EP-4741968-A1 - CONTROL METHOD AND APPARATUS

Abstract

This application provides a control method and apparatus, applied to a diagnosis system. The diagnosis system includes a first logical port and a second logical port. The first logical port is a logical port of a first network of a transportation means, and the second logical port is a logical port of a second network of the transportation means. The method includes: obtaining first configuration information; and controlling an enabled/disabled state of the first logical port and/or an enabled/disabled state of the second logical port based on the first configuration information. In this way, when an electronic device is in different scenarios, an enabled/disabled state of a logical port of the diagnosis system can be dynamically controlled, to minimize access permission of the logical port in different scenarios, so that security of a diagnosis port is improved.

Inventors

• ZHONG, Steven Yin
• XIE, Yujuan
• ZHANG, Zuoqiang
• JIANG, Zhichao
• WEI, Zhuo
• FU, TIANFU

Assignees

• Shenzhen Yinwang Intelligent Technologies Co., Ltd.

Dates

Publication Date

20260513

Application Date

20240827

Claims (17)

1. A control method, applied to a diagnosis system of a transportation means, wherein the diagnosis system comprises a first logical port and a second logical port, the first logical port is a logical port of a first network of the transportation means, the second logical port is a logical port of a second network of the transportation means, and the method comprises: obtaining first configuration information; and controlling an enabled/disabled state of the first logical port and/or an enabled/disabled state of the second logical port based on the first configuration information.
2. The method according to claim 1, wherein the first configuration information comprises a diagnosis authorization file, the diagnosis authorization file comprises a first field, and the obtaining the first configuration information comprises: receiving the diagnosis authorization file; and the controlling the enabled/disabled state of the first logical port and/or the enabled/disabled state of the second logical port based on the first configuration information comprises: when the first field is a first value, controlling the first logical port and the second logical port to be in an enabled state; or when the first field is a second value, controlling the first logical port and the second logical port to be in a disabled state.
3. The method according to claim 2, wherein the diagnosis authorization file further comprises a second field, and before the controlling the enabled/disabled state of the first logical port and/or the enabled/disabled state of the second logical port based on the first configuration information, the method further comprises: determining, based on the second field, that the diagnosis authorization file is valid.
4. The method according to claim 1, wherein the first configuration information comprises a solidification flag, the solidification instruction comprises a third field, and the obtaining the first configuration information comprises: obtaining the solidification flag after the transportation means is powered on; and the controlling the enabled/disabled state of the first logical port and/or the enabled/disabled state of the second logical port based on the first configuration information comprises: controlling, based on the third field, the first logical port and the second logical port to be in a disabled state.
5. The method according to claim 4, wherein the method further comprises: storing the solidification flag after the transportation means is delivered from a factory.
6. The method according to claim 1, wherein the diagnosis system further comprises an authentication logical port, the first configuration information comprises a first authentication request, and the obtaining the first configuration information comprises: receiving, through the authentication logical port, the first authentication request sent by an external diagnosis device, wherein the authentication logical port is used for identity authentication; and the controlling the enabled/disabled state of the first logical port and/or the enabled/disabled state of the second logical port based on the first configuration information comprises: when the external diagnosis device is successfully authenticated by using the first authentication request, controlling the second logical port to switch from a disabled state to an enabled state.
7. The method according to any one of claims 1 to 6, wherein the diagnosis system is an on-board diagnostics, the first network is a controller area network, the second network is an automotive Ethernet, the first logical port is a logical port of the controller area network, and the second logical port is a logical port of the automotive Ethernet.
8. A control apparatus, used in a diagnosis system of a transportation means, wherein the diagnosis system comprises a first logical port and a second logical port, the first logical port is a logical port of a first network of the transportation means, the second logical port is a logical port of a second network of the transportation means, and the apparatus comprises an obtaining unit and a processing unit; the obtaining unit is configured to obtain first configuration information; and the processing unit is configured to control an enabled/disabled state of the first logical port and/or an enabled/disabled state of the second logical port based on the first configuration information.
9. The apparatus according to claim 8, wherein the first configuration information comprises a diagnosis authorization file, and the diagnosis authorization file comprises a first field; the obtaining unit is specifically configured to receive the diagnosis authorization file; and the processing unit is specifically configured to: when the first field is a first value, control the first logical port and the second logical port to be in an enabled state; or when the first field is a second value, control the first logical port and the second logical port to be in a disabled state.
10. The apparatus according to claim 9, wherein the diagnosis authorization file further comprises a second field, and the processing unit is further configured to: determine, based on the second field, that the diagnosis authorization file is valid.
11. The apparatus according to claim 8, wherein the first configuration information comprises a solidification flag, and the solidification instruction comprises a third field; the obtaining unit is specifically configured to obtain the solidification flag after the transportation means is powered on; and the processing unit is specifically configured to: control, based on the third field, the first logical port and the second logical port to be in a disabled state.
12. The apparatus according to claim 11, wherein the apparatus further comprises a storage unit; and after the transportation means is delivered from a factory, the storage unit is configured to store the solidification flag.
13. The apparatus according to claim 8, wherein the diagnosis system further comprises an authentication logical port, and the first configuration information comprises a first authentication request; the obtaining unit is specifically configured to receive, through the authentication logical port, the first authentication request sent by an external diagnosis device, wherein the authentication logical port is used for identity authentication; and the processing unit is specifically configured to: when the external diagnosis device is successfully authenticated by using the first authentication request, control the second logical port to switch from a disabled state to an enabled state.
14. The apparatus according to any one of claims 8 to 13, wherein the diagnosis system is an on-board diagnostics, the first network is a controller area network, the second network is an automotive Ethernet, the first logical port is a logical port of the controller area network, and the second logical port is a logical port of the automotive Ethernet.
15. A control apparatus, comprising: a memory, configured to store a computer program; and a processor, configured to execute the computer program stored in the memory, to enable the apparatus to perform the method according to any one of claims 1 to 7.
16. A transportation means, comprising the control apparatus according to any one of claims 8 to 15.
17. A computer-readable storage medium, wherein the computer-readable storage medium stores a computer program, and when the computer program is executed by a computer, the method according to any one of claims 1 to 7 is implemented.

Description

This application claims priority to Chinese Patent Application No. 202311087181.1, filed with the China National Intellectual Property Administration on August 28, 2023 and entitled "CONTROL METHOD AND APPARATUS", which is incorporated herein by reference in its entirety. TECHNICAL FIELD Embodiments of this application relate to the field of information technologies, and in particular, to a control method and apparatus. BACKGROUND With intelligent development of electronic devices, many electronic devices require connection to external diagnosis devices through their diagnosis ports for diagnosis operations. For example, as vehicles are complex and intelligent transportation tools, efficient and accurate vehicle maintenance increasingly relies on an intelligent vehicle diagnosis and detection system. In other words, on-board diagnostics (on-board diagnostics, OBD) has become an indispensable part of vehicles. However, when an external diagnosis device is connected to the diagnosis port of the electronic device, the diagnosis port of the electronic device may be one of main ports exploited by hackers. This potentially compromises operational security of the electronic device. For example, for a vehicle, an OBD port is a vulnerable port that is easily exploited by hackers. In an overall lifecycle of the electronic device, different users at different stages have different security requirements and permission requirements for the diagnosis port of the electronic device. For example, for vehicles, a vehicle production-line environment is relatively secure and less susceptible to attacks, and manufacturers require higher-level permission to configure and calibrate components; and in a user use scenario after vehicles are delivered from factories, to ensure vehicle security, user permission is lower. In view of this, how to improve security of a diagnosis system of the electronic device in the different phases of the lifecycle of the electronic device becomes an urgent problem to be resolved. SUMMARY Embodiments of this application provide a control method and apparatus, to dynamically control an enabled/disabled state of a logical port of a diagnosis system when an electronic device in different scenarios, so as to minimize access permission of the logical port in different scenarios, thereby improving security of a diagnosis port. According to a first aspect, a control method is provided. The method is applied to a diagnosis system of a transportation means, where the diagnosis system includes a first logical port and a second logical port, the first logical port is a logical port of a first network of the transportation means, and the second logical port is a logical port of a second network of the transportation means. The method includes: obtaining first configuration information; and controlling an enabled/disabled state of the first logical port and/or an enabled/disabled state of the second logical port based on the first configuration information. In the foregoing technical solution, the enabled/disabled states of the first logical port and the second logical port in the diagnosis system are controlled by using the first configuration information. This helps implement flexible control of the logical ports of the first network and the second network in different phases of a lifecycle of the transportation means, so that minimum permission and maximum security are implemented. With reference to the first aspect, in some implementations of the first aspect, the first configuration information includes a diagnosis authorization file, the diagnosis authorization file includes a first field, and the obtaining the first configuration information includes: receiving the diagnosis authorization file; and the controlling the enabled/disabled state of the first logical port and/or the enabled/disabled state of the second logical port based on the first configuration information includes: when the first field is a first value, controlling the first logical port and the second logical port to be in an enabled state; or when the first field is a second value, controlling the first logical port and the second logical port to be in a disabled state. It should be understood that a scenario in which the diagnosis authorization file is received may be a scenario in which an operation like writing or reading needs to be performed through an OBD when the transportation means is in a device production factory, when the transportation means is in a road test phase or in repair, or the like. In the foregoing technical solution, the logical port of the diagnosis system of the transportation means is dynamically enabled or disabled by using the authorization file. This ensures security and flexibly supports development of a diagnostic service in a special scenario. For example, when the transportation means is in a production process, the logical ports of the first network and the second network are configured to be in an enabled