Vehicle cloud communication key updating method and device

By coordinating the operation of vehicles and cloud platforms, the problem of vehicle-cloud communication failure caused by vehicle key expiration was solved, enabling secure and reliable key updates and communication, and reducing upgrade costs.

CN122247597APending Publication Date: 2026-06-19SHANGHAI PATEO ELECTRONIC EQUIPMENT MANUFACTURING CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
SHANGHAI PATEO ELECTRONIC EQUIPMENT MANUFACTURING CO LTD
Filing Date
2024-12-18
Publication Date
2026-06-19

AI Technical Summary

Technical Problem

If a vehicle remains inactive for an extended period, its key will expire. When the vehicle restarts, it will be unable to verify its identity with the cloud platform, resulting in vehicle-cloud communication failure.

Method used

When a vehicle detects that its key has expired, it signs the vehicle identification code with the current key to generate a key update request. The cloud platform verifies the ownership and generates an updated key, which the vehicle then replaces with the current key.

Benefits of technology

It ensures the security and integrity of vehicle-to-cloud communication, meets the information security compliance audit requirements, supports one key per vehicle and regular key updates, and reduces upgrade costs and operational complexity.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122247597A_ABST
    Figure CN122247597A_ABST
Patent Text Reader

Abstract

This disclosure presents a method and apparatus for updating vehicle-to-cloud communication keys. The method specifically includes: in response to detecting that the current vehicle-to-cloud communication key has expired, signing a vehicle identification number (VIN) with the current VIN to obtain a signature value; generating a key update request based on the signature value and the VIN; sending the key update request to a cloud platform to verify the vehicle's ownership; after successful ownership verification, the cloud platform extracts the signature value and the VIN from the key update request, and randomly generates an updated key based on the signature value and the VIN according to a preset rule; and in response to receiving the updated key from the cloud platform, replacing the current VIN with the updated key. This implementation allows for updating and obtaining new key information even after the vehicle key expires without requiring over-the-air (OTA) updates, while ensuring the security and reliability of the updated key.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] The embodiments disclosed herein relate to the field of computer technology, specifically to a method and apparatus for updating vehicle-to-cloud communication keys. Background Technology

[0002] The key update method in vehicle-to-cloud communication typically involves the vehicle using its currently valid key to exchange for a new key on the cloud platform. The cloud platform verifies the vehicle's soon-to-expire key, confirms its validity, and then generates a new key to return to the vehicle.

[0003] When a vehicle remains inactive for an extended period, the key stored in the vehicle expires. When the vehicle restarts and attempts to request a new key from the cloud platform using the expired key, the cloud platform cannot verify the validity of the client's key or confirm its identity. Consequently, it cannot generate a new key for the client. This results in the vehicle's business requests to the cloud platform being rejected due to the expired signature key, leading to incorrect signature information. The cloud platform is unable to verify the signature and ultimately fails to communicate with the vehicle. Summary of the Invention

[0004] The embodiments of this disclosure present a method and apparatus for updating vehicle-to-cloud communication keys.

[0005] In a first aspect, embodiments of this disclosure provide a vehicle-to-cloud communication key update method, applied to a vehicle, comprising: in response to detecting that the current vehicle-to-cloud communication key has expired, signing a vehicle identification code with the current vehicle-to-cloud communication key to obtain a signature value; generating a key update request based on the signature value and the vehicle identification code; sending the key update request to a cloud platform, verifying the ownership of the vehicle referred to by the key update request, and after the ownership verification is successful, causing the cloud platform to extract the signature value and the vehicle identification code from the key update request, and randomly generating an updated key based on the signature value and the vehicle identification code according to a preset rule; and in response to receiving the updated key returned by the cloud platform, replacing the current vehicle-to-cloud communication key with the updated key.

[0006] In some embodiments, verifying the ownership of the vehicle referred to by the key update request includes: verifying the validity of the cloud platform's data certificate; and, in response to detecting that the cloud platform's data certificate is invalid, outputting information indicating that the cloud platform's data certificate is invalid.

[0007] In some embodiments, the method further includes: in response to receiving a message from the cloud platform that rejects updating the key and includes a reason for failure, outputting the reason for failure.

[0008] Secondly, embodiments of this disclosure provide a vehicle-to-cloud communication key update method applied to a cloud platform, comprising: in response to receiving a key update request from a vehicle, verifying the ownership of the vehicle referred to in the key update request; after the ownership verification is successful, extracting a signature value and a vehicle identification code from the key update request; in response to querying the current vehicle-to-cloud communication key of the vehicle based on the vehicle identification code, determining the validity of the signature value based on the current vehicle-to-cloud communication key; in response to determining that the signature value is valid, randomly generating an updated key based on the signature value and the vehicle identification code according to a preset rule; and sending the updated key to the vehicle.

[0009] In some embodiments, verifying the ownership of the vehicle referred to by the key update request includes: verifying the validity of the vehicle's data certificate; and in response to detecting that the vehicle's data certificate is invalid, sending a data certificate invalid information to the vehicle.

[0010] In some embodiments, the method further includes: in response to the failure to find the current key of the vehicle, sending a message to the vehicle that refuses to update the key, including a reason for failure, wherein the reason for failure is that the current key was not found.

[0011] In some embodiments, the method further includes: in response to determining that the signature value is invalid, sending a message to the vehicle that refuses to update the key, including a reason for failure, wherein the reason for failure is that the signature value is invalid.

[0012] Thirdly, embodiments of this disclosure provide a vehicle-to-cloud communication key update system, comprising: a vehicle configured to perform the method described in any one of the first aspects; and a cloud platform configured to perform the method described in any one of the second aspects.

[0013] Fourthly, embodiments of this disclosure provide a vehicle-to-cloud communication key update device applied to a vehicle, comprising: a signature unit configured to, in response to detecting that the current vehicle-to-cloud communication key has expired, sign a vehicle identification code using the current vehicle-to-cloud communication key to obtain a signature value; a generation unit configured to generate a key update request based on the signature value and the vehicle identification code; a verification unit configured to send the key update request to a cloud platform to verify the ownership of the vehicle indicated by the key update request, and after the ownership verification is successful, enable the cloud platform to extract the signature value and the vehicle identification code from the key update request, and randomly generate an updated key based on the signature value and the vehicle identification code according to a preset rule; and an update unit configured to, in response to receiving the updated key returned by the cloud platform, replace the current vehicle-to-cloud communication key with the updated key.

[0014] In some embodiments, the verification unit is further configured to: verify the validity of the cloud platform's data certificate; and, in response to detecting that the cloud platform's data certificate is invalid, output information indicating that the cloud platform's data certificate is invalid.

[0015] In some embodiments, the apparatus further includes an output unit: in response to receiving a message from the cloud platform that rejects updating the key and includes a reason for failure, outputting the reason for failure.

[0016] Fifthly, embodiments of this disclosure provide a vehicle-to-cloud communication key update device applied to a cloud platform, comprising: a verification unit configured to, in response to receiving a key update request from a vehicle, bidirectionally verify the identity of the vehicle referred to in the key update request; an extraction unit configured to, after the identity verification is successful, extract a signature value and a vehicle identification code from the key update request; a verification unit configured to, in response to querying the current vehicle-to-cloud communication key of the vehicle based on the vehicle identification code, determine the validity of the signature value based on the current vehicle-to-cloud communication key; a generation unit configured to, in response to determining that the signature value is valid, randomly generate an updated key based on the signature value and the vehicle identification code according to a preset rule; and a sending unit configured to send the updated key to the vehicle.

[0017] In some embodiments, the verification unit is further configured to: verify the validity of the vehicle's data certificate; and, in response to detecting that the vehicle's data certificate is invalid, send a message indicating that the data certificate is invalid to the vehicle.

[0018] In some embodiments, the apparatus further includes an output unit configured to: in response to the failure to find the current key of the vehicle, send a message to the vehicle stating that the key update is refused, including a reason for failure, wherein the reason for failure is that the current key is not found.

[0019] In some embodiments, the apparatus further includes an output unit configured to: in response to determining that the signature value is invalid, send a message to the vehicle including a reason for failure to update the key, wherein the reason for failure is that the signature value is invalid.

[0020] In a sixth aspect, embodiments of this disclosure provide an electronic device, including: one or more processors; and a storage device having one or more computer programs stored thereon, wherein when the one or more computer programs are executed by the one or more processors, the one or more processors perform the method as described in any one of the first or second aspects.

[0021] In a seventh aspect, embodiments of the present disclosure provide a computer-readable medium having a computer program stored thereon, wherein the computer program, when executed by a processor, implements the method as described in any one of the first or second aspects.

[0022] The vehicle-to-cloud communication key update method and apparatus provided in this disclosure are as follows: A vehicle detects that the key's usage period has exceeded the agreed-upon period, such as 3 months. Therefore, it requests a new key from the cloud platform. The vehicle uses the locally stored key to calculate and sign the VIN (Vehicle Identification Number), obtaining a signature value S1. Then, the signature value and VIN are used as parameters to call the cloud platform interface. Vehicle-to-cloud interaction uses two-way authentication based on CA certificates. The server verifies the validity of the vehicle certificate, determining it to be a legitimate vehicle from the OEM. The vehicle verifies the validity of the cloud certificate, determining the cloud to be the OEM's official server. After verifying the vehicle certificate's legitimacy, the cloud platform extracts the VIN and signature value S1 from the request parameters. The cloud queries the key management module for the key corresponding to the VIN. If no key is found, a vehicle message is returned indicating that the signature key was not found. If the key exists, further processing is performed. The signature value S1 is verified using the key obtained from the key management module to determine its validity. When the signature value is invalid, a message indicating that the signature is invalid is returned to the client. When the signature is valid, a new key is generated and then returned to the vehicle.

[0023] This simple and efficient method ensures the integrity and confidentiality of vehicle-to-cloud communication data, enhancing the security of vehicle-to-cloud communication. It meets information security compliance audit requirements and supports the standard requirements of one key per vehicle and regular key updates.

[0024] It should be understood that the description in this section is not intended to identify key or essential features of the embodiments of this disclosure, nor is it intended to limit the scope of this disclosure. Other features of this disclosure will become readily apparent from the following description. Attached Figure Description

[0025] Other features, objects, and advantages of this disclosure will become more apparent from the following detailed description of non-limiting embodiments with reference to the accompanying drawings:

[0026] Figure 1 This is a schematic diagram of one embodiment of the vehicle-to-cloud communication key update system disclosed herein;

[0027] Figure 2 This is a flowchart of an embodiment of the vehicle-to-cloud communication key update method according to this disclosure applied to a vehicle;

[0028] Figure 3 This is a flowchart of an embodiment of the vehicle-to-cloud communication key update method according to the present disclosure applied to a cloud platform;

[0029] Figure 4 This is a schematic diagram of an application scenario of the vehicle-to-cloud communication key update method according to this disclosure;

[0030] Figure 5 This is a schematic diagram of a structural embodiment of the vehicle-to-cloud communication key update device according to the present disclosure applied to a vehicle;

[0031] Figure 6 This is a schematic diagram of a structure of an embodiment of the vehicle-to-cloud communication key update device according to the present disclosure applied to a cloud platform;

[0032] Figure 7 This is a schematic diagram of the structure of a computer system suitable for implementing embodiments of the present disclosure. Detailed Implementation

[0033] The present disclosure will now be described in further detail with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and not intended to limit it. Furthermore, it should be noted that, for ease of description, only the parts relevant to the invention are shown in the accompanying drawings.

[0034] In this invention, unless otherwise explicitly specified and limited, the terms "installation," "connection," "linking," and "fixing," etc., should be interpreted broadly. For example, they can refer to a fixed connection, a detachable connection, or an integral part; they can refer to a mechanical connection or an electrical connection; they can refer to a direct connection or an indirect connection through an intermediate medium; they can refer to the internal communication of two components or the interaction between two components, unless otherwise explicitly limited. Those skilled in the art can understand the specific meaning of the above terms in this invention according to the specific circumstances.

[0035] In this invention, unless otherwise explicitly specified and limited, "above" or "below" the second feature can mean that the first feature is in direct contact with the second feature, or that the first feature is in indirect contact with the second feature through an intermediate medium. Furthermore, "above," "over," and "on top" of the second feature can mean that the first feature is directly above or diagonally above the second feature, or simply that the first feature is at a higher horizontal level than the second feature. "Below," "below," and "under" the second feature can mean that the first feature is directly below or diagonally below the second feature, or simply that the first feature is at a lower horizontal level than the second feature.

[0036] In the description of this specification, references to terms such as "one embodiment," "some embodiments," "example," "specific example," or "some examples," etc., indicate that a specific feature, structure, material, or characteristic described in connection with that embodiment or example is included in at least one embodiment or example of the invention. In this specification, the illustrative expressions of the above terms do not necessarily refer to the same embodiment or example. Furthermore, the specific features, structures, materials, or characteristics described may be combined in any suitable manner in one or more embodiments or examples.

[0037] Furthermore, those skilled in the art can combine and integrate the different embodiments or examples described herein, as well as the features of those embodiments or examples, without contradiction. This disclosure will now be described in detail with reference to the accompanying drawings and embodiments.

[0038] Figure 1 A schematic diagram of the architecture of the vehicle-to-cloud communication key update system to which this disclosure can be applied is shown.

[0039] like Figure 1 As shown, the vehicle-to-cloud communication key update system may include a vehicle 100 and a cloud platform 200. The vehicle 100 includes a dashcam 110, an in-vehicle camera 120, an in-vehicle display screen 130, a radar unit (not shown in the figures), an AR HUD (not shown in the figures), and controllers (not shown in the figures) that establish communication connections with the in-vehicle display screen and the AR HUD, respectively. The radar unit is used to detect objects around the vehicle (vehicles, pedestrians, green belts, etc.) and measure the distance between the vehicle and these objects. The windshield of the vehicle can serve as a projection screen for the AR HUD to display augmented reality information.

[0040] The dashcam 110 is used to record video images and sound of the entire driving process of a car.

[0041] The vehicle-mounted camera 120 can be a roof-mounted panoramic camera or cameras mounted on each side of the vehicle body. In some embodiments, the position and angle of the vehicle-mounted camera 120 can be adjusted as needed, and can be adjusted via voice commands, button commands, touch commands, etc. For example, a user can send a voice command such as "adjust the angle of the front camera upwards by 10 degrees" or "adjust the position of the front camera downwards by 1 centimeter." In other embodiments, such as a roof-mounted panoramic camera, it can acquire panoramic images around the vehicle body, and can crop images within a specific angle range from the panoramic images for image display or corner recognition according to instructions.

[0042] The vehicle-mounted display screen 130 can be various types of displays, such as the display screen of a DVR (Digital Video Recorder), or a central control screen, instrument panel screen, or passenger-side screen. It can also be an electronic device display screen that establishes a communication connection with the vehicle. The vehicle-mounted camera 120 and the vehicle-mounted display screen 130 can be connected via wired or wireless communication. For example, images captured by the vehicle-mounted camera 120 can be transmitted to the vehicle-mounted display screen 130 for display via WiFi, Bluetooth, or satellite imagery technology.

[0043] In some embodiments, the vehicle display 130 may be a touch screen for receiving instructions to adjust the displayed image, such as zooming the displayed image by swiping with a finger.

[0044] AR HUD is configured to project content from in-vehicle displays.

[0045] The vehicle camera 120 can be a 360-degree panoramic camera that can acquire image depth information, also known as a 3D camera. It is connected to a processor at the vehicle's infotainment port that can read and process vehicle data. Radar sensors connected to the processor are installed at both ends of the front and rear bumpers on the vehicle, and the turn signal switch wires are connected to the processor.

[0046] The vehicle-mounted camera 120 collects image data from around the vehicle, creating a 360-degree panoramic overhead view. The processor reads this image data. The processor then reads data from the vehicle's infotainment system via a chip, processes the vehicle's electronic power steering data along with the vehicle's track width and wheelbase data to obtain vehicle trajectory prediction data. This trajectory prediction data is then merged with the 360-degree panoramic overhead view to produce a panoramic overhead image with predicted driving trajectory. The processor identifies the driver's steering action via a signal line connected to the vehicle's turn signal switch and activates radar sensors on the front and rear bumpers on the same side as the steering direction. These sensors use radar echolocation to analyze obstacles in the target direction and obtain lane change warning data. The processor transmits the lane change warning data to the vehicle's infotainment system, where lanes where lane changes are prohibited are highlighted in a prominent color on the vehicle's display screen.

[0047] The controller is configured to receive signals sent by the user via an in-vehicle display, microphone, or buttons.

[0048] The controller is also configured to collect data from the vehicle's ECU when the vehicle starts, and then call the cloud platform interface to upload the data to the cloud platform. During vehicle-cloud communication, since the data generated by the ECU is critical, it is necessary to ensure the confidentiality and integrity of the data, so the transmitted data needs to be signed.

[0049] The controller is also configured to, in response to detecting that the current vehicle-to-cloud communication key has expired, sign the vehicle identification code using the current vehicle-to-cloud communication key to obtain a signature value; generate a key update request based on the signature value and the vehicle identification code; send the key update request to the cloud platform to verify the ownership of the vehicle referred to by the key update request; after the ownership verification is successful, enable the cloud platform to extract the signature value and the vehicle identification code from the key update request, and randomly generate an updated key based on the signature value and the vehicle identification code according to a preset rule; and, in response to receiving the updated key returned by the cloud platform, replace the current vehicle-to-cloud communication key with the updated key.

[0050] The controller is also configured to verify the validity of the cloud platform's data certificate; in response to detecting that the cloud platform's data certificate is invalid, it outputs information indicating that the cloud platform's data certificate is invalid.

[0051] The controller is also configured to output the reason for failure in response to receiving a message from the cloud platform that rejects updating the key, including the reason for failure.

[0052] Cloud platforms can provide map and navigation data.

[0053] The cloud platform can also be configured to, in response to receiving a key update request from a vehicle, verify the ownership of the vehicle referred to in the key update request; after the ownership verification is successful, extract the signature value and vehicle identification code from the key update request; in response to querying the current vehicle-to-cloud communication key of the vehicle based on the vehicle identification code, determine the validity of the signature value based on the current vehicle-to-cloud communication key; in response to determining that the signature value is valid, randomly generate an updated key based on the signature value and the vehicle identification code according to a preset rule; and send the updated key to the vehicle.

[0054] The cloud platform can also be configured to verify the validity of the vehicle's data certificate; in response to detecting that the vehicle's data certificate is invalid, it sends a data certificate invalid information to the vehicle.

[0055] The cloud platform can also be configured to send a message to the vehicle, including a reason for failure, that refuses to update the key in response to the failure to find the current key for the vehicle.

[0056] The cloud platform can also be configured to send a message to the vehicle, including a reason for failure, that refuses to update the key, in response to determining that the signature value is invalid, wherein the reason for failure is that the signature value is invalid.

[0057] It should be noted that the vehicle-to-cloud communication key update method provided in the embodiments of this disclosure is generally executed by the controller and the cloud platform.

[0058] Continue to refer to Figure 2 The diagram illustrates a process 200 of an embodiment of the vehicle-to-cloud communication key update method according to this disclosure applied to a vehicle. The vehicle-to-cloud communication key update method includes the following steps:

[0059] Step 201: In response to the detection that the current vehicle-to-cloud communication key has expired, the vehicle identification code is signed using the current vehicle-to-cloud communication key to obtain a signature value.

[0060] In this embodiment, the executing entity of the vehicle-to-cloud communication key update method (e.g., the controller) checks whether the current vehicle-to-cloud communication key has expired when the vehicle starts. If it has not expired, the controller can upload the data collected by the in-vehicle ECU to the cloud platform by calling the cloud platform interface. During vehicle-to-cloud communication, since the data generated by the ECU is critical, its confidentiality and integrity must be guaranteed. Therefore, the transmitted data needs to be signed using the current vehicle-to-cloud communication key. The cloud platform will only receive the vehicle's data after verifying the signature.

[0061] If the current vehicle-to-cloud communication key expires, a new vehicle-to-cloud communication key needs to be applied for from the cloud platform. The prerequisite for the cloud platform to issue a new vehicle-to-cloud communication key is that the vehicle's identity is verified.

[0062] A signature method based on asymmetric encryption can be used, which can detect whether the data has been tampered with. A hash value is generated from the vehicle identification number using a hash algorithm, and then this hash value is encrypted using a private key, thus obtaining the signature value. Finally, when sending the message, the vehicle identification number and the signature are sent together.

[0063] Alternatively, the signature value may not be calculated using asymmetric encryption methods.

[0064] Step 202: Generate a key update request based on the signature value and vehicle identification number.

[0065] In this embodiment, a message body is generated based on the signature value and vehicle identification code according to the predetermined vehicle-to-cloud communication data format, and a message header is generated based on the cloud platform address and data type identifier (here, a key update request) to package and generate a key update request.

[0066] Step 203: Send the key update request to the cloud platform to verify the ownership of the vehicle referred to in the key update request.

[0067] In this embodiment, the ownership of a vehicle can be verified through a predetermined identity verification method, such as through a data certificate or a token.

[0068] Since vehicles cannot determine whether they are communicating with a cloud platform or a man-in-the-middle, a Certificate Authority (CA) needs to maintain public and private keys and share the public key with all browsers. Before sending data, the cloud platform can authenticate with the CA to generate a certificate. After receiving the data, the vehicle verifies the certificate to determine whether it is communicating with the cloud platform. The interaction between the vehicle and the cloud platform uses two-way authentication based on CA certificates. The server verifies the validity of the vehicle's certificate to determine if it is a legitimate vehicle from the OEM, while the vehicle verifies the validity of the cloud platform's certificate to determine if the cloud platform is the OEM's official server.

[0069] After the identity verification is successful, the cloud platform extracts the signature value and vehicle identification number from the key update request, and randomly generates an updated key based on the signature value and vehicle identification number according to preset rules.

[0070] In some optional implementations of this embodiment, the validity of the cloud platform's data certificate is verified; in response to detecting that the cloud platform's data certificate is invalid, information indicating that the cloud platform's data certificate is invalid is output. The information indicating that the cloud platform's data certificate is invalid, a key update failure prompt, and suggestions for the user to upgrade the key through other methods can be displayed on the vehicle's in-vehicle display screen.

[0071] Optionally, the system can also output voice messages indicating that the cloud platform's data certificate is invalid, or that the key update has failed, through the vehicle's speakers, and can also suggest to the user how to upgrade the key through other means.

[0072] Optionally, failure codes and vehicle log information can be collected and sent to customer service for analysis of the cause of the failure. For example, the data certificate might have expired, the cloud platform address might be incorrect, or the vehicle's infotainment system version might be too old. Customer service can also send solutions to the vehicle's controller, which will be displayed on the in-vehicle screen. Users can then follow the instructions provided by customer service to resolve the issue.

[0073] Optionally, a maximum number of failures can be set. If an update fails, the update request can be resent as long as the maximum number of failures is not exceeded, in order to prevent key update failures due to network issues.

[0074] Optionally, when regenerating the key update request after a failure, a different encryption algorithm can be used to generate the signature to prevent key update failures caused by the current encryption algorithm being too old and incompatible with the platform.

[0075] Step 204: In response to receiving the updated key from the cloud platform, replace the current vehicle-cloud communication key with the updated key.

[0076] In this embodiment, after receiving a key update request from a vehicle, the cloud platform verifies the ownership of the vehicle referred to in the key update request; after the ownership verification is successful, it extracts the signature value and vehicle identification code from the key update request; in response to querying the current vehicle-to-cloud communication key of the vehicle based on the vehicle identification code, it determines the validity of the signature value based on the current vehicle-to-cloud communication key; in response to determining that the signature value is valid, it randomly generates an updated key based on the signature value and the vehicle identification code according to a preset rule; and sends the updated key to the vehicle.

[0077] The vehicle receives the updated key from the cloud platform and replaces the current vehicle-to-cloud communication key with the updated key. This key also has an expiration date; if it expires, the key can still be updated using the method described above.

[0078] Optionally, a timeout period can be set. If a new key or update failure message is not received after the timeout period, it may be due to a network problem causing data selection. In this case, the key update process can be restarted.

[0079] Alternatively, if the update fails, you can try again using a different cloud platform.

[0080] The method provided in the above embodiments of this disclosure ensures the validity of vehicle identity and provides communication security guarantees through two-way digital certificate verification and signing of the vehicle identification code. It supports one key per vehicle, achieving one key per vehicle, ensuring security and reliability. The vehicle key is updated according to a set period, complying with relevant information security regulations. After the key stored in the vehicle expires, in addition to key renewal, expired keys are not allowed to be used for other business processes, such as data uploading or business interactions.

[0081] While existing technologies can use OTA (Over-The-Air) updates to upgrade and replace the keys stored in vehicles, these updates are very costly, involving expensive data traffic and high operational costs. In contrast, the upgrade method described in this application is low-cost, convenient, fast, and has low operational costs.

[0082] Existing technologies update keys based on user tokens, using the user token as a trust anchor. After cloud verification of the user token, a new key is generated and returned to the vehicle. This method is unsuitable for business scenarios that do not require user login, as no user may be logged in during vehicle use. Therefore, this method may not be suitable. The upgrade method proposed in this application, which allows for vehicle identity verification without user login, also prevents a single user account from being used in multiple vehicles, thus avoiding economic losses for the cloud platform provider.

[0083] In some optional implementations of this embodiment, in response to receiving a message from the cloud platform indicating a rejection of key update including a reason for failure, the reason for failure is output. This message can be displayed on the vehicle's in-vehicle display screen, suggesting that the user upgrade the key through other methods.

[0084] Alternatively, the system can output a voice message, including the reason for the failure, indicating a refusal to update the key, via the vehicle's speaker, or it can suggest to the user that the key be upgraded through other means.

[0085] Optionally, failure codes and vehicle log information can be collected and sent to customer service for analysis of the cause of the failure. For example, the data certificate might have expired, the cloud platform address might be incorrect, or the vehicle's infotainment system version might be too old. Customer service can also send solutions to the vehicle's controller, which will be displayed on the in-vehicle screen. Users can then follow the instructions provided by customer service to resolve the issue.

[0086] Optionally, a maximum number of failures can be set. If an update fails, the update request can be resent as long as the maximum number of failures is not exceeded, in order to prevent key update failures due to network issues.

[0087] Optionally, when regenerating the key update request after a failure, a different encryption algorithm can be used to generate the signature to prevent key update failures caused by the current encryption algorithm being too old and incompatible with the platform.

[0088] Further reference Figure 3 This illustrates a process 300 of an embodiment of the vehicle-to-cloud communication key update method applied to a cloud platform. The process 300 of the vehicle-to-cloud communication key update method includes the following steps:

[0089] Step 301: In response to receiving a key update request from a vehicle, verify the ownership of the vehicle referred to in the key update request.

[0090] In this embodiment, if the vehicle detects that the current vehicle-to-cloud communication key has expired upon vehicle startup, it signs the vehicle identification code using the current vehicle-to-cloud communication key to obtain a signature value. A key update request is then generated based on the signature value and the vehicle identification code. The key update request is sent to the cloud platform.

[0091] The cloud platform receives a key update request from a vehicle and verifies the ownership of the vehicle referred to in the request. Vehicle ownership can be verified through pre-defined authentication methods, such as data certificates or tokens.

[0092] Since vehicles cannot determine whether they are communicating with a cloud platform or a man-in-the-middle, a Certificate Authority (CA) maintains public and private keys and shares the public key with all browsers. Before sending data, the cloud platform can authenticate with the CA to generate a certificate. After receiving the data, the vehicle verifies the certificate to determine if it is indeed communicating with the cloud platform. The interaction between the vehicle and the cloud platform uses two-way authentication based on CA certificates. The server verifies the validity of the vehicle's certificate to determine if it is a legitimate vehicle from the OEM, while the vehicle verifies the validity of the cloud platform's certificate to determine if the cloud platform is the OEM's official server.

[0093] Step 302: After the identity ownership verification is successful, extract the signature value and vehicle identification code from the key update request.

[0094] In this embodiment, the message header and message body are parsed from the key update request according to a predetermined message format. The message body includes a signature value and a vehicle identification number.

[0095] In some optional implementations of this embodiment, the validity of the vehicle's data certificate is verified; in response to detecting that the vehicle's data certificate is invalid, an invalid data certificate message is sent to the vehicle. The vehicle may be notified to check if the address was sent to the wrong address or if the digital certificate has expired. The vehicle can display the failure message on its in-vehicle display screen or alert the user via a speaker.

[0096] Step 303: In response to querying the vehicle's current vehicle-to-cloud communication key based on the vehicle identification code, determine the validity of the signature value based on the current vehicle-to-cloud communication key.

[0097] In this embodiment, each vehicle is assigned a pair of public and private keys. The cloud platform queries the vehicle's current vehicle-to-cloud communication key, i.e., the private key, based on the vehicle identification number, which is used to verify the validity of the signature.

[0098] In some optional implementations of this embodiment, in response to the failure to find the current key for the vehicle, a message rejecting the key update is sent to the vehicle, including the reason for the failure, namely, the current key was not found. If no key assigned to the vehicle is found, it indicates that the vehicle is not managed by the cloud platform. The reason for the failure is sent to the vehicle so that the vehicle can investigate the problem, such as whether the address was sent to the wrong address or whether the key version is not the latest version. The vehicle can display the failure message on its in-vehicle display screen or notify the user through its speaker.

[0099] Because the vehicle side calculates the signature value based on the vehicle identification number (VIN) using asymmetric encryption, the cloud platform can parse both the VIN and the signature value from the received message. The VIN is hashed using the same hash function as the vehicle identifier, yielding a hash value. The signature value is then decrypted using the public key, resulting in another hash value. These two hash values ​​are compared. Based on the characteristics of hash algorithms, if the hash values ​​of two pieces of data are different, then the two pieces of data must be different. Therefore, if the data has been tampered with, the two hash values ​​will be different, rendering the signature invalid.

[0100] In some optional implementations of this embodiment, in response to determining that the signature value is invalid, a message rejecting the key update is sent to the vehicle, including the reason for the failure, which is an invalid signature value. Since there are multiple reasons for failure, failure codes can be pre-defined. The cloud platform only needs to return the failure code, and the vehicle can identify the reason for the failure based on the code. The reason for the failure can be displayed on the vehicle's in-vehicle display screen or alerted to the user via a speaker.

[0101] Step 304: In response to determining that the signature value is valid, an updated key is randomly generated based on the signature value and the vehicle identification number according to a preset rule.

[0102] In this embodiment, a key can be randomly generated according to a predetermined key generation method.

[0103] Keys typically involve the following steps:

[0104] Determine the key type: First, you need to determine the type of key required (symmetric key, asymmetric key, etc.).

[0105] Algorithm Selection: Choose an appropriate encryption algorithm based on security requirements and system compatibility. For example, select encryption algorithms such as AES, RSA, and ECC based on security requirements.

[0106] Generate a key: Use software tools or hardware devices to generate a key.

[0107] Verify key strength: Ensure that the generated key has sufficient complexity and length to resist brute-force attacks.

[0108] Step 305: Send the updated key to the vehicle.

[0109] In this embodiment, the updated key replaces the original key and is stored on the cloud platform before being sent to the vehicle. Upon receiving the key, the vehicle sends a confirmation message, and the cloud platform, upon receiving the confirmation, can delete the old key. If the cloud platform does not receive a confirmation message from the vehicle within a predetermined time, it can resend the key. The number of retransmissions can be set. If the predetermined number of retransmissions is exceeded, a failure message is sent to the vehicle. The newly generated key is discarded, and the original key is used instead. The next time the vehicle initiates a key update request, the update will still be based on the original key. This ensures that the keys of both parties are synchronized.

[0110] See also Figure 4 , Figure 4 This is a schematic diagram illustrating an application scenario of the vehicle-to-cloud communication key update method according to this embodiment. Figure 4 In the application scenario, the following steps are performed:

[0111] 1. The vehicle detected that the key's usage period had exceeded the agreed-upon period, such as 3 months. Therefore, it requested a new key from the cloud platform.

[0112] 2. The vehicle uses the locally stored key to calculate and sign the VIN code, obtaining the signature value S1. Then, the signature value and the VIN code are used as parameters to call the cloud platform interface;

[0113] 3. The interaction between the vehicle and the cloud platform adopts two-way authentication based on CA certificates. The server verifies the validity of the vehicle certificate to determine that it is a legitimate vehicle of the OEM. The vehicle verifies the validity of the cloud certificate to determine that the cloud is the official server of the OEM.

[0114] 4. After the cloud platform verifies the validity of the vehicle certificate, it then extracts the VIN code and signature value S1 from the request parameters;

[0115] 5. The cloud platform queries the key management module for the key corresponding to the VIN code. If the key is not found, a vehicle message is returned indicating that the signature key was not found. If the key exists, the next step is performed.

[0116] 6. Use the key corresponding to the VIN code obtained from the key management module to verify the signature value S1 and determine the validity of the signature value S1.

[0117] 7. When the signature value is invalid, return to the vehicle and indicate that the signature is invalid. When the signature is valid, generate a new key and then return the new key to the vehicle.

[0118] Further reference Figure 5 As an implementation of the methods shown in the above figures, this disclosure provides an embodiment of a vehicle-to-cloud communication key update device applied to a vehicle. This device embodiment is similar to... Figure 2Corresponding to the method embodiments shown, this device can be specifically applied to various electronic devices.

[0119] like Figure 5 As shown, the vehicle-to-cloud communication key update device 500 of this embodiment includes: a signature unit 501, a generation unit 502, a verification unit 503, and an update unit 504. The signature unit 501 is configured to, in response to detecting that the current vehicle-to-cloud communication key has expired, sign the vehicle identification code using the current vehicle-to-cloud communication key to obtain a signature value; the generation unit 502 is configured to generate a key update request based on the signature value and the vehicle identification code; the verification unit 503 is configured to send the key update request to the cloud platform to verify the ownership of the vehicle indicated by the key update request. After the ownership verification is successful, the cloud platform extracts the signature value and the vehicle identification code from the key update request and randomly generates an updated key based on the signature value and the vehicle identification code according to a preset rule; the update unit 504 is configured to, in response to receiving the updated key returned by the cloud platform, replace the current vehicle-to-cloud communication key with the updated key.

[0120] In this embodiment, the specific processing of the signature unit 501, generation unit 502, verification unit 503, and update unit 504 of the vehicle-to-cloud communication key update device 500 can be referred to Figure 2 The corresponding steps are 201, 202, 203, and 204 in the embodiment.

[0121] In some optional implementations of this embodiment, the verification unit 503 is further configured to: verify the validity of the data certificate of the cloud platform; and output information indicating that the data certificate of the cloud platform is invalid in response to detecting that the data certificate of the cloud platform is invalid.

[0122] In some optional implementations of this embodiment, the device further includes an output unit (not shown in the figures): in response to receiving a message from the cloud platform that rejects updating the key and includes a reason for failure, the output unit outputs the reason for failure.

[0123] Further reference Figure 6 As an implementation of the methods shown in the above figures, this disclosure provides an embodiment of a vehicle-to-cloud communication key update device applied to a cloud platform. This device embodiment is similar to... Figure 3 Corresponding to the method embodiments shown, this device can be specifically applied to various electronic devices.

[0124] like Figure 6As shown, the vehicle-to-cloud communication key update device 600 of this embodiment includes: a verification unit 601, an extraction unit 602, a verification unit 603, a generation unit 604, and a sending unit 605. The verification unit 601 is configured to, in response to receiving a key update request from a vehicle, bidirectionally verify the vehicle's identity as indicated by the key update request; the extraction unit 602 is configured to, after the identity verification is successful, extract a signature value and a vehicle identification code from the key update request; the verification unit 603 is configured to, in response to querying the vehicle's current vehicle-to-cloud communication key based on the vehicle identification code, determine the validity of the signature value based on the current vehicle-to-cloud communication key; the generation unit 604 is configured to, in response to determining that the signature value is valid, randomly generate an updated key based on the signature value and the vehicle identification code according to a preset rule; and the sending unit 605 is configured to send the updated key to the vehicle.

[0125] In this embodiment, the specific processing of the verification unit 601, extraction unit 602, verification unit 603, generation unit 604, and sending unit 605 of the vehicle-to-cloud communication key update device 600 can be referred to Figure 3 The corresponding steps are 301, 302, 303, 304 and 305 in the embodiment.

[0126] In some optional implementations of this embodiment, the verification unit 601 is further configured to: verify the validity of the vehicle's data certificate; and, in response to detecting that the vehicle's data certificate is invalid, send a message indicating that the data certificate is invalid to the vehicle.

[0127] In some optional implementations of this embodiment, the device 600 further includes an output unit (not shown in the figures) configured to: in response to the failure to find the current key of the vehicle, send a message to the vehicle including a reason for failure to update the key, wherein the reason for failure is that the current key was not found.

[0128] In some optional implementations of this embodiment, the device 600 further includes an output unit (not shown in the figures) configured to: in response to determining that the signature value is invalid, send a message to the vehicle including a reason for failure to update the key, wherein the reason for failure is that the signature value is invalid.

[0129] It should be noted that the collection, gathering, updating, analysis, processing, use, transmission, and storage of user personal information involved in this disclosed technical solution all comply with relevant laws and regulations, are used for legitimate purposes, and do not violate public order and good morals. Necessary measures are taken to prevent unauthorized access to user personal information data and to safeguard user personal information security, network security, and national security.

[0130] According to embodiments of this disclosure, this disclosure also provides an electronic device and a readable storage medium.

[0131] An electronic device includes: one or more processors; and a storage device having one or more computer programs stored thereon, wherein when the one or more computer programs are executed by the one or more processors, the one or more processors implement the method described in process 200 or 300.

[0132] A computer-readable medium having a computer program stored thereon, wherein the computer program, when executed by a processor, implements the method described in process 200 or 300.

[0133] Figure 7 A schematic block diagram of an example electronic device 700 that can be used to implement embodiments of the present disclosure is shown. The electronic device is intended to represent various forms of digital computers, such as laptop computers, desktop computers, workstations, personal digital assistants, servers, blade servers, mainframe computers, and other suitable computers. The electronic device may also represent various forms of mobile devices, such as personal digital processors, cellular phones, smartphones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions are merely illustrative and are not intended to limit the implementation of the present disclosure described and / or claimed herein.

[0134] like Figure 7 As shown, device 700 includes a computing unit 701, which can perform various appropriate actions and processes based on a computer program stored in read-only memory (ROM) 702 or a computer program loaded from storage unit 708 into random access memory (RAM) 703. RAM 703 may also store various programs and data required for the operation of device 700. The computing unit 701, ROM 702, and RAM 703 are interconnected via bus 704. Input / output (I / O) interface 705 is also connected to bus 704.

[0135] Multiple components in device 700 are connected to I / O interface 705, including: input unit 706, such as keyboard, mouse, etc.; output unit 707, such as various types of monitors, speakers, etc.; storage unit 708, such as disk, optical disk, etc.; and communication unit 709, such as network card, modem, wireless transceiver, etc. Communication unit 709 allows device 700 to exchange information / data with other devices through computer networks such as the Internet and / or various telecommunications networks.

[0136] The computing unit 701 can be a variety of general-purpose and / or special-purpose processing components with processing and computing capabilities. Some examples of the computing unit 701 include, but are not limited to, a central processing unit (CPU), a graphics processing unit (GPU), various special-purpose artificial intelligence (AI) computing chips, various computing units running machine learning model algorithms, a digital signal processor (DSP), and any suitable processor, controller, microcontroller, etc. The computing unit 701 performs the various methods and processes described above, such as road planning methods. For example, in some embodiments, the road planning method may be implemented as a computer software program tangibly contained in a machine-readable medium, such as storage unit 708. In some embodiments, part or all of the computer program may be loaded and / or installed on device 700 via ROM 702 and / or communication unit 709. When the computer program is loaded into RAM 703 and executed by the computing unit 701, one or more steps of the road planning method described above may be performed. Alternatively, in other embodiments, the computing unit 701 may be configured to perform road planning methods by any other suitable means (e.g., by means of firmware).

[0137] Various embodiments of the systems and techniques described above herein can be implemented in digital electronic circuit systems, integrated circuit systems, field-programmable gate arrays (FPGAs), application-specific integrated circuits (ASICs), application-specific standard products (ASSPs), systems-on-a-chip (SoCs), payload-programmable logic devices (CPLDs), computer hardware, firmware, software, and / or combinations thereof. These various embodiments may include implementations in one or more computer programs that can be executed and / or interpreted on a programmable system including at least one programmable processor, which may be a dedicated or general-purpose programmable processor, capable of receiving data and instructions from a storage system, at least one input device, and at least one output device, and transmitting data and instructions to the storage system, the at least one input device, and the at least one output device.

[0138] The program code used to implement the methods of this disclosure may be written in any combination of one or more programming languages. This program code may be provided to a processor or controller of a general-purpose computer, special-purpose computer, or other programmable data processing apparatus, such that when executed by the processor or controller, the program code causes the functions / operations specified in the flowcharts and / or block diagrams to be implemented. The program code may be executed entirely on a machine, partially on a machine, as a standalone software package partially on a machine and partially on a remote machine, or entirely on a remote machine or server.

[0139] In the context of this disclosure, a machine-readable medium can be a tangible medium that may contain or store a program for use by or in conjunction with an instruction execution system, apparatus, or device. A machine-readable medium can be a machine-readable signal medium or a machine-readable storage medium. A machine-readable medium can be, but is not limited to, electronic, magnetic, optical, electromagnetic, infrared, or semiconductor systems, apparatus, or devices, or any suitable combination of the foregoing. More specific examples of machine-readable storage media include electrical connections based on one or more wires, portable computer disks, hard disks, random access memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), optical storage devices, magnetic storage devices, or any suitable combination of the foregoing.

[0140] To provide interaction with a user, the systems and techniques described herein can be implemented on a computer having: a display device for displaying information to the user (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor); and a keyboard and pointing device (e.g., a mouse or trackball) through which the user provides input to the computer. Other types of devices can also be used to provide interaction with the user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user can be received in any form (including sound input, voice input, or tactile input).

[0141] The systems and technologies described herein can be implemented in computing systems that include backend components (e.g., as a data server), or computing systems that include middleware components (e.g., an application server), or computing systems that include frontend components (e.g., a user computer with a graphical user interface or web browser through which a user can interact with embodiments of the systems and technologies described herein), or any combination of such backend, middleware, or frontend components. The components of the system can be interconnected via digital data communication of any form or medium (e.g., a communication network). Examples of communication networks include local area networks (LANs), wide area networks (WANs), and the Internet.

[0142] Computer systems can include clients and servers. Clients and servers are generally geographically separated and typically interact via communication networks. Client-server relationships are created by computer programs running on the respective computers and having a client-server relationship with each other. Servers can be servers in distributed systems or servers incorporating blockchain technology. Servers can also be cloud servers, or intelligent cloud computing servers or intelligent cloud hosts with artificial intelligence technology.

[0143] It should be understood that the various forms of processes shown above can be used to rearrange, add, or delete steps. For example, the steps described in this disclosure can be executed in parallel, sequentially, or in different orders, as long as the desired result of the technical solution disclosed in this disclosure can be achieved, and this is not limited herein.

[0144] The specific embodiments described above do not constitute a limitation on the scope of protection of this disclosure. Those skilled in the art should understand that various modifications, combinations, sub-combinations, and substitutions can be made according to design requirements and other factors. Any modifications, equivalent substitutions, and improvements made within the spirit and principles of this disclosure should be included within the scope of protection of this disclosure.

Claims

1. A vehicle-to-cloud communication key update method, applied to vehicles, comprising: In response to the detection that the current vehicle-to-cloud communication key has expired, the vehicle identification code is signed using the current vehicle-to-cloud communication key to obtain a signature value; Generate a key update request based on the signature value and the vehicle identification number; The key update request is sent to the cloud platform to verify the ownership of the vehicle referred to by the key update request. After the ownership verification is successful, the cloud platform extracts the signature value and the vehicle identification code from the key update request, and randomly generates an updated key based on the signature value and the vehicle identification code according to a preset rule. In response to receiving the updated key returned by the cloud platform, the current vehicle-cloud communication key is replaced with the updated key.

2. The method according to claim 1, wherein, The verification of the vehicle's ownership as referred to in the key update request includes: Verify the validity of the data certificate of the cloud platform; In response to the detection that the data certificate of the cloud platform is invalid, the system outputs a message indicating that the data certificate of the cloud platform is invalid.

3. The method according to claim 1, wherein, The method further includes: In response to receiving a message from the cloud platform that refuses to update the key, including the reason for failure, the reason for failure is output.

4. A method for updating a vehicle-to-cloud communication key, applied to a cloud platform, comprising: In response to receiving a key update request from a vehicle, verify the ownership of the vehicle referred to in the key update request; After the identity verification is successful, the signature value and vehicle identification number are extracted from the key update request; In response to querying the current vehicle-to-cloud communication key of the vehicle based on the vehicle identification code, the validity of the signature value is determined based on the current vehicle-to-cloud communication key; In response to determining that the signature value is valid, an updated key is randomly generated based on the signature value and the vehicle identification number according to a preset rule; The updated key is sent to the vehicle.

5. The method according to claim 4, wherein, The verification of the vehicle's ownership as referred to in the key update request includes: Verify the validity of the vehicle's data certificate; In response to the detection that the vehicle's data certificate is invalid, a message indicating that the data certificate is invalid is sent to the vehicle.

6. The method according to claim 4, wherein, The method further includes: In response to the failure to find the current key for the vehicle, a message rejecting to update the key is sent to the vehicle, including the reason for failure, wherein the reason for failure is that the current key was not found.

7. The method according to claim 4, wherein, The method further includes: In response to determining that the signature value is invalid, a message rejecting to update the key is sent to the vehicle, including the reason for the failure, wherein the reason for the failure is that the signature value is invalid.

8. A vehicle-to-cloud communication key update system, comprising: The vehicle is configured to perform the method according to any one of claims 1-3; The cloud platform is configured to perform the method of any one of claims 4-7.

9. A vehicle-to-cloud communication key update device, applied to a vehicle, comprising: The signature unit is configured to sign the vehicle identification code using the current vehicle-cloud communication key in response to detecting that the current vehicle-cloud communication key has expired, thereby obtaining a signature value. The generation unit is configured to generate a key update request based on the signature value and the vehicle identification number; The verification unit is configured to send the key update request to the cloud platform to verify the ownership of the vehicle referred to by the key update request. After the ownership verification is successful, the cloud platform extracts the signature value and the vehicle identification code from the key update request and randomly generates an updated key based on the signature value and the vehicle identification code according to a preset rule. The update unit is configured to replace the current vehicle-to-cloud communication key with the updated key in response to receiving the updated key returned by the cloud platform.

10. A vehicle-to-cloud communication key update device, applied to a cloud platform, comprising: The verification unit is configured to, in response to receiving a key update request from a vehicle, bidirectionally verify the ownership of the vehicle referred to in the key update request with the vehicle. The extraction unit is configured to extract the signature value and vehicle identification code from the key update request after the identity attribution verification is passed; The verification unit is configured to, in response to querying the current vehicle-to-cloud communication key of the vehicle based on the vehicle identification code, determine the validity of the signature value based on the current vehicle-to-cloud communication key; The generation unit is configured to, in response to determining that the signature value is valid, randomly generate an updated key based on the signature value and the vehicle identification code according to a preset rule; The sending unit is configured to send the updated key to the vehicle.

11. An electronic device, comprising: One or more processors; Storage device, on which one or more computer programs are stored, When the one or more computer programs are executed by the one or more processors, the one or more processors implement the method as described in any one of claims 1-7.

12. A computer-readable medium having a computer program stored thereon, wherein, When the computer program is executed by a processor, it implements the method as described in any one of claims 1-7.