WO2022021193A1

WO2022021193A1 - Key negotiation method and apparatus

Info

Publication number: WO2022021193A1
Application number: PCT/CN2020/105736
Authority: WO
Inventors: 郭志鹏
Original assignee: 华为技术有限公司
Priority date: 2020-07-30
Filing date: 2020-07-30
Publication date: 2022-02-03
Also published as: CN112544052A; CN112544052B

Abstract

The present application provides a key negotiation method and apparatus. Said method comprises: after negotiating a common first random number with other VIUs in an in-vehicle electronic control system, a first VIU determining a second random number, a temporary shared key and a temporary common private key according to the first random number, and generating a temporary common public key according to the temporary common private key; then according to the second random number, the temporary common public key and a device private key preset by the first VIU, authenticating with a DC and negotiating a communication key and a random number seed; then according to the random number seed and an authentication key preset by the first VIU, authenticating with a first ECU and negotiating a communication encryption key and a communication authentication key; and after determining that the authentication with the first ECU is successful, encrypting the communication encryption key and the communication authentication key by means of the communication key and then sending same to a first DC. Thus, key negotiation under the CCA architecture is implemented, ensuring the establishment of secure communication between each DC and each ECU.

Description

Key agreement method and device

technical field

The present application relates to the field of communication technologies, and in particular, to a key agreement method and device.

Background technique

Today, intelligence, networking, electrification, and sharing have become the development trends in the automotive field. The above development trends are usually realized by in-vehicle electronic control systems. The in-vehicle electronic control systems mainly include domain control units (domain controllers, DCs). ) and electronic control units (electronic control unit, ECU) and other electronic control components. Among them, the DC is used to control multiple auto parts in the functional domain, and the ECU has the electronic control function, which can control the auto parts based on the control information, and can also perform data processing on the data to be transmitted in the auto parts. With the development of connected and intelligent vehicles, various network security risks also follow, such as network attacks, data leakage and even remote control of vehicles. Therefore, the in-vehicle electronic control system urgently needs a perfect key management system to provide security for vehicles and users.

Key Management System (KMS) is an integrated means for generating, distributing and managing keys for devices and applications. In a centralized network architecture based on a central gateway, each functional domain has a DC, The ECUs in the DC control domain perform specific functions, and the DCs conduct cross-domain communication and interaction through the central gateway. In the prior art, an on-board KMS is deployed on a central gateway, and the on-board KMS is responsible for distributing a shared key between ECUs and DCs, so that secure communication can be established between each DC and each ECU. The process of generating the communication key by the in-vehicle ECU is as follows: First, ECU _i generates a random number Ri and sends it to the central gateway. After receiving Ri, the central gateway generates a random number seed S, and then according to the identification of the central gateway, the identification of ECU _i , Ri, S The first message authentication code and the preset initial key K are obtained through hash operation, and then the first message authentication code and S are sent to ECU _i . ECU _i first authenticates the first message authentication code _. The set long-term shared keys GK and S generate the communication key through the key derivation function, and then ECU _i obtains the second message authentication code through hash operation according to the identity of the central gateway and the pre-set initial key K, and according to the central gateway The identifier and communication key of the device are subjected to hash operation to obtain the third message authentication code, and finally the second message authentication code and the third message authentication code are sent to the central gateway for authentication. The process of generating the communication key by the in-vehicle DC is the same as the process of generating the communication key by the ECU. The random number seed S on which the communication key is generated is uniformly given by the central gateway, that is to say, all ECUs and DCs in the whole vehicle receive the same S during the process of generating the communication key, so as to ensure the communication between all ECUs and DCs in the whole vehicle. share the same communication key.

However, in order to adapt to the trend of intelligent networking of automobiles, the electronic and electrical architecture in the vehicle is gradually transformed from a centralized network architecture based on a central gateway to a distributed central computing architecture (CCA). The CCA architecture distributes the electronic control elements (including DC and ECU) of the vehicle into multiple areas, and each area deploys a Vehicle Integrated/Integration Unit (VIU) to manage the ECUs in the area. High-speed Ethernet is connected to complete the high-speed communication of the whole vehicle. Under the CCA architecture, the central gateway is replaced by multiple VIUs. In the above scheme, all ECUs and DCs in the whole vehicle have the same communication key, which depends on the unique S given by the central network gateway, and S is random every time the key is updated. generated, and there are multiple VIUs under the CCA architecture, the uniqueness of S cannot be guaranteed, so the above solution is not applicable to the CCA architecture. Under the CCA architecture, how to negotiate keys is an urgent problem to be solved.

SUMMARY OF THE INVENTION

The present application provides a key negotiation method and apparatus to solve how to perform key negotiation under the CCA architecture.

In a first aspect, the present application provides a method for key negotiation, including: after a first vehicle integration unit VIU negotiates a first random number in common with other VIUs in an in-vehicle electronic control system, determining a first random number according to the first random number. Two random numbers, a temporary shared key and a temporary common private key, and generate a temporary common public key according to the temporary common private key, the first VIU uses the second random number, the temporary common public key and the device private key preset by the first VIU, Authenticate and negotiate the communication key and random number seed with the first DC, the first DC is a DC in the electronic control system in the vehicle, and the first VIU communicates with the first VIU according to the random number seed and the authentication key preset by the first VIU. The electronic control unit ECU performs authentication and negotiates the communication encryption key and the communication authentication key. After the first VIU determines that the authentication with the first ECU is successful, the communication encryption key and the communication authentication key are encrypted by the communication key and sent to the first VIU. DC.

With the key negotiation method provided in the first aspect, after the first VIU negotiates a common first random number with other VIUs in the in-vehicle electronic control system, the second random number and the temporary shared key are determined according to the first random number and the temporary common private key, and generate the temporary common public key according to the temporary common private key. Since the second random number, temporary shared key and temporary common key are shared by all VIUs, the DC and any one of the VIUs can negotiate the same communication key and random number seed. The same communication key can be used for secure communication without establishing a secure communication connection between the DC and each VIU. Then the first VIU authenticates and negotiates the communication encryption key and the communication authentication key with the first ECU according to the random number seed and the authentication key preset by the VIU, and finally encrypts the communication encryption key and the communication authentication key with the communication key After being sent to the first DC, the communication encryption key and the communication authentication key are used to establish secure communication between each DC and each ECU. In this way, the key negotiation under the CCA architecture is realized, which ensures the establishment of secure communication between each DC and each ECU.

In a possible design, the first VIU authenticates and negotiates the communication key and random number seed with the first domain control unit DC according to the second random number, the temporary common public key and the device private key preset by the first VIU, Can be:

The first VIU receives the third random number, the temporary public key and the signature value sent by the first DC;

The first VIU verifies the signature value according to the device public key, the third random number and the temporary public key of the first DC;

After the first VIU passes the verification of the signature value, the digital signature value is calculated according to the second random number, the temporary common public key and the device private key of the first VIU;

The first VIU sends the second random number, the temporary common public key and the digital signature value to the first DC, so that the first DC can digitally sign the value according to the second random number, the temporary common public key and the device public key of the first VIU Perform verification, and determine the communication key according to the temporary private key and the temporary common public key after the verification is successful;

The first VIU determines the communication key according to the temporary private key and the temporary common public key, and determines the random number seed according to the third random number and the second random number, or according to the functions of the third random number, the second random number and the first VIU The domain ID determines the random number seed.

With the key agreement method provided in this embodiment, in the method of determining the random number seed according to the third random number, the second random number and the functional domain identifier of the first VIU, since the random number seed is the first VIU according to the third random number The random number, the second random number, and the functional domain identifiers of the first VIU are determined, and the identifiers of different functional domains are different, so the random number seeds corresponding to different functional domains are different. The random number seed is used for key distribution between the VIU and ECU. Different random number seeds are used when distributing keys to ECUs in different functional domains, which can realize different communication encryption keys and communication authentication keys in different functional domains, reducing the need for The scope of use of the key is increased, and the security is higher.

In a possible design, after the first VIU sends the second random number, the temporary common public key, the digital signature value and the device certificate preset by the first VIU to the first DC, the method may further include:

The first VIU calculates the first check value according to the third random number, the temporary public key and the temporary shared key;

The first VIU sends the third random number, the temporary public key and the first check value to other VIUs in the in-vehicle electronic control system for other VIUs to calculate according to the third random number, the temporary public key and the temporary shared key The second check value, and when it is confirmed that the first check value is the same as the second check value, the communication key is determined according to the temporary public key and the temporary common private key, and the communication key is determined according to the third random number and the second random number. The random number seed is determined according to the random number seed, or the random number seed is determined according to the third random number, the second random number and the functional domain identifiers of other VIUs.

In a possible design, the first VIU root random number seed and the authentication key preset by the first VIU perform authentication with the first ECU and negotiate the communication encryption key and communication authentication key, which may be:

The first VIU receives the fourth random number sent by the first ECU;

The first VIU performs authentication with the first ECU and negotiates the communication encryption key and the communication authentication key according to the fourth random number, the random number seed and the authentication key preset by the first VIU.

In a possible design, the first VIU performs authentication with the first ECU and negotiates the communication encryption key and the communication authentication key according to the fourth random number, the random number seed and the authentication key preset by the first VIU, and can for:

The first VIU calculates the third check value according to the fourth random number, the random number seed and the authentication key preset by the first VIU;

The first VIU sends the random number seed and the third verification value to the first ECU for the first ECU to authenticate the third verification value;

The first VIU receives the first message authentication code and the second message authentication code sent by the first ECU after passing the authentication of the third verification value. The first message authentication code is preset by the first ECU according to the random number seed and the first ECU. The authentication key is calculated and obtained, and the second message authentication code is calculated and obtained by the first ECU according to the communication encryption key and the communication authentication key;

The first VIU determines the communication encryption key and the communication authentication key according to the long-term shared key and random number seed preset by the first VIU;

The first VIU authenticates the first message authentication code and the second message authentication code.

In a possible design, the first VIU authenticates the first message authentication code and the second message authentication code, which may be:

The first VIU calculates the third message authentication code according to the random number seed and the authentication key preset by the first VIU, and calculates the fourth message authentication code according to the communication encryption key and the communication authentication key;

The first VIU compares the first message authentication code with the third message authentication code, and compares the second message authentication code with the fourth message authentication code;

The first VIU is determined to be successfully certified with the first ECU, including:

If the first message authentication code is the same as the third message authentication code, and the second message authentication code is the same as the fourth message authentication code, the first VIU determines that the authentication with the first ECU is successful.

With the key agreement method provided in this embodiment, in the manner of determining the random number seed according to the third random number, the second random number, and the functional domain identifier of the first VIU, the key and the random number distributed by the first VIU to the ECU are The seed is related to the seed, and the random number seed is related to the functional domain identification. Therefore, the communication encryption key and communication authentication key distributed by the first VIU to the ECU are distinguished by functional domain. The communication encryption key and communication authentication key in different functional domains are different. Different communication encryption keys and communication authentication keys in different functional domains can be realized, which reduces the use range of keys and provides higher security.

In a possible design, the communication encryption key and the communication authentication key are encrypted by the communication key and sent to the first DC, which may be:

The first VIU encrypts the communication encryption key and the communication authentication key through the communication key to obtain encrypted ciphertext;

The first VIU sends the second message authentication code and the encrypted ciphertext to the first DC.

With the key negotiation method provided in this embodiment, the first DC does not need to store the long-term shared key, but at the end of the entire negotiation process, the first VIU encrypts and sends the communication encryption key and the communication authentication key to the first DC. DC, so as to avoid the leakage of the vehicle-wide shared key GK due to the attack of the DC.

In a second aspect, the present application provides a key agreement method, including:

The first domain control unit DC generates a temporary private key and a third random number, and generates a corresponding temporary public key according to the temporary private key, and the first DC is a DC in the in-vehicle electronic control system; the first DC is based on the temporary public key, The third random number and the device private key preset by the first DC authenticate with the first vehicle integration unit VIU and negotiate the communication key; the first DC receives the communication encryption key encrypted by the communication key sent by the first VIU key and communication authentication key, the communication encryption key and communication authentication key are obtained by the first VIU through authentication and negotiation with the first ECU according to the random number seed and the authentication key preset by the first VIU.

Using the key agreement method provided in the second aspect, a temporary private key and a third random number are generated by the first DC, and a corresponding temporary public key is generated according to the temporary private key, and the first DC is based on the temporary public key, the third random number and the The device private key preset by the first DC authenticates and negotiates a communication key with the first VIU, and finally the first DC receives the communication encryption key and the communication authentication key encrypted by the communication key sent by the first VIU, and communicates Encryption keys and communication authentication keys are used to establish secure communication between each DC and each ECU. In this way, the key negotiation under the CCA architecture is realized, which ensures the establishment of secure communication between each DC and each ECU.

In a possible design, the first DC authenticates and negotiates a communication key with the first vehicle integration unit VIU according to the temporary public key, the third random number and the device private key preset by the first DC, which may be:

The first DC uses the device private key preset by the first DC to digitally sign the temporary public key and the third random number to obtain a signature value;

The first DC sends the temporary public key, the third random number and the signature value to the first VIU;

The first DC receives the second random number, the temporary common public key and the digital signature value sent by the first VIU, and the digital signature value is the device private key preset by the first VIU according to the second random number, the temporary common public key and the first VIU Calculated, the second random number is determined by the first VIU according to the first random number, and the first random number is a common random number negotiated by the first VIU and other VIUs in the in-vehicle electronic control system;

The first DC verifies the digital signature value according to the second random number, the temporary common public key and the device public key of the first VIU;

After the first DC has passed the verification of the digital signature value, the communication key is determined according to the temporary private key and the temporary common public key.

With the key agreement method provided in this embodiment, the first random number is a common random number negotiated by the first VIU and other VIUs in the in-vehicle electronic control system, and the second random number, the temporary shared key and the temporary shared private key The key is determined by the first VIU according to the first random number, so the second random number, the temporary shared key and the temporary shared key are shared by all VIUs, and the DC can negotiate with any one of the VIUs to negotiate the same communication key and random number. After the negotiation is completed, the DC and each VIU can use the same communication key for secure communication without establishing a secure communication connection between the DC and each VIU.

In a third aspect, the present application provides a key agreement device, including:

The determining module is used to determine the second random number, the temporary shared key and the temporary common private key according to the first random number after negotiating the common first random number with other VIUs in the in-vehicle electronic control system, and according to the temporary common The private key generates a temporary common public key;

The first authentication negotiation module is used to authenticate and negotiate the communication key and random number seed with the first domain control unit DC according to the second random number, the temporary common public key and the device private key preset by the first VIU, and the first DC It is a DC in the electronic control system in the car;

The second authentication negotiation module is configured to perform authentication with the first electronic control unit ECU and negotiate the communication encryption key and the communication authentication key according to the random number seed and the authentication key preset by the first VIU;

The sending module, after determining that the authentication with the first ECU is successful, encrypts the communication encryption key and the communication authentication key with the communication key and sends them to the first DC.

In a possible design, the first authentication negotiation module includes:

a receiving unit, configured to receive the third random number, the temporary public key and the signature value sent by the first DC;

a verification unit, configured to verify the signature value according to the device public key, the third random number and the temporary public key of the first DC;

a calculation unit, configured to calculate the digital signature value according to the second random number, the temporary common public key and the device private key of the first VIU after the signature value is verified and passed;

The sending unit is configured to send the second random number, the temporary common public key and the digital signature value to the first DC, for the first DC to pair the digital data with the second random number, the temporary common public key and the device public key of the first VIU The signature value is verified, and after the verification is successful, the communication key is determined according to the temporary private key and the temporary common public key;

A determination unit, configured to determine the communication key according to the temporary private key and the temporary common public key, and determine the random number seed according to the third random number and the second random number, or determine the random number seed according to the third random number, the second random number and the first VIU The functional domain identifier determines the random number seed.

In a possible design, the computing unit is further configured to: after the sending unit sends the second random number, the temporary public public key and the digital signature value to the first DC, according to the third random number, the temporary public key and the temporary shared The key calculates the first check value;

The sending unit is also used for: sending the third random number, the temporary public key and the first check value to other VIUs in the in-vehicle electronic control system, for the other VIUs to share according to the third random number, the temporary public key and the temporary sharing The key calculates the second check value, and when it is confirmed that the first check value is the same as the second check value, the communication key is determined according to the temporary public key and the temporary common private key, and the communication key is determined according to the third random number and the second random number. The random number seed is determined according to the random number seed, or the random number seed is determined according to the third random number, the second random number and the functional domain identifiers of other VIUs.

In a possible design, the second authentication negotiation module includes:

a receiving unit, configured to receive the fourth random number sent by the first ECU;

The authentication negotiation unit is configured to perform authentication with the first ECU and negotiate the communication encryption key and the communication authentication key according to the fourth random number, the random number seed and the authentication key preset by the first VIU.

In one possible design, the authentication negotiation unit is used to:

Calculate the third check value according to the fourth random number, the random number seed and the authentication key preset by the first VIU;

Sending the random number seed and the third verification value to the first ECU for the first ECU to authenticate the third verification value;

Receive the first message authentication code and the second message authentication code sent by the first ECU after passing the authentication of the third check value, where the first message authentication code is the authentication key preset by the first ECU according to the random number seed and the first ECU Calculated, the second message authentication code is calculated by the first ECU according to the communication encryption key and the communication authentication key;

Determine the communication encryption key and the communication authentication key according to the long-term shared key and random number seed preset by the first VIU;

The first message authentication code and the second message authentication code are authenticated.

In one possible design, the authentication negotiation unit is used to:

Calculate the third message authentication code according to the random number seed and the authentication key preset by the first VIU, and calculate the fourth message authentication code according to the communication encryption key and the communication authentication key;

comparing the first message authentication code with the third message authentication code, and comparing the second message authentication code with the fourth message authentication code;

The authentication negotiation module is used to:

If the first message authentication code is the same as the third message authentication code, and the second message authentication code is the same as the fourth message authentication code, it is determined that the authentication with the first ECU is successful.

In one possible design, the transmit module is used to:

Encrypt the communication encryption key and the communication authentication key through the communication key to obtain the encrypted ciphertext;

Send the second message authentication code and encrypted ciphertext to the first DC.

For the above-mentioned third aspect and the key agreement device provided in each possible design of the above-mentioned third aspect, the beneficial effects of the above-mentioned first aspect and each possible implementation of the first aspect can be referred to. This will not be repeated here.

In a fourth aspect, the present application provides a key agreement apparatus, including:

The generation module is used to generate a temporary private key and a third random number, and generate a corresponding temporary public key according to the temporary private key, and the first DC is a DC in the electronic control system in the vehicle;

The authentication negotiation module is used to authenticate and negotiate the communication key with the first vehicle integration unit VIU according to the temporary public key, the third random number and the device private key preset by the first DC;

The receiving module is configured to receive the communication encryption key and the communication authentication key encrypted by the communication key and sent by the first VIU. The set authentication key is obtained through authentication and negotiation with the first ECU.

In one possible design, the authentication negotiation module includes:

a digital signature unit for digitally signing the temporary public key and the third random number using the device private key preset by the first DC to obtain a signature value;

a sending unit, configured to send the temporary public key, the third random number and the signature value to the first VIU;

A receiving unit, configured to receive a second random number, a temporary common public key and a digital signature value sent by the first VIU, where the digital signature value is a device preset by the first VIU according to the second random number, the temporary common public key and the first VIU The private key is calculated and obtained, the second random number is determined by the first VIU according to the first random number, and the first random number is a common random number negotiated by the first VIU and other VIUs in the in-vehicle electronic control system;

a verification unit, configured to verify the digital signature value according to the second random number, the temporary common public key and the device public key of the first VIU;

The determining unit is configured to determine the communication key according to the temporary private key and the temporary common public key after the verification unit passes the verification of the digital signature value.

The above-mentioned fourth aspect and the key agreement device provided in each possible design of the above-mentioned fourth aspect, the beneficial effects of which can be referred to the beneficial effects brought by the above-mentioned second aspect and each possible implementation manner of the second aspect. This will not be repeated here.

In a fifth aspect, the present application provides a key agreement apparatus, including: a memory and a processor;

memory is used to store program instructions;

The processor is configured to invoke the program instructions in the memory to execute the key agreement method in the first aspect and any possible design of the first aspect.

In a sixth aspect, the present application provides a readable storage medium, in which an execution instruction is stored, and when at least one processor of the key agreement apparatus executes the execution instruction, the key agreement apparatus executes the first aspect and the first aspect. On the one hand any possible design method.

In a seventh aspect, the present application provides a program product, the program product includes execution instructions, and the execution instructions are stored in a readable storage medium. At least one processor of the key agreement apparatus may read the execution instruction from the readable storage medium, and the at least one processor executes the execution instruction to cause the key agreement apparatus to implement the first aspect and any possible design of the first aspect. method.

Description of drawings

FIG. 1 is a schematic structural diagram of an in-vehicle electronic control system of a CCA architecture;

FIG. 2 is an interactive flowchart of an embodiment of a key agreement method provided by the present application;

3 is a schematic flowchart of an embodiment of a first VIU and a first DC performing pairwise authentication and negotiating a communication key and a random number seed according to the present application;

4 is a schematic flowchart of an embodiment of a first VIU and a first ECU performing authentication and negotiating a communication encryption key and a communication authentication key according to the present application;

FIG. 5 is an interactive flowchart of an embodiment of a key agreement method provided by the present application;

6 is a schematic structural diagram of an embodiment of a key agreement apparatus provided by the present application;

7 is a schematic structural diagram of an embodiment of a key agreement apparatus provided by the present application;

FIG. 8 is a schematic structural diagram of an embodiment of a key agreement apparatus provided by the present application;

FIG. 9 is a schematic structural diagram of an embodiment of a key agreement apparatus provided by the present application;

10 is a schematic structural diagram of an embodiment of a key agreement apparatus provided by the present application;

FIG. 11 is a schematic diagram of a key agreement apparatus provided by this application.

detailed description

In the embodiments of the present application, words such as "exemplary" or "for example" are used to represent any embodiment or solution described as "exemplary" or "for example" in the embodiments of the present application It should not be construed as preferred or advantageous over other embodiments or arrangements. Rather, the use of words such as "exemplary" or "such as" is intended to present the related concepts in a specific manner.

In this application, "at least one" means one or more, and "plurality" means two or more. "And/or", which describes the association relationship of the associated objects, indicates that there can be three kinds of relationships, for example, A and/or B, which can indicate: the existence of A alone, the existence of A and B at the same time, and the existence of B alone, where A, B can be singular or plural. The character "/" generally indicates that the associated objects are an "or" relationship.

The key agreement method provided in this application can be applied to the in-vehicle electronic control system of the CCA architecture. Under the CCA architecture, the electronic control elements (including DC and ECU) of the vehicle are distributed in multiple areas, and each area is deployed with a VIU Responsible for managing the ECUs in the area, and the VIUs are interconnected through high-speed Ethernet to achieve high bandwidth (high-definition cameras, high-definition display), low latency, and highly reliable processing capabilities. Figure 1 is a schematic diagram of the structure of an in-vehicle electronic control system with a CCA architecture, as shown in Figure 1. In Figure 1, the number of VIUs deployed in the car is 4 as an example, and 4 VIUs are deployed in the car: VIU0, VIU1 , VIU2 and VIU3, 4 VIUs are interconnected through high-speed Ethernet, each VIU manages ECUs in one area, and each VIU is connected to ECUs in one area through a bus, such as VIU0 through a bus to connect ECU0, ECU1, ECU2 and ECU3, VIU1 connects ECU5, ECU6, ECU7 and ECU8 through a bus, VIU2 connects ECU13, ECU14, ECU15 and ECU16 through a bus, VIU3 connects ECU9, ECU10, ECU11 and ECU12 through a bus, VIU0 and VIU3 are both connected to DC1 , both VIU1 and VIU2 are connected to DC2. In the key agreement method provided in this application, the VIU deployed in each region is responsible for distributing the shared key between the ECUs and the DCs, so that secure communication can be established between each DC and each ECU.

The electronic control components involved in this application mainly include VIU, ECU and DC. It is understood that the number of VIU, ECU and DC is one or more, which are represented by ECU _i , VIU _j and DC _k respectively, where i, j and k are positive integers, which are the numbers of VIU, ECU, and DC, respectively. Security credentials are preset and stored in ECU _i , VIU _j and DC _k . Specifically, the security credentials preset in ECU _i are a long-term shared key GK and an authentication key K _i . The pre-set security credentials in VIU _j are the device private key sk _VIUj , the device certificate Cert _VIUj (which includes the device public key pk _VIUj ), the root certificate Cert ₀ (unified for the whole vehicle, used to verify the legitimacy of the device certificate), the long-term shared secret key GK and the authentication key K _i corresponding to the authentication key K _i preset in the ECU _i , or the security credential preset in the VIU _j is the device private key sk _VIUj , the device public key or the device public key of DC _k Hash value, root certificate Cert ₀ (unified for the whole vehicle, used to verify the validity of the device certificate), long-term shared key GK and authentication key K _i corresponding to the authentication key K _{i preset in ECU i} _. The security credentials preset in the DC _k are the device private key sk _DCk , the device certificate Cert _DCk (which contains the device public key pk _DCk ), and the root certificate Cert ₀ (unified throughout the vehicle, used to verify the validity of the device certificate). Based on these pre-set security credentials, authentication, negotiation and distribution of authentication keys and encryption keys between VIU and VIU, between VIU and DC, and between VIU and ECU for each DC and each ECU Ability to establish secure communication.

In the prior art, in the centralized network architecture based on the central gateway, the random number seed S received by all ECUs and DCs in the whole vehicle in the process of generating the communication key is the same, so as to ensure that all ECUs and DCs in the whole vehicle share the same communication key. In the CCA architecture, there are multiple VIUs, the central gateway is replaced by multiple VIUs, and S is randomly generated every time the key is updated, so the uniqueness of S cannot be guaranteed, so the existing solution is not applicable to the CCA architecture. In order to solve this problem, the present application provides a method and device for key negotiation, by first completing multi-party key negotiation among N VIUs under the CCA architecture at the beginning of the key update process, to obtain the first key agreement shared by the N VIUs. A random number, then each VIU derives a second random number, a temporary shared key and a temporary common key according to the first random number. Since the second random number, the temporary shared key and the temporary common key are shared by all VIUs, The same communication key and random number seed can be negotiated between the DC and any of the VIUs. After the negotiation is completed, the DC and each VIU can use the same communication key for secure communication. Establish a secure communication connection. Then each VIU authenticates and negotiates the communication encryption key and communication authentication key with the ECU or other ECUs in its management area according to the random number seed and the authentication key preset by the VIU, and finally converts the communication encryption key and communication authentication key After the communication key is encrypted and sent to the DC, the communication encryption key and the communication authentication key are used to establish secure communication between each DC and each ECU. In this way, the key negotiation under the CCA architecture is realized, which ensures the establishment of secure communication between each DC and each ECU. The key agreement method and device provided by the present application will be described in detail below with reference to the accompanying drawings.

FIG. 2 is an interaction flowchart of an embodiment of a key agreement method provided by the present application. As shown in FIG. 2 , the method of this embodiment may include:

S101. After the first VIU negotiates with other VIUs in the in-vehicle electronic control system to negotiate a common first random number, determine a second random number, a temporary shared key and a temporary common private key according to the first random number, and determine a second random number, a temporary shared key and a temporary common private key according to the first random number, The private key generates a temporary common public key.

Specifically, it can be understood that the first VIU is any VIU in the electronic control system, and all the VIUs in the electronic control system can use the multi-party key agreement protocol to perform multi-party key negotiation to negotiate a common first random number, Any common multi-party key agreement protocol can be used, such as the multi-party key exchange protocol (Elliptic Curve Diffie–Hellman ECDH) protocol.

The first VIU determines the second random number, the temporary shared key and the temporary common private key according to the first random number, which may be derived from the first random number R to obtain the second random number, the temporary shared key and the temporary common private key, which may The second random number, the temporary shared key and the temporary shared private key are derived from the first random number R through the key derivation function. The calculation process is: (nonce||Key _VIU ||eSK)=KDF(R), where KDF is the key derivation function, which can generate data of any length according to the input data, nonce is the second random number, Key _VIU is the temporary shared key, eSK is the temporary common private key, and then, according to The temporary common private key eSK generates a temporary common public key ePK. The temporary shared key Key _VIU is used for secure communication among all VIUs, and the temporary common private key eSK and the temporary common public key ePK are used for key negotiation between each VIU and each DC. The key negotiation between each VIU and each DC uses the same ephemeral private key eSK and ephemeral public key ePK, so all VIUs and DCs negotiate the same key.

In this embodiment, the first random number, the second random number, the temporary common private key, and the temporary common public key shared by multiple VIUs in the vehicle through negotiation are logically unified to the outside world, and the DC does not need to care about the specific deployment details of the VIUs (such as number, distribution location, connected ECUs, etc.) to decouple the authentication negotiation processing logic of the DC from the actual deployment details of the VIU, simplifying the processing logic.

S102. The first DC generates a temporary private key and a third random number, and generates a corresponding temporary public key according to the temporary private key.

The first DC is a DC in the in-vehicle electronic control system, that is, any DC.

S103. The first VIU authenticates and negotiates a communication key and a random number seed with the first DC according to the second random number, the temporary common public key, and the device private key preset by the first VIU.

Wherein, the random number seed Seed _kD is used for the communication key distribution of the first ECU in the first VIU management area.

Specifically, since the VIUs have a common temporary public key, the first DC and any VIU can negotiate the same communication key and random number seed. After the negotiation is completed, the first DC and each VIU can The same communication key can be used for secure communication, eliminating the need to establish multiple secure connections.

Specifically, in S103, the first VIU authenticates and negotiates the communication key and random number seed with the first DC according to the second random number, the temporary common public key and the device private key preset by the first VIU, which may be:

S1031. The first VIU receives the third random number, the temporary public key and the signature value sent by the first DC.

S1032. The first VIU verifies the signature value according to the device public key, the third random number, and the temporary public key of the first DC.

Specifically, in S1032, the first VIU verifies the signature value according to the device public key, the third random number, and the temporary public key of the first DC, and there are three possible ways. It is a method of pre-storing the device public key of the first DC. In the third method, the device public key or device public key hash value of the first DC is pre-stored in the first VIU, and the first VIU verifies the received device public key of the first DC. The way. The following is a detailed description:

Manner 1: The first VIU receives the third random number, the temporary public key, the signature value and the device certificate of the first DC sent by the first DC, where the device public key of the first DC is included in the device certificate of the first DC.

The first VIU verifies the validity of the device certificate of the first DC according to the root certificate preset by the first VIU, and verifies the signature value according to the third random number and the temporary public key.

Manner 2: The first VIU receives the third random number, the temporary public key and the signature value sent by the first DC.

The first VIU verifies the signature value according to the pre-stored device public key of the first DC, the third random number and the temporary public key.

Manner 3: The first VIU receives the third random number, the temporary public key, the signature value and the device public key of the first DC sent by the first DC.

The first VIU verifies the received device public key of the first DC according to the pre-stored device public key of the first DC or the hash value of the device public key. The device public key verifies the signature value.

S1033: After the first VIU passes the verification of the signature value, the digital signature value is calculated according to the second random number, the temporary common public key, and the device private key of the first VIU.

S1034: The first VIU sends the second random number, the temporary common public key and the digital signature value to the first DC.

S1035. The first DC verifies the digital signature value according to the second random number, the temporary common public key and the device public key of the first VIU, and after the verification of the digital signature value is passed, determines the communication password according to the temporary private key and the temporary common public key. key.

Specifically, the first DC may also be a communication key determined according to the temporary private key, the temporary common public key, and other information, where other information may be, for example, the identity of the first VIU, the identity of the first DC, and the identity of the vehicle any of the.

Specifically, when the first DC verifies the digital signature value according to the second random number, the temporary common public key and the device public key of the first VIU, the manner in which the first DC obtains the device public key of the first VIU is the same as that of the first DC in S1032. The way the VIU obtains the device public key of the first DC is similar, and there are three possible ways, which are described in detail below:

Mode 1: The first DC receives the second random number, the temporary common public key, the digital signature value and the device certificate preset by the first VIU sent by the first VIU, and the device public key of the first VIU is included in the preset device certificate of the first VIU. in the device certificate.

The first DC verifies the validity of the device certificate of the first VIU according to the root certificate preset by the first DC, and verifies the digital signature value according to the second random number and the temporary common public key.

Manner 2: The first DC receives the second random number, the temporary common public key and the digital signature value sent by the first VIU.

The first DC verifies the digital signature value according to the pre-stored device public key of the first VIU, the second random number and the temporary common public key.

Manner 3: The first DC receives the second random number, the temporary common public key, the digital signature value, and the device public key of the first VIU sent by the first VIU.

The first DC verifies the received device public key of the first VIU according to the pre-stored device public key of the first VIU or the hash value of the device public key. The device's public key verifies the digital signature value.

S1036. The first VIU determines the communication key according to the temporary private key and the temporary common public key, and determines the random number seed according to the third random number and the second random number, or determines the random number seed according to the third random number, the second random number and the first VIU The functional domain identifier determines the random number seed.

S104. The first DC authenticates and negotiates a communication key with the first VIU according to the temporary public key, the third random number, and the device private key preset by the first DC.

The communication key is used for secure communication between the first VIU and the first DC.

In an implementable manner, S103 may also be that the first DC performs a communication with the first VIU according to the temporary public key, the third random number, the device certificate preset by the first DC, and the device private key preset by the first DC Authentication, negotiate a communication key with the first VIU after successful authentication.

Specifically, the first DC verifies the digital signature value according to the second random number, the temporary common public key and the device public key of the first VIU, and after successful verification, determines the communication key according to the temporary private key and the temporary common public key.

S105 , the first VIU authenticates with the first ECU according to the random number seed and the authentication key preset by the first VIU, and negotiates the communication encryption key and the communication authentication key.

Wherein, the first ECU may be an ECU in the management area of the first VIU, or may be other ECUs.

Optionally, the first VIU may also perform authentication with the first ECU and negotiate the communication encryption key and the communication authentication key according to the identifier of the first VIU, the random number seed and the authentication key preset by the first VIU.

S106. After the first VIU determines that the authentication with the first ECU is successful, the communication encryption key and the communication authentication key are encrypted by the communication key and then sent to the first DC.

Specifically, the first VIU sends the communication encryption key and the communication authentication key to the first DC after encrypting the communication key, which may be:

The first VIU encrypts the communication encryption key and the communication authentication key with the communication key to obtain an encrypted ciphertext, and the first VIU sends the second message authentication code and the encrypted ciphertext to the first DC.

Optionally, the identifier of the first ECU may also be sent at the same time.

In this embodiment, the first DC does not need to store the long-term shared key, but at the end of the entire negotiation process, the first VIU encrypts and sends the communication encryption key and the communication authentication key to the first DC, thereby avoiding The attack on the DC led to the disclosure of the vehicle-wide shared key GK.

In the key negotiation method provided in this embodiment, after negotiating a common first random number with other VIUs in the in-vehicle electronic control system through the first VIU, the second random number, the temporary shared key and the key are determined according to the first random number. The temporary common private key is generated, and the temporary common public key is generated according to the temporary common private key. Since the second random number, temporary shared key and temporary common key are shared by all VIUs, the DC and any one of the VIUs can negotiate the same communication key and random number seed. The same communication key can be used for secure communication without establishing a secure communication connection between the DC and each VIU. Then the first VIU authenticates and negotiates the communication encryption key and the communication authentication key with the first ECU according to the random number seed and the authentication key preset by the VIU, and finally encrypts the communication encryption key and the communication authentication key with the communication key After being sent to the first DC, the communication encryption key and the communication authentication key are used to establish secure communication between each DC and each ECU. In this way, the key negotiation under the CCA architecture is realized, which ensures the establishment of secure communication between each DC and each ECU.

An implementable manner of performing pairwise authentication between the first VIU and the first DC and negotiating a communication key and a random number seed, that is, an implementable manner of S103-S104, will be described below with reference to FIG. 3 . FIG. 3 is the present application. Provided is a schematic flowchart of an embodiment of the first VIU and the first DC performing pairwise authentication and negotiating a communication key and a random number seed. As shown in FIG. 3 , the method of this embodiment may include:

S201. The first DC uses the device private key preset by the first DC to digitally sign the temporary public key and the third random number to obtain a signature value.

Specifically, the signature value Sig _k =Sign(rk ||ePK _k , _sk _DC ), sk _DC is the device private key preset by the first DC, ePK _k is the temporary public key, and _rk is the third random number.

S202: The first DC sends the temporary public key, the third random number, the signature value, and the device public key of the first DC to the first VIU.

S203. The first VIU verifies the received device public key of the first DC according to the pre-stored device public key of the first DC or the hash value of the device public key, and after the verification is successful, according to the third random number, the temporary public key and the first The DC's device public key verifies the signature value.

In another implementable manner, S202 may be: the first DC sends the temporary public key, the third random number and the signature value to the first VIU.

Correspondingly, S203 may be: the first VIU verifies the signature value according to the pre-stored device public key of the first DC, the third random number, and the temporary public key.

In another implementable manner, S202 may be: the first DC sends the third random number, the temporary public key, the signature value and the device certificate preset by the first DC to the first VIU.

Correspondingly, S203 may be: the first VIU verifies the validity of the device certificate of the first DC according to the root certificate preset by the first VIU, and verifies the signature value according to the third random number and the temporary public key.

Specifically, if the verification fails, stop the key update process, and if the verification succeeds, execute S204.

S204. After the first VIU is successfully verified, the digital signature value is calculated according to the second random number, the temporary common public key, and the device private key of the first VIU.

Specifically, the calculation process can be the digital signature value Sig ₀ =Sign(nonce||ePK, sk _VIUj0 ), where ePK is the temporary common public key, sk _VIUj0 is the device private key of the first VIU, and nonce is the second random number.

S205: The first VIU sends the second random number, the temporary common public key and the digital signature value to the first DC.

S206. The first VIU determines the communication key according to the temporary private key and the temporary common public key, and determines the random number seed according to the third random number and the second random number, or determines the random number seed according to the third random number, the second random number and the first VIU The functional domain identifier determines the random number seed.

Specifically, after sending the third random number r _k , the temporary public key ePK _k and the check value MAC _k , the first VIU performs a hash operation according to the temporary public key ePK _k and the temporary common private key eSK to obtain the communication key Key _VDk =HASH(ePK _k *eSK), and calculate Seed _kD according to the third random number r _k , the second random number nonce and the functional domain identifier DID, and the calculation process is Seed _kD =HASH(r _k ||nonce||DID) .

In this embodiment, in the manner of determining the random number seed according to the third random number, the second random number and the functional domain identifier of the first VIU, since the random number seed is the first VIU according to the third random number, the second random number As determined from the functional domain identifier of the first VIU, the identifiers of different functional domains are different, so the random number seeds corresponding to different functional domains are different. The random number seed is used for key distribution between the VIU and ECU. Different random number seeds are used when distributing keys to ECUs in different functional domains, which can realize different communication encryption keys and communication authentication keys in different functional domains, reducing the need for The scope of use of the key is increased, and the security is higher.

Optionally, in S206, the first VIU may also determine the communication key according to the temporary private key and the temporary common public key, and determine the random number seed according to the third random number and the second random number, that is to say, the random number seed is also It may not be distinguished by functional domain.

S207: The first DC verifies the digital signature value according to the pre-stored device public key of the first VIU, the second random number, and the temporary common public key, and after successful verification, determines the communication key according to the temporary private key and the temporary common public key.

Specifically, the first DC verifies the digital signature value according to the second random number, the temporary common public key and the device public key of the first VIU. If the verification fails, the key update process is stopped; The common public key determines the communication key, and the determination process may be that the first DC performs a hash operation according to the temporary public key ePK _k and the temporary common public key ePK to obtain the communication key Key _VDk =HASH(eSK _k *ePK), the communication key The Key _VDk is used for secure communication between the first DC and each VIU, where HASH is a hash operation.

In another implementable manner, S205 may be: the first VIU sends the device public key, the second random number, the temporary common public key and the digital signature value of the first VIU to the first DC.

Correspondingly, S207 may be: the first DC verifies the received device public key of the first VIU according to the pre-stored device public key of the first VIU or the hash value of the device public key, and after the verification is successful, according to the second random number, temporary The digital signature value is verified by the common public key and the device public key of the first VIU.

In another implementable manner, S205 may be: the first VIU sends the device certificate, the second random number, the temporary common public key and the digital signature value preset by the first VIU to the first DC, and the first VIU's The device public key is included in the device certificate preset by the first VIU.

Correspondingly, S207 may be: the first DC verifies the validity of the device certificate of the first VIU according to the root certificate preset by the first DC, and verifies the digital signature value according to the second random number and the temporary common public key.

Further, after the first VIU sends the second random number, the temporary common public key and the digital signature value to the first DC in S205, the method of this embodiment may further include:

S208. The first VIU calculates the first check value according to the third random number, the temporary public key, and the temporary shared key.

Specifically, the hash operation may be performed according to the third random number rk , the temporary public key _{ePK k} _and the temporary shared key Key _VIU to obtain the first check value MAC _k =HASH(r _k ||ePK _k ||Key _VIU ) .

S209: The first VIU sends the third random number, the temporary public key and the first check value to other VIUs in the in-vehicle electronic control system.

S210. Other VIUs calculate the second check value according to the third random number, the temporary public key and the temporary shared key, and when confirming that the first check value is the same as the second check value, calculate the second check value according to the temporary public key and the temporary shared key. The private key determines the communication key, and simultaneously determines the random number seed according to the third random number and the second random number, or simultaneously determines the random number seed according to the third random number, the second random number and the functional domain identifiers of other VIUs.

Specifically, after receiving the third random number _r _k , the temporary public key _ePK _k and the first check value MAC _k , the other _VIUs perform Hash operation is performed to obtain the second check value MAC'=HASH(r _k ||ePK _k ||Key _VIU ), and the MAC' and the MAC _k value are compared. If the comparison fails, stop the key update process; if the comparison is successful, that is, the first check value is the same as the second check value, the other VIUs perform hash operations according to the temporary public key ePK _k and the temporary common private key eSK, The communication key Key _VDk =HASH(ePK _k *eSK) is obtained, and the communication key Key _VDk is used for the secure communication between the first DC and each VIU. At the same time, other VIUs calculate the random number seed Seed _kD according to the third random number r _k , the second random number nonce and the functional domain identifier DID of other VIUs. The calculation process can be Seed _kD =HASH(r _k ||nonce||DID), DID is the functional domain identifier of the VIU, and DID is used to identify different functional domains (such as power domain, chassis domain, body domain, etc.). Seed _kD is used for key distribution between VIU and ECU. Different random number seeds are used when distributing keys to ECUs in different functional domains. Seed _kD can realize different communication encryption keys and communication authentication keys in different functional domains, reducing The scope of use of the key is increased, and the security is higher.

An implementable manner in which the first VIU and the first ECU perform authentication and negotiate a communication encryption key and a communication authentication key, that is, an implementable manner of S105, will be described below with reference to FIG. 4 . FIG. 4 is provided for this application. A schematic flowchart of an embodiment of the first VIU and the first ECU performing authentication and negotiating a communication encryption key and a communication authentication key. As shown in FIG. 4 , the method of this embodiment may include:

S301. The first ECU generates a fourth random number.

S302. The first ECU sends the fourth random number to the first VIU, and the first VIU is directly connected to the first ECU.

Optionally, the first ECU may also send the identifier of the first ECU to the first VIU.

S303. The first VIU calculates a third check value according to the fourth random number, the random number seed, and the authentication key preset by the first VIU.

Optionally, the first VIU may also calculate the third check value according to the identifier of the first VIU, the identifier of the first ECU, the fourth random number, the random number seed, and the authentication key preset by the first VIU. If the identification of the first VIU and the identification of the first ECU are added, the accuracy will be higher.

S304. The first VIU sends the random number seed and the third check value to the first ECU.

Optionally, the identifier of the first VIU may also be sent.

S305. The first ECU authenticates the third verification value.

S306. After the first ECU passes the authentication on the third verification value, it sends the first message authentication code and the second message authentication code to the first VIU, where the first message authentication code is the first ECU pre-predicted according to the random number seed and the first ECU. The second message authentication code is calculated by the first ECU according to the communication encryption key and the communication authentication key, or the first message authentication code is calculated by the first ECU according to the first ECU's identification, random number The seed and the authentication key preset by the first ECU are calculated, and the second message authentication code is calculated by the first ECU according to the identification of the first ECU, the communication encryption key and the communication authentication key.

S307. The first VIU determines the communication encryption key and the communication authentication key according to the long-term shared key and random number seed preset by the first VIU.

Specifically, S307 may be: the first VIU obtains the communication encryption key EK and the communication authentication key AK by calculating the key derivation function KDF according to the long-term shared key GK and the random number seed Seed _kD preset in the first VIU, specifically is (EK||AK)=KDF(Seed _kD , GK).

S308. The first VIU authenticates the first message authentication code and the second message authentication code.

Specifically, the first VIU authenticates the first message authentication code and the second message authentication code, which may specifically be: the first VIU calculates the third message authentication code according to the random number seed and the authentication key preset by the first VIU, and The fourth message authentication code is calculated according to the communication encryption key and the communication authentication key, and the first VIU compares the first message authentication code with the third message authentication code, and compares the second message authentication code with the fourth message authentication code right.

The first VIU determines that the authentication with the first ECU is successful, specifically: if the first message authentication code is the same as the third message authentication code, and the second message authentication code is the same as the fourth message authentication code, the first VIU determines that the authentication code is the same as the third message authentication code. An ECU authentication is successful.

In this embodiment, the key distributed by the first VIU to the ECU is related to the random number seed Seed _kD , and the Seed _kD is related to the functional domain identifier. Therefore, the communication encryption key and communication authentication key distributed by the first VIU to the ECU are determined by function Domain distinction, the communication encryption key and communication authentication key in different functional domains are different, and the communication encryption key and communication authentication key in different functional domains can be different, which reduces the use range of the key and provides higher security.

A specific embodiment is used below to describe in detail the technical solutions of the method embodiments shown in FIG. 2 to FIG. 4 .

FIG. 5 is an interaction flow chart of an embodiment of a key agreement method provided by this application. In this embodiment, a total of N=4 VIUs in the in-vehicle electronic control system are used as an example for description. As shown in FIG. 5 , this embodiment Example methods could include:

S401. The first VIU performs multi-party key negotiation with other VIUs in the in-vehicle electronic control system to obtain a first random number R shared by the four VIUs in the in-vehicle electronic control system.

Specifically, all VIUs in the electronic control system can use the multi-party key agreement protocol for multi-party key agreement, and can use any common multi-party key agreement protocol, such as the multi-party key exchange protocol (Elliptic Curve Diffie–Hellman ECDH) protocol.

S402. The first VIU derives a second random number, a temporary shared key and a temporary common private key according to the first random number R, and generates a temporary common public key according to the temporary common private key.

Specifically, the first VIU can derive the second random number, the temporary shared key and the temporary common private key according to the first random number R through a key derivation function, and the calculation process is: (nonce||Key _VIU ||eSK)= KDF(R), where KDF is the key derivation function, which can generate data of any length according to the input data, nonce is the second random number, Key _VIU is the temporary shared key, and eSK is the temporary The common private key is then used to generate a temporary common public key ePK according to the temporary common private key eSK. The temporary shared key Key _VIU is used for secure communication between all VIU _j , and the temporary common private key eSK and the temporary common public key ePK are used for key negotiation between VIU _j and DC _k . All key negotiations between VIU _j and DC _k use the same ephemeral private key eSK and ephemeral public key ePK, so all VIU _j and DC _k negotiate the same key.

S403, the first VIU and the first DC perform authentication and negotiate a communication key and a random number seed Seed _kD , the first DC is connected to the first VIU, and the communication key is used for secure communication between the first VIU and the first DC, The random number seed Seed _kD is used for the communication key distribution of the first ECU in the first VIU management area.

The first VIU and the first DC perform authentication and negotiate a communication key and a random number seed, which may specifically include:

S4031 , the first DC randomly generates a temporary private key eSK _k and a third random number r _k , and generates a corresponding temporary public key ePK _k according to the temporary private key eSK _k .

S4032. The first DC uses the device private key sk _DC preset by the first DC to digitally sign the temporary public key ePK _k and the third random number r _k , and calculates the signature value Sig _k =Sign(r _k ||ePK _k , sk _DC ).

S4033 , the first DC sends the temporary public key ePK _k , the third random number r _k , the signature value Sig _k and the device certificate Cert _DCk preset by the first DC to the first VIU.

S4034. After receiving the temporary public key ePK _k , the third random number r _k , the signature value Sig _k and the device certificate Cert _DCk preset by the first DC, the first VIU verifies the first VIU according to the root certificate Cert ₀ preset by the first VIU The validity of the device certificate Cert _DCk of a DC, and then the signature value Sig _k is verified according to the third random number r _k and the temporary public key ePK _k . If the verification fails, the key update process is stopped. If the verification is successful, the first VIU calculates the digital signature value Sig ₀ according to the second random number nonce, the temporary common public key ePK and the device private key sk _VIUj0 of the first VIU, and the calculation process is Sig 0 ₀ =Sign(nonce||ePK,sk _VIUj0 ), and then execute S4035.

S4035: The first VIU sends the second random number nonce, the temporary common public key ePK, the digital signature value Sig ₀ , and the device certificate Cert _VIUj0 of the first VIU to the first DC.

S4036, after the first DC receives the second random number nonce, the temporary common public key ePK, the digital signature value Sig ₀ , and the device certificate Cert _VIUj0 of the first VIU, it verifies the first VIU according to the preset root certificate Cert ₀ of the first DC The validity of the device certificate Cert _VIUj0 , and then the digital signature value Sig ₀ is verified according to the second random number nonce and the temporary common public key ePK. If the verification fails, stop the key update process; if the verification succeeds, the first DC calculates the communication key Key _VDk according to the temporary private key ePK _k and the temporary common public key ePK, and the calculation process is based on the temporary public key ePK _k and the temporary common public key. Perform a hash operation on the key ePK to obtain a communication key Key _VDk =HASH(eSK _k *ePK), and the communication key Key _VDk is used for secure communication between the first DC and each VIU, wherein HASH is a hash operation.

S4037, after the first VIU sends the second random number nonce, the temporary public public key ePK, the digital signature value Sig ₀ and the device certificate Cert _VIUj0 of the first VIU, according to the third random number r _k , the temporary public key ePK _k and the temporary The shared key Key _VIU calculates the first check value MAC _k , and specifically performs a hash operation according to the third random number r _k , the temporary public key ePK _k and the temporary shared key Key _VIU to obtain the first check value MAC _k = HASH(r _k ||ePK _k ||Key _VIU ).

S4038 , the first VIU sends the third random number rk , the temporary public key ePK _k and the first check value MAC _k to other _VIUs .

S4039. After receiving the third random number r _k , the temporary public key ePK _k and the first check value MAC _k , the other VIUs perform hashing according to the third random number r _k , the temporary public key ePK _k and the temporary shared key Key _VIU The second check value MAC'=HASH(r _k ||ePK _k ||Key _VIU ) is obtained, and the MAC' and the MAC _k value are compared. If the comparison fails, stop the key update process; if the comparison is successful, that is, the first check value is the same as the second check value, the other VIUs perform hash operations according to the temporary public key ePK _k and the temporary common private key eSK, The communication key Key _VDk =HASH(ePK _k *eSK) is obtained, and the communication key Key _VDk is used for the secure communication between the first DC and each VIU. At the same time, other VIUs calculate the random number seed Seed _kD according to the third random number r _k , the second random number nonce and the functional domain identifier DID. The calculation process is Seed _kD =HASH(r _k ||nonce||DID), where DID is the function Domain identification, DID is used to identify different functional domains (such as power domain, chassis domain, body domain, etc.). Seed _kD is used for key distribution between VIU and ECU.

S4040. After sending the third random number r _k , the temporary public key ePK _k and the check value MAC _k , the first VIU performs a hash operation according to the temporary public key ePK _k and the temporary common private key eSK to obtain the communication key Key _VDk =HASH(ePK _k *eSK), and calculate Seed _kD according to the third random number r _k , the second random number nonce and the functional domain identifier DID, and the calculation process is Seed _kD =HASH(r _k ||nonce||DID).

S404, the first VIU and the first ECU perform authentication and generate a communication encryption key EK and a communication authentication key AK.

Wherein, the first ECU is an ECU in the management area of the first VIU, and it can be understood that the number of the first ECU is at least one.

Specifically, S404 may include:

_{S4041. The first ECU generates a fourth random number Ri, and sends the fourth random number Ri and the identification ID i} _of _the first ECU to the first VIU directly connected to the first ECU.

_S4042 , the first VIU calculates the third verification key according to the identification ID _VIUj of the first VIU, the identification ID _i of the first ECU, the fourth random number Ri, the random number seed Seed _kD and the authentication key K _i preset by the first VIU Check the value MAC1, specifically through hash operation, obtain MAC1=HASH(ID _i ||ID _VIUj ||R _i ||Seed _kD ||K _i ), and set the ID _VIUj of the first VIU, the random number seed Seed _kD and the third check value MAC1 are sent to the first ECU.

S4043, after the first ECU receives the identification ID _VIUj of the first VIU, the random number seed Seed _kD and the check value MAC1, according to the identification ID _VIUj of the first VIU, the identification ID _i of the first ECU, and the fourth random number R _i , the random number seed Seed _kD and the authentication key K _i preset by the first ECU to calculate the check value MAC1', specifically through hash operation, to obtain MAC1'=HASH(ID _i ||ID _VIUj ||R _i || Seed _kD ||K _i ) and align MAC1 and MAC1'. If the comparison fails, stop the key update process; if the comparison is successful, the first ECU obtains the communication encryption key by calculating the key derivation function KDF according to the long-term shared key GK and the random number seed Seed _kD preset in the first ECU EK and communication authentication key AK, specifically (EK||AK)=KDF(Seed _kD , GK). Then calculate the first message authentication code MAC2 and the second message authentication code MAC3, MAC2=HASH(ID _i ||Seed _kD ||K _i ), MAC3=HASH(ID _i ||EK||AK), The message authentication code MAC2 and the second message authentication code MAC3 are sent to the first VIU.

S4044. After receiving the first message authentication code MAC2 and the second message authentication code MAC3, the first VIU obtains the communication through the key derivation function KDF according to the preset long-term shared key GK and random number seed Seed _kD in the first VIU The encryption key EK and the communication authentication key AK are specifically (EK||AK)=KDF(Seed _kD , GK).

S4045, then calculate the third message authentication code MAC2'=HASH(ID _i ||Seed _kD ||K _i ) and the fourth message authentication code MAC3'=HASH(ID _i ||EK||AK), and set the MAC2' and MAC3' are compared with MAC2 and MAC3 respectively. If one pair of MAC2' and MAC2 and MAC3' and MAC3 are different, the comparison fails and the key update process is stopped; if MAC2' is the same as MAC2 and MAC3' is the same as MAC3, The comparison is successful.

S405. The first VIU assists the first DC to generate a consistent communication encryption key EK and communication authentication key AK, and completes the communication key consistency check.

Specifically, S405 may include:

S4051. The first VIU sends the identifier ID _i of the first ECU, the second message authentication code MAC3 and the encrypted ciphertext Enc(EK||AK,Key _VDk ) to the first DC.

S4052, the first DC calculates MAC3'=HASH(ID _i ||EK _i ||AK _i ), and compares MAC3' with MAC3. If the comparison fails, stop the key update process. If the comparison is successful, the entire key update process is completed.

FIG. 6 is a schematic structural diagram of an embodiment of a key negotiation apparatus provided by the present application. As shown in FIG. 6 , the apparatus of this embodiment may include: a determination module 11 , a first authentication negotiation module 12 , and a second authentication negotiation module 13 and sending module 14, wherein,

The determination module 11 is used to determine the second random number, the temporary shared key and the temporary shared private key according to the first random number after negotiating with other VIUs in the in-vehicle electronic control system to obtain a shared first random number, and according to the temporary shared key. The private key generates a temporary common public key;

The first authentication negotiation module 12 is configured to authenticate and negotiate a communication key and a random number seed with the first domain control unit DC according to the second random number, the temporary common public key and the device private key preset by the first VIU, and the first DC It is a DC in the electronic control system in the car;

The second authentication negotiation module 13 is configured to perform authentication with the first electronic control unit ECU and negotiate the communication encryption key and the communication authentication key according to the random number seed and the authentication key preset by the first VIU;

After determining that the authentication with the first ECU is successful, the sending module 14 encrypts the communication encryption key and the communication authentication key with the communication key and sends them to the first DC.

The apparatus of this embodiment can be used to implement the technical solutions of the foregoing method embodiments, and the implementation principles and technical effects thereof are similar, and details are not described herein again.

FIG. 7 is a schematic structural diagram of an embodiment of a key agreement apparatus provided by the present application. As shown in FIG. 7 , on the basis of the apparatus shown in FIG. 6 , further, the first authentication negotiation module 12 in the apparatus of this embodiment is It may include: a receiving unit 121, a verification unit 122, a computing unit 123, a sending unit 124 and a determining unit 125, wherein,

The receiving unit 121 is configured to receive the third random number, the temporary public key and the signature value sent by the first DC;

The verification unit 122 is configured to verify the signature value according to the device public key, the third random number and the temporary public key of the first DC;

The calculation unit 123 is used to calculate the digital signature value according to the second random number, the temporary common public key and the device private key of the first VIU after the signature value is verified and passed;

The sending unit 124 is configured to send the second random number, the temporary common public key and the digital signature value to the first DC, for the first DC to pair the digital data with the second random number, the temporary common public key and the device public key of the first VIU. The signature value is verified, and after the verification is successful, the communication key is determined according to the temporary private key and the temporary common public key;

The determining unit 125 is configured to determine the communication key according to the temporary private key and the temporary common public key, and determine the random number seed according to the third random number and the second random number, or determine the random number seed according to the third random number, the second random number and the first VIU The functional domain identifier determines the random number seed.

Further, the calculation unit 123 is further configured to: after the sending unit 124 sends the second random number, the temporary public public key and the digital signature value to the first DC, calculate the calculation according to the third random number, the temporary public key and the temporary shared key the first check value;

The sending unit 124 is further configured to: send the third random number, the temporary public key and the first check value to other VIUs in the in-vehicle electronic control system, for the other VIUs to use the third random number, the temporary public key and the temporary The shared key calculates the second check value, and when it is confirmed that the first check value is the same as the second check value, the communication key is determined according to the temporary public key and the temporary common private key, and at the same time according to the third random number and The second random number determines the random number seed, or simultaneously determines the random number seed according to the third random number, the second random number and the functional domain identifiers of other VIUs.

FIG. 8 is a schematic structural diagram of an embodiment of a key agreement apparatus provided by the present application. As shown in FIG. 8 , on the basis of the apparatus shown in FIG. 6 or FIG. Taking the basic example as an example, further, the second authentication negotiation module 13 in the apparatus of this embodiment may include: a receiving unit 131 and an authentication negotiation unit 132, wherein,

The receiving unit 131 is configured to receive the fourth random number sent by the first ECU;

The authentication negotiation unit 132 is configured to perform authentication with the first ECU and negotiate the communication encryption key and the communication authentication key according to the fourth random number, the random number seed and the authentication key preset by the first VIU.

Further, the authentication negotiation unit 132 is used for:

Further, the authentication negotiation unit 132 is configured to: calculate the third message authentication code according to the random number seed and the authentication key preset by the first VIU, and calculate the fourth message authentication code according to the communication encryption key and the communication authentication key;

The second authentication negotiation module 13 is used for:

Further, the sending module 15 is used for:

FIG. 9 is a schematic structural diagram of an embodiment of a key agreement apparatus provided by the present application. As shown in FIG. 9 , the apparatus of this embodiment may include: a generating module 21 , an authentication negotiation module 22 and a receiving module 23 , wherein,

The generation module 21 is used to generate a temporary private key and a third random number, and generate a corresponding temporary public key according to the temporary private key, and the first DC is a DC in the in-vehicle electronic control system;

The authentication negotiation module 22 is configured to authenticate and negotiate a communication key with the first vehicle integration unit VIU according to the temporary public key, the third random number and the device private key preset by the first DC;

The receiving module 23 is configured to receive the communication encryption key and the communication authentication key encrypted by the communication key and sent by the first VIU. The set authentication key is obtained through authentication and negotiation with the first ECU.

FIG. 10 is a schematic structural diagram of an embodiment of a key agreement apparatus provided by the present application. As shown in FIG. 10 , on the basis of the apparatus shown in FIG. 9 , further, the authentication negotiation module 22 in the apparatus of this embodiment may include : digital signature unit 221, sending unit 222, receiving unit 223, verifying unit 224 and determining unit 225, wherein,

The digital signature unit 221 is used to digitally sign the temporary public key and the third random number using the device private key preset by the first DC to obtain a signature value;

The sending unit 222 is configured to send the temporary public key, the third random number and the signature value to the first VIU;

The receiving unit 223 is configured to receive the second random number, the temporary common public key and the digital signature value sent by the first VIU, where the digital signature value is the device preset by the first VIU according to the second random number, the temporary common public key and the first VIU The private key is calculated and obtained, the second random number is determined by the first VIU according to the first random number, and the first random number is a common random number negotiated by the first VIU and other VIUs in the in-vehicle electronic control system;

The verification unit 224 is configured to verify the digital signature value according to the second random number, the temporary common public key and the device public key of the first VIU;

The determining unit 225 is configured to determine the communication key according to the temporary private key and the temporary common public key after the verification unit passes the verification of the digital signature value.

FIG. 11 is a schematic diagram of a key agreement apparatus provided by this application, and the key agreement apparatus 100 includes:

memory 101 and processor 102;

memory 101 for storing computer programs;

The processor 102 is configured to execute the computer program stored in the memory to implement the key agreement method in the above embodiment. For details, refer to the relevant descriptions in the foregoing method embodiments.

Optionally, the memory 101 may be independent or integrated with the processor 102 .

When the memory 101 is a device independent of the processor 102, the key agreement apparatus 100 may further include:

The bus 103 is used to connect the memory 101 and the processor 102 .

Optionally, this embodiment further includes: a communication interface 104 , where the communication interface 104 can be connected to the processor 102 through the bus 103 . The processor 102 can control the communication interface 103 to realize the above-mentioned acquisition function of the key agreement apparatus 100 .

The apparatus may be used to execute each step and/or process in the above method embodiments.

The present application further provides a readable storage medium, where an execution instruction is stored in the readable storage medium. When at least one processor of the key agreement apparatus executes the execution instruction, the key agreement apparatus executes the execution instructions provided by the above-mentioned various embodiments. Key agreement method.

The present application also provides a program product including execution instructions stored in a readable storage medium. At least one processor of the key agreement apparatus can read the execution instruction from the readable storage medium, and the at least one processor executes the execution instruction to cause the key agreement apparatus to implement the key agreement methods provided by the various embodiments described above.

Those of ordinary skill in the art can understand that: in the above-mentioned embodiments, all or part of them may be implemented by software, hardware, firmware or any combination thereof. When implemented in software, it can be implemented in whole or in part in the form of a computer program product. A computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on a computer, the procedures or functions according to the embodiments of the present invention result in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable device. Computer instructions may be stored in or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from a website site, computer, server, or data center over a wire (e.g. coaxial cable, fiber optic, digital subscriber line (DSL)) or wireless (eg, infrared, wireless, microwave, etc.) to another website site, computer, server, or data center. A computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device such as a server, a data center, or the like that includes an integration of one or more available media. Useful media may be magnetic media (eg, floppy disks, hard disks, magnetic tapes), optical media (eg, DVD), or semiconductor media (eg, Solid State Disk (SSD)), among others.

Claims

A key agreement method, comprising:

After the first vehicle integration unit VIU negotiates with other VIUs in the in-vehicle electronic control system to negotiate a shared first random number, the second random number, the temporary shared key and the temporary shared private key are determined according to the first random number, and generate a temporary common public key according to the temporary common private key;

The first VIU authenticates and negotiates a communication key and a random number seed with the first domain control unit DC according to the second random number, the temporary common public key, and the device private key preset by the first VIU, and the The first DC is a DC in the in-vehicle electronic control system;

The first VIU authenticates with the first electronic control unit ECU according to the random number seed and the authentication key preset by the first VIU, and negotiates a communication encryption key and a communication authentication key;

After the first VIU determines that the authentication with the first ECU is successful, the communication encryption key and the communication authentication key are encrypted by the communication key and then sent to the first DC.
The method according to claim 1, wherein the first VIU communicates with the first domain control unit DC according to the second random number, the temporary common public key and the device private key preset by the first VIU Authenticate and negotiate communication keys and random number seeds, including:

receiving, by the first VIU, a third random number, a temporary public key and a signature value sent by the first DC;

The first VIU verifies the signature value according to the device public key, the third random number and the temporary public key of the first DC;

After the first VIU passes the verification of the signature value, calculate the digital signature value according to the second random number, the temporary common public key and the device private key of the first VIU;

The first VIU sends the second random number, the temporary common public key and the digital signature value to the first DC, for the first DC to use the second random number, the The temporary common public key and the device public key of the first VIU verifies the digital signature value, and after successful verification, the communication key is determined according to the temporary private key and the temporary common public key;

The first VIU determines the communication key according to the temporary private key and the temporary common public key, and determines the random number seed according to the third random number and the second random number, or determines the random number seed according to the third random number and the second random number. The random number seed is determined by the third random number, the second random number and the functional domain identifier of the first VIU.
The method according to claim 2, wherein the first VIU sends the second random number, the temporary common public key, the digital signature value and the device certificate preset by the first VIU After giving the first DC, the method further includes:

The first VIU calculates a first check value according to the third random number, the temporary public key and the temporary shared key;

The first VIU sends the third random number, the temporary public key and the first check value to other VIUs in the in-vehicle electronic control system, for the other VIUs to use the A second check value is calculated from the third random number, the temporary public key and the temporary shared key, and when it is confirmed that the first check value is the same as the second check value, the second check value is calculated according to the temporary public key. key and the temporary common private key to determine the communication key, and simultaneously determine the random number seed according to the third random number and the second random number, or determine the random number seed according to the third random number and the second random number simultaneously. Two random numbers and functional domain identifiers of the other VIUs determine the random number seed.
The method according to any one of claims 1-3, wherein the first VIU authenticates and negotiates with the first ECU according to the random number seed and an authentication key preset by the first VIU Communication encryption keys and communication authentication keys, including:

receiving, by the first VIU, a fourth random number sent by the first ECU;

The first VIU authenticates and negotiates a communication encryption key and a communication authentication key with the first ECU according to the fourth random number, the random number seed and the authentication key preset by the first VIU .
The method according to claim 4, wherein the first VIU communicates with the first ECU according to the fourth random number, the random number seed and an authentication key preset by the first VIU Authenticate and negotiate communication encryption keys and communication authentication keys, including:

The first VIU calculates a third check value according to the fourth random number, the random number seed and the authentication key preset by the first VIU;

The first VIU sends the random number seed and the third verification value to the first ECU, for the first ECU to authenticate the third verification value;

The first VIU receives the first message authentication code and the second message authentication code sent by the first ECU after passing the authentication of the third check value, and the first message authentication code is the first message authentication code according to the first ECU. The random number seed and the authentication key preset by the first ECU are calculated, and the second message authentication code is calculated by the first ECU according to the communication encryption key and the communication authentication key;

The first VIU determines the communication encryption key and the communication authentication key according to the long-term shared key and random number seed preset by the first VIU;

The first VIU authenticates the first message authentication code and the second message authentication code.
The method according to claim 5, wherein the first VIU authenticates the first message authentication code and the second message authentication code, comprising:

The first VIU calculates the third message authentication code according to the random number seed and the authentication key preset by the first VIU, and calculates the fourth message authentication code according to the communication encryption key and the communication authentication key code;

The first VIU compares the first message authentication code with the third message authentication code, and compares the second message authentication code with the fourth message authentication code;

The first VIU determines that the authentication with the first ECU is successful, including:

If the first message authentication code is the same as the third message authentication code, and the second message authentication code is the same as the fourth message authentication code, the first VIU determines that the authentication with the first ECU is successful.
The method according to claim 6, wherein the sending the communication encryption key and the communication authentication key to the first DC after encrypting the communication key with the communication key comprises:

The first VIU encrypts the communication encryption key and the communication authentication key by the communication key to obtain encrypted ciphertext;

The first VIU sends the second message authentication code and the encrypted ciphertext to the first DC.
A key agreement method, comprising:

The first domain control unit DC generates a temporary private key and a third random number, and generates a corresponding temporary public key according to the temporary private key, and the first DC is a DC in the in-vehicle electronic control system;

The first DC authenticates and negotiates a communication key with the first vehicle integration unit VIU according to the temporary public key, the third random number and the device private key preset by the first DC;

The first DC receives the communication encryption key and communication authentication key encrypted by the communication key and sent by the first VIU, where the communication encryption key and communication authentication key are the first VIU according to The random number seed and the authentication key preset by the first VIU are obtained through authentication and negotiation with the first ECU.
The method according to claim 8, wherein the first DC is integrated with the first vehicle according to the temporary public key, the third random number and the device private key preset by the first DC The unit VIU performs authentication and negotiates communication keys, including:

The first DC uses the device private key preset by the first DC to digitally sign the temporary public key and the third random number to obtain a signature value;

The first DC sends the temporary public key, the third random number and the signature value to the first VIU;

The first DC receives the second random number, the temporary common public key, and the digital signature value sent by the first VIU, where the digital signature value is the first VIU according to the second random number, the temporary common public key The public key and the device private key preset by the first VIU are calculated, the second random number is determined by the first VIU according to the first random number, and the first random number is the first VIU and the vehicle. The random number negotiated by other VIUs in the internal electronic control system;

The first DC verifies the digital signature value according to the second random number, the temporary common public key and the device public key of the first VIU;

After the first DC has passed the verification of the digital signature value, the communication key is determined according to the temporary private key and the temporary common public key.
A key agreement device, comprising:

The determining module is used to determine a second random number, a temporary shared key and a temporary common private key according to the first random number after negotiating a common first random number with other VIUs in the in-vehicle electronic control system, and according to the The temporary common private key generates a temporary common public key;

A first authentication negotiation module, configured to authenticate and negotiate a communication key and a random number seed with the first domain control unit DC according to the second random number, the temporary common public key and the device private key preset by the first VIU , the first DC is a DC in the in-vehicle electronic control system;

a second authentication negotiation module, configured to perform authentication with the first electronic control unit ECU and negotiate a communication encryption key and a communication authentication key according to the random number seed and the authentication key preset by the first VIU;

The sending module, after determining that the authentication with the first ECU is successful, encrypts the communication encryption key and the communication authentication key with the communication key and sends them to the first DC.
The apparatus according to claim 10, wherein the first authentication negotiation module comprises:

a receiving unit, configured to receive a third random number, a temporary public key and a signature value sent by the first DC;

a verification unit, configured to verify the signature value according to the device public key, the third random number and the temporary public key of the first DC;

a calculation unit, configured to calculate a digital signature value according to the second random number, the temporary common public key and the device private key of the first VIU after the verification of the signature value is passed;

A sending unit, configured to send the second random number, the temporary common public key and the digital signature value to the first DC, for the first DC to use the second random number, the Verifying the digital signature value with the temporary common public key and the device public key of the first VIU, and determining the communication key according to the temporary private key and the temporary common public key after successful verification;

a determining unit, configured to determine the communication key according to the temporary private key and the temporary common public key, and determine the random number seed according to the third random number and the second random number, or according to the The random number seed is determined by the third random number, the second random number and the functional domain identifier of the first VIU.
The apparatus of claim 11, wherein:

The computing unit is further configured to: after the sending unit sends the second random number, the temporary common public key and the digital signature value to the first DC, according to the third random number, The temporary public key and the temporary shared key calculate a first check value;

The sending unit is further configured to: send the third random number, the temporary public key and the first check value to other VIUs in the in-vehicle electronic control system for the other VIUs to use according to the Calculate a second check value according to the third random number, the temporary public key and the temporary shared key, and when it is confirmed that the first check value is the same as the second check value, according to the The communication key is determined by the temporary public key and the temporary common private key, and the random number seed is determined according to the third random number and the second random number, or the third random number, The second random number and the functional domain identifiers of the other VIUs determine the random number seed.
The apparatus according to any one of claims 10-12, wherein the second authentication negotiation module comprises:

a receiving unit, configured to receive the fourth random number sent by the first ECU;

An authentication negotiation unit, configured to perform authentication with the first ECU and negotiate a communication encryption key and a communication authentication key according to the fourth random number, the random number seed and the authentication key preset by the first VIU key.
The apparatus according to claim 13, wherein the authentication negotiation unit is configured to:

Calculate a third check value according to the fourth random number, the random number seed and the authentication key preset by the first VIU;

sending the random number seed and the third verification value to the first ECU for the first ECU to authenticate the third verification value;

Receive a first message authentication code and a second message authentication code sent by the first ECU after passing the authentication of the third check value, where the first message authentication code is the seed of the random number by the first ECU and the authentication key preset by the first ECU, and the second message authentication code is calculated by the first ECU according to the communication encryption key and the communication authentication key;

Determine the communication encryption key and the communication authentication key according to the long-term shared key and random number seed preset by the first VIU;

The first message authentication code and the second message authentication code are authenticated.
The apparatus according to claim 14, wherein the authentication negotiation unit is configured to:

Calculate the third message authentication code according to the random number seed and the authentication key preset by the first VIU, and calculate the fourth message authentication code according to the communication encryption key and the communication authentication key;

comparing the first message authentication code with the third message authentication code, and comparing the second message authentication code with the fourth message authentication code;

The second authentication negotiation module is used for:

If the first message authentication code is the same as the third message authentication code, and the second message authentication code is the same as the fourth message authentication code, it is determined that the authentication with the first ECU is successful.
The device according to claim 10, wherein the sending module is configured to:

Encrypting the communication encryption key and the communication authentication key by the communication key to obtain an encrypted ciphertext;

Send the second message authentication code and the encrypted ciphertext to the first DC.
A key agreement device, comprising:

a generating module, configured to generate a temporary private key and a third random number, and generate a corresponding temporary public key according to the temporary private key, and the first DC is a DC in the in-vehicle electronic control system;

an authentication negotiation module, configured to authenticate and negotiate a communication key with the first vehicle integration unit VIU according to the temporary public key, the third random number and the device private key preset by the first DC;

A receiving module, configured to receive the communication encryption key and the communication authentication key encrypted by the communication key and sent by the first VIU, where the communication encryption key and the communication authentication key are the first VIU according to The random number seed and the authentication key preset by the first VIU are obtained through authentication and negotiation with the first ECU.
The apparatus according to claim 17, wherein the authentication negotiation module comprises:

a digital signature unit, configured to digitally sign the temporary public key and the third random number using the device private key preset by the first DC to obtain a signature value;

a sending unit, configured to send the temporary public key, the third random number and the signature value to the first VIU;

A receiving unit, configured to receive a second random number, a temporary common public key and a digital signature value sent by the first VIU, where the digital signature value is the first VIU according to the second random number, the temporary common public key The public key and the device private key preset by the first VIU are calculated, the second random number is determined by the first VIU according to the first random number, and the first random number is the first VIU and the vehicle. The random number negotiated by other VIUs in the internal electronic control system;

a verification unit, configured to verify the digital signature value according to the second random number, the temporary common public key and the device public key of the first VIU;

a determining unit, configured to determine the communication key according to the temporary private key and the temporary common public key after the verification unit passes the verification of the digital signature value.
A key agreement device, comprising:

memory for storing program instructions;

The processor is configured to execute the key agreement method according to any one of claims 1-7 or 8-9 when calling and executing the program instructions in the memory.
A readable storage medium, characterized in that an execution instruction is stored in the readable storage medium, and when at least one processor of the key agreement apparatus executes the execution instruction, the key agreement apparatus executes the execution as claimed in claim 1 -7 or 8-9 any one of the key agreement methods.