-The-Air) upgrades for automotive security. By receiving an encrypted software upgrade package, and using the key information, initial message authentication code, and received digital signature in the encrypted software upgrade package to parse, verify reliability, and verify integrity, the target vehicle software is upgraded. This method ensures the reliability and integrity of the software upgrade package, avoids the technical problem of the software upgrade package being tampered with during the installation process, and improves the security of FOTA upgrades for automotive security.

[0054] The following provides a detailed description of the FOTA (Firmware Over-The-Air) upgrade method, apparatus, equipment, and storage medium for automotive safety applied in the technical implementation of this invention:

[0055] Reference Figure 1 , Figure 1 This is a schematic diagram of the FOTA (Firmware Over-The-Air) upgrade device for automotive safety according to the present invention;

[0056] like Figure 1 As shown, the device may include: a processor 1001, such as a central processing unit (CPU), a communication bus 1002, a user interface 1003, a network interface 1004, and a memory 1005. The communication bus 1002 is used to enable communication between these components. The user interface 1003 may include a synchronous motor, and optionally, it may also include a standard wired interface or a wireless interface. The network interface 1004 may optionally include a standard wired interface or a wireless interface (such as a Wireless-Fidelity (Wi-Fi) interface). The memory 1005 may be a high-speed random access memory (RAM) or a stable non-volatile memory (NVM), such as a disk drive. The memory 1005 may also optionally be a storage device independent of the aforementioned processor 1001.

[0057] Those skilled in the art will understand that Figure 1 The structure shown does not constitute a limitation on the device and may include more or fewer components than shown, or combine certain components, or have different component arrangements.

[0058] like Figure 1 As shown, the memory 1005, which serves as a storage medium, may include an operating system, a data storage module, a network communication module, a user interface module, and an over-the-air (FOTA) upgrade program for vehicle safety.

[0059] exist Figure 1In the device shown, the network interface 1004 is mainly used for data communication with other devices; the user interface 1003 is mainly used for data interaction with user equipment; the processor 1001 and memory 1005 in the FOTA upgrade method for automotive safety of the present invention can be set in the device. The FOTA upgrade method for automotive safety calls the FOTA upgrade program for automotive safety stored in memory 1005 through processor 1001 and executes the FOTA upgrade method for automotive safety provided in the embodiment of the present invention.

[0060] The FOTA upgrade method, apparatus, device, and storage medium for automotive safety of the present invention will be described in detail below with reference to the accompanying drawings and specific embodiments.

[0061] Based on, but not limited to, the above hardware structure, refer to Figure 2 , Figure 2 This is a flowchart illustrating the first embodiment of the FOTA (Firmware Over-The-Air) upgrade method for automotive safety according to the present invention. This embodiment provides an FOTA upgrade method for automotive safety, applied to an in-vehicle system, and the method includes:

[0062] Step S100: Receive the encryption software upgrade package sent by the cloud platform. The encryption software upgrade package includes key information and initial message authentication code.

[0063] In this embodiment, the execution entity is the vehicle-mounted system, which includes the FOTA (Firmware Over-The-Air) upgrade device for the target vehicle's safety. The cloud platform is a vehicle-to-everything (V2X) FOTA platform, which can be a physical server containing an independent host, or a virtual server hosted by a host cluster.

[0064] Furthermore, the encrypted software upgrade package is obtained by the cloud platform using digital signature encryption technology. The software upgrade package is named according to a preset naming rule, for example: ECU (Electronic Control Unit) module name_vehicle model_configuration_module version number_part number_supplier number_software release date_custom characters. This preset naming rule helps avoid misuse and incorrect transmission of the upgrade package.

[0065] In addition, before the software upgrade package is uploaded to the cloud platform, it can be encrypted using the MD5 (Message Digest Algorithm) to obtain an initial encrypted software upgrade package and generate a digital key. Simultaneously, an MD5 decryption algorithm is added to the entry point for uploading the upgrade package to the cloud platform. After the upgrade package is uploaded to the cloud platform, the cloud platform uses the digital key to decrypt and verify the initial encrypted software upgrade package. If the decryption verification passes, the software upgrade package is allowed to be uploaded and stored on the cloud platform; otherwise, the upload is rejected. The cloud platform includes a main database and a backup database, both used to store the software upgrade package. After the software upgrade package is uploaded to the cloud platform, it is first stored in the main database, and the backup database is updated daily based on the main database. When the main database encounters a problem, the cloud platform can switch to the backup database in a timely manner to interact with the vehicle system. It can be understood that before the software upgrade package is distributed to the vehicle system, it can be packaged using digital signature encryption technology to obtain an encrypted software upgrade package.

[0066] Step S110: Parse the encrypted software upgrade package according to the key information to obtain the parsed software upgrade package and the target digital signature. The key information includes a preset key pair, a fixed symmetric key, and a random symmetric key.

[0067] In this embodiment, the encrypted software upgrade package includes an FOTA task description file and its CMAC (Cipher BlockChaining-Message Authentication Code) file, an ECU refresh configuration file and its CMAC file, an original refresh file and its CMAC file, a differential refresh file and its CMAC file, and a refresh script file and its CMAC file. Pre-configured key pairs are pre-configured on the device side by the KMS (Key Management Service), and each pre-configured key pair includes a public key and a private key. Random symmetric keys are randomly distributed by the cloud platform. Fixed symmetric keys are pre-configured and stored on the cloud platform and in the vehicle system. Specifically, the FOTA task description file and the ECU refresh configuration file are encrypted on the cloud platform using the private key of the pre-configured key pair, and decrypted in the vehicle system using the public key of the pre-configured key pair; other files such as the original refresh file, differential refresh file, and refresh script file are encrypted using random symmetric keys, and these random symmetric keys are placed in the FOTA task description file.

[0068] In addition, the software upgrade package's refresh file contains a data segment used for reliability and integrity verification. This data segment includes a digital signature and a message authentication code (MAC). The digital signature is located in the last data segment of the FOTA task description file and the ECU refresh configuration file. After receiving the encrypted software upgrade package, the vehicle system can parse it to obtain the data segment that needs to be verified for reliability, namely, the target digital signature.

[0069] In specific implementation, such as Figure 3 As shown, Figure 3 This is a flowchart illustrating a second embodiment of the FOTA (Firmware Over-The-Air) upgrade method for vehicle safety according to the present invention. Step S110 includes:

[0070] Step S111: Parse the encrypted software upgrade package according to the preset key to obtain the intermediate software upgrade package and the target digital signature;

[0071] Step S112: Parse the intermediate software upgrade package using the random symmetric key to obtain the parsed software upgrade package.

[0072] Step S120: Verify the reliability of the parsed software upgrade package based on the received digital signature and the target digital signature;

[0073] In this embodiment, the received digital signature is issued by the cloud platform. When the received digital signature matches the target digital signature, the parsed software upgrade package passes the reliability verification.

[0074] Step S130: Perform integrity verification on the parsed software upgrade package based on the preset key pair, fixed symmetric key, and initial message authentication code;

[0075] In this embodiment, the cloud platform and the vehicle system calculate the message authentication code (CMAC value) using a preset key pair, a fixed symmetric key, and a CMAC file.

[0076] Specifically, such as Figure 3 As shown, step S130 includes:

[0077] Step S131: Calculate the target message authentication code of the parsed software upgrade package based on the preset key pair and the fixed symmetric key;

[0078] Step S132: Verify the integrity of the parsed software upgrade package based on whether the initial message authentication code and the target message authentication code are consistent.

[0079] In this embodiment, the CMAC files of the FOTA task description file and the refresh configuration file are encrypted using a fixed symmetric key to obtain the corresponding message authentication codes. The CMAC files of the original refresh file, the differential refresh file, and the refresh script file are encrypted using a preset key pair to obtain the corresponding message authentication codes. The initial message authentication code is the message authentication code recorded in the CMAC file. The target message authentication code is the message authentication code in the parsed CMAC file. When the initial message authentication code and the target message authentication code match, the parsed software upgrade package passes the integrity verification, and the vehicle system receives and stores the encrypted software upgrade package.

[0080] Step S140: If the parsed software upgrade package passes the reliability and integrity verification, then upgrade the target vehicle software according to the parsed software upgrade package.

[0081] In this embodiment, the vehicle system performs an initial reliability and integrity verification when downloading the encrypted software upgrade package to ensure the integrity and trustworthiness of the encrypted software upgrade package. It can also perform a second reliability and integrity verification before actually starting the refresh process to ensure the integrity and trustworthiness of the file.

[0082] Specifically, such as Figure 3 As stated above, after step S140, the method further includes:

[0083] Step S150: Update the version number information of the target vehicle software and store the parsed software upgrade package and key information.

[0084] In this embodiment, a backup operation is required after the target vehicle software upgrade is completed; in addition to updating the version number information, the parsed software upgrade package and the random symmetric key need to be encrypted and stored.

[0085] In practice, after receiving the encrypted software upgrade package from the cloud platform, the vehicle system parses the package using a pre-set key to obtain an intermediate software upgrade package and a target digital signature. It then parses the intermediate package using a random symmetric key to obtain the parsed software upgrade package. If the received digital signature matches the target digital signature, the parsed software upgrade package passes reliability verification. The system calculates the target message authentication code of the parsed software upgrade package using a pre-set key pair and a fixed symmetric key. If the initial message authentication code matches the target message authentication code, the parsed software upgrade package passes integrity verification. After passing both reliability and integrity verifications, the system upgrades the target vehicle software using the parsed software upgrade package. It also updates the version number information of the target vehicle software and stores the parsed software upgrade package and key information, thus completing the upgrade of the target vehicle software.

[0086] This embodiment provides a method for FOTA (Firmware Over-The-Air) upgrades for vehicle security. By receiving an encrypted software upgrade package, and using the key information, initial message authentication code, and received digital signature in the encrypted software upgrade package to parse, verify reliability, and verify integrity, the target vehicle software is upgraded. This ensures the reliability and integrity of the software upgrade package, avoids the technical problem of the software upgrade package being tampered with during the installation process, and improves the security of FOTA upgrades for vehicle security.

[0087] In addition, this embodiment also names the software upgrade package according to the preset naming rules, so that the software upgrade package will not be mis-uploaded when uploaded to the cloud platform; by setting up a backup database in the cloud platform, the problem of FOTA car software upgrade service being unusable and important user information of the cloud platform being stolen is avoided when the cloud platform is attacked by accidents or malicious attacks.

[0088] Specifically, such as Figure 4 As shown, Figure 4 This is a flowchart illustrating the third embodiment of the FOTA (Firmware Over-The-Air) upgrade method for vehicle safety of the present invention. Before step S100, the method further includes:

[0089] Step S160: Send vehicle identity information to the cloud platform so that the cloud platform can authenticate the vehicle system based on the vehicle identity information;

[0090] Step S170: If the vehicle system passes the identity authentication, it establishes a communication connection with the cloud platform and executes the step of receiving the encrypted software upgrade package issued by the cloud platform.

[0091] Specifically, step S160 includes: sending vehicle identity information to the cloud platform; if the vehicle identity information exists in the identity database of the cloud platform, receiving the cloud server certificate issued by the cloud platform; verifying the cloud server certificate; if the cloud server certificate is verified, sending the vehicle server certificate to the cloud platform so that the cloud platform can verify the vehicle server certificate.

[0092] Specifically, step S170 includes: if the vehicle-side server certificate is verified, a communication connection is established with the cloud platform; if the cloud server certificate or the vehicle-side server certificate is not verified, a communication connection is not established with the cloud platform.

[0093] In this embodiment, after the vehicle system wakes up, it requests the cloud platform to send identity information encrypted with the SHA256 algorithm via an HTTPS (Hypertext Transfer Protocol over Secure Socket Layer) encrypted link. The cloud platform parses the SHA256 encrypted identity information to obtain the parsed identity information, and compares the parsed identity information with the identity information in the database. If the parsed identity information exists in the cloud platform's identity database, the software development kit (SDK) is activated. The SSD verifies the messages subscribed to by the target vehicle's vehicle system. If the verification passes, it indicates that the vehicle system can log in to the cloud platform. After logging into the cloud platform, the vehicle system receives the cloud server certificate sent by the cloud platform and verifies the cloud server certificate based on the vehicle's built-in certificate. If the cloud server certificate verification passes, the vehicle system sends the vehicle server certificate to the cloud platform so that the cloud platform can verify the vehicle server certificate based on the cloud's built-in certificate. If the vehicle server certificate verification passes, the vehicle system and the cloud platform establish a communication connection and transmit the software upgrade package.

[0094] This embodiment provides a method for FOTA (Firmware Over-The-Air) upgrades for vehicle security. The vehicle system needs to perform two-way identity authentication to log in and access the cloud platform, which avoids the threat of identity information theft leading to hacker attacks on the cloud platform.

[0095] Based on the same inventive concept, embodiments of the present invention also provide a FOTA (Firmware Over-The-Air) upgrade device for automotive safety, referring to... Figure 5 , Figure 5 This is a schematic diagram of a first embodiment of the FOTA (Firmware Over-The-Air) upgrade device for automotive safety of the present invention; the device includes:

[0096] The upgrade package receiving module 10 is used to receive the encryption software upgrade package issued by the cloud platform. The encryption software upgrade package includes key information and an initial message authentication code.

[0097] The parsing module 20 is used to parse the encrypted software upgrade package according to the key information to obtain the parsed software upgrade package and the target digital signature. The key information includes a preset key pair, a fixed symmetric key and a random symmetric key.

[0098] The reliability verification module 30 is used to perform reliability verification on the parsed software upgrade package based on the received digital signature and the target digital signature.

[0099] The integrity verification module 40 is used to perform integrity verification on the parsed software upgrade package based on the preset key pair, the fixed symmetric key and the initial message authentication code.

[0100] The software upgrade module 50 is used to upgrade the target vehicle software based on the parsed software upgrade package if the parsed software upgrade package passes the reliability and integrity verification.

[0101] This embodiment provides an automotive upgrade device that receives an encrypted software upgrade package and uses the key information, initial message authentication code, and received digital signature in the encrypted software upgrade package to parse, verify reliability, and verify integrity of the encrypted software upgrade package before performing a software upgrade on the target vehicle. This ensures the reliability and integrity of the software upgrade package, avoids the technical problem of the software upgrade package being tampered with during the installation process, and improves the security of FOTA (Firmware Over-The-Air) upgrades for automotive safety.

[0102] For more details on the specific implementation of the above-mentioned FOTA upgrade device for vehicle safety, please refer to the description of the specific implementation of the FOTA upgrade method for vehicle safety in any one of the above embodiments one to four. For the sake of brevity, these details will not be repeated here.

[0103] Furthermore, embodiments of the present invention also propose a computer storage medium storing a vehicle-safe FOTA upgrade program. When executed by a processor, the vehicle-safe FOTA upgrade program implements the steps of the vehicle-safe FOTA upgrade method described above. Therefore, it will not be repeated here. Additionally, the beneficial effects of using the same method will not be repeated here either. For technical details not disclosed in the computer-readable storage medium embodiments related to this application, please refer to the description of the method embodiments of this application. As an example, program instructions can be deployed to execute on a single computing device, or on multiple computing devices located at one location, or on multiple computing devices distributed across multiple locations and interconnected via a communication network.

[0104] Those skilled in the art will understand that all or part of the processes in the above embodiments can be implemented by a computer program instructing related hardware. The program can be stored in a computer-readable storage medium, and when executed, it can include the processes of the embodiments of the above methods. The storage medium can be a magnetic disk, optical disk, read-only memory (ROM), or random access memory (RAM), etc.

[0105] The above are merely preferred embodiments of the present invention and do not limit the scope of the patent. Any equivalent structural or procedural transformations made based on the description and drawings of the present invention, or direct or indirect applications in other related technical fields, are similarly included within the scope of patent protection of the present invention.

Claims

1. A method for FOTA upgrade of automotive safety, characterized in that, Applied to in-vehicle systems, the method includes: Receive an encryption software upgrade package sent by the cloud platform, wherein the encryption software upgrade package includes key information and an initial message authentication code; The encrypted software upgrade package is parsed according to the preset key to obtain the intermediate software upgrade package and the target digital signature; The intermediate software upgrade package is parsed using a random symmetric key to obtain the parsed software upgrade package. The key information includes a preset key pair, a fixed symmetric key, and a random symmetric key. The random symmetric key is randomly distributed by the cloud platform. The encrypted software upgrade package includes a task description file, an ECU refresh configuration file, an original refresh file, a differential refresh file, and a refresh script file. The task description file and the ECU refresh configuration file are encrypted using the preset key pair on the cloud platform, while the original refresh file, the differential refresh file, and the refresh script file are encrypted using the random symmetric key. The reliability of the parsed software upgrade package is verified based on the received digital signature and the target digital signature. The integrity of the parsed software upgrade package is verified based on the preset key pair, the fixed symmetric key, and the initial message authentication code. If the parsed software upgrade package passes the reliability verification and the integrity verification, then the target vehicle software is upgraded according to the parsed software upgrade package.

2. The method of claim 1, wherein, The step of verifying the integrity of the parsed software upgrade package based on the preset key pair, the fixed symmetric key, and the initial message authentication code includes: Calculate the target message authentication code of the parsed software upgrade package based on the preset key pair and the fixed symmetric key; The integrity of the parsed software upgrade package is verified based on whether the initial message authentication code and the target message authentication code are consistent.

3. The method as described in claim 1, characterized in that, After upgrading the target vehicle software according to the parsed software upgrade package, the method further includes: Update the version number information of the target vehicle software, and store the parsed software upgrade package and the key information.

4. The method as described in claim 1, characterized in that, Before the step of receiving the encryption software upgrade package issued by the cloud platform, the method further includes: Send vehicle identity information to the cloud platform so that the cloud platform can authenticate the vehicle system based on the vehicle identity information; If the vehicle system passes the identity authentication, it establishes a communication connection with the cloud platform and executes the step of receiving the encrypted software upgrade package issued by the cloud platform.

5. The method as described in claim 4, characterized in that, Sending vehicle identity information to the cloud platform so that the cloud platform can authenticate the vehicle system based on the vehicle identity information includes: Send vehicle identity information to the cloud platform; If the vehicle identity information exists in the identity database of the cloud platform, then the cloud server certificate issued by the cloud platform will be received. Verify the cloud server certificate; If the cloud server certificate is verified, the vehicle server certificate is sent to the cloud platform so that the cloud platform can verify the vehicle server certificate. The step of establishing a communication connection between the vehicle system and the cloud platform if the identity authentication is successful includes: If the vehicle-side server certificate is verified, a communication connection is established with the cloud platform.

6. The method as described in claim 5, characterized in that, After verifying the cloud server certificate, the method further includes: If the cloud server certificate or the vehicle server certificate fails verification, the communication connection with the cloud platform will not be established.

7. A vehicle safety FOTA upgrade device, characterized in that, The device includes: The upgrade package receiving module is used to receive the encryption software upgrade package issued by the cloud platform. The encryption software upgrade package includes key information and an initial message authentication code. The parsing module is used to parse the encrypted software upgrade package according to a preset key to obtain an intermediate software upgrade package and a target digital signature; and to parse the intermediate software upgrade package according to a random symmetric key to obtain the parsed software upgrade package. The key information includes a preset key pair, a fixed symmetric key, and a random symmetric key; the random symmetric key is randomly distributed by the cloud platform; the encrypted software upgrade package includes a task description file, an ECU refresh configuration file, an original refresh file, a differential refresh file, and a refresh script file; the task description file and the ECU refresh configuration file are encrypted on the cloud platform using the preset key pair, and the original refresh file, the differential refresh file, and the refresh script file are encrypted using the random symmetric key; The reliability verification module is used to perform reliability verification on the parsed software upgrade package based on the received digital signature and the target digital signature; The integrity verification module is used to perform integrity verification on the parsed software upgrade package based on the preset key pair, the fixed symmetric key, and the initial message authentication code. The software upgrade module is used to upgrade the target vehicle software based on the parsed software upgrade package if the parsed software upgrade package passes the reliability verification and the integrity verification.

8. A vehicle safety FOTA upgrade device, characterized in that, The device includes: a memory, a processor, and a vehicle-safe FOTA upgrade program stored on the memory and executable on the processor, configured by the vehicle-safe FOTA upgrade program to implement the steps of the vehicle-safe FOTA upgrade method as described in any one of claims 1 to 6.

9. A computer-readable storage medium, characterized in that, The storage medium stores a vehicle safety FOTA upgrade program, which, when executed by a processor, implements the steps of the vehicle safety FOTA upgrade method as described in any one of claims 1 to 6.