CN117270903A - Vehicle-mounted application updating method, device, equipment and computer readable storage medium - Google Patents

Abstract

The application discloses a vehicle-mounted application updating method, device and equipment and a computer-readable storage medium. Specifically, the equipment certificate of the local equipment is obtained, and the equipment certificate is sent to the target vehicle for authentication; if a vehicle certificate fed back by the target vehicle after passing the equipment certificate authentication is received, the vehicle certificate is sent to a server, and the vehicle certificate is used for the server to perform validity authentication; verifying the vehicle signature information of the target vehicle under the condition that the server passes the legal authentication of the vehicle certificate; under the condition that the verification of the vehicle signature information is passed, an application upgrading packet is obtained, wherein the application upgrading packet carries the signature information of a developer and the signature information of a server; and transmitting the application upgrading packet to the target vehicle, wherein the application upgrading packet is used for updating the vehicle-mounted application after signature information verification of the target vehicle. Therefore, the application upgrade package is downloaded and installed in compliance, so that the vehicle-mounted application is upgraded and updated, and the information security of a vehicle user is ensured.

Description

Vehicle application update method, device, equipment and computer-readable storage medium

Technical field

The present application relates to the field of computer technology, and specifically to a vehicle application update method, device, equipment and computer-readable storage medium.

Background technique

With the development of vehicle electronic information technology, the automotive industry has launched a variety of vehicle application software, such as software packages corresponding to vehicle hardware such as audio management, instrument panels, and direction light controls, as well as additional functions such as music, video, and maps. Software packages, the introduction of these vehicle application software can improve the quality of vehicles. In order to facilitate the installation and update of vehicle application file packages, related technologies enable remote diagnosis, control, over-the-air technology (OTA) and other services for the on-board software in the corresponding vehicle through the Internet of Vehicles, improving the efficiency of vehicle application software. Upgrade efficiency.

However, although related technologies can enable the installation and update of application file packages, current vehicle software packages have non-compliant installation and updates, leading to malicious entry of non-compliant software, which can easily lead to the leakage of user information. The information security of vehicle users is reduced.

Contents of the invention

Embodiments of the present application provide a vehicle-mounted application update method, device, equipment and computer-readable storage medium, which can upgrade and update vehicle-mounted applications through the compliant download and installation of vehicle-mounted application upgrade packages, and strengthen the management of application upgrade packages. , to ensure the information security of vehicle users.

The embodiment of the present application provides a vehicle application update method, which is applied to diagnostic equipment, including:

Obtain the device certificate of the local device and send the device certificate to the target vehicle for authentication;

If the vehicle certificate fed back by the target vehicle after passing the device certificate authentication is received, the vehicle certificate is sent to the server, so that the server performs legality verification on the vehicle certificate through the public key management end;

When it is detected that the server has passed the legality authentication of the vehicle certificate, verify the vehicle signature information of the target vehicle;

When it is detected that the verification of the vehicle signature information is passed, download the signature-processed application upgrade package of the server;

The application upgrade package is transmitted to the target vehicle, so that the target vehicle updates the vehicle-mounted application after verifying the signature information of the application upgrade package.

Correspondingly, embodiments of the present application provide a vehicle-mounted application update device, which is applied to diagnostic equipment, including:

An acquisition unit configured to obtain the device certificate of the local device and send the device certificate to the target vehicle for authentication;

A sending unit configured to send the vehicle certificate to the server if the vehicle certificate fed back by the target vehicle after passing the device certificate authentication is received, and the vehicle certificate is used by the server for legality authentication;

A verification unit configured to verify the vehicle signature information of the target vehicle when the server passes the legality certification of the vehicle certificate;

A download unit, configured to obtain an application upgrade package when the verification of the vehicle signature information passes, where the application upgrade package carries the signature information of the developer and the signature information of the server;

A transmission unit, configured to transmit the application upgrade package to the target vehicle, where the application upgrade package is used by the target vehicle to update the vehicle-mounted application after verifying the signature information.

In some implementations, the vehicle-mounted application updating device further includes a login unit for:

Obtain logged-in management account information;

The obtaining unit is configured to obtain the device certificate of the local device from the server if the verification of the management account information is passed.

In some embodiments, the verification unit is also used to:

Obtain vehicle signature information from the target vehicle and read the vehicle public key corresponding to the vehicle certificate;

Calculate the summary information to be confirmed of the target vehicle through a hash algorithm, and encrypt the summary information to be confirmed according to the vehicle public key to obtain the vehicle signature information to be confirmed;

If the vehicle signature information is consistent with the vehicle signature information to be confirmed, it is determined that the verification of the vehicle signature information is passed;

If the vehicle signature information is inconsistent with the vehicle signature information to be confirmed, it is determined that the verification of the vehicle signature information fails.

Correspondingly, the embodiment of the present application also provides a vehicle application update method, which is applied to the server and includes:

in response to a device certificate acquisition request sent by the diagnostic device, transmitting the device certificate to the diagnostic device;

Receive the vehicle certificate authentication request sent by the diagnostic device, and perform legality authentication on the vehicle certificate, wherein the vehicle certificate is fed back to the diagnostic device after the target vehicle passes the device certificate authentication;

If the legality authentication of the vehicle certificate passes, the verification result of the legality authentication of the vehicle certificate is fed back to the diagnostic device, so that the diagnostic device passes the verification of the vehicle signature information of the target vehicle. The downloaded application upgrade package is then transmitted to the target vehicle for in-vehicle application update.

Correspondingly, embodiments of the present application also provide a vehicle-mounted application update device, which is applied to a server and includes:

a transmission unit configured to transmit the device certificate to the diagnostic device in response to a device certificate acquisition request sent by the diagnostic device;

An authentication unit, configured to receive a vehicle certificate authentication request sent by the diagnostic device, and perform legality authentication on the vehicle certificate, wherein the vehicle certificate is fed back to the diagnostic device after the target vehicle passes the authentication of the device certificate. ;

A feedback unit configured to, if the legality authentication of the vehicle certificate passes, feed back the verification result of the legality authentication of the vehicle certificate to the diagnostic device, so that the diagnostic device performs the verification on the target vehicle. After the vehicle signature information is verified, the downloaded application upgrade package is transmitted to the target vehicle for vehicle-mounted application update. The application upgrade package carries the signature information of the developer and the signature information of the server.

In some embodiments, the authentication unit is also used to:

The vehicle certificate is transmitted to the public key management end, so that the public key management end verifies the validity of the certificate on the vehicle certificate.

In some embodiments, the vehicle-mounted application updating device further includes a signature confirmation unit, used for:

Receive an application package encryption request sent by the application package management server, where the application package encryption request carries an application file package to be encrypted;

Encrypt and sign the application file package to be encrypted to obtain file signature data;

The file signature data is fed back to the application package management server, so that the application package management server packages and generates an application upgrade package based on the file signature data and the signature certificate.

In some embodiments, the signature verification unit is also used to:

Encrypt the application file package to be encrypted, and generate a corresponding file hash value based on the encrypted file package obtained by the encryption process;

Encoding the file hash value to obtain hash-encoded data;

The hash coded data is sent to the public key management terminal for signature processing, and the file signature data fed back by the public key management terminal is obtained.

In some embodiments, the signature verification unit is also used to:

Obtain the signature certificate corresponding to the application file package, and determine the interface data format corresponding to the public key management end based on the signature certificate;

Convert the hash-encoded data into target hash data according to the interface data format;

The target hash data is sent to the public key management terminal for signature processing.

In addition, embodiments of the present application also provide a computer device, including a processor and a memory. The memory stores a computer program. The processor is configured to run the computer program in the memory to implement any of the methods provided by the embodiments of the present application. Steps in the car app update method.

In addition, embodiments of the present application also provide a computer-readable storage medium that stores a plurality of instructions, and the instructions are suitable for loading by the processor to execute any of the instructions provided by the embodiments of the present application. Steps in an in-vehicle application update method.

In addition, embodiments of the present application further provide a computer program product, including computer instructions, which when executed, implement steps in any of the vehicle-mounted application update methods provided by embodiments of the present application.

This application embodiment can obtain the device certificate of the local device and send the device certificate to the target vehicle for authentication; if the vehicle certificate fed back by the target vehicle after passing the device certificate authentication is received, the vehicle certificate is sent to the server. The vehicle certificate is Perform legality authentication on the server; if the server passes the legality authentication of the vehicle certificate, verify the vehicle signature information of the target vehicle; if the verification of the vehicle signature information passes, obtain the application upgrade package, and apply the upgrade The package carries the signature information of the developer and the signature information of the server; the application upgrade package is transmitted to the target vehicle, and the application upgrade package is used by the target vehicle to verify the signature information and then update the in-vehicle application. It can be seen that the diagnostic equipment of this solution can send the local device certificate to the vehicle for authentication, and send the obtained vehicle certificate to the server for remote authentication to achieve three-party authentication between the diagnostic equipment, vehicle and server to complete Legality verification improves the credibility of the diagnostic device, and then downloads the application upgrade package that has been signed by the server through the diagnostic device, and transmits the downloaded application upgrade package to the target vehicle through the diagnostic device to update the in-vehicle application; , the diagnostic equipment that has passed the third-party verification can be used to download and install the application upgrade package in compliance with regulations, and upgrade and update the in-vehicle application, strengthen the management of the application upgrade package, effectively avoid the leakage of user information, and ensure the information security of vehicle users. .

Description of the drawings

In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments will be briefly introduced below. Obviously, the drawings in the following description are only some embodiments of the present application. For those skilled in the art, other drawings can also be obtained based on these drawings without exerting creative efforts.

Figure 1 is a schematic scene diagram of a vehicle-mounted application update system provided by an embodiment of the present application;

Figure 2 is a schematic flow chart of the steps of the vehicle application update method provided by the embodiment of the present application;

Figure 3 is a schematic flowchart of another step of the vehicle application update method provided by the embodiment of the present application;

Figure 4 is an architectural schematic diagram of a vehicle application update scenario provided by an embodiment of the present application;

Figure 5 is a schematic diagram of an on-vehicle application update scenario of a vehicle provided by an embodiment of the present application;

Figure 6 is a sequence diagram of the authentication scenario between the diagnostic device, the server and the vehicle provided by the embodiment of the present application;

Figure 7 is a scenario sequence diagram of the secondary signature of the application upgrade package provided by the embodiment of the present application;

Figure 8 is a first structural schematic diagram of a vehicle-mounted application update device provided by an embodiment of the present application;

Figure 9 is a second structural schematic diagram of a vehicle-mounted application update device provided by an embodiment of the present application;

Figure 10 is a schematic structural diagram of a computer device provided by an embodiment of the present application.

Detailed ways

The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application. Obviously, the described embodiments are only some of the embodiments of the present application, rather than all of the embodiments. Based on the embodiments in this application, all other embodiments obtained by those skilled in the art without making creative efforts fall within the scope of protection of this application.

Embodiments of the present application provide a vehicle application updating method, device, equipment and computer-readable storage medium. Specifically, the embodiments of the present application will be described from the perspective of a vehicle-mounted application update device. The vehicle-mounted application update device may be integrated in a computer device. The computer device may be a server or a user terminal or other equipment. Among them, the server can be an independent physical server, or a server cluster or distributed system composed of multiple physical servers, or it can provide cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud Cloud servers for basic cloud computing services such as communications, middleware services, domain name services, security services, CDN, and big data and artificial intelligence platforms. Among them, the user terminal can be a smartphone, a tablet computer, a notebook computer, a desktop computer, a smart speaker, a smart watch, a smart home appliance, a vehicle-mounted terminal, an intelligent voice interaction device, an aircraft, a vehicle diagnostic equipment, etc., but is not limited thereto.

The vehicle application update method provided by the embodiment of the present application can be applied to various vehicle application upgrade and update scenarios, including but not limited to vehicle application update scenarios such as local upgrade and remote upgrade of vehicle applications. These application scenarios are not limited to It is implemented through cloud services, cloud computing, etc., and is specifically explained through the following examples:

For example, see Figure 1, which is a schematic diagram of a vehicle-mounted application update system provided by an embodiment of the present application. The vehicle application update system in this embodiment may include a terminal, a server and a target vehicle.

The terminal may be a diagnostic device of the vehicle, and the diagnostic device may be installed with a client to interact with the server through data, or the diagnostic device may interact with the server through a network page. Specifically, the terminal can obtain the device certificate of the local device and send the device certificate to the target vehicle for authentication; if it receives the vehicle certificate fed back by the target vehicle after passing the device certificate authentication, the vehicle certificate is sent to the server, and the vehicle certificate It is used for server to perform legality authentication; when the server passes the legality authentication of the vehicle certificate, it verifies the vehicle signature information of the target vehicle; when the verification of the vehicle signature information passes, it obtains the application upgrade package and applies The upgrade package carries the signature information of the developer and the signature information of the server; the application upgrade package is transmitted to the target vehicle, and the application upgrade package is used in the target vehicle to verify the signature information and then update the in-vehicle application.

Among them, the vehicle application update process may include completing the legality authentication between the diagnostic device and the target vehicle, completing the legality authentication between the diagnostic device and the server, downloading the application upgrade package by the diagnostic device, and transmitting the application upgrade package to the target vehicle by the diagnostic device. Perform application upgrades, etc.

Each is explained in detail below. It should be noted that the order of the following examples does not limit the preferred order of the examples.

In this embodiment of the present application, description will be made from the perspective of a vehicle-mounted application updating device, which may be integrated in a computer device such as a terminal. Referring to Figure 2, Figure 2 is a schematic flowchart of the steps of a vehicle-mounted application update method provided by an embodiment of the present application. In this embodiment of the present application, a vehicle-mounted application update device is specifically integrated on a terminal as an example. The processor on the terminal executes the vehicle-mounted application update. When specifying the program instructions corresponding to the method, the specific process is as follows:

101. Obtain the device certificate of the local device and send the device certificate to the target vehicle for authentication.

In the embodiment of this application, in order to compliantly and securely upgrade the application software in the vehicle to prevent illegal applications from stealing the vehicle user's information, it is necessary to perform security management on the download and installation of the upgrade file package of the application software. In order to ensure the safety and compliance upgrade of in-vehicle applications, the embodiment of this application first completes the security verification between the diagnostic device, the target vehicle and the server respectively to determine the legality of the diagnostic device and the legality of the target vehicle, and after completing the legality After verification, the upgrade file package of the target vehicle's application software is downloaded through the diagnostic device and transferred to the target vehicle for updating the software application.

It should be noted that when the embodiment of the present application performs legality verification on the diagnostic device and the target vehicle, the legality verification can be implemented through certificate verification, for example, through the local device certificate of the diagnostic device and the vehicle certificate of the vehicle. To complete the relevant verification process of legality verification.

Among them, the local device refers to the execution subject of the embodiment of the present application, which can be understood as an application management device. For example, in the scenario of a vehicle, the local device can be a diagnostic device, used to complete its own legality verification and to respond to needs. Managed vehicles are verified for legality, and are also used to upgrade application software for vehicles that pass legality verification.

The device certificate may be the aforementioned digital signature certificate of the diagnostic device, which may include signature information of the diagnostic device, device public key information, etc. Optionally, the device certificate can be generated and issued by the server by requesting the Public Key Infrastructure (PKI) and the Certification Authority (CA). It is understandable that different devices, vehicles, or any individual, Its certificate is inconsistent and independent.

It should be noted that in order to improve the compliance and security management of vehicle application software, you can log in to the diagnostic device through a management account, so that the diagnostic device can obtain any subsequent operation permissions, and at the same time, the download, installation, and Any operations such as deletion are traceable. Specifically, relevant managers can request to register the management account of the diagnostic device by requesting the server. For example, the car owner or car maintenance personnel can request to register a management account information from the target vehicle's information security certification (automobile manufacturer's) server, so that they can subsequently pass the Manage the account information to log in to the diagnostic device so that the diagnostic device that has obtained the operating authority can perform legality verification and vehicle application upgrades and updates to improve the compliance and security of the vehicle application.

In some embodiments, in order to make the business operations of the diagnostic device traceable and improve the compliance of vehicle-mounted application upgrades and updates, before step 101, it may also include: obtaining logged-in management account information. Further, step 101 may include: if the verification of the management account information passes, obtaining the device certificate of the local device from the server.

Specifically, the diagnostic device can detect the management account information logged into the device in real time, and perform information login authentication on the management account information. When the diagnostic device logs in the currently logged in management account information through local account information database authentication or remote authentication When the information verification is passed, it is determined that the management account information currently logged in to the diagnostic device is legal, and the management account information is allowed to successfully log in to the local device. Furthermore, when it is detected that the user triggers a legality authentication instruction based on the current management account information, the diagnostic device can Request the server to obtain the device certificate of the local device. It should be noted that when a client for managing vehicle application software is installed on the diagnostic device, the device certificate can be stored in the client. At this time, the diagnostic device can directly obtain the device certificate from the client. The above is only Examples are not intended to limit the implementation of this embodiment.

Thereafter, after the diagnostic device obtains the local device certificate, it can send the device certificate to the target vehicle for verification. This process can verify the legality or safety of the diagnostic device for the target vehicle. Specifically, the target vehicle can verify the legitimacy of the diagnostic device based on the device certificate. When the target vehicle can pass the legitimacy verification of the diagnostic device based on the device certificate, it means that the device certificate was originally information associated with the target vehicle. The security certification (car manufacturer's) server issues it, and the diagnostic device is certified by the information security certification (car manufacturer's) server and is a trusted terminal device. Then the target vehicle assigns a trusted status to the diagnostic device that has passed the device certificate certification. In order to subsequently send the vehicle certificate of the target vehicle to the diagnostic device to verify the legality of the vehicle.

When the target vehicle verifies the device certificate, it can generate the device signature information to be verified based on the device public key information of the device certificate, and compare the device signature information to be verified with the device signature information corresponding to the device certificate. When the device signature information to be verified is consistent with the device signature information corresponding to the device certificate, it is determined that the target vehicle has passed the legality check of the device certificate; otherwise, it is determined that the target vehicle has failed the legality check of the device certificate.

Through the above method, the legality verification of the diagnostic device by the target vehicle can be completed, making the target vehicle trustworthy to the diagnostic device, and granting the diagnostic device permission to download, install, delete and other operations on the target vehicle's application software, which is conducive to the The application software in the vehicle is upgraded and updated compliantly and safely to ensure the security of user information.

102. If the vehicle certificate returned by the target vehicle after passing the device certificate authentication is received, the vehicle certificate is sent to the server, and the vehicle certificate is used by the server for legality authentication.

It should be noted that when the target vehicle passes the device certificate authentication of the diagnostic device, the legality verification between the diagnostic device and the target vehicle is completed. At this time, the target vehicle is trustworthy to the diagnostic device. After receiving the When the diagnostic device sends a vehicle certificate acquisition request, it can send its own vehicle certificate to the diagnostic device, or the target vehicle actively sends its own vehicle certificate to the diagnostic device after completing the legality verification of the diagnostic device, so that the diagnostic device can obtain the vehicle certificate according to the vehicle certificate. Conduct legality verification on the target vehicle to complete two-way authentication between the diagnostic device and the target vehicle, which will help improve the subsequent compliance and security management of the vehicle's application software, effectively avoid the leakage of user information, and ensure the security of user information Safety.

The vehicle certificate may be a digital signature certificate of the target vehicle, which may include signature information of the target vehicle, vehicle public key information, etc. Optionally, the vehicle certificate can be generated and issued by a server (vehicle manufacturer's) requesting the public key infrastructure (Public Key Infrastructure, PKI) and authoritative public authority (Certification Authority, CA) system.

Among them, the public key management end refers to a joint system between the Public Key Infrastructure (PKI) and the Certification Authority (CA). Specifically, the public key management end is established by public key theory and technology. Specifically, it can be composed of basic components such as authoritative certification authority (CA), digital certificate library, key backup and recovery system, certificate invalidation system, application interface (API), etc., which are used to provide information security services and provide diagnostic equipment for Internet communications. Information security for vehicles, etc. provides identity authentication, non-repudiation and confidentiality. Among them, the public key management end can include encryption, digital signature, data integrity mechanism, digital envelope, double digital signature, etc.

Specifically, after the target vehicle performs legality verification on the device certificate, it indicates that it trusts the diagnostic device. The target vehicle can send its own vehicle certificate to the diagnostic device. At this time, after receiving the vehicle certificate, the diagnostic device can Verify the legality of the target vehicle. When verifying the legality of the target vehicle, the vehicle legality verification can be achieved by requesting the server to verify the vehicle certificate. For example, after obtaining the vehicle certificate of the target vehicle, the diagnostic device can send the vehicle certificate to the server. The server is used to verify the legality of the vehicle certificate, and the verification result of the vehicle certificate is fed back to the diagnostic device. For example, the verification result of the legality authentication of the vehicle certificate is fed back to the diagnostic device, or the verification result of the vehicle certificate is fed back to the diagnostic device. The verification results that fail the legality authentication are fed back to the diagnostic device so that the diagnostic device can continue to complete the legality verification process.

It should be noted that when the server authenticates the legality of the vehicle certificate requested by the diagnostic device, it can transmit the received vehicle certificate to the public key management end (Public Key Infrastructure, PKI). The public key management end receives the vehicle certificate. After the certificate is issued, the vehicle signature information to be verified is generated based on the summary information of the vehicle certificate and the vehicle public key information, and the vehicle signature information to be verified is compared with the vehicle signature information corresponding to the vehicle certificate. If the vehicle signature information is verified and the vehicle certificate is If the corresponding vehicle signature information is consistent, it means that the legality verification of the vehicle certificate is passed. On the contrary, if the verification vehicle signature information is inconsistent with the vehicle signature information corresponding to the vehicle certificate, it means that the legality verification of the vehicle certificate is not passed; further , the public key management end returns the verification result to the server, and the server then feeds back the validity verification result of the vehicle certificate to the diagnostic device.

Through the above method, when the diagnostic device receives the vehicle certificate fed back by the target vehicle after passing the device certificate authentication, it can send the vehicle certificate to the server. Since the target vehicle can be issued by the server (car manufacturer's) before leaving the factory, therefore, The legality of the vehicle certificate can be verified through the server to obtain the legality verification result of the vehicle certificate. At this point, the verification of the vehicle's legality is achieved, and the target vehicles are trustworthy for the diagnostic equipment, so that subsequent diagnosis can be passed The device manages the compliance and security of vehicle application software, effectively avoiding leakage of user information and ensuring the security of user information.

103. When the server passes the legality authentication of the vehicle certificate, verify the vehicle signature information of the target vehicle.

In the embodiment of this application, after the server authenticates the legality of the vehicle certificate, it will feedback the verification result to the diagnostic device. When the verification result indicates that the legality authentication of the vehicle certificate has passed, in addition, the verification result may also include the server returning The public key management end verifies the target signature information of the vehicle certificate. At this time, the diagnostic device can also verify the target signature information, which is not limited here. Further, after receiving the server instruction to pass the legality authentication of the vehicle certificate and/or after passing the verification of the target signature information, the diagnostic device can verify the vehicle signature information calculated by the target vehicle itself in order to complete the diagnosis. Two-way authentication between device and target vehicle.

In some embodiments, after the diagnostic device obtains the verification result of the server passing the legality authentication of the vehicle certificate, in order to improve information security, the diagnostic device itself can also verify the signature information of the vehicle. Specifically, "verify the vehicle signature information of the target vehicle" in step 103 may include: obtaining the vehicle signature information from the target vehicle, and reading the vehicle public key corresponding to the vehicle certificate; calculating the target vehicle's signature information through a hash algorithm. The summary information to be confirmed is encrypted according to the vehicle public key to obtain the vehicle signature information to be confirmed; if the vehicle signature information is consistent with the vehicle signature information to be confirmed, it is determined that the verification of the vehicle signature information has passed; if the vehicle signature information If it is inconsistent with the vehicle signature information to be confirmed, it is determined that the verification of the vehicle signature information has failed.

Through the above method, three-party authentication between the diagnostic device, the target vehicle and the cloud information security authentication server can be achieved, so that the target vehicle and the diagnostic device trust each other, and the certification on the server side ensures the credibility of the diagnostic device. This ensures that subsequent in-vehicle applications can be updated and upgraded in compliance with regulations, safely and with reliability.

104. When the verification of the vehicle signature information passes, obtain the application upgrade package. The application upgrade package carries the developer's signature information and the server's signature information.

In the embodiment of this application, after complete two-way mutual authentication between the diagnostic device and the target vehicle, the security of the diagnostic device and the target vehicle can be ensured. At this time, in order to safely upgrade the vehicle application, the diagnostic device can be used to Download the corresponding application upgrade package to assist in upgrading the target vehicle's on-board application through diagnostic equipment.

It should be noted that the application upgrade package is signed and authenticated by an information security certified (automobile manufacturer or OEM) server, and it carries the developer's signature information and the server's signature information. Specifically, since the application file package contains the signature information of the application software developer when it is initially shipped from the factory, it is regarded as the first signature information. Then, the server needs to sign the application file package again, which is regarded as the second signature information. , re-sign the application file package through the server to confirm that the application file package is an application upgrade package for a fixed model provided by the corresponding application software developer to the car company, ensuring the legality and security of the application upgrade package. Further, when the information security authentication server re-signs the application file package and confirms that the application file package is an application upgrade package for a fixed model provided by the corresponding application software developer to the car company, the signed application can be The upgrade package is returned to the application software developer for downloading by diagnostic equipment and assists the target vehicle in upgrading and updating relevant in-vehicle applications.

In some embodiments, the server of the application software developer can be determined as the second server. When the diagnostic device downloads the application upgrade package, the specific process may be: reading the vehicle-mounted application identification installed on the target vehicle; The second server queries the application upgrade package and downloads the queried application upgrade package.

Through the above method, the application upgrade package can be downloaded from the application software developer through the diagnostic device, so as to assist in upgrading the on-board application of the target vehicle through the diagnostic device, and improve the upgrade security and compliance of the on-board application of the target vehicle, which is reliable and reliable. sex.

105. Transmit the application upgrade package to the target vehicle. The application upgrade package is used by the target vehicle to verify the signature information and then update the in-vehicle application.

In this embodiment of the present application, after downloading the application upgrade package, the diagnostic device can transmit the application upgrade package to the target vehicle, so that the target vehicle can upgrade and update the corresponding vehicle-mounted application based on the application upgrade package.

It should be noted that when the target vehicle upgrades the corresponding in-vehicle application based on the application upgrade package, in order to improve the security and reliability of the application upgrade package, the target vehicle can also verify the application upgrade package before upgrading and updating. Specifically, the application upgrade package can include a signature certificate, a digital signature file and an application file package. After the target vehicle obtains the application upgrade package, on the one hand, it can obtain the digital summary information of the application file package and obtain the signature public key associated with the signature certificate. Information, generate a digital signature of the file to be confirmed based on the digital digest information and signature public key information. On the other hand, decrypt the digital signature file to obtain the file digital signature. Further, compare the digital signature of the file to be confirmed with the encrypted file digital signature. to determine whether they are the same; when the digital signature of the file to be confirmed is consistent with the digital signature of the encrypted file, it means that the target vehicle signature has passed the verification, and the vehicle application can be upgraded and updated according to the application upgrade package. On the contrary, when the digital signature of the file to be confirmed is consistent with the digital signature of the encrypted file, If the digital signature of the encrypted file is inconsistent, it means that the signature verification of the target vehicle fails, and you can stop using the application upgrade package to upgrade the vehicle application.

Through the above method, after completing the security authentication between the diagnostic device, the target vehicle and the server, the downloaded application upgrade package can be transmitted to the target vehicle through the diagnostic device, so that the target vehicle can upgrade the on-board software application according to the application upgrade package. renew.

By implementing any implementation mode or combination of implementation modes in the embodiments of this application, the application scenario of the vehicle application update process can be realized.

It can be seen from the above that the embodiment of this application can obtain the device certificate of the local device and send the device certificate to the target vehicle for authentication; if the vehicle certificate fed back by the target vehicle after passing the device certificate authentication is received, the vehicle certificate will be sent to the server , causing the server to verify the legality of the vehicle certificate through the public key management end; when it is detected that the server has passed the legality verification of the vehicle certificate, it will verify the vehicle signature information of the target vehicle; when it is detected that the verification of the vehicle signature information has passed When the application upgrade package is signed and processed by the server, the application upgrade package is downloaded; the application upgrade package is transmitted to the target vehicle, so that the target vehicle updates the vehicle-mounted application after verifying the signature information of the application upgrade package. It can be seen that the diagnostic equipment of this solution can send the local device certificate to the vehicle for authentication, and send the obtained vehicle certificate to the server for remote authentication to achieve three-party authentication between the diagnostic equipment, vehicle and server to complete Legality verification improves the credibility of the diagnostic device, and then downloads the application upgrade package that has been signed by the server through the diagnostic device, and transmits the downloaded application upgrade package to the target vehicle through the diagnostic device to update the in-vehicle application; , the diagnostic equipment that has passed the third-party verification can be used to download and install the application upgrade package in compliance with regulations, and upgrade and update the in-vehicle application, strengthen the management of the application upgrade package, effectively avoid the leakage of user information, and ensure the information security of vehicle users. .

According to the method described in the above embodiment, examples will be given below for further detailed explanation.

The embodiment of this application takes data processing as an example to further describe the data processing method provided by the embodiment of this application.

Figure 3 is a schematic flowchart of another step of the vehicle application update method provided by the embodiment of the present application. Figure 4 is an architectural schematic diagram of the vehicle application update scenario provided by the embodiment of the present application. Figure 5 is the vehicle application of the vehicle provided by the embodiment of the present application. As a schematic diagram of the update scenario, Figure 6 is a sequence diagram of the authentication scenario between the diagnostic device, the server and the vehicle provided by the embodiment of the present application. Figure 7 is a sequence diagram of the secondary signature scenario of the application upgrade package provided by the embodiment of the present application. For ease of understanding, the embodiments of the present application are described with reference to Figures 3-7.

In this embodiment of the present application, description will be made from the perspective of a vehicle-mounted application update device. The vehicle-mounted application update device may be integrated in a computer device such as a terminal or a server. For example, when the processor on the computer device executes the program corresponding to the vehicle-mounted application update method, the specific process of the vehicle-mounted application update method is as follows:

It should be noted that the embodiments of this application include information security authentication servers (from car manufacturers or OEMs), diagnostic equipment, target vehicles, and application package management servers used by application software developers (developers can use the client or web page to Interact with the application package management server), the above terminals realize the legality authentication between the diagnostic device, the server and the target vehicle through data exchange, and sign and confirm the software file package of the software developer through the server, and pass Download the application upgrade package for diagnostic equipment.

201. The server receives the application package encryption request sent by the application package management server. The application package encryption request carries the application file package to be encrypted.

In the embodiment of this application, the application upgrade package is signed and authenticated by an information security authentication (automobile manufacturer or OEM) server. Specifically, since the application file package/application software package contains the signature information of the application software developer when it is initially shipped from the factory, it is regarded as the first signature information. Then, the server needs to sign the application file package again, which is regarded as the second signature information. Signature information. At this point, the application file package is signed again through the server to confirm that the application file package is an application upgrade package for a fixed model provided by the corresponding application software developer to the car company, ensuring the legality and security of the application upgrade package. sex.

The application management page may be a management page connected to the server. The management page may be a web page. Application software developers may use the application management page to implement file data transmission with the server. For example, through the application The management page is used to send the application file package that requires signature confirmation to the server. After completing the secondary signature confirmation of the application file package, the server returns the signed and confirmed application upgrade package to the application management page.

Specifically, in order to improve the credibility of application software packages, car companies can restrict that any in-vehicle application software package used for its vehicles needs to be signed and confirmed by the information security authentication server to ensure that the in-vehicle application of the target vehicle is safe and compliant. Upgrade updates and avoid vehicle user information leakage. Therefore, the application software developer can send an application package encryption request to the server through the application management page. The application package encryption request carries the application file package to be encrypted, and the server can subsequently sign the application file package.

202. The server performs an encrypted signature on the application file package to be encrypted, and obtains the file signature data.

In the embodiment of this application, in order to ensure the security of the application software package, the server can confirm the application software package through a signature method. Specifically, by digitally signing the application software package for digital signature verification, and after the digital signature verification After passing, confirm that the application package complies with security.

In some embodiments, step 202 "Encrypt and sign the application file package to be encrypted to obtain file signature data" may include:

(202.1) Encrypt the application file package to be encrypted, and generate the corresponding file hash value based on the encrypted file package obtained by the encryption process;

(202.2) Encode the file hash value to obtain hash-encoded data;

(202.3) Send the hash coded data to the public key management terminal for signature processing, and obtain the file signature data fed back by the public key management terminal.

Specifically, in order to perform signature confirmation on the application file package, after the server obtains the application file package that requires signature confirmation, it can first encrypt the application file package to be encrypted through a cryptographic algorithm to obtain the encrypted file package, and then generate The file hash value of the encrypted file package is then encoded to obtain the hash encoded data. Finally, the signature is confirmed through the public key infrastructure (PKI). Specifically, the hash value is The hash-encoded data is transmitted to the public key management end, and the hash-encoded data is signed through the public key management end, and the signed file signature data is returned to the server so that the server can send the file signature data to the application management page for packaging.

In some implementations, the hash-encoded data can be sent to the public key management end for signature processing according to a preset interface data format. For example, step (202.3) "Send the hash-encoded data to the public key management terminal for signature processing" may include: obtaining the signature certificate corresponding to the application file package, and determining the corresponding interface data format of the public key management terminal based on the signature certificate; Convert the hash-encoded data into target hash data according to the interface data format; send the target hash data to the public key management terminal for signature processing.

It should be noted that the interface data format may be the data format required by the signature interface of the public key management end, and the interface data format may be determined based on the signature certificate. Specifically, since the application software package/application file package is signed by the software developer, it contains the software developer's signature certificate for the application software package, because the signature certificate is generally generated by a unified public key infrastructure (PKI). ) generated and issued, the interface data format required by the public key management end can be determined based on the signature certificate corresponding to the application software package, and then the hash-encoded data is converted into the target hash data to be signed according to the data interface format, and Send the target hash data that needs to be signed to the public key management terminal for signature processing; the signature processing process can be: the public key management terminal signs and encrypts the target hash data according to the public key information of the file package to obtain the file signature data ; Further, the public key management end returns the verification result to the server. At this point, the server obtains the file signature data and completes the secondary signature process of the application software package.

203. The server feeds back the file signature data to the application package management server, so that the application package management server packages and generates an application upgrade package based on the file signature data and the signature certificate.

In the embodiment of this application, after the server completes the secondary signature of the application software package, in addition to obtaining the file signature data, it can also obtain the target signature certificate of the secondary signature. The target signature certificate meets the corresponding scenario. At this time, The server can return the file signature data and the target signature certificate to the application package management server, so that the application package management server stores and encrypts the file signature data to obtain a digital signature file, and packages the digital signature file, target signature certificate and application software package, This enables software developers to obtain packaged application upgrade packages.

204. The server responds to the device certificate acquisition request sent by the diagnostic device and transmits the device certificate to the diagnostic device.

In the embodiment of this application, in order to compliantly and securely upgrade the application software in the vehicle to prevent illegal applications from stealing the vehicle user's information, it is necessary to perform security management on the download and installation of the upgrade file package of the application software. In order to ensure the safety and compliance upgrade of vehicle applications, the embodiment of this application first completes the security verification between the diagnostic device and the target vehicle. Specifically, the diagnostic device can implement legality verification through certificate verification. Therefore, the server When receiving the device certificate acquisition request sent by the diagnostic device, the device certificate can be transmitted to the diagnostic device so that the target vehicle can complete the legality authentication of the diagnostic device through the device certificate.

The device certificate may be the aforementioned digital signature certificate of the diagnostic device, which may include signature information of the diagnostic device, device public key information, etc. Optionally, the device certificate can be generated and issued by the server by requesting the Public Key Infrastructure (PKI) and the Certification Authority (CA). It is understandable that different devices, vehicles, or any individual, Its certificate is inconsistent and independent.

205. The diagnostic device obtains the device certificate of the local device and sends the device certificate to the target vehicle for authentication.

Specifically, after obtaining the local device certificate, the diagnostic device can send the device certificate to the target vehicle for verification. This process can verify the legality or safety of the diagnostic device for the target vehicle. Specifically, the target vehicle can verify the legitimacy of the diagnostic device based on the device certificate. When the target vehicle can pass the legitimacy verification of the diagnostic device based on the device certificate, it means that the device certificate was originally information associated with the target vehicle. The security certification (car manufacturer's) server issues it, and the diagnostic device is certified by the information security certification (car manufacturer's) server and is a trusted terminal device. Then the target vehicle assigns a trusted status to the diagnostic device that has passed the device certificate certification. In order to subsequently send the vehicle certificate of the target vehicle to the diagnostic device to verify the legality of the vehicle.

206. When the diagnostic device receives the vehicle certificate fed back by the target vehicle after passing the device certificate authentication, it sends the vehicle certificate to the server.

Specifically, when the target vehicle passes the device certificate authentication for the diagnostic device, the legality verification between the diagnostic device and the target vehicle is completed. At this time, the target vehicle is trustworthy to the diagnostic device. The target vehicle receives the diagnostic device When sending a vehicle certificate acquisition request, it can send its own vehicle certificate to the diagnostic device, or the target vehicle can actively send its own vehicle certificate to the diagnostic device after completing the legality verification of the diagnostic device, so that the diagnostic device can verify the target based on the vehicle certificate. Vehicle legality verification.

The vehicle certificate may be a digital signature certificate of the target vehicle, which may include signature information of the target vehicle, vehicle public key information, etc. Optionally, the vehicle certificate can be generated and issued by a server (vehicle manufacturer's) requesting the public key infrastructure (Public Key Infrastructure, PKI) and authoritative public authority (Certification Authority, CA) system.

It should be noted that when the diagnostic device authenticates the vehicle certificate, it can use remote authentication, such as sending the vehicle certificate to the server to request the server to authenticate the vehicle certificate.

207. The server verifies the legality of the vehicle certificate and feeds the verification result back to the diagnostic device.

In the embodiment of this application, when the diagnostic device sends the vehicle certificate to the server to request remote authentication, the server can transmit the vehicle certificate to the public key management end, so that the public key management end verifies the validity of the vehicle certificate. Specifically, when the public key management end authenticates the validity of the vehicle certificate, it generates the vehicle signature information to be verified based on the summary information of the vehicle certificate and the vehicle public key information, and compares the vehicle signature information to be verified with the vehicle corresponding to the vehicle certificate. Compare the signature information. If the verification vehicle signature information is consistent with the vehicle signature information corresponding to the vehicle certificate, it means that the legality verification of the vehicle certificate is passed. On the contrary, if the verification vehicle signature information is inconsistent with the vehicle signature information corresponding to the vehicle certificate, It means that the validity verification of the vehicle certificate fails; further, the public key management end returns the verification result to the server.

In this embodiment of the present application, after obtaining the verification result of the legality verification of the vehicle certificate, the server feeds back the verification result to the diagnostic device. For example, when the server passes the legality authentication of the vehicle certificate, it feeds back to the diagnostic device the verification result that the legality authentication of the vehicle certificate passes; conversely, it feeds back to the diagnostic device the verification result that the legality authentication of the vehicle certificate fails.

208. When the diagnostic device detects that the verification result is that the legality certification of the vehicle certificate has passed, it verifies the vehicle signature information of the target vehicle.

In the embodiment of this application, when the verification result returned by the server indicates that the legality authentication of the vehicle certificate has passed, the diagnostic device can verify the vehicle signature information calculated by the target vehicle itself, so as to complete the communication between the diagnostic device and the target vehicle. Two-way authentication.

Specifically, the diagnostic device can request the target vehicle to calculate the vehicle signature information and read the vehicle public key corresponding to the vehicle certificate; further, calculate the summary information to be confirmed of the target vehicle through a hash algorithm, and perform the summary information to be confirmed based on the vehicle public key. Encrypt to obtain the vehicle signature information to be confirmed; if the vehicle signature information is consistent with the vehicle signature information to be confirmed, it is determined that the vehicle signature information has been verified; if the vehicle signature information is inconsistent with the vehicle signature information to be confirmed, it is determined that the vehicle signature information has been verified Verification failed.

209. When the diagnostic device passes the verification of the vehicle signature information, it downloads the signature-processed application upgrade package from the server, and transmits the application upgrade package to the target vehicle for vehicle-mounted application upgrade.

In the embodiment of this application, when the diagnostic device passes the verification of the vehicle signature information, it means that the legality authentication process is completed, that is, complete two-way mutual authentication between the diagnostic device and the target vehicle. At this point, the safety of the diagnostic device and the target vehicle can be ensured. At this time, in order to safely upgrade the vehicle application, the corresponding application upgrade package can be downloaded from the software developer through the diagnostic device, and then the diagnostic device will download the The application upgrade package is sent to the target vehicle, so that the target vehicle upgrades and updates the corresponding vehicle-mounted application based on the application upgrade package. In this way, the diagnostic equipment can be used to assist in upgrading the in-vehicle application of the target vehicle, improve the compliance of the upgrade and update of the in-vehicle application in the target vehicle, and ensure the information security of vehicle users.

In order to facilitate understanding of the embodiments of the present application, the embodiments of the present application will be described with specific application scenario examples. Specifically, by performing the above steps 201-209 and combining Figure 4-6, the application scenario example is described.

The application scenario examples of the embodiments of the present application can be applied to the scenario of local upgrade and update of on-vehicle applications in vehicles. In order to facilitate understanding, the embodiments of this application will be described with the scene of live video, as follows:

1. As shown in Figure 4, the architecture of the vehicle application update system includes the car (target vehicle), diagnostic instrument (diagnostic equipment), (information security) authentication server and PKI system (public key management end). The car may include multiple control units, such as ECU1, ECU2, ECU3, and ECUm. Each control unit may have a corresponding software control program, and each software control program may be understood as a vehicle-mounted application.

Among them, the diagnostic device completes legality authentication with the car and the authentication server through data flow interaction. Specifically, the diagnostic device can connect to the information security authentication server arranged in the cloud through a built-in online authentication client or web page. , and conduct certification to confirm the legitimacy of the diagnostic instrument. Furthermore, the diagnostic equipment needs to complete mutual authentication with the car. Specifically, the diagnostic equipment and the relevant control unit (ECU node) in the target vehicle need to complete mutual authentication to confirm the legitimacy of the target vehicle.

In addition, after completing two-way authentication, the diagnostic instrument can transfer the downloaded application upgrade package to the ECU node of the target vehicle for corresponding on-board application upgrades and updates. As shown in Figure 5, after obtaining the application upgrade package, the ECU node decrypts the digital signature file in the application upgrade package to obtain the digital signature information. At the same time, the ECU node generates a digital signature for the file to be confirmed based on the digital summary information of the application file package. Further By comparing the digital signature of the file to be confirmed with the digital signature of the file, the signature information of the file is verified. When the signature information is verified, the ECU node upgrades and updates the vehicle-mounted application corresponding to the ECU node according to the application upgrade package. On the contrary, when the signature verification fails, the in-vehicle application will not be upgraded. This ensures the credibility of the application upgrade package, enables in-vehicle applications to be compliant and securely upgraded, and improves the information security of vehicle users.

2. As shown in Figure 6, the legality authentication is completed between the diagnostic device, the car, and the authentication server. The legality authentication process is as follows:

(1) Create management account information for diagnostic equipment. Specifically, the information security authentication server creates the account and password of engineer A. Engineer A can be understood as an automobile repairman or vehicle maintenance personnel, and is not limited to a car owner or an automobile repair technician. Further, the information security authentication server applies to the PKI/CA system for the certificate of account A, causing the PKI/CA system to allocate a certificate to account A. Furthermore, after receiving the certificate of account A, the information security authentication server completes the account verification of engineer A. Create and provide Engineer A's account and password to Vehicle Engineer A.

(2) Log in to the diagnostic device with Engineer A’s account and password to start the legality authentication process. The process is as follows:

(2.1) The diagnostic device requests a device certificate from the information security authentication server.

(2.2) The information security authentication server returns the device certificate to the diagnostic device.

(2.3) The diagnostic device sends the device certificate to the target vehicle to request the target vehicle to verify the device certificate.

(2.4) The target vehicle successfully authenticates the device certificate, indicating its trust in the diagnostic device, and returns its own vehicle certificate to the diagnostic device.

(2.5) The diagnostic device sends the vehicle certificate to the information security authentication server and requests the information security authentication server to verify the vehicle certificate.

(2.6) The information security authentication server requests the public key management end (PKI/CA system) to verify the vehicle certificate, so that the public key management end returns the verification result to the information security authentication server after the verification is completed.

(2.7) The information security authentication server returns the verification result of the vehicle certificate to the diagnostic device.

(2.8) After detecting that the legality authentication of the vehicle certificate is passed, the diagnostic device requests the target vehicle to calculate the vehicle signature information.

(2.9) The target vehicle is calculating its own vehicle signature information and returning the calculated vehicle signature information to the diagnostic device.

(2.10) The diagnostic device verifies the signature information of the vehicle. At this point, the legality authentication between the diagnostic device, the target vehicle, and the information security authentication server is completed.

3. The information security authentication server signs and confirms the application upgrade package. Specifically, the application software package submitted by the ECU parts supplier (application software developer) contains the signature information of the parts supplier itself, and the OEM (information security authentication server) needs to sign the application software package a second time, so that Confirm that the application software package is an application upgrade package for a fixed model provided by the corresponding parts supplier to the car company to ensure the legality and safety of the application upgrade package. Specifically, as shown in Figure 7, the signature confirmation process of the information security authentication server is as follows:

(3.1) The upgrade package publisher (parts supplier) generates an application file package, which has been added with the supplier's own signature; then, the application file package is sent to the web page.

(3.2) The web page sends the application file package to be signed to the information security authentication server for signature confirmation.

(3.3) The information security authentication server encrypts the application file package through the block symmetric cipher algorithm (SM4) to obtain pack_encrypt key = preset key.

(3.4) The information security authentication server generates the sha256 of the pack_encrypt file package, and encodes the hash value sha256 according to the Base64 encoding method to obtain the encoded data Base64HashData.

(3.5) The information security authentication server queries the pre-model certificate of the application file package and determines the data format required by the PKI signature interface based on the signature certificate.

(3.6) Convert the encoded data Base64HashData into the target hash data HashData according to the data format required by the PKI signature interface.

(3.7) The information security authentication server sends the target hash data HashData to be signed to the PKI system to sign the target hash data HashData through the PKI system, and returns the file signature data to the information security authentication server.

(3.8) The information security authentication server sends the file signature data and scenario-signing certificate to the web page.

(3.9) The web page saves the file signature data in the form of a file, obtains a digital signature file, and packages the digital signature file, signature certificate and application file package to obtain an application upgrade package signed and confirmed by the information security authentication server for declaration and release. or save.

By executing the above application scenario, not only can the three-party authentication process between the transfer, the cloud information security authentication server and the target vehicle be realized, but the application software package to be released can also be re-signed and confirmed through the information security authentication server to ensure the authenticity of the application upgrade package. Security and reliability. In this way, the confidentiality, integrity and effectiveness of local upgrades and refreshes of in-vehicle applications are ensured.

As can be seen from the above, the embodiment of this application can send the local device certificate to the vehicle for authentication, and send the obtained vehicle certificate to the server for remote authentication, so as to achieve three-party authentication between the diagnostic device, the vehicle and the server to complete the legality Verification improves the credibility of the diagnostic device, and then downloads the application upgrade package that has been signed by the server through the diagnostic device, and transmits the downloaded application upgrade package to the target vehicle through the diagnostic device for updating the in-vehicle application; in this way, it can Use diagnostic equipment that has passed three-party verification to download and install application upgrade packages in compliance with regulations, upgrade and update vehicle applications, strengthen the management of application upgrade packages, effectively avoid user information leakage, and ensure vehicle user information security.

In order to better implement the above method, embodiments of the present application also provide a vehicle-mounted application updating device. For example, as shown in FIG. 8 , the vehicle-mounted application update device may include an acquisition unit 401, a sending unit 402, a verification unit 403, a download unit 404 and a transmission unit 405.

The acquisition unit 401 is used to obtain the device certificate of the local device and send the device certificate to the target vehicle for authentication;

The sending unit 402 is configured to send the vehicle certificate to the server if the vehicle certificate fed back by the target vehicle after passing the device certificate authentication is received, and the vehicle certificate is used by the server for legality authentication;

The verification unit 403 is used to verify the vehicle signature information of the target vehicle when the server passes the legality certification of the vehicle certificate;

The download unit 404 is used to obtain the application upgrade package when the verification of the vehicle signature information passes. The application upgrade package carries the developer's signature information and the server's signature information;

The transmission unit 405 is used to transmit the application upgrade package to the target vehicle. The application upgrade package is used by the target vehicle to update the in-vehicle application after verifying the signature information.

In some implementations, the vehicle-mounted application updating device further includes a login unit, configured to: obtain logged-in management account information;

The obtaining unit 401 is configured to obtain the device certificate of the local device from the server if the verification of the management account information is passed.

In some implementations, the verification unit 403 is also used to: obtain the vehicle signature information from the target vehicle and read the vehicle public key corresponding to the vehicle certificate; calculate the summary information to be confirmed of the target vehicle through a hash algorithm, and calculate the summary information according to the vehicle The public key encrypts the summary information to be confirmed to obtain the vehicle signature information to be confirmed; if the vehicle signature information is consistent with the vehicle signature information to be confirmed, it is determined that the verification of the vehicle signature information has passed; if the vehicle signature information is inconsistent with the vehicle signature information to be confirmed, Then it is determined that the verification of the vehicle signature information fails.

As can be seen from the above, the embodiment of this application can send the local device certificate to the vehicle for authentication, and send the obtained vehicle certificate to the server for remote authentication, so as to achieve three-party authentication between the diagnostic device, the vehicle and the server to complete the legality Verification improves the credibility of the diagnostic device, and then downloads the application upgrade package that has been signed by the server through the diagnostic device, and transmits the downloaded application upgrade package to the target vehicle through the diagnostic device for updating the in-vehicle application; in this way, it can Use diagnostic equipment that has passed three-party verification to download and install application upgrade packages in compliance with regulations, upgrade and update vehicle applications, strengthen the management of application upgrade packages, effectively avoid user information leakage, and ensure vehicle user information security.

In order to better implement the above method, embodiments of the present application also provide a vehicle-mounted application updating device. For example, as shown in FIG. 9 , the vehicle-mounted application update device may include a transmission unit 501 , an authentication unit 502 and a feedback unit 503 .

The transmission unit 501 is configured to transmit the device certificate to the diagnostic device in response to the device certificate acquisition request sent by the diagnostic device;

The authentication unit 502 is configured to receive a vehicle certificate authentication request sent by the diagnostic device, and perform legality authentication on the vehicle certificate, where the vehicle certificate is fed back to the diagnostic device after the target vehicle passes the device certificate authentication;

The feedback unit 503 is configured to, if the legality authentication of the vehicle certificate passes, feed back the verification result of the legality authentication of the vehicle certificate to the diagnostic device, so that the diagnostic device will verify the downloaded vehicle signature information of the target vehicle after passing the verification. The application upgrade package is transmitted to the target vehicle for on-vehicle application update. The application upgrade package carries the developer's signature information and the server's signature information.

In some implementations, the authentication unit 502 is also used to transmit the vehicle certificate to the public key management terminal, so that the public key management terminal verifies the validity of the vehicle certificate.

In some embodiments, the vehicle-mounted application update device further includes a signature confirmation unit, configured to: receive an application package encryption request sent by the application package management server, where the application package encryption request carries an application file package to be encrypted; Encrypt the signature to obtain the file signature data; feed the file signature data back to the application package management server, so that the application package management server packages and generates an application upgrade package based on the file signature data and signature certificate.

In some embodiments, the signature confirmation unit is also used to: encrypt the application file package to be encrypted, and generate the corresponding file hash value based on the encrypted file package obtained by the encryption process; encode the file hash value, Obtain the hash-encoded data; send the hash-encoded data to the public key management terminal for signature processing, and obtain the file signature data fed back by the public key management terminal.

In some embodiments, the signature confirmation unit is also used to: obtain the signature certificate corresponding to the application file package, and determine the interface data format corresponding to the public key management end based on the signature certificate; convert the hash-encoded data into the target according to the interface data format Hash data; send the target hash data to the public key management terminal for signature processing.

As can be seen from the above, the embodiment of this application can send the local device certificate to the vehicle for authentication, and send the obtained vehicle certificate to the server for remote authentication, so as to achieve three-party authentication between the diagnostic device, the vehicle and the server to complete the legality Verification improves the credibility of the diagnostic device, and then downloads the application upgrade package that has been signed by the server through the diagnostic device, and transmits the downloaded application upgrade package to the target vehicle through the diagnostic device for updating the in-vehicle application; in this way, it can Use diagnostic equipment that has passed three-party verification to download and install application upgrade packages in compliance with regulations, upgrade and update vehicle applications, strengthen the management of application upgrade packages, effectively avoid user information leakage, and ensure vehicle user information security.

An embodiment of the present application also provides a computer device, as shown in Figure 10, which shows a schematic structural diagram of the computer device involved in the embodiment of the present application. Specifically:

The computer device may include components such as a processor 601 of one or more processing cores, a memory 602 of one or more computer-readable storage media, a power supply 603, and an input unit 604. Those skilled in the art can understand that the structure of the computer equipment shown in Figure 10 does not constitute a limitation on the computer equipment, and may include more or fewer components than shown, or combine certain components, or arrange different components. in:

The processor 601 is the control center of the computer equipment, using various interfaces and lines to connect various parts of the entire computer equipment, by running or executing software programs and/or modules stored in the memory 602, and calling software programs stored in the memory 602. Data, perform various functions of computer equipment and process data. Optionally, the processor 601 may include one or more processing cores; preferably, the processor 601 may integrate an application processor and a modem processor, where the application processor mainly processes operating systems, user interfaces, application programs, etc. , the modem processor mainly handles wireless communications. It can be understood that the above modem processor may not be integrated into the processor 601.

The memory 602 can be used to store software programs and modules. The processor 601 executes various functional applications and vehicle-mounted application updates by running the software programs and modules stored in the memory 602 . The memory 602 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function (such as a sound playback function, an image playback function, etc.), etc.; the storage data area may store a program based on Data created by the use of computer equipment, etc. In addition, memory 602 may include high-speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid-state storage device. Accordingly, the memory 602 may also include a memory controller to provide the processor 601 with access to the memory 602 .

The computer equipment also includes a power supply 603 that supplies power to various components. Preferably, the power supply 603 can be logically connected to the processor 601 through a power management system, so that functions such as charging, discharging, and power consumption management can be implemented through the power management system. The power supply 603 may also include one or more DC or AC power supplies, recharging systems, power failure detection circuits, power converters or inverters, power status indicators, and other arbitrary components.

The computer device may also include an input unit 604 operable to receive input numeric or character information and generate keyboard, mouse, joystick, optical, or trackball signal inputs related to user settings and functional controls.

Although not shown, the computer device may also include a display unit and the like, which will not be described again here. Specifically, in this embodiment of the present application, the processor 601 in the computer device will load the executable files corresponding to the processes of one or more application programs into the memory 602 according to the following instructions, and the processor 601 will run the stored program. The application program in the memory 602 implements various functions, as follows:

Obtain the device certificate of the local device and send the device certificate to the target vehicle for authentication; if the vehicle certificate received from the target vehicle after passing the device certificate authentication is received, the vehicle certificate is sent to the server, and the vehicle certificate is used by the server for legality Authentication; when the server passes the legality certification of the vehicle certificate, the vehicle signature information of the target vehicle is verified; when the verification of the vehicle signature information passes, the application upgrade package is obtained, and the application upgrade package carries the developer's Signature information and signature information of the server; transmit the application upgrade package to the target vehicle, and the application upgrade package is used by the target vehicle to verify the signature information and then update the in-vehicle application.

Or, in response to the device certificate acquisition request sent by the diagnostic device, transmit the device certificate to the diagnostic device; receive the vehicle certificate authentication request sent by the diagnostic device, and perform legality authentication on the vehicle certificate, wherein the vehicle certificate is authenticated by the target vehicle against the device certificate After passing, it is fed back to the diagnostic device; if the legality authentication of the vehicle certificate is passed, the verification result of the legality authentication of the vehicle certificate is fed back to the diagnostic device, so that the diagnostic device will download the vehicle signature information of the target vehicle after passing the verification. The application upgrade package is transmitted to the target vehicle for in-vehicle application update. The application upgrade package carries the signature information of the developer and the signature information of the server.

The specific implementation of each of the above operations may be referred to the previous embodiments and will not be described in detail here.

It can be seen that the diagnostic equipment of this solution can send the local device certificate to the vehicle for authentication, and send the obtained vehicle certificate to the server for remote authentication to achieve three-party authentication between the diagnostic equipment, vehicle and server to complete Legality verification improves the credibility of the diagnostic device, and then downloads the application upgrade package that has been signed by the server through the diagnostic device, and transmits the downloaded application upgrade package to the target vehicle through the diagnostic device to update the in-vehicle application; , the diagnostic equipment that has passed the third-party verification can be used to download and install the application upgrade package in compliance with regulations, and upgrade and update the in-vehicle application, strengthen the management of the application upgrade package, effectively avoid the leakage of user information, and ensure the information security of vehicle users. .

Those of ordinary skill in the art can understand that all or part of the steps in the various methods of the above embodiments can be completed by instructions, or by controlling relevant hardware through instructions. The instructions can be stored in a computer-readable storage medium, and loaded and executed by the processor.

To this end, embodiments of the present application provide a computer-readable storage medium in which a plurality of instructions are stored, and the instructions can be loaded by the processor to execute any of the vehicle-mounted application update methods provided by the embodiments of the present application. step. For example, this command can perform the following steps:

Obtain the device certificate of the local device and send the device certificate to the target vehicle for authentication; if the vehicle certificate received from the target vehicle after passing the device certificate authentication is received, the vehicle certificate is sent to the server, and the vehicle certificate is used by the server for legality Authentication; when the server passes the legality certification of the vehicle certificate, the vehicle signature information of the target vehicle is verified; when the verification of the vehicle signature information passes, the application upgrade package is obtained, and the application upgrade package carries the developer's Signature information and signature information of the server; transmit the application upgrade package to the target vehicle, and the application upgrade package is used by the target vehicle to verify the signature information and then update the in-vehicle application.

Or, in response to the device certificate acquisition request sent by the diagnostic device, transmit the device certificate to the diagnostic device; receive the vehicle certificate authentication request sent by the diagnostic device, and perform legality authentication on the vehicle certificate, wherein the vehicle certificate is authenticated by the target vehicle against the device certificate After passing, it is fed back to the diagnostic device; if the legality authentication of the vehicle certificate is passed, the verification result of the legality authentication of the vehicle certificate is fed back to the diagnostic device, so that the diagnostic device will download the vehicle signature information of the target vehicle after passing the verification. The application upgrade package is transmitted to the target vehicle for in-vehicle application update. The application upgrade package carries the signature information of the developer and the signature information of the server.

For the specific implementation of each of the above operations, please refer to the previous embodiments and will not be described again here.

The computer-readable storage medium may include: read only memory (ROM, Read Only Memory), random access memory (RAM, Random Access Memory), magnetic disk or optical disk, etc.

Since the instructions stored in the computer-readable storage medium can execute the steps in any data processing method provided by the embodiments of this application, therefore, the steps of any data processing method provided by the embodiments of this application can be realized. The beneficial effects that can be achieved are detailed in the previous embodiments and will not be described again here.

According to one aspect of the present application, a computer program product or computer program is provided, which computer program product or computer program includes computer instructions stored in a computer-readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions, so that the computer device performs the methods provided in the various optional implementations provided by the above embodiments.

The above is a detailed introduction to the vehicle application update method, device and computer-readable storage medium provided by the embodiments of the present application. Specific examples are used in this article to illustrate the principles and implementation methods of the present application. Description of the above embodiments It is only used to help understand the methods and core ideas of this application; at the same time, for those skilled in the art, there will be changes in the specific implementation and application scope based on the ideas of this application. In summary, the content of this specification It should not be construed as a limitation on this application.

Claims (11)

1. A vehicle application update method, characterized in that it is applied to diagnostic equipment, including: Obtain the device certificate of the local device and send the device certificate to the target vehicle for authentication; If the vehicle certificate fed back by the target vehicle after passing the device certificate authentication is received, the vehicle certificate is sent to the server, and the vehicle certificate is used by the server for legality authentication; If the server passes the legality authentication of the vehicle certificate, verify the vehicle signature information of the target vehicle; If the verification of the vehicle signature information passes, obtain an application upgrade package, where the application upgrade package carries the signature information of the developer and the signature information of the server; The application upgrade package is transmitted to the target vehicle, and the application upgrade package is used by the target vehicle to update the vehicle-mounted application after verifying the signature information. 2. The method according to claim 1, characterized in that before obtaining the device certificate of the local device, the method includes: Obtain logged-in management account information; Then, obtaining the device certificate of the local device includes: If the verification of the management account information passes, obtain the device certificate of the local device from the server. 3. The method according to claim 1, characterized in that the verification of the vehicle signature information of the target vehicle includes: Obtain vehicle signature information from the target vehicle and read the vehicle public key corresponding to the vehicle certificate; Calculate the summary information to be confirmed of the target vehicle through a hash algorithm, and encrypt the summary information to be confirmed according to the vehicle public key to obtain the vehicle signature information to be confirmed; If the vehicle signature information is consistent with the vehicle signature information to be confirmed, it is determined that the verification of the vehicle signature information is passed; If the vehicle signature information is inconsistent with the vehicle signature information to be confirmed, it is determined that the verification of the vehicle signature information fails. 4. A vehicle application updating method, characterized in that it is applied to a server and includes: in response to a device certificate acquisition request sent by the diagnostic device, transmitting the device certificate to the diagnostic device; Receive the vehicle certificate authentication request sent by the diagnostic device, and perform legality authentication on the vehicle certificate, wherein the vehicle certificate is fed back to the diagnostic device after the target vehicle passes the device certificate authentication; If the legality authentication of the vehicle certificate passes, the verification result of the legality authentication of the vehicle certificate is fed back to the diagnostic device, so that the diagnostic device passes the verification of the vehicle signature information of the target vehicle. The obtained application upgrade package is then transmitted to the target vehicle for vehicle-mounted application update. The application upgrade package carries the signature information of the developer and the signature information of the server. 5. The method according to claim 4, characterized in that the legality verification of the vehicle certificate includes: The vehicle certificate is transmitted to the public key management end, so that the public key management end verifies the validity of the certificate on the vehicle certificate. 6. The method according to claim 4, characterized in that, before responding to the device certificate acquisition request sent by the diagnostic device, it further includes: Receive an application package encryption request sent by the application package management server, where the application package encryption request carries an application file package to be encrypted; Encrypt and sign the application file package to be encrypted to obtain file signature data; The file signature data is fed back to the application package management server, so that the application package management server packages and generates an application upgrade package based on the file signature data and the signature certificate. 7. The method according to claim 6, characterized in that, performing signature processing on the application file package to be encrypted to obtain file signature data includes: Encrypt the application file package to be encrypted, and generate a corresponding file hash value based on the encrypted file package obtained by the encryption process; Encoding the file hash value to obtain hash-encoded data; The hash coded data is sent to the public key management terminal for signature processing, and the file signature data fed back by the public key management terminal is obtained. 8. The method according to claim 7, characterized in that said sending the hash coded data to a public key management terminal for signature processing includes: Obtain the signature certificate corresponding to the application file package, and determine the interface data format corresponding to the public key management end based on the signature certificate; Convert the hash-encoded data into target hash data according to the interface data format; The target hash data is sent to the public key management terminal for signature processing. 9. A vehicle-mounted application update device, characterized in that it is applied to diagnostic equipment, including: An acquisition unit configured to obtain the device certificate of the local device and send the device certificate to the target vehicle for authentication; A sending unit configured to send the vehicle certificate to the server if the vehicle certificate fed back by the target vehicle after passing the device certificate authentication is received, and the vehicle certificate is used by the server for legality authentication; A verification unit configured to verify the vehicle signature information of the target vehicle when the server passes the legality certification of the vehicle certificate; A download unit, configured to obtain an application upgrade package when the verification of the vehicle signature information passes, where the application upgrade package carries the signature information of the developer and the signature information of the server; A transmission unit, configured to transmit the application upgrade package to the target vehicle, where the application upgrade package is used by the target vehicle to update the vehicle-mounted application after verifying the signature information. 10. A vehicle-mounted application updating device, characterized in that it is applied to a server and includes: a transmission unit configured to transmit the device certificate to the diagnostic device in response to a device certificate acquisition request sent by the diagnostic device; An authentication unit, configured to receive a vehicle certificate authentication request sent by the diagnostic device, and perform legality authentication on the vehicle certificate, wherein the vehicle certificate is fed back to the diagnostic device after the target vehicle passes the authentication of the device certificate. ; A feedback unit configured to, if the legality authentication of the vehicle certificate passes, feed back the verification result of the legality authentication of the vehicle certificate to the diagnostic device, so that the diagnostic device performs the verification on the target vehicle. After the vehicle signature information is verified, the downloaded application upgrade package is transmitted to the target vehicle for vehicle-mounted application update. The application upgrade package carries the signature information of the developer and the signature information of the server. 11. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a plurality of instructions, and the instructions are suitable for loading by a processor to execute any one of claims 1 to 3 or 4 to 8. The steps in the in-vehicle application update method described in item 1.