Search

CN-121984695-A - Secure access method and system of OBD, gateway controller and storage medium

CN121984695ACN 121984695 ACN121984695 ACN 121984695ACN-121984695-A

Abstract

The invention provides a secure access method and system of an OBD, a gateway controller and a storage medium. The method comprises the steps of carrying out security authentication on a gateway controller and external debugging equipment based on an access connection request sent by the external debugging equipment when the access connection request is received, receiving a data management request sent by the external debugging equipment when the security authentication is passed, searching target service CAN data required by the external debugging equipment from a service CAN based on the data management request, wherein the data management request at least comprises a request for acquiring, refreshing and updating the data, and forwarding the target service CAN data to the external debugging equipment through a debugging CAN channel, wherein the debugging CAN channel and the service CAN channel are completely and physically isolated. The technical effects of improving the safety protection of the vehicle-end information and ensuring the safety access to the OBD of the vehicle are achieved, and the technical problems that the vehicle-end information is revealed due to illegal access of external equipment are solved.

Inventors

  • ZHOU MINGXIN
  • WEN MING
  • Peng yongxing

Assignees

  • 三一专用汽车有限责任公司

Dates

Publication Date
20260505
Application Date
20251209

Claims (11)

  1. 1. A method for secure access of an OBD, the method being applied to a gateway controller, the method comprising: when an access connection request sent by external debugging equipment is received, carrying out security authentication on a gateway controller and the external debugging equipment based on the access connection request; When the security authentication passes, a data management request sent by the external debugging equipment is received, and target service CAN data required by the external debugging equipment is searched from a service CAN based on the data management request, wherein the data management request at least comprises a request for acquiring, refreshing and updating the data; Forwarding the target service CAN data to the external debugging equipment through a debugging CAN channel, wherein the debugging CAN channel and the service CAN channel are completely and physically isolated.
  2. 2. The method of claim 1, wherein the secure authentication of the gateway controller and the external commissioning device based on the access connection request comprises: Generating a security authentication message based on the access connection request, wherein the security authentication message carries a dynamic secret key, and the dynamic secret key is generated based on a vehicle unique identification code and a real-time variable; the security authentication message is sent to the external debugging equipment, and when verification key information sent by the external debugging equipment is received, the verification key information is verified; And if the verification key information passes the verification, determining that the security authentication of the external debugging equipment and the gateway controller passes.
  3. 3. The method of claim 1, wherein before forwarding the target service CAN data to the external commissioning device via a commissioning CAN channel, the method comprises: Acquiring the access right of the external debugging equipment; And when the access authority of the external debugging equipment meets the preset management authority, forwarding the target service CAN data to the external debugging equipment through the debugging CAN channel.
  4. 4. The method of claim 1, wherein the sending the target service CAN data to the external debug device via a debug CAN channel comprises: sending a heartbeat detection signal to the external debugging equipment within a preset time interval, and dynamically monitoring a heartbeat response result of the external debugging equipment; And if the heartbeat response result of the external debugging equipment is not received within the preset time, terminating the transmission of the target service CAN data.
  5. 5. The method of secure access of OBD according to claim 4, further comprising: And when the access connection request sent by the external debugging equipment is received again, carrying out security authentication on the external debugging equipment again, and deleting the history forwarding data.
  6. 6. A secure access system for OBD, the system comprising: service CAN; the debugging CAN channel is connected with the OBD interface and used for forwarding target service CAN data to external debugging equipment; A gateway controller operable to perform the secure access method of OBD of any of claims 1-5.
  7. 7. The OBD security access system of claim 6, wherein said gateway controller incorporates a bus isolator for physically isolating the traffic CAN channel from the debug CAN channel.
  8. 8. A gateway controller, wherein a security access module is integrated inside the gateway controller, and the security access module is capable of executing the OBD security access method according to any one of claims 1-5.
  9. 9. The gateway controller of claim 8, wherein the secure access module comprises: The security authentication layer is used for carrying out security authentication on the gateway controller and the external debugging equipment based on the access connection request when the access connection request sent by the external debugging equipment is received; The data management layer is used for receiving a data management request sent by the external debugging equipment when the security authentication passes, and searching target service CAN data required by the external debugging equipment from a service CAN based on the data management request; And the data forwarding layer is used for forwarding the target service CAN data to the external debugging equipment through a debugging CAN channel, wherein the debugging CAN channel and the service CAN channel are completely and physically isolated.
  10. 10. A computer readable storage medium storing a computer program for performing the secure access method of OBD according to any of the preceding claims 1-5.
  11. 11. A vehicle is characterized in that, the vehicle comprising the gateway controller of claim 8.

Description

Secure access method and system of OBD, gateway controller and storage medium Technical Field The application relates to the field of electric automobile communication safety, in particular to a safe access method and system of an OBD (on-board diagnostics), a gateway controller and a storage medium. Background Currently, an OBD (On-Board Diagnostics, namely an On-board diagnostic system) debugging port of an electric vehicle is commonly and directly exposed to a CAN (Controller Area Network ) network of the whole vehicle, and any person CAN collect data or send instructions through an OBD interface without limit, so that risks of data leakage and illegal control exist. In the prior art, an OBD interface is directly connected with a service CAN generally, physical isolation and dynamic access control are lacked, and few security schemes only rely on static password authentication and cannot meet the requirements of dynamic authorization, data forwarding according to needs, overtime protection and the like. Disclosure of Invention In view of the above, the present application provides a secure access method, system, gateway controller and storage medium for OBD, which performs secure authentication on the gateway controller and external debug device when receiving an access connection request sent by the external debug device, so as to ensure access legitimacy of the external debug device, and simultaneously completely physically isolate the debug CAN channel and the service CAN channel, so that an OBD interface of a vehicle is only connected with the debug CAN channel, and further, target service CAN data required by the external debug device is forwarded to the external debug device through the debug CAN channel, so as to prevent attack of physical access, thereby achieving the technical effects of improving vehicle end information security protection, ensuring secure access to the vehicle OBD, and solving the technical problems of illegal access of the external device and further causing vehicle end information leakage. The application provides a safe access method of an OBD, which comprises the steps of carrying out safety authentication on a gateway controller and an external debugging device based on an access connection request sent by the external debugging device when the access connection request is received, receiving a data management request sent by the external debugging device when the safety authentication is passed, searching target service CAN data needed by the external debugging device from a service CAN based on the data management request, wherein the data management request at least comprises data acquisition, refreshing and updating requests, and forwarding the target service CAN data to the external debugging device through a debugging CAN channel, wherein the debugging CAN channel and the service CAN channel are completely and physically isolated. In one possible implementation mode of the application, the security authentication of the gateway controller and the external debugging equipment is carried out based on the access connection request, and the method comprises the steps of generating a security authentication message based on the access connection request, wherein the security authentication message carries a dynamic secret key and is generated based on a vehicle unique identification code and a real-time variable, sending the security authentication message to the external debugging equipment, checking the verification secret key information when receiving the verification secret key information sent by the external debugging equipment, and determining that the security authentication of the external debugging equipment and the gateway controller is passed if the verification secret key information passes. In one possible implementation mode of the application, before the target service CAN data is forwarded to the external debugging equipment through the debugging CAN channel, the method comprises the steps of obtaining the access right of the external debugging equipment, and forwarding the target service CAN data to the external debugging equipment through the debugging CAN channel when the access right of the external debugging equipment meets the preset management right. In one possible implementation manner of the application, the target service CAN data is sent to the external debugging equipment through the debugging CAN channel, and the method comprises the steps of sending a heartbeat detection signal to the external debugging equipment within a preset time interval, dynamically monitoring a heartbeat response result of the external debugging equipment, and terminating sending the target service CAN data if the heartbeat response result of the external debugging equipment is not received within the preset time. In one possible implementation manner of the present application, the method further includes, when the access connection request sent by the external de