Data transmission method, vehicle, storage medium and computer program product

By using a collaborative protection method of dynamic random offset and encryption key on the CAN bus, the problem of low security in the CAN bus protocol is solved, and dual security protection for communication channels and content is achieved without increasing bus load and ECU computing overhead.

CN122394842APending Publication Date: 2026-07-14FAW JIEFANG AUTOMOTIVE CO

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
FAW JIEFANG AUTOMOTIVE CO
Filing Date
2026-03-30
Publication Date
2026-07-14

AI Technical Summary

Technical Problem

The CAN bus's native protocol in the automotive field lacks authentication and data encryption mechanisms, which poses security risks such as message eavesdropping, forgery, and replay attacks. Existing data transmission methods cannot achieve dual security protection for both the communication channel and the communication content without increasing the bus load and ECU computing overhead.

Method used

By acquiring the data to be transmitted, the first random offset, and the encryption management byte, a cyclic shift process is generated and performed. The target transmission message is generated in combination with a preset key and decrypted and restored at the receiving end, thus achieving collaborative protection between dynamic random offset and encryption key.

Benefits of technology

Without increasing bus load and ECU computing overhead, dual protection of communication channels and communication content is achieved, thereby improving the security of data transmission.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122394842A_ABST
    Figure CN122394842A_ABST
Patent Text Reader

Abstract

The application discloses a data transmission method, a vehicle, a storage medium and a computer program product. The method comprises the following steps: obtaining to-be-transmitted data, a first random offset, a first encryption management byte and a second encryption management byte; generating a first data field based on the to-be-transmitted data and the first encryption management byte; performing cyclic shift processing on the first data field based on the first random offset, a preset offset granularity and a first preset offset direction, to obtain a second data field; generating a target transmission message based on the second data field and the second encryption management byte; and sending the target transmission message to a receiving end. The application solves the technical problem of low security of the data transmission method provided in the related art.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of vehicle communication security technology, and more specifically, to a data transmission method, a vehicle, a storage medium, and a computer program product. Background Technology

[0002] Controller Area Network (CAN) buses are widely used in the automotive industry due to their high reliability and low cost. However, their native protocols lack authentication and data encryption mechanisms, posing security risks such as message eavesdropping, forgery, and replay attacks. With the development of intelligent and connected vehicles, the broadcast communication mode and plaintext transmission characteristics of the CAN bus are no longer sufficient to meet security requirements. Although the CAN with Flexible Data-Rate (CAN FD) protocol improves transmission rates and data field capacity, its underlying security mechanisms have not been fundamentally enhanced. Related technologies typically rely on message authentication codes, ID obfuscation, or end-to-end encryption for data transmission protection. However, these methods suffer from high load rates, high computational overhead, poor real-time performance, and low data transmission security, making it difficult to achieve dual security protection for both the "communication channel" and "communication content" without increasing bus load and the computational overhead of the Electronic Control Unit (ECU).

[0003] There is currently no effective solution to the above problems. Summary of the Invention

[0004] This application provides a data transmission method, a vehicle, a storage medium, and a computer program product to at least solve the technical problem of low security in data transmission methods provided in related technologies.

[0005] According to one aspect of the embodiments of this application, a data transmission method is provided, comprising: acquiring data to be transmitted, a first random offset, a first encryption management byte, and a second encryption management byte, wherein the first random offset is used to represent a dynamic offset during data transmission, the first encryption management byte is used to store auxiliary management information during data transmission, and the second encryption management byte is used to store ciphertext data, the ciphertext data being obtained by encrypting the first random offset using a preset key; generating a first data field based on the data to be transmitted and the first encryption management byte; performing a cyclic shift operation on the first data field based on the first random offset, a preset offset granularity, and a first preset offset direction to obtain a second data field; generating a target transmission message based on the second data field and the second encryption management byte; and sending the target transmission message to a receiving end.

[0006] Optionally, the length of the data to be transmitted is less than or equal to a preset length threshold, the first random offset is greater than or equal to a first preset value, and the first random offset is less than a second preset value.

[0007] Optionally, performing cyclic shifting processing on the first data field based on the first random offset, the preset offset granularity, and the first preset offset direction to obtain the second data field includes: determining a preset offset method based on the preset offset granularity, wherein the preset offset method is used to determine the offset step size corresponding to the cyclic shifting processing; and performing cyclic shifting processing on the first data field based on the first random offset, the preset offset method, and the first preset offset direction to obtain the second data field.

[0008] Optionally, the preset offset granularity includes: a first preset offset granularity and a second preset offset granularity; the preset offset method includes: a byte offset method and a bit offset method; and determining the preset offset method based on the preset offset granularity includes: determining the preset offset method as a byte offset method in response to the preset offset granularity being the first preset offset granularity; or, determining the preset offset method as a bit offset method in response to the preset offset granularity being the second preset offset granularity, wherein the offset step size corresponding to the bit offset method is smaller than the offset step size corresponding to the byte offset method.

[0009] Optionally, generating the target transmission message based on the second data field and the second encryption management byte includes: obtaining a preset data frame structure, wherein the preset data frame structure includes at least: a start-of-frame bit, an arbitration field, a control field, a check field, and an acknowledgment field; and assembling the preset data frame structure, the second data field, and the second encryption management byte to obtain the target transmission message.

[0010] According to another aspect of the embodiments of this application, another data transmission method is also provided, comprising: receiving a target transmission message, wherein the target transmission message is generated based on a second data field and a second encryption management byte, the second data field is obtained by cyclically shifting the first data field based on a first random offset, a preset offset granularity, and a first preset offset direction, the first random offset being used to represent a dynamic offset during data transmission, the first data field being generated based on data to be transmitted and a first encryption management byte, the first encryption management byte being used to store auxiliary management information during data transmission, the second encryption management byte being used to store ciphertext data, the ciphertext data being obtained by encrypting the first random offset using a preset key; decrypting the target transmission message based on the preset key to obtain a second random offset; determining a third data field based on the target transmission message, wherein the third data field is the message data in the target transmission message excluding the second random offset; cyclically shifting the third data field based on the second random offset, the preset offset granularity, and the second preset offset direction to obtain a fourth data field, wherein the second preset offset direction and the first preset offset direction are opposite directions; and parsing the fourth data field to obtain auxiliary management information and data to be transmitted.

[0011] Optionally, decrypting the target transmission message based on a preset key to obtain a second random offset includes: decrypting the target transmission message based on the preset key to obtain a decryption result, wherein the decryption result is used to determine the decryption status, which includes decryption success and decryption failure; responding by determining the decryption status as decryption success based on the decryption result and decrypting the target transmission message based on the preset key to obtain a second random offset; or, responding by determining the decryption status as decryption failure based on the decryption result and determining the target transmission message as an abnormal message.

[0012] According to another aspect of the embodiments of this application, a data transmission apparatus is also provided, comprising: a first acquisition module, configured to acquire data to be transmitted, a first random offset, a first encryption management byte, and a second encryption management byte, wherein the first random offset is used to represent a dynamic offset during data transmission, the first encryption management byte is used to store auxiliary management information during data transmission, and the second encryption management byte is used to store ciphertext data, the ciphertext data being obtained by encrypting the first random offset using a preset key; a first generation module, configured to generate a first data field based on the data to be transmitted and the first encryption management byte; a first processing module, configured to perform cyclic shifting processing on the first data field based on the first random offset, a preset offset granularity, and a first preset offset direction to obtain a second data field; and a second generation module, configured to generate a target transmission message based on the second data field and the second encryption management byte, and to send the target transmission message to a receiving end.

[0013] Optionally, the length of the data to be transmitted is less than or equal to a preset length threshold, the first random offset is greater than or equal to a first preset value, and the first random offset is less than a second preset value.

[0014] Optionally, the first processing module is further configured to: determine a preset offset method based on a preset offset granularity, wherein the preset offset method is used to determine the offset step size corresponding to the cyclic shift processing; and perform cyclic shift processing on the first data field based on the first random offset, the preset offset method, and the first preset offset direction to obtain the second data field.

[0015] Optionally, the preset offset granularity includes: a first preset offset granularity and a second preset offset granularity, and the preset offset mode includes: a byte offset mode and a bit offset mode. The first processing module is further configured to: determine the preset offset mode as a byte offset mode in response to the preset offset granularity being the first preset offset granularity; or, determine the preset offset mode as a bit offset mode in response to the preset offset granularity being the second preset offset granularity, wherein the offset step size corresponding to the bit offset mode is smaller than the offset step size corresponding to the byte offset mode.

[0016] Optionally, the second generation module is further configured to: obtain a preset data frame structure, wherein the preset data frame structure includes at least: a frame start bit, an arbitration field, a control field, a check field, and an acknowledgment field; and assemble the preset data frame structure, the second data field, and the second encryption management byte to obtain the target transmission message.

[0017] According to another aspect of the embodiments of this application, another data transmission apparatus is also provided, including: a receiving module, configured to receive a target transmission message, wherein the target transmission message is generated based on a second data field and a second encryption management byte, the second data field is obtained by cyclically shifting the first data field based on a first random offset, a preset offset granularity, and a first preset offset direction, the first random offset is used to represent the dynamic offset during data transmission, the first data field is generated based on data to be transmitted and a first encryption management byte, the first encryption management byte is used to store auxiliary management information during data transmission, the second encryption byte is used to store ciphertext data, and the ciphertext data is transmitted using a preset key. The first random offset is obtained by encryption; the second processing module is used to decrypt the target transmission message based on a preset key to obtain the second random offset; the determination module is used to determine the third data field based on the target transmission message, wherein the third data field is the message data in the target transmission message other than the second random offset; the third processing module is used to perform cyclic shifting processing on the third data field based on the second random offset, the preset offset granularity, and the second preset offset direction to obtain the fourth data field, wherein the second preset offset direction and the first preset offset direction are opposite directions; the parsing module is used to parse the fourth data field to obtain auxiliary management information and data to be transmitted.

[0018] Optionally, the second processing module is further configured to: decrypt the target transmission message based on a preset key to obtain a decryption result, wherein the decryption result is used to determine the decryption status, and the decryption status includes decryption success and decryption failure; respond to determine the decryption status as decryption success based on the decryption result, decrypt the target transmission message based on the preset key to obtain a second random offset; or, respond to determine the decryption status as decryption failure based on the decryption result, and determine the target transmission message as an abnormal message.

[0019] According to another aspect of the embodiments of this application, a vehicle is also provided, including: a processor; a memory for storing processor-executable instructions; wherein the processor is configured to execute instructions to implement the data transmission method in the embodiments of this application.

[0020] According to another aspect of the embodiments of this application, a computer-readable storage medium is also provided, the computer-readable storage medium including a stored executable program, wherein, when the executable program is running, it controls the device where the storage medium is located to execute the data transmission method of the embodiments of this application.

[0021] According to another aspect of the embodiments of this application, a computer program product is also provided, the computer program product including computer instructions, which, when executed by a processor, implement the data transmission method in the embodiments of this application.

[0022] In this embodiment, by acquiring the data to be transmitted, a first random offset, a first encryption management byte, and a second encryption management byte, and generating a first data field based on the data to be transmitted and the first encryption management byte, and then performing cyclic shifting processing on the first data field based on the first random offset, a preset offset granularity, and a first preset offset direction to obtain a second data field, and finally generating a target transmission message based on the second data field and the second encryption management byte, and sending the target transmission message to the receiving end, the goal of achieving dual protection of the communication channel and communication content through the collaboration of dynamic random offset and encryption key is achieved without increasing bus load and computational overhead. This achieves the technical effect of improving data transmission security and solves the technical problem of low security in the data transmission methods provided in related technologies. Attached Figure Description

[0023] The accompanying drawings, which are included to provide a further understanding of this application and form part of this application, illustrate exemplary embodiments of this application and are used to explain this application, but do not constitute an undue limitation of this application. In the drawings:

[0024] Figure 1 This is a flowchart of a data transmission method according to one embodiment of this application;

[0025] Figure 2 This is a schematic diagram of a data transmission system according to one embodiment of this application;

[0026] Figure 3 This is a schematic diagram of a data transmission method according to one embodiment of this application;

[0027] Figure 4 This is a flowchart of another data transmission method according to one embodiment of this application;

[0028] Figure 5 This is a schematic diagram of another data transmission method according to one embodiment of this application;

[0029] Figure 6 This is a structural block diagram of a data transmission device according to one embodiment of this application;

[0030] Figure 7 This is a structural block diagram of another data transmission device according to one embodiment of this application. Detailed Implementation

[0031] To enable those skilled in the art to better understand the present application, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present application, and not all embodiments. Based on the embodiments in the present application, all other embodiments obtained by those of ordinary skill in the art without creative effort should fall within the scope of protection of the present application.

[0032] It should be noted that the terms "first," "second," etc., in the specification, claims, and accompanying drawings of this application are used to distinguish similar objects and are not necessarily used to describe a specific order or sequence. It should be understood that such data can be interchanged where appropriate so that the embodiments of this application described herein can be implemented in orders other than those illustrated or described herein. Furthermore, the terms "comprising" and "having," and any variations thereof, are intended to cover non-exclusive inclusion; for example, a process, method, system, product, or apparatus that comprises a series of steps or units is not necessarily limited to those steps or units explicitly listed, but may include other steps or units not explicitly listed or inherent to such processes, methods, products, or apparatus.

[0033] The CAN bus is widely used in the automotive field due to its high reliability and low cost. However, its native protocol lacks authentication and data encryption mechanisms, posing security risks such as message eavesdropping, forgery, and replay attacks. With the development of intelligent and connected vehicles, the broadcast communication mode and plaintext transmission characteristics of the CAN bus are no longer sufficient to meet security requirements. Although the CAN FD protocol improves transmission rate and data field capacity, its underlying security mechanisms have not been fundamentally enhanced. Related technologies typically rely on message authentication codes, ID obfuscation, or end-to-end encryption for data transmission protection. However, these methods suffer from high load rates, high computational overhead, poor real-time performance, and low data transmission security, making it difficult to achieve dual security protection for both the "communication channel" and "communication content" without increasing bus load and ECU computational overhead.

[0034] Specifically, inserting fixed-length authentication codes or signature information into the data field not only occupies payload space and increases bus bandwidth consumption, but also requires the ECU to perform highly complex hash or asymmetric operations, leading to a decrease in real-time performance. ID obfuscation schemes, by disrupting the inherent priority arbitration mechanism of the CAN bus, are prone to communication delays or conflicts, affecting system determinism. While end-to-end encryption can protect content confidentiality, it cannot resist replay attacks, and key management is complex, making large-scale deployment difficult in resource-constrained automotive ECUs.

[0035] According to an embodiment of this application, a method embodiment for data transmission is provided. It should be noted that the steps shown in the flowchart in the accompanying drawings can be executed in a computer system such as a set of computer-executable instructions. Furthermore, although a logical order is shown in the flowchart, in some cases, the steps shown or described may be executed in a different order than that shown here.

[0036] This method embodiment can be executed in an electronic device or similar computing device that includes memory and a processor. Taking operation on a computer terminal as an example, the computer terminal may include one or more processors (processors may include, but are not limited to, central processing units (CPUs), graphics processing units (GPUs), digital signal processing (DSP) chips, microcontroller units (MCUs), field-programmable gate arrays (FPGAs), neural network processors (NPUs), tensor processors (TPUs), artificial intelligence (AI) type processors, etc.) and memory for storing data. Optionally, the computer terminal may also include transmission devices, input / output devices, and display devices for communication functions. Those skilled in the art will understand that the above structural description is merely illustrative and does not limit the structure of the computer terminal. For example, the computer terminal may include more or fewer components than described above, or have a different configuration than described above.

[0037] The memory can be used to store computer programs, such as application software programs and modules, like the computer program corresponding to the data transmission method in this embodiment. The processor executes various functional applications and data processing by running the computer program stored in the memory, thus implementing the aforementioned data transmission method. The memory may include high-speed random access memory (RAM) and non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some instances, the memory may further include memory remotely located relative to the processor, and these remote memories can be connected to the mobile terminal via a network. Examples of such networks include, but are not limited to, the Internet, corporate intranets, local area networks (LANs), mobile communication networks, and combinations thereof.

[0038] The transmission device is used to receive or send data via a network. Specific examples of the network described above may include a wireless network provided by the mobile terminal's communication provider. In one example, the transmission device includes a Network Interface Controller (NIC), which can connect to other network devices via a base station to communicate with the Internet. In another example, the transmission device may be a Radio Frequency (RF) module, used for wireless communication with the Internet.

[0039] Display devices can be, for example, touchscreen liquid crystal displays (LCDs) and touch displays (also referred to as "touchscreens" or "touch displays"). The LCD allows users to interact with the user interface of the mobile terminal. In some embodiments, the mobile terminal has a graphical user interface (GUI), which allows users to interact with the GUI through finger contact and / or gestures on a touch-sensitive surface. Optional human-computer interaction functions include: creating web pages, drawing, word processing, creating electronic documents, playing games, video conferencing, instant messaging, sending and receiving emails, call interfaces, playing digital video, playing digital music, and / or web browsing, etc. Executable instructions for performing the above human-computer interaction functions are configured / stored in one or more processor-executable computer program products or readable storage media.

[0040] Figure 1 This is a flowchart of a data transmission method according to one embodiment of this application, such as... Figure 1 As shown, the method includes the following steps:

[0041] Step S11: Obtain the data to be transmitted, the first random offset, the first encryption management byte, and the second encryption management byte. The first random offset is used to represent the dynamic offset during data transmission. The first encryption management byte is used to store auxiliary management information during data transmission. The second encryption management byte is used to store ciphertext data. The ciphertext data is obtained by encrypting the first random offset using a preset key.

[0042] The data to be transmitted is payload information generated by the sending end that needs to be transmitted securely. Specifically, the data to be transmitted may include, but is not limited to, real-time control parameters such as engine speed, torque demand, gear position command, or sensor status.

[0043] The aforementioned first random offset is an unpredictable integer value generated independently by the sender, used to characterize the cyclic displacement of the data field in the byte or bit dimension.

[0044] Specifically, the aforementioned first random offset does not depend on a fixed sequence or external input, but is only related to the encryption requirements of the current message. Its function is to dynamically change the physical starting position of the valid data in the CAN FD data field, so that attackers cannot identify the data content through a fixed offset pattern, thereby enhancing the concealment and anti-analysis capability of the communication channel.

[0045] The aforementioned auxiliary management information is metadata used to identify the communication context, control the encryption process, or assist in authentication. Specifically, the aforementioned auxiliary management information may include, but is not limited to, message sequence number, algorithm identifier, timestamp, session identifier, replay protection flag, key version number, device identity identifier, or communication status flag.

[0046] The aforementioned encrypted data refers to the irreversible encrypted output generated after encrypting the first random offset with a preset key. Its content can only be decrypted and restored by a legitimate receiving end holding the same preset key, and the value of the original offset cannot be directly inferred through statistical analysis without authorization.

[0047] Step S12: Generate a first data field based on the data to be transmitted and the first encryption management byte;

[0048] Specifically, the data to be transmitted can be concatenated with the first encryption management byte in sequence to generate a first data field, wherein the first encryption management byte is located as the first byte of the first data field, and the data to be transmitted is located after the first encryption management byte.

[0049] For example, when the data length corresponding to the data to be transmitted is L_app bytes, the data length corresponding to the first data field is L_app+1 bytes.

[0050] Step S13: Perform cyclic shifting on the first data field based on the first random offset, the preset offset granularity, and the first preset offset direction to obtain the second data field;

[0051] The aforementioned preset offset granularity, based on bits or bytes, is used to determine the smallest data unit moved by each offset operation in the data field.

[0052] The aforementioned first preset offset direction is a unidirectional cyclic movement direction in the cyclic shift process. Specifically, the aforementioned first preset offset direction may include, but is not limited to, cyclic shifting along the high-order bits to low-order bits of a data field byte or bit, or cyclic shifting along the low-order bits to high-order bits of a data field byte or bit.

[0053] For example, the aforementioned first preset offset direction can be pre-agreed upon by the sending end and the receiving end and fixed in the key negotiation protocol or system initialization configuration to ensure that the sending end and the receiving end maintain strict consistency in the offset operation, thereby achieving accurate restoration and parsing of the data field without relying on additional signaling interaction, and avoiding decryption failure or data misalignment caused by inconsistent directions.

[0054] Step S14: Based on the second data field and the second encryption management byte, generate the target transmission message and send the target transmission message to the receiving end.

[0055] Specifically, the second encryption management byte is located at the end of the target transmission message and is used to carry the ciphertext data obtained by encrypting the first random offset. This ensures that the receiving end can obtain the correct offset information only after successfully decrypting the ciphertext data, thereby realizing the dynamic restoration of the data field position. At the same time, it avoids the offset key being exposed in plaintext in the transmission message, enhancing the security and anti-attack capability during data transmission.

[0056] For example, when the data length corresponding to the data to be transmitted is L_app bytes, the data length corresponding to the first data field is L_app+1 bytes, and the data length corresponding to the second data field should also be L_app+1 bytes. Further, the data length corresponding to the data field composed of the second data field and the second encryption management byte is L_app+2 bytes.

[0057] For example, a target data field with a length of L_app+2 bytes can be generated based on a first encryption management byte, the data to be transmitted, and a second encryption management byte. The first encryption management byte is located at the beginning of the target data field, the second encryption management byte is located at the end of the target data field, and the data to be transmitted is located between the first and second encryption management bytes. Simultaneously, the first encryption management byte is configured to store auxiliary management information during data transmission, and the second encryption management byte is configured as a reserved byte for storing ciphertext data obtained by encrypting the first random offset. Further, during the cyclic shift process, only the first encryption management byte and the data to be transmitted in the target data field are cyclically shifted, while the second encryption management byte, as a reserved byte, is always located at the end of the target data field. This ensures that the cyclic shift operation does not affect the storage location of the ciphertext data, thereby ensuring that the receiving end can always securely extract and decrypt the ciphertext data at a fixed byte position, achieving synchronous understanding and reliable reconstruction of the data field structure by both communicating parties.

[0058] Based on steps S11 to S14 above, by acquiring the data to be transmitted, the first random offset, the first encryption management byte, and the second encryption management byte, and generating a first data field based on the data to be transmitted and the first encryption management byte, and then performing cyclic shifting processing on the first data field based on the first random offset, the preset offset granularity, and the first preset offset direction to obtain a second data field, and finally generating a target transmission message based on the second data field and the second encryption management byte, and sending the target transmission message to the receiving end, the goal of achieving dual protection of the communication channel and communication content through the collaboration of dynamic random offset and encryption key is achieved without increasing bus load and computational overhead. This achieves the technical effect of improving data transmission security and solves the technical problem of low security in the data transmission methods provided in related technologies.

[0059] The data transmission method in the embodiments of this application will be further described below.

[0060] Optionally, the length of the data to be transmitted is less than or equal to a preset length threshold, the first random offset is greater than or equal to a first preset value, and the first random offset is less than a second preset value.

[0061] For example, the preset length threshold can be 62 bytes to be compatible with the maximum effective application data capacity that the CAN FD data field can carry after deducting two encryption management bytes. The first preset value can be 0. The second preset value can be N, typically N=64. 8 = 512 (meaning the maximum offset does not exceed the total number of bits corresponding to the maximum 64 bytes of the CAN FD data field). The data length to be transmitted is less than or equal to a preset length threshold, that is, the data length to be transmitted is ≤ 62 bytes. The first random offset is greater than or equal to a first preset value, and the first random offset is less than a second preset value, that is, the value range corresponding to the first random offset is [0, N). Preferably, N = 64, indicating that the offset is in bytes, simplifying processing.

[0062] Based on the above optional embodiments, the length of the data to be transmitted is less than or equal to a preset length threshold, the first random offset is greater than or equal to a first preset value, and the first random offset is less than a second preset value. This ensures that the range of the first random offset is compatible with the length of the data to be transmitted. Under the premise of ensuring that the offset operation can completely cover the effective data field, the risk of offset redundancy due to too short data or data field out of bounds due to too large offset is avoided.

[0063] Optionally, in step S13, the first data field is cyclically shifted based on the first random offset, the preset offset granularity, and the first preset offset direction to obtain the second data field, including:

[0064] Step S131: Determine the preset offset method based on the preset offset granularity, wherein the preset offset method is used to determine the offset step size corresponding to the cyclic shift process;

[0065] Step S132: Based on the first random offset, the preset offset method and the first preset offset direction, the first data field is cyclically shifted to obtain the second data field.

[0066] The aforementioned preset offset method is a fixed interval for each unit displacement in the data field determined according to preset rules during the cyclic shift process.

[0067] The aforementioned second data field is a data field formed after cyclic shifting, containing the data to be transmitted and the first encryption management byte, but whose position has been reconstructed according to the first random offset, the preset offset granularity and the first preset offset direction. Its total length remains consistent with the first data field, and only the arrangement order of the internal bytes or bits changes due to cyclic shifting.

[0068] For example, based on a first random offset R and a preset offset granularity K, the first data field can be cyclically shifted R×K units along the high-order direction, so that each byte or bit moves sequentially to the target position, thereby generating a second data field. This prevents unauthorized nodes that do not know R from accurately identifying the starting position of valid data. Furthermore, the receiving end can reconstruct the first data field based on the same random offset, preset offset granularity, and reverse offset direction.

[0069] Figure 2 This is a schematic diagram of a data transmission system according to one embodiment of this application, such as... Figure 2 As shown, the system includes a transmitting end processing module and a receiving end processing module that communicate via a CAN bus. The transmitting end processing module includes a random number generator, a data offset calculation unit, a CAN FD controller, and an encryption unit. The receiving end processing module includes a decryption unit, a CAN FD controller, a parsing and restoration unit, and a reverse offset calculation unit.

[0070] Specifically, the transmitting end processing module is integrated into the transmitting node ECU, and the receiving end processing module is integrated into the receiving node ECU. The transmitting node ECU is the electronic control unit responsible for generating and sending encrypted CAN FD messages; it is typically the main control module in the vehicle with data acquisition and control functions, such as the engine controller, body control module, or autonomous driving domain controller. The receiving node ECU is the electronic control unit responsible for receiving and decrypting CAN FD messages; it is typically a subordinate or cooperative control module that has a communication dependency with the transmitting node, such as the transmission controller, brake controller, or instrument panel unit.

[0071] For example, the data transmission system described above also includes a shared key module for securely distributing and updating keys for encryption offsets among legitimate nodes, which can be managed using pre-configuration, manufacturer key injection, or a hardware security module (HSM).

[0072] Based on the above steps S131 to S132, a preset offset method is determined based on the preset offset granularity. Then, the first data field is cyclically shifted based on the first random offset, the preset offset method, and the first preset offset direction to obtain the second data field. By performing deterministic cyclic shifting on the data field at a fixed granularity, it is difficult for unauthorized nodes to infer the original position of valid data through static analysis or statistical characteristics. Thus, without changing the total length of the data field, the concealment and anti-location capability of the data distribution are improved.

[0073] Optionally, the preset offset granularity includes: a first preset offset granularity and a second preset offset granularity; the preset offset method includes: a byte offset method and a bit offset method; in step S131, based on the preset offset granularity, the preset offset method is determined as follows:

[0074] Step S1311: In response to the preset offset granularity being the first preset offset granularity, determine the preset offset mode as byte offset mode; or,

[0075] Step S1312: In response to the preset offset granularity being the second preset offset granularity, the preset offset mode is determined to be the bit offset mode, wherein the offset step size corresponding to the bit offset mode is less than the offset step size corresponding to the byte offset mode.

[0076] The first preset offset granularity is 8 bits, which is the width of one byte. At this time, the preset offset mode is the byte offset mode, which means that the cyclic shift operation for the first data field is performed in units of whole bytes, with each shift step being 8 bits. The offset R directly corresponds to the number of bytes. It is suitable for embedded systems with limited computing resources or low requirements for implementation complexity. Its advantage is that the shift operation can be implemented through simple memory block copying or pointer redirection, reducing processor load and improving execution efficiency.

[0077] The second preset offset granularity is 1 bit, which is the smallest data unit. At this time, the preset offset mode is bit offset mode, which means that the cyclic shift operation for the first data field is performed in units of a single bit. The value range of the offset R is extended to a maximum of 511, and the offset step size is 1 bit. This can provide higher randomness and anti-cracking performance, and is suitable for nodes with high security requirements and hardware acceleration support.

[0078] The byte offset method described above refers to treating the first data field as a continuous sequence of bytes, performing an overall shift only on the byte boundaries, preserving the internal bit order of each byte, and only changing the relative positions between bytes.

[0079] The bit offset method described above refers to the overall cyclic displacement of the first data field in units of bits, with all bits (including cross-byte boundaries) moving sequentially as a whole.

[0080] Specifically, when the preset offset granularity K=8, it indicates that the preset offset mode is byte offset mode. When the preset offset granularity K=1, it indicates that the preset offset mode is bit offset mode.

[0081] Based on steps S1311 to S1312 above, when the preset offset granularity is the first preset offset granularity, the preset offset method is byte offset, which simplifies the hardware implementation logic, reduces computational overhead, and ensures that the offset operation is aligned on the byte boundary, thereby improving data transmission efficiency and compatibility. When the preset offset granularity is the second preset offset granularity, the preset offset method is bit offset, which improves the fine granularity and unpredictability of offset randomness, increases the number of attempts required for an attacker to locate valid data through exhaustive search, and thus enhances the concealment of the data field structure.

[0082] Optionally, in step S14, generating the target transmission message based on the second data field and the second encryption management byte includes:

[0083] Step S141: Obtain a preset data frame structure, wherein the preset data frame structure includes at least: frame start bit, arbitration field, control field, check field and response field;

[0084] Step S142: Assemble the preset data frame structure, the second data field, and the second encryption management byte to obtain the target transmission message.

[0085] The aforementioned preset data frame structure is a frame format conforming to the CAN FD protocol standard, used to carry the physical layer and data link layer control information necessary for vehicle network communication, ensuring reliable transmission of messages on the bus and synchronization between nodes.

[0086] The aforementioned frame start bit is a single dominant level bit that marks the beginning of a frame message. All nodes achieve frame synchronization by detecting the level transition of this bit, which is the reference signal for bus arbitration and reception triggering.

[0087] The aforementioned arbitration field consists of an 11-bit or 29-bit identifier, used to uniquely identify the message type and determine the bus access priority.

[0088] The control field consists of 6 bits, the first 4 of which represent the Data Length Code (DLC), used to indicate the number of bytes of subsequent valid data (ranging from 0 to 64 bytes), and the last 2 bits are reserved for future protocol expansion.

[0089] The aforementioned check field is a Cyclic Redundancy Check (CRC) field, consisting of a 15-bit or 17-bit check sequence, generated by polynomial calculation based on all bits from the start bit of the frame to the end of the control field.

[0090] The aforementioned acknowledgment field consists of an ACK slot and an ACK delimiter. The sending node sends a recessive bit in the ACK slot, and the node that correctly receives the message will drive a dominant bit in that slot to confirm successful reception.

[0091] Figure 3 This is a schematic diagram of a data transmission method according to one embodiment of this application, as shown below. Figure 3 As shown, during data transmission, the data to be transmitted is first acquired, and a first random offset R is generated. Further, based on the data to be transmitted and the first random offset R, an original data field is constructed, and the remaining bytes in the original data field, excluding the reserved bytes, are offset. Then, the encrypted offset generated after encrypting the first random offset R is stored in the reserved bytes. Finally, the aforementioned data field and the CAN FD data frame structure are assembled to generate the target transmission message, which is then sent to the receiving end.

[0092] For example, suppose in a car CAN FD network, the engine controller (ECU_Engine) needs to periodically send a data packet (0x12 0x34 0x56 0x78) containing 4 bytes of valid data (such as speed and torque requirements) to the transmission controller (ECU_Gearbox). Both parties have pre-shared a symmetric encryption key K_s. Assuming the first random offset R=19 generated by the random number generator, the preset offset granularity K=8, and the first encryption management byte is sequence number 0x01, then the original data field is [0x01][0x12][0x34][0x56][0x78][0x00], with a length L_total=4+2=6 bytes. The last byte 0x00 is a reserved byte. Further, the above 6-byte original data field can be circularly shifted left by R=19 bytes. Since the original data field only includes 6 bytes, circularly shifting left by 19 bytes is equivalent to circularly shifting left by 19 mod 6 = 1 byte. The resulting data field to be transmitted after offset is [0x12][0x34][0x56][0x78][0x01][0x00]. Then, R=19 (stored as a single byte 0x13) can be encrypted using a symmetric encryption key K_s and AES-128 or a lightweight encryption algorithm to obtain the ciphertext data Enc(R). Assuming the ciphertext data Enc(R) is 0x5F, writing 0x5F to the last byte of the data field to be transmitted results in the generated data field: [0x12][0x34][0x56][0x78][0x01][0x5F]. Finally, the above data field to be transmitted and the CAN FD data frame structure are assembled to generate a target transmission message containing a message identifier of 0x100, and this target transmission message is sent to the receiving end.

[0093] Based on the above steps S141 to S142, a preset data frame structure is obtained, and then the preset data frame structure, the second data field, and the second encryption management byte are assembled to obtain the target transmission message. This ensures that the physical layout of the data field conforms to the CAN FD protocol specification, while accurately embedding the dynamically offset application data and the encrypted offset information into the specified byte position, thereby achieving the integrity and consistency of the message structure and providing a reliable data carrier for the subsequent receiving end to parse based on preset rules.

[0094] Figure 4 This is a flowchart of another data transmission method according to one embodiment of this application, such as... Figure 4 As shown, the method includes the following steps:

[0095] Step S41: Receive the target transmission message, wherein the target transmission message is generated based on the second data field and the second encryption management byte. The second data field is obtained by cyclically shifting the first data field based on the first random offset, the preset offset granularity, and the first preset offset direction. The first random offset is used to represent the dynamic offset during data transmission. The first data field is generated based on the data to be transmitted and the first encryption management byte. The first encryption management byte is used to store auxiliary management information during data transmission. The second encryption management byte is used to store ciphertext data. The ciphertext data is obtained by encrypting the first random offset using a preset key.

[0096] Step S42: Decrypt the target transmission message based on the preset key to obtain the second random offset;

[0097] Step S43: Based on the target transmission message, determine the third data field, wherein the third data field is the message data in the target transmission message excluding the second random offset;

[0098] Step S44: The third data field is cyclically shifted based on the second random offset, the preset offset granularity, and the second preset offset direction to obtain the fourth data field, wherein the second preset offset direction and the first preset offset direction are opposite directions.

[0099] Step S45: Perform data parsing on the fourth data field to obtain auxiliary management information and data to be transmitted.

[0100] Figure 5 This is a schematic diagram of another data transmission method according to one embodiment of this application, such as... Figure 5 As shown, after receiving the target transmission message, the receiving end first needs to perform a CRC low-level check, and after passing the CRC low-level check, decrypt the offset R, then perform a data reverse offset, and finally perform data parsing based on the data field after the reverse offset processing.

[0101] For example, assuming the received target transmission message has a message identifier of 0x100, which matches the message identifier of the target transmission message sent by the sender, the CRC check can be confirmed as passed. Then, the last byte of the target transmission message, 0x5F, can be extracted and decrypted using a preset key K_s. Assuming the decryption results in 0x13, the second random offset R' = 19 can be determined. Further, the target transmission message, i.e., the 6-byte data field [0x12][0x34][0x56][0x78][0x01][0x5F], can be reversed (i.e., circularly shifted right, with the last byte not participating in the shift) based on the second random offset. Since R' = 19, a circular right shift of 19 bytes is equivalent to a circular right shift of 1 byte. After the circular shift, the resulting fourth data field is: [0x01][0x12][0x34][0x56][0x78][0x5F]. Finally, the first byte [0x01] in the fourth data field can be verified using a predefined cyclic sequence number verification method. Meanwhile, the last byte [0x5F] is removed, and the remaining bytes [0x12][0x34][0x56][0x78] are the actual valid application data.

[0102] It should be noted that the cyclic shift processing in both the sending and receiving ends of this application does not apply to the bytes storing the ciphertext data; that is, the second encryption management byte does not participate in the cyclic shift processing. Furthermore, the values ​​in the above embodiments of this application are merely examples and do not constitute fixed settings for this application.

[0103] Based on steps S41 to S45 above, the target transmission message is received and decrypted based on a preset key to obtain a second random offset. Then, based on the target transmission message, a third data field is determined. Subsequently, the third data field is cyclically shifted based on the second random offset, a preset offset granularity, and a second preset offset direction to obtain a fourth data field. Finally, the fourth data field is parsed to obtain auxiliary management information and data to be transmitted. This accurately restores the original data field structure of the sending end, ensuring that only legitimate receiving nodes holding the correct key can successfully locate and parse valid application data and management information, thereby improving data transmission security.

[0104] Optionally, in step S42, the target transmission message is decrypted based on a preset key to obtain the second random offset, which includes:

[0105] Step S421: Decrypt the target transmission message based on the preset key to obtain the decryption result. The decryption result is used to determine the decryption status, which includes decryption success and decryption failure.

[0106] Step S422: The response determines the decryption status as successful based on the decryption result, and performs decryption processing on the target transmitted message based on the preset key to obtain the second random offset; or,

[0107] Step S423: Based on the decryption result, the response determines that the decryption status is decryption failure and that the target transmission message is an abnormal message.

[0108] Specifically, successful decryption indicates that the receiving end possesses the same preset key as the sending end, and the message has not been tampered with or forged. In this case, the encrypted embedded offset information can be securely extracted. Decryption failure indicates that the key does not match or the message has been tampered with. Subsequent processing should be terminated immediately to avoid performing offset restoration operations based on error information.

[0109] For example, when the receiving end receives a CAN FD message with ID 0x100, it can extract the ciphertext data 0x5F from the last byte of the data field and decrypt it using a preset key K_s. If the decryption result is 0x13, the decryption status is considered successful, indicating that the message source is legitimate and has not been tampered with. Then, based on this key, a second random offset R'=19 can be extracted for subsequent reverse offset restoration operations. If the decryption result is invalid (such as 0xFF, 0x00, or a random number outside the valid 8-bit range), or if an exception is thrown during the decryption process due to a key error, the decryption status is considered failed. The message should be immediately discarded, a security event recorded, and it identified as an abnormal message. No further data field offset or data parsing procedures will be performed.

[0110] Based on steps S421 to S423 above, the target transmission message is decrypted based on a preset key to obtain a decryption result. Then, if the decryption is successful, the target transmission message is decrypted again based on the preset key to obtain a second random offset. Or, if the decryption fails, the target transmission message is determined to be an abnormal message. Thus, only legitimate nodes are allowed to obtain the second random offset after successful decryption to perform subsequent data field reverse offset operations, thereby improving data transmission security.

[0111] Through the above description of the embodiments, those skilled in the art can clearly understand that the methods according to the above embodiments can be implemented by means of software plus necessary general-purpose hardware platforms. Of course, they can also be implemented by hardware, but in many cases the former is a better implementation method. Based on this understanding, the technical solution of this application, in essence, or the part that contributes to the prior art, can be embodied in the form of a software product. This computer software product is stored in a storage medium (such as ROM / RAM, magnetic disk, optical disk), and includes several instructions to cause a terminal device (which may be a mobile phone, computer, server, or network device, etc.) to execute the methods described in the various embodiments of this application.

[0112] This application also provides a data transmission device for implementing the above embodiments and preferred embodiments; details already described will not be repeated. As used below, the term "module" can refer to a combination of software and / or hardware that performs a predetermined function. Although the device described in the following embodiments is preferably implemented in software, hardware implementation, or a combination of software and hardware, is also possible and contemplated.

[0113] Figure 6 This is a structural block diagram of a data transmission apparatus according to one embodiment of this application, such as... Figure 6 As shown, the device includes:

[0114] The first acquisition module 601 is used to acquire the data to be transmitted, the first random offset, the first encryption management byte, and the second encryption management byte. The first random offset is used to represent the dynamic offset during the data transmission process, the first encryption management byte is used to store auxiliary management information during the data transmission process, and the second encryption management byte is used to store ciphertext data. The ciphertext data is obtained by encrypting the first random offset using a preset key.

[0115] The first generation module 602 is used to generate a first data field based on the data to be transmitted and the first encrypted management byte;

[0116] The first processing module 603 is used to perform cyclic shifting processing on the first data field based on the first random offset, the preset offset granularity and the first preset offset direction to obtain the second data field.

[0117] The second generation module 604 is used to generate a target transmission message based on the second data field and the second encryption management byte, and to send the target transmission message to the receiving end.

[0118] Optionally, the length of the data to be transmitted is less than or equal to a preset length threshold, the first random offset is greater than or equal to a first preset value, and the first random offset is less than a second preset value.

[0119] Optionally, the first processing module 603 is further configured to: determine a preset offset method based on a preset offset granularity, wherein the preset offset method is used to determine the offset step size corresponding to the cyclic shift processing; and perform cyclic shift processing on the first data field based on the first random offset, the preset offset method, and the first preset offset direction to obtain the second data field.

[0120] Optionally, the preset offset granularity includes: a first preset offset granularity and a second preset offset granularity, and the preset offset mode includes: a byte offset mode and a bit offset mode. The first processing module 603 is further configured to: determine the preset offset mode as a byte offset mode in response to the preset offset granularity being the first preset offset granularity; or, determine the preset offset mode as a bit offset mode in response to the preset offset granularity being the second preset offset granularity, wherein the offset step size corresponding to the bit offset mode is smaller than the offset step size corresponding to the byte offset mode.

[0121] Optionally, the second generation module 604 is further configured to: obtain a preset data frame structure, wherein the preset data frame structure includes at least: a frame start bit, an arbitration field, a control field, a check field, and an acknowledgment field; and assemble the preset data frame structure, the second data field, and the second encryption management byte to obtain the target transmission message.

[0122] Figure 7 This is a structural block diagram of another data transmission device according to one embodiment of this application, such as... Figure 7 As shown, the device includes:

[0123] The receiving module 701 is used to receive a target transmission message, wherein the target transmission message is generated based on a second data field and a second encryption management byte. The second data field is obtained by cyclically shifting the first data field based on a first random offset, a preset offset granularity, and a first preset offset direction. The first random offset is used to represent the dynamic offset during data transmission. The first data field is generated based on the data to be transmitted and the first encryption management byte. The first encryption management byte is used to store auxiliary management information during data transmission. The second encryption byte is used to store ciphertext data. The ciphertext data is obtained by encrypting the first random offset using a preset key.

[0124] The second processing module 702 is used to decrypt the target transmission message based on a preset key to obtain a second random offset.

[0125] The determining module 703 is used to determine the third data field based on the target transmission message, wherein the third data field is the message data in the target transmission message excluding the second random offset;

[0126] The third processing module 704 is used to perform cyclic shifting processing on the third data field based on the second random offset, the preset offset granularity, and the second preset offset direction to obtain the fourth data field, wherein the second preset offset direction and the first preset offset direction are opposite directions;

[0127] The parsing module 705 is used to parse the fourth data field to obtain auxiliary management information and data to be transmitted.

[0128] Optionally, the second processing module 702 is further configured to: decrypt the target transmission message based on a preset key to obtain a decryption result, wherein the decryption result is used to determine the decryption status, including decryption success and decryption failure; respond to determine the decryption status as decryption success based on the decryption result, decrypt the target transmission message based on the preset key to obtain a second random offset; or, respond to determine the decryption status as decryption failure based on the decryption result, and determine the target transmission message as an abnormal message.

[0129] It should be noted that the above modules can be implemented by software or hardware. For the latter, they can be implemented in the following ways, but are not limited to: all the above modules are located in the same processor; or, the above modules are located in different processors in any combination.

[0130] According to another aspect of the embodiments of this application, a vehicle is also provided, including: a processor; a memory for storing processor-executable instructions; wherein the processor is configured to execute instructions to implement the data transmission method in the embodiments of this application.

[0131] Optionally, in this embodiment, the processor can be configured to perform the following steps via a computer program:

[0132] Step S11: Obtain the data to be transmitted, the first random offset, the first encryption management byte, and the second encryption management byte. The first random offset is used to represent the dynamic offset during data transmission. The first encryption management byte is used to store auxiliary management information during data transmission. The second encryption management byte is used to store ciphertext data. The ciphertext data is obtained by encrypting the first random offset using a preset key.

[0133] Step S12: Generate a first data field based on the data to be transmitted and the first encryption management byte;

[0134] Step S13: Perform cyclic shifting on the first data field based on the first random offset, the preset offset granularity, and the first preset offset direction to obtain the second data field;

[0135] Step S14: Based on the second data field and the second encryption management byte, generate the target transmission message and send the target transmission message to the receiving end.

[0136] According to another aspect of the embodiments of this application, a computer-readable storage medium is also provided, the computer-readable storage medium including a stored executable program, wherein, when the executable program is running, it controls the device where the storage medium is located to execute the data transmission method of the embodiments of this application.

[0137] Optionally, in this embodiment, the storage medium may be configured to store a computer program for performing the following steps:

[0138] Step S11: Obtain the data to be transmitted, the first random offset, the first encryption management byte, and the second encryption management byte. The first random offset is used to represent the dynamic offset during data transmission. The first encryption management byte is used to store auxiliary management information during data transmission. The second encryption management byte is used to store ciphertext data. The ciphertext data is obtained by encrypting the first random offset using a preset key.

[0139] Step S12: Generate a first data field based on the data to be transmitted and the first encryption management byte;

[0140] Step S13: Perform cyclic shifting on the first data field based on the first random offset, the preset offset granularity, and the first preset offset direction to obtain the second data field;

[0141] Step S14: Based on the second data field and the second encryption management byte, generate the target transmission message and send the target transmission message to the receiving end.

[0142] Optionally, in this embodiment, the storage medium may include, but is not limited to, various media capable of storing computer programs, such as USB flash drives, read-only memory (ROM), random access memory (RAM), portable hard drives, magnetic disks, or optical disks.

[0143] According to another aspect of the embodiments of this application, a computer program product is also provided, the computer program product including computer instructions, which, when executed by a processor, implement the data transmission method in the embodiments of this application.

[0144] Optionally, in this embodiment, the above-mentioned computer program product can be configured as a computer program that performs the following steps:

[0145] Step S11: Obtain the data to be transmitted, the first random offset, the first encryption management byte, and the second encryption management byte. The first random offset is used to represent the dynamic offset during data transmission. The first encryption management byte is used to store auxiliary management information during data transmission. The second encryption management byte is used to store ciphertext data. The ciphertext data is obtained by encrypting the first random offset using a preset key.

[0146] Step S12: Generate a first data field based on the data to be transmitted and the first encryption management byte;

[0147] Step S13: Perform cyclic shifting on the first data field based on the first random offset, the preset offset granularity, and the first preset offset direction to obtain the second data field;

[0148] Step S14: Based on the second data field and the second encryption management byte, generate the target transmission message and send the target transmission message to the receiving end.

[0149] The sequence numbers of the embodiments in this application are for descriptive purposes only and do not represent the superiority or inferiority of the embodiments.

[0150] In the above embodiments of this application, the descriptions of each embodiment have different focuses. For parts not described in detail in a certain embodiment, please refer to the relevant descriptions of other embodiments.

[0151] In the several embodiments provided in this application, it should be understood that the disclosed technical content can be implemented in other ways. The device embodiments described above are merely illustrative; for example, the division of units can be a logical functional division, and in actual implementation, there may be other division methods. For instance, multiple units or components may be combined or integrated into another system, or some features may be ignored or not executed. Furthermore, the displayed or discussed mutual coupling, direct coupling, or communication connection may be through some interfaces; the indirect coupling or communication connection between units or modules may be electrical or other forms.

[0152] The units described as separate components may or may not be physically separate. The components shown as units may or may not be physical units; that is, they may be located in one place or distributed across multiple units. Some or all of the units can be selected to achieve the purpose of this embodiment according to actual needs.

[0153] Furthermore, the functional units in the various embodiments of this application can be integrated into one processing unit, or each unit can exist physically separately, or two or more units can be integrated into one unit. The integrated unit can be implemented in hardware or as a software functional unit.

[0154] If the integrated unit is implemented as a software functional unit and sold or used as an independent product, it can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of this application, in essence, or the part that contributes to the prior art, or all or part of the technical solution, can be embodied in the form of a software product. This computer software product is stored in a storage medium and includes several instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of this application. The aforementioned storage medium includes various media capable of storing program code, such as USB flash drives, read-only memory (ROM), random access memory (RAM), portable hard drives, magnetic disks, or optical disks.

[0155] The above description is only a preferred embodiment of this application. It should be noted that for those skilled in the art, several improvements and modifications can be made without departing from the principle of this application, and these improvements and modifications should also be considered within the scope of protection of this application.

Claims

1. A data transmission method, characterized in that, include: The system acquires the data to be transmitted, a first random offset, a first encryption management byte, and a second encryption management byte. The first random offset represents the dynamic offset during data transmission, the first encryption management byte stores auxiliary management information during data transmission, and the second encryption management byte stores ciphertext data. The ciphertext data is obtained by encrypting the first random offset using a preset key. A first data field is generated based on the data to be transmitted and the first encrypted management byte; Based on the first random offset, the preset offset granularity, and the first preset offset direction, the first data field is cyclically shifted to obtain the second data field. Based on the second data field and the second encryption management byte, a target transmission message is generated, and the target transmission message is sent to the receiving end.

2. The method according to claim 1, characterized in that, The length of the data to be transmitted is less than or equal to a preset length threshold, the first random offset is greater than or equal to a first preset value, and the first random offset is less than a second preset value.

3. The method according to claim 1, characterized in that, The step of performing a cyclic shift process on the first data field based on the first random offset, a preset offset granularity, and a first preset offset direction to obtain the second data field includes: Based on the preset offset granularity, a preset offset method is determined, wherein the preset offset method is used to determine the offset step size corresponding to the cyclic shift process; The first data field is cyclically shifted based on the first random offset, the preset offset method, and the first preset offset direction to obtain the second data field.

4. The method according to claim 3, characterized in that, The preset offset granularity includes: a first preset offset granularity and a second preset offset granularity; the preset offset method includes: a byte offset method and a bit offset method; and determining the preset offset method based on the preset offset granularity includes: In response to the preset offset granularity being the first preset offset granularity, the preset offset mode is determined to be the byte offset mode; or, In response to the preset offset granularity being the second preset offset granularity, the preset offset mode is determined to be the bit offset mode, wherein the offset step size corresponding to the bit offset mode is less than the offset step size corresponding to the byte offset mode.

5. The method according to claim 1, characterized in that, The generation of the target transmission message based on the second data field and the second encryption management byte includes: Obtain a preset data frame structure, wherein the preset data frame structure includes at least: a frame start bit, an arbitration field, a control field, a check field, and an acknowledgment field; The target transmission message is obtained by assembling the preset data frame structure, the second data field, and the second encryption management byte.

6. A data transmission method, characterized in that, include: A target transmission message is received, wherein the target transmission message is generated based on a second data field and a second encryption management byte. The second data field is obtained by cyclically shifting the first data field based on a first random offset, a preset offset granularity, and a first preset offset direction. The first random offset is used to represent the dynamic offset during data transmission. The first data field is generated based on the data to be transmitted and the first encryption management byte. The first encryption management byte is used to store auxiliary management information during data transmission. The second encryption management byte is used to store ciphertext data. The ciphertext data is obtained by encrypting the first random offset using a preset key. The target transmission message is decrypted based on the preset key to obtain a second random offset. Based on the target transmission message, a third data field is determined, wherein the third data field is the message data in the target transmission message excluding the second random offset; The third data field is cyclically shifted based on the second random offset, the preset offset granularity, and the second preset offset direction to obtain a fourth data field, wherein the second preset offset direction and the first preset offset direction are opposite directions; The fourth data field is parsed to obtain the auxiliary management information and the data to be transmitted.

7. The method according to claim 6, characterized in that, The step of decrypting the target transmission message based on the preset key to obtain the second random offset includes: The target transmission message is decrypted based on the preset key to obtain a decryption result, wherein the decryption result is used to determine the decryption status, and the decryption status includes decryption success and decryption failure; The response determines the decryption status as successful based on the decryption result, and performs decryption processing on the target transmission message based on the preset key to obtain the second random offset; or, The response determines the decryption status as decryption failure based on the decryption result and identifies the target transmission message as an abnormal message.

8. A vehicle, characterized in that, include: processor; Memory used to store the processor's executable instructions; The processor is configured to execute the instructions to implement the method of any one of claims 1 to 7.

9. A computer-readable storage medium, characterized in that, The computer-readable storage medium includes a stored executable program, wherein, when the executable program is executed, it controls the device on which the storage medium is located to perform the method according to any one of claims 1 to 7.

10. A computer program product, characterized in that, The computer program product includes computer instructions that, when executed by a processor, implement the method described in any one of claims 1 to 7.