+

CN112383506A - Network control device, method, equipment and medium of non-original module - Google Patents

Network control device, method, equipment and medium of non-original module Download PDF

Info

Publication number
CN112383506A
CN112383506A CN202011100285.8A CN202011100285A CN112383506A CN 112383506 A CN112383506 A CN 112383506A CN 202011100285 A CN202011100285 A CN 202011100285A CN 112383506 A CN112383506 A CN 112383506A
Authority
CN
China
Prior art keywords
module
original
original module
area network
gateway
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011100285.8A
Other languages
Chinese (zh)
Inventor
张方伟
李英凯
杨超
廖中华
王志海
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Geely Holding Group Co Ltd
Zhejiang Jizhi New Energy Automobile Technology Co Ltd
Original Assignee
Zhejiang Geely Holding Group Co Ltd
Zhejiang Jizhi New Energy Automobile Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Geely Holding Group Co Ltd, Zhejiang Jizhi New Energy Automobile Technology Co Ltd filed Critical Zhejiang Geely Holding Group Co Ltd
Priority to CN202011100285.8A priority Critical patent/CN112383506A/en
Publication of CN112383506A publication Critical patent/CN112383506A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L12/40006Architecture of a communication node
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L1/00Arrangements for detecting or preventing errors in the information received
    • H04L1/004Arrangements for detecting or preventing errors in the information received by using forward error control
    • H04L1/0056Systems characterized by the type of code used
    • H04L1/0061Error detection codes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L2012/40208Bus networks characterized by the use of a particular bus standard
    • H04L2012/40215Controller Area Network CAN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L2012/40267Bus for use in transportation systems
    • H04L2012/40273Bus for use in transportation systems the transportation system being a vehicle

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Small-Scale Networks (AREA)

Abstract

本发明公开了一种非原装模块的网络控制装置、方法、设备和介质,所述装置包括:原装模块、非原装模块、控制局域网络和网关模块。原装模块连接原装模块的控制局域网络,非原装模块连接非原装模块的控制局域网络,原装模块的控制局域网络和非原装模块的控制局域网络均与网关模块连接。原装模块和非原装模块之间进行数据传输时,网关模块均需要对非原装模块进行认证,当认证成功时可以继续进行数据的传输,当认证不成功时,禁止非原装模块对原装模块的数据传输。所述方法独立出非原装模块的控制局域网络,避免了非原装模块和原装模块之间的相互干扰,保证了控制局域网络的通信质量,且通过对非原装模块进行认证的方式,保证了数据传输的安全。

Figure 202011100285

The invention discloses a non-original module network control device, method, equipment and medium. The device includes an original module, a non-original module, a control local area network and a gateway module. The original module is connected to the control local area network of the original module, the non-original module is connected to the control local area network of the non-original module, and the control local area network of the original module and the control local area network of the non-original module are both connected to the gateway module. When data transmission is performed between the original module and the non-original module, the gateway module needs to authenticate the non-original module. When the authentication is successful, the data transmission can continue. When the authentication is unsuccessful, the non-original module is prohibited from transmitting data to the original module. transmission. The method separates the control local area network of the non-original module, avoids the mutual interference between the non-original module and the original module, ensures the communication quality of the control local area network, and ensures the data by authenticating the non-original module. Transmission security.

Figure 202011100285

Description

Network control device, method, equipment and medium of non-original module
Technical Field
The present invention relates to the field of controller area networks, and in particular, to a network control apparatus, method, device, and medium for a non-native module.
Background
A controller area network is a serial communication network that effectively supports distributed control or real-time control, and in the automobile industry, various electronic control systems have been developed for the requirements of safety, comfort, convenience, low pollution, and low cost. Since the types of data used for communication between these systems and the requirements for reliability are different, the number of harnesses is increased in many cases because the harnesses are formed of a plurality of buses. In order to meet the demand for "reducing the number of harnesses" and "performing high-speed communication of a large amount of data through a plurality of LANs", a controller area network has been developed.
At present, network topologies of local networks of vehicle-mounted main stream vehicle-mounted controllers are divided according to functional domains, and have very strict design specification requirements on network node access of the local networks of the controllers, and the network nodes of the local networks of the controllers can be accessed into a network bus of the local networks of the controllers after being tested very strictly. Therefore, in the prior art, the non-original module can only be accessed to the controller area network of a certain functional domain, and if the design requirement of the non-original module on the controller area network is low, the quality of the network signal may be affected, and the overall communication of the accessed functional domain is affected, so that the functions of the original module of the original vehicle cannot be interacted.
Disclosure of Invention
The invention provides a network control device, a method, equipment and a medium of a non-original module, which ensure the communication quality of a controller local area network and the safety of data transmission.
On one hand, the invention provides a network control device of a non-original module, which comprises an original module, a non-original module, a control local area network and a gateway module;
the control local area network comprises a controller local area network of an original module and a control local area network of a non-original module;
the original module is electrically connected with a controller local area network of the original module, and the controller local area network of the original module is electrically connected with the gateway module;
the non-original module is electrically connected with a controller local area network of the non-original module, and the controller local area network of the non-original module is electrically connected with the gateway module;
the gateway module is used for authenticating the non-original module through a controller area network of the non-original module;
and if the authentication is successful, the gateway module forwards the data required by the vehicle non-original module to a controller local area network of the non-original module.
In another aspect, a method for controlling a network of a non-original module is provided, where the method includes:
the original module acquires data required by the vehicle non-original module;
the original module sends data required by the vehicle non-original module to a gateway module through a controller local area network of the original module;
the gateway module authenticates the non-original module through a controller area network of the non-original module;
if the authentication is successful, the gateway module forwards data required by the vehicle non-original module to a controller area network of the non-original module;
the non-original-mounted module receives data required by the vehicle non-original-mounted module, which is transmitted by a controller local area network of the non-original-mounted module;
and the non-original module executes corresponding functions according to the data required by the vehicle non-original module.
Another aspect provides an apparatus, including a processor and a memory, where at least one instruction or at least one program is stored in the memory, and the at least one instruction or the at least one program is loaded and executed by the processor to implement the network control method of the non-native module as described above.
Another aspect provides a computer storage medium, where the storage medium includes a processor and a memory, where the memory stores at least one instruction or at least one program, and the at least one instruction or the at least one program is loaded by the processor and executed to implement the network control method of the non-native module as described above.
The invention provides a network control device, a method, equipment and a medium of a non-original module, wherein the device comprises the following components: the system comprises an original module, a non-original module, a control local area network and a gateway module. The original module is connected with the control local area network of the original module, the non-original module is connected with the control local area network of the non-original module, and the control local area network of the original module and the control local area network of the non-original module are both connected with the gateway module. When the original module sends data to the non-original module or the non-original module sends data to the original module, the gateway module needs to authenticate the non-original module, data transmission can be continued when authentication is successful, and data transmission of the non-original module to the original module is forbidden when authentication is unsuccessful. The method has the advantages that the control local area network of the non-original module is separated, the mutual interference between the non-original module and the original module is avoided, the communication quality of the control local area network is guaranteed, and the safety of data transmission is guaranteed in a mode of authenticating the non-original module.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic block diagram of a network control apparatus of a non-original module according to an embodiment of the present invention;
fig. 2 is a schematic signal transmission diagram of a network control device of a non-original module according to an embodiment of the present invention;
fig. 3 is a schematic diagram of signal transmission when a gateway module authenticates a non-native device module in a network control apparatus of the non-native device module according to an embodiment of the present invention;
fig. 4 is a schematic diagram of signal interaction between a non-native module and a gateway module during authentication in a network control apparatus of the non-native module according to an embodiment of the present invention;
fig. 5 is a schematic diagram of signal transmission when a gateway module performs secondary authentication in a network control apparatus of a non-original device module according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of a diagnosis interface, a non-genuine module and a genuine module in a network control device of the non-genuine module according to an embodiment of the present invention;
fig. 7 is a flowchart of a network control method of a non-original module according to an embodiment of the present invention;
fig. 8 is a flowchart illustrating an authentication of a non-genuine module performed by a gateway module in a network control method for a non-genuine module according to an embodiment of the present invention;
fig. 9 is a flowchart illustrating a gateway module comparing authentication information with feedback information in a network control method for a non-original module according to an embodiment of the present invention;
fig. 10 is a flowchart illustrating a secondary authentication performed by a gateway module in a network control method for a non-native module according to an embodiment of the present invention;
fig. 11 is a flowchart of information feedback from a non-genuine module in a network control method for the non-genuine module according to an embodiment of the present invention;
fig. 12 is a schematic hardware structure diagram of an apparatus for implementing the method provided by the embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in further detail with reference to the accompanying drawings. It is to be understood that the described embodiments are merely a few embodiments of the invention, and not all embodiments. All other embodiments, which can be obtained by a person skilled in the art without any inventive step based on the embodiments of the present invention, are within the scope of the present invention.
In the description of the present invention, it is to be understood that the terms "first", "second" and the like are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implying any number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include one or more of that feature. Moreover, the terms "first," "second," and the like, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein.
Referring to the schematic structural diagram of fig. 1 and the signal transmission diagram of fig. 2, a network control device of a non-original module is shown, the device includes: original module 110, non-original module 120, control local area network 130 and gateway module 140;
the control area network 130 comprises a controller area network 1310 of original modules and a control area network 1320 of non-original modules;
the original module 110 is electrically connected to the controller area network 1310 of the original module, and the controller area network 1310 of the original module is electrically connected to the gateway module 140;
the original module 110 is configured to obtain data required by a vehicle unassembled module, and send the data required by the vehicle unassembled module to the gateway module 140 through the controller local area network 1310 of the original module;
the non-original module 120 is electrically connected to the controller area network 1320 of the non-original module, and the controller area network 1320 of the non-original module is electrically connected to the gateway module 140;
the gateway module 140 is configured to authenticate the non-genuine module 120 through the controller area network 1310 of the non-genuine module;
if the authentication is successful, the gateway module 140 forwards the data required by the vehicle unaffiliated module to the controller area network 1310 of the unaffiliated module;
the non-native module 120 is configured to receive data, which is transmitted by the controller lan 1320 of the non-native module and is required by the vehicle non-native module, and execute a corresponding function according to the data required by the vehicle non-native module.
Specifically, the original module comprises various functional domain modules, which can comprise a power domain module, a chassis domain module, an information domain module and the like. The corresponding Network topology is also a Controller Area Network (CAN) of each functional domain module, such as a CAN of a power domain module, a CAN of a chassis domain module, a CAN of an information domain module, and the like. Each module is connected to a node of the CAN in the corresponding domain. The non-original-mounted module is a functional module mounted behind a user after a vehicle leaves a factory, for example, an operator of a network appointment car needs to actively prompt when the user opens a door when getting off the car due to a certain requirement, at the moment, a door action signal acquired by a sensor in the original-mounted module of the vehicle needs to be acquired, and then the door action signal is transmitted to a door opening prompt module mounted behind the vehicle, the door opening prompt module gives a corresponding prompt, and the prompt information can be fed back to a control module of the original-mounted module.
When the vehicle leaves a factory, the network structure comprises the CAN of each functional domain module and the CAN reserved for the non-original module, namely the CAN of the non-original module, only a gateway node is arranged on the CAN of the non-original module, and the non-original module is not arranged on the CAN of the non-original module, so that a user CAN install the non-original module on the CAN line of the non-original module according to the requirement of the user.
When the non-original module acquires required data from the original module, the original module needs to transmit data to the gateway module through the CAN of the original module, the gateway module forwards the data, and the data is transmitted to the non-original module through the CAN of the non-original module. The gateway module needs to authenticate the non-original module, and the data transmission can be performed only by the successfully authenticated non-original module, so that the security of data transmission is guaranteed.
Further, referring to fig. 2, the apparatus further includes:
the non-native module 120 is further configured to send data executed by the non-native function to the gateway module 140 through the controller area network 1320 of the non-native module;
if the gateway module 140 successfully authenticates the non-genuine module 120, the gateway module 140 is further configured to forward the data executed by the non-genuine function to the controller local area network 1310 of the genuine module;
the original module 110 is further configured to receive data transmitted by the controller area network 1310 of the original module, where the data is executed by the non-original function.
Specifically, the original module and the non-original module perform two-way communication through the gateway module, the original module transmits related data to the non-original module through forwarding of the gateway module, the non-original module feeds back execution data to the original module through forwarding of the gateway module, and in the two-way communication process, the gateway module needs to authenticate the non-original module, otherwise, the data of the non-original module cannot be fed back to the original module.
Further, referring to fig. 3, the authentication of the non-native module 120 by the gateway module 140 through the controller area network 1320 of the non-native module includes:
the gateway module 140 sends authentication information to the non-genuine module 120;
the non-original module 120 sends feedback information to the gateway module 140 based on the authentication information;
the gateway module 140 compares the feedback information with the authentication information, and authenticates the non-original module 120.
Specifically, when the gateway module authenticates the non-genuine module, the gateway module sends authentication information to the non-genuine module through the CAN of the non-genuine module, after the non-genuine module receives the authentication information, corresponding feedback information is obtained based on the authentication information, the feedback information is sent to the gateway module through the CAN of the non-genuine module, and the gateway module verifies the feedback information and determines whether the non-genuine module passes the authentication. When verifying the feedback information, the gateway module verifies by comparing the contents of the authentication information and the feedback information.
Further, referring to fig. 4, the gateway module 140 compares the feedback information with the authentication information, and the authenticating the non-original module 120 includes:
the gateway module 140 obtains the first encoded data in the authentication information;
the gateway module 140 calculates second encoded data according to the first encoded data;
the gateway module 140 matches the second encoded data with the feedback encoded data in the feedback information, and authenticates the non-genuine module 120, where the feedback encoded data is calculated by the non-genuine module 120 according to the first encoded data.
Specifically, when the gateway module compares the feedback information with the authentication information, the first coded data in the authentication information and the feedback coded data in the feedback information are compared. The authentication information sent by the gateway module to the non-original module contains first coded data, after the authentication information with the first coded data is received by the non-original module, feedback coded information is obtained through calculation according to a preset algorithm consistent with that of the gateway module and based on the first coded data, and the feedback coded information is sent to the gateway module. And at the moment, the gateway module calculates to obtain second coded data based on the first coded data according to a preset algorithm consistent with the non-original module, the gateway module compares the first coded data with the feedback coded data, if the first coded data is consistent with the feedback coded data, the authentication is successful, and the non-original module is a legal node.
In a specific embodiment, after the vehicle is powered on, the gateway broadcasts a safety management message in a period of 1s, wherein 4 bytes of the first 7 bytes of the message are keys, the other 3 bytes are random numbers, and the last byte is a CRC check code. And sending the CAN message data with Key to the non-original module. After the node of the non-original module receives the Key message, the Seed of 4 bytes is calculated in a certain time by an algorithm consistent with the gateway, the Seed is distributed in the first 7 bytes, the other 3 bytes are random numbers, and the last byte is a CRC (cyclic redundancy check) code. The non-original-mounted module sends the CAN message data containing the Seed to the gateway, after the gateway receives the Seed message sent by the node of the rear-mounted module, the Seed of the message is compared with the Seed calculated by the gateway, and if the Seed message is consistent with the Seed calculated by the gateway, the node is considered to be a legal node.
The data transmission safety is ensured by the mode of authenticating the non-original module. And the gateway module does not carry out signal routing according to the existence of the signal source, but carries out signal routing according to the existence of the non-original module, and simultaneously verifies the non-original module, so that the error report when the message is transmitted and no response is made CAN be avoided when the CAN of the non-original module has no legal node.
Further, referring to fig. 5, the gateway module 140 matches the second encoded data with the feedback encoded data in the feedback information, and authenticating the non-original module 120 further includes:
if the gateway module 140 does not successfully authenticate the non-original module 120 for the first time, the gateway module 140 performs secondary authentication on the non-original module 120;
if the second authentication is successful, the gateway module 140 forwards the data required by the vehicle unaffiliated module to the controller local area network 1320 of the unaffiliated module;
if the secondary authentication is not successful, the gateway module 140 prohibits the data required by the vehicle unassembled module from being transmitted to the controller area network 1320 of the unassembled module.
Specifically, if the first authentication of the non-original module by the gateway module is not successful, the gateway module will send the second authentication information to the non-original module again to perform the second authentication. And the non-original-package module obtains feedback coding data of the secondary authentication through a preset algorithm consistent with the gateway module according to the first coding data in the secondary authentication information. And the gateway module obtains second coded data of the secondary authentication according to a preset algorithm based on the first coded data in the secondary authentication information, compares the second coded data of the secondary authentication with the feedback coded data of the secondary authentication, and judges whether the non-original module is a legal node or not. If the authentication is successful, the subsequent information transmission operation is continued, if the authentication is failed, the non-original module is determined to be an illegal node, and the data information in the non-original module is prohibited from being uploaded to the original module and the CAN of the original module, so that the data safety in the original module is guaranteed.
Further, the controller area network 1320 of the non-native module and the controller area network 1310 of the native module are different network buses with physical isolation.
Specifically, an isolation mechanism is arranged between a controller area network of the non-original module and a controller area network of the original module, and the isolation mechanism comprises physical isolation and software isolation. The network bus of the controller area network physically isolated into the original module and the network bus of the controller area network of the original module are different network buses, data transmitted on the network bus of the controller area network physically isolated into the original module and the network bus of the controller area network of the original module can be transmitted only after the gateway module successfully authenticates the non-original module, the gateway module selectively routes the data, the data of the routable node preset in the gateway module is directly forwarded by the gateway module, nodes not preset in the gateway module, such as the nodes of the non-original module, are not preset, and the gateway module performs routing after authentication. The controller area network of the non-original module and the controller area network of the original module are physically and software isolated, so that mutual interference between the non-original module and the original module is avoided, and the communication quality of the control area network is ensured.
Further, referring to fig. 6, the apparatus further includes a diagnostic port 150, which includes a diagnostic port 1520 of the non-genuine module and a diagnostic port 1510 of the genuine module;
the diagnostic port 1520 of the non-genuine module sends diagnostic information to the non-genuine module 120 through the controller area network 1320 of the non-genuine module;
the non-native module 120 feeds back a diagnosis result to the diagnosis port 1520 of the non-native module through the controller area network 1320 of the non-native module, and the diagnosis port 1520 of the non-native module is a diagnosis port which is arranged on the controller area network 1320 of the non-native module and is only used for diagnosing the non-native module 120.
Specifically, a controller local area network of the non-original module is provided with two network nodes, namely a non-original module and a diagnosis interface of the non-original module, wherein the diagnosis interface of the non-original module is only used for diagnosing the non-original module, and fault information of the non-original module can be timely processed on the basis of isolation of the original module and the non-original module. The diagnosis interface of the non-original module sends diagnosis information to the non-original module for diagnosis, the non-original module feeds back a diagnosis result to the diagnosis port of the non-original module, and the diagnosis port of the non-original module analyzes and processes the fed back diagnosis result to judge whether the non-original module fails. If yes, the diagnosis interface of the non-original module feeds back fault information, and fault prompt of the non-original module is carried out.
The embodiment of the invention provides a network control device of a non-original module, which comprises: the system comprises an original module, a non-original module, a control local area network and a gateway module. The original module is connected with the control local area network of the original module, the non-original module is connected with the control local area network of the non-original module, and the control local area network of the original module and the control local area network of the non-original module are both connected with the gateway module. When the original module sends data to the non-original module or the non-original module sends data to the original module, the gateway module needs to authenticate the non-original module, data transmission can be continued when authentication is successful, and data transmission of the non-original module to the original module is forbidden when authentication is unsuccessful. The method has the advantages that the control local area network of the non-original module is separated, the mutual interference between the non-original module and the original module is avoided, the communication quality of the control local area network is guaranteed, and the safety of data transmission is guaranteed in a mode of authenticating the non-original module.
An embodiment of the present invention further provides a network control method for a non-original module, please refer to fig. 7, where the method includes:
s710, the original module acquires data required by the vehicle non-original module;
s720, the original module sends data required by the vehicle non-original module to a gateway module through a controller local area network of the original module;
s730, the gateway module authenticates the non-original module through a controller local area network of the non-original module;
further, referring to fig. 8, the authenticating, by the gateway module, the non-native module through the controller area network of the non-native module includes:
s810, the gateway module sends authentication information to the non-original module;
s820, the non-original-installed module sends feedback information to a gateway module based on the authentication information;
and S830, the gateway module compares the feedback information with the authentication information to authenticate the non-original module.
Further, referring to fig. 9, the comparing, by the gateway module, the feedback information and the authentication information, and the authenticating the non-original module includes:
s910, the gateway module acquires first coded data in the authentication information;
s920, the gateway module calculates second coded data according to the first coded data;
s930, the gateway module matches the second coded data with feedback coded data in the feedback information to authenticate the non-original-package module, wherein the feedback coded data are data calculated by the non-original-package module according to the first coded data.
Specifically, when the gateway module compares the feedback information with the authentication information, the first coded data in the authentication information and the feedback coded data in the feedback information are compared. The authentication information sent by the gateway module to the non-original module contains first coded data, after the authentication information with the first coded data is received by the non-original module, feedback coded information is obtained through calculation according to a preset algorithm consistent with that of the gateway module and based on the first coded data, and the feedback coded information is sent to the gateway module. And at the moment, the gateway module calculates to obtain second coded data based on the first coded data according to a preset algorithm consistent with the non-original module, the gateway module compares the first coded data with the feedback coded data, if the first coded data is consistent with the feedback coded data, the authentication is successful, and the non-original module is a legal node.
In a specific embodiment, after the vehicle is powered on, the gateway broadcasts a safety management message in a period of 1s, wherein 4 bytes of the first 7 bytes of the message are keys, the other 3 bytes are random numbers, and the last byte is a CRC check code. And sending the CAN message data with Key to the non-original module. After the node of the non-original module receives the Key message, the Seed of 4 bytes is calculated in a certain time by an algorithm consistent with the gateway, the Seed is distributed in the first 7 bytes, the other 3 bytes are random numbers, and the last byte is a CRC (cyclic redundancy check) code. The non-original-mounted module sends the CAN message data containing the Seed to the gateway, after the gateway receives the Seed message sent by the node of the rear-mounted module, the Seed of the message is compared with the Seed calculated by the gateway, and if the Seed message is consistent with the Seed calculated by the gateway, the node is considered to be a legal node.
The data transmission safety is ensured by the mode of authenticating the non-original module. And the gateway module does not carry out signal routing according to the existence of the signal source, but carries out signal routing according to the existence of the non-original module, and simultaneously verifies the non-original module, so that the error report when the message is transmitted and no response is made CAN be avoided when the CAN of the non-original module has no legal node.
Further, referring to fig. 10, the matching, by the gateway module, the second encoded data and the feedback encoded data in the feedback information, and authenticating the non-original module further includes:
s1010, if the authentication of the non-original module by the gateway module for the first time is unsuccessful, the gateway module carries out secondary authentication on the non-original module;
s1020, if the secondary authentication is successful, the gateway module forwards data required by the vehicle non-original module to a controller area network of the non-original module;
and S1030, if the secondary authentication is unsuccessful, the gateway module prohibits the data required by the vehicle non-original module from being transmitted to the controller local area network of the non-original module.
Specifically, if the first authentication of the non-original module by the gateway module is not successful, the gateway module will send the second authentication information to the non-original module again to perform the second authentication. And the non-original-package module obtains feedback coding data of the secondary authentication through a preset algorithm consistent with the gateway module according to the first coding data in the secondary authentication information. And the gateway module obtains second coded data of the secondary authentication according to a preset algorithm based on the first coded data in the secondary authentication information, compares the second coded data of the secondary authentication with the feedback coded data of the secondary authentication, and judges whether the non-original module is a legal node or not. If the authentication is successful, the subsequent information transmission operation is continued, if the authentication is failed, the non-original module is determined to be an illegal node, and the data information in the non-original module is prohibited from being uploaded to the original module and the CAN of the original module, so that the data safety in the original module is guaranteed.
S740, if the authentication is successful, the gateway module forwards data required by the vehicle non-original module to a controller area network of the non-original module;
s750, a non-original-mounted module receives data required by the vehicle non-original-mounted module, wherein the data are transmitted by a controller local area network of the non-original-mounted module;
and S760, the non-original module executes corresponding functions according to data required by the vehicle non-original module.
Further, referring to fig. 11, the method further includes:
s1110, the non-original module sends data executed by the non-original function to a gateway module through a controller local area network of the non-original module;
s1120 if the gateway module successfully authenticates the non-native module, the gateway module forwards the data executed by the non-native function to a controller area network of the native module;
s1130 the original module receives data, which is transmitted by the controller area network of the original module and executed by the non-original function.
The embodiment of the invention provides a network control method of a non-original module, which comprises the following steps: when the original module sends data to the non-original module or the non-original module sends data to the original module, the gateway module needs to authenticate the non-original module, data transmission can be continued when authentication is successful, and data transmission of the non-original module to the original module is forbidden when authentication is unsuccessful. The method has the advantages that the control local area network of the non-original module is separated, the mutual interference between the non-original module and the original module is avoided, the communication quality of the control local area network is guaranteed, and the safety of data transmission is guaranteed in a mode of authenticating the non-original module.
The present embodiment also provides a computer-readable storage medium, where computer-executable instructions are stored in the storage medium, and the computer-executable instructions are loaded by a processor and execute the network control method of the non-native module according to the present embodiment.
The present embodiment also provides an apparatus, which includes a processor and a memory, where the memory stores a computer program, and the computer program is adapted to be loaded by the processor and execute the network control method of the non-native module according to the present embodiment.
The device may be a computer terminal, a mobile terminal or a server, and the device may also participate in forming the apparatus or system provided by the embodiments of the present invention. As shown in fig. 12, the mobile terminal 12 (or computer terminal 12 or server 12) may include one or more (shown here as 1202a, 1202b, … …, 1202 n) processors 1202 (the processors 1202 may include, but are not limited to, a processing device such as a microprocessor MCU or a programmable logic device FPGA), memory 1204 for storing data, and a transmitting device 1206 for communication functions. Besides, the method can also comprise the following steps: a display, an input/output interface (I/O interface), a network interface, a power source, and/or a camera. It will be understood by those skilled in the art that the structure shown in fig. 12 is only an illustration and is not intended to limit the structure of the electronic device. For example, mobile device 12 may also include more or fewer components than shown in FIG. 12, or have a different configuration than shown in FIG. 12.
It should be noted that the one or more processors 1202 and/or other data processing circuitry described above may be referred to generally herein as "data processing circuitry". The data processing circuitry may be embodied in whole or in part in software, hardware, firmware, or any combination thereof. Further, the data processing circuitry may be a single, stand-alone processing module, or incorporated in whole or in part into any of the other elements in the mobile device 12 (or computer terminal). As referred to in the embodiments of the application, the data processing circuit acts as a processor control (e.g. selection of a variable resistance termination path connected to the interface).
The memory 1204 may be used for storing software programs and modules of application software, such as program instructions/data storage devices corresponding to the method described in the embodiment of the present invention, and the processor 1202 executes various functional applications and data processing by running the software programs and modules stored in the memory 1204, so as to implement the above-mentioned method for generating the self-attention network-based time-series behavior capture block. The memory 1204 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, memory 1204 may further include memory located remotely from processor 1202, which may be connected to mobile device 12 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The transmitting device 1206 is used for receiving or sending data via a network. Specific examples of such networks may include wireless networks provided by the communication provider of the mobile terminal 12. In one example, the transmitting device 1206 includes a Network Interface Controller (NIC) that can be connected to other Network devices via a base station to communicate with the internet. In one example, the transmitting device 1206 can be a Radio Frequency (RF) module, which is used for communicating with the internet in a wireless manner.
The display may be, for example, a touch screen type Liquid Crystal Display (LCD) that may enable a user to interact with a user interface of the mobile device 12 (or computer terminal).
The present specification provides method steps as described in the examples or flowcharts, but may include more or fewer steps based on routine or non-inventive labor. The steps and sequences recited in the embodiments are but one manner of performing the steps in a multitude of sequences and do not represent a unique order of performance. In the actual system or interrupted product execution, it may be performed sequentially or in parallel (e.g., in the context of parallel processors or multi-threaded processing) according to the embodiments or methods shown in the figures.
The configurations shown in the present embodiment are only partial configurations related to the present application, and do not constitute a limitation on the devices to which the present application is applied, and a specific device may include more or less components than those shown, or combine some components, or have an arrangement of different components. It should be understood that the methods, apparatuses, and the like disclosed in the embodiments may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules is merely a division of one logic function, and there may be other divisions when actually implemented, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or unit modules.
Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
Those of skill would further appreciate that the various illustrative components and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (10)

1.一种非原装模块的网络控制装置,其特征在于,所述装置包括:原装模块、非原装模块、控制局域网络和网关模块;1. a network control device of non-original module, it is characterized in that, described device comprises: original module, non-original module, control local area network and gateway module; 所述控制局域网络包括原装模块的控制器局域网络和非原装模块的控制局域网络;The control area network includes the controller area network of the original module and the control area network of the non-original module; 所述原装模块与所述原装模块的控制器局域网络电连接,所述原装模块的控制器局域网络与所述网关模块电连接;The original module is electrically connected to the controller area network of the original module, and the controller area network of the original module is electrically connected to the gateway module; 所述非原装模块与所述非原装模块的控制器局域网络电连接,所述非原装模块的控制器局域网络与所述网关模块电连接;The non-original module is electrically connected to the controller area network of the non-original module, and the controller area network of the non-original module is electrically connected to the gateway module; 其中,所述网关模块用于通过所述非原装模块的控制器局域网络对所述非原装模块进行认证;Wherein, the gateway module is used to authenticate the non-original module through the controller area network of the non-original module; 若认证成功,则所述网关模块将所述车辆非原装模块所需的数据转发到所述非原装模块的控制器局域网络。If the authentication is successful, the gateway module forwards the data required by the non-original module of the vehicle to the controller area network of the non-original module. 2.根据权利要求1所述的一种非原装模块的网络控制装置,其特征在于,所述装置还包括:诊断端口;2. The network control device of a non-original module according to claim 1, wherein the device further comprises: a diagnostic port; 所述诊断端口包括非原装模块的诊断端口和原装模块的诊断端口,所述非原装模块的诊断端口设置在非原装模块的控制器局域网络;The diagnosis port includes a diagnosis port of a non-original module and a diagnosis port of the original module, and the diagnosis port of the non-original module is arranged on the controller area network of the non-original module; 所述非原装模块的诊断端口通过所述非原装模块的控制器局域网络发送诊断信息到非原装模块;The diagnostic port of the non-original module sends diagnostic information to the non-original module through the controller area network of the non-original module; 所述非原装模块通过所述非原装模块的控制器局域网络反馈诊断结果到所述非原装模块的诊断端口。The non-original module feeds back the diagnosis result to the diagnosis port of the non-original module through the controller area network of the non-original module. 3.根据权利要求1所述的一种非原装模块的网络控制装置,其特征在于,所述非原装模块的控制器局域网络和所述原装模块的控制器局域网络为具有物理隔离的不同网络总线。3. the network control device of a kind of non-original module according to claim 1, is characterized in that, the controller area network of described non-original module and the controller area network of described original module are different networks with physical isolation bus. 4.一种非原装模块的网络控制方法,其特征在于,所述方法包括:4. the network control method of a non-original module, is characterized in that, described method comprises: 原装模块获取车辆非原装模块所需的数据;The original module obtains the data required by the non-original module of the vehicle; 所述原装模块将所述车辆非原装模块所需的数据通过原装模块的控制器局域网络发送到网关模块;The original module sends the data required by the non-original module of the vehicle to the gateway module through the controller area network of the original module; 所述网关模块通过所述非原装模块的控制器局域网络对所述非原装模块进行认证;The gateway module authenticates the non-original module through the controller area network of the non-original module; 若认证成功,则所述网关模块将所述车辆非原装模块所需的数据转发到非原装模块的控制器局域网络;If the authentication is successful, the gateway module forwards the data required by the non-original module of the vehicle to the controller area network of the non-original module; 非原装模块接收所述非原装模块的控制器局域网络传输的所述车辆非原装模块所需的数据;The non-original module receives the data required by the non-original vehicle module transmitted by the controller area network of the non-original module; 所述非原装模块根据所述车辆非原装模块所需的数据,执行相应的功能。The non-original module performs corresponding functions according to the data required by the non-original vehicle module. 5.根据权利要求4所述的一种非原装模块的网络控制方法,其特征在于,所述方法还包括:5. the network control method of a kind of non-original module according to claim 4, is characterized in that, described method also comprises: 所述非原装模块通过非原装模块的控制器局域网络发送非原装功能执行的数据到网关模块;The non-original module sends the data of the non-original function execution to the gateway module through the controller area network of the non-original module; 若所述网关模块对所述非原装模块认证成功,则所述网关模块将所述非原装功能执行的数据转发到原装模块的控制器局域网络;If the gateway module successfully authenticates the non-original module, the gateway module forwards the data performed by the non-original function to the controller area network of the original module; 所述原装模块接收所述原装模块的控制器局域网络传输的所述非原装功能执行的数据。The original module receives the non-original function execution data transmitted by the controller area network of the original module. 6.根据权利要求4所述的一种非原装模块的网络控制装置,其特征在于,所述网关模块通过所述非原装模块的控制器局域网络对所述非原装模块进行认证包括:6. the network control device of a kind of non-original module according to claim 4, is characterized in that, described gateway module through the controller area network of described non-original module certifies described non-original module and comprises: 所述网关模块发送认证信息到所述非原装模块;The gateway module sends authentication information to the non-original module; 所述非原装模块基于所述认证信息,发送反馈信息到网关模块;The non-original module sends feedback information to the gateway module based on the authentication information; 所述网关模块对比所述反馈信息和所述认证信息,对所述非原装模块进行认证。The gateway module compares the feedback information with the authentication information, and authenticates the non-original module. 7.根据权利要求6所述的一种非原装模块的网络控制装置,其特征在于,所述网关模块对比所述反馈信息和所述认证信息,对所述非原装模块进行认证包括:7. The network control device of a non-original module according to claim 6, wherein the gateway module compares the feedback information and the authentication information, and certifying the non-original module comprises: 所述网关模块获取所述认证信息中的第一编码数据;obtaining, by the gateway module, the first encoded data in the authentication information; 所述网关模块根据所述第一编码数据,计算得到第二编码数据;The gateway module calculates and obtains the second encoded data according to the first encoded data; 所述网关模块匹配所述第二编码数据与所述反馈信息中的反馈编码数据,对所述非原装模块进行认证,所述反馈编码数据为非原装模块根据所述第一编码数据计算得到的数据。The gateway module matches the second encoded data with the feedback encoded data in the feedback information, and authenticates the non-original module, and the feedback encoded data is calculated by the non-original module according to the first encoded data. data. 8.根据权利要求6所述的一种非原装模块的网络控制装置,其特征在于,所述网关模块匹配所述第二编码数据与所述反馈信息中的反馈编码数据,对所述非原装模块进行认证还包括:8. the network control device of a kind of non-original module according to claim 6, is characterized in that, described gateway module matches the feedback coded data in described second coded data and described feedback information, to described non-original Modules for certification also include: 若所述网关模块第一次对所述非原装模块进行认证未成功,则所述网关模块对所述非原装模块进行二次认证;If the gateway module fails to authenticate the non-original module for the first time, the gateway module performs secondary authentication on the non-original module; 若二次认证成功,则所述网关模块将所述车辆非原装模块所需的数据转发到所述非原装模块的控制器局域网络;If the secondary authentication is successful, the gateway module forwards the data required by the non-original module of the vehicle to the controller area network of the non-original module; 若二次认证不成功,则所述网关模块禁止所述车辆非原装模块所需的数据传输到所述非原装模块的控制器局域网络。If the secondary authentication is unsuccessful, the gateway module prohibits the transmission of data required by the non-original module of the vehicle to the controller area network of the non-original module. 9.一种设备,其特征在于,所述设备包括处理器和存储器,所述存储器中存储有至少一条指令或至少一段程序,所述至少一条指令或所述至少一段程序由所述处理器加载并执行以实现如权利要求1-7任一项所述的一种非原装模块的网络控制方法。9. A device, characterized in that the device comprises a processor and a memory, and the memory stores at least one instruction or at least one program, and the at least one instruction or the at least one program is loaded by the processor And execute it to realize the network control method of a non-original module according to any one of claims 1-7. 10.一种存储介质,其特征在于,所述存储介质包括处理器和存储器,所述存储器中存储有至少一条指令或至少一段程序,所述至少一条指令或所述至少一段程序由所述处理器加载并执行以实现如权利要求1-7任一项所述的一种非原装模块的网络控制方法。10. A storage medium, characterized in that the storage medium comprises a processor and a memory, and the memory stores at least one instruction or at least a piece of program, and the at least one instruction or the at least one piece of program is processed by the The device is loaded and executed to realize a network control method for a non-original module according to any one of claims 1-7.
CN202011100285.8A 2020-10-13 2020-10-13 Network control device, method, equipment and medium of non-original module Pending CN112383506A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011100285.8A CN112383506A (en) 2020-10-13 2020-10-13 Network control device, method, equipment and medium of non-original module

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011100285.8A CN112383506A (en) 2020-10-13 2020-10-13 Network control device, method, equipment and medium of non-original module

Publications (1)

Publication Number Publication Date
CN112383506A true CN112383506A (en) 2021-02-19

Family

ID=74581466

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011100285.8A Pending CN112383506A (en) 2020-10-13 2020-10-13 Network control device, method, equipment and medium of non-original module

Country Status (1)

Country Link
CN (1) CN112383506A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113766458A (en) * 2021-09-29 2021-12-07 重庆长安汽车股份有限公司 IOT-based method for realizing internet connection of vehicle-end afterloading equipment and method and system for interacting with vehicle remote control terminal

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102749901A (en) * 2012-06-29 2012-10-24 惠州市德赛西威汽车电子有限公司 Intelligent isolation method of bus device
CN105763403A (en) * 2014-12-15 2016-07-13 中华汽车工业股份有限公司 Vehicle-mounted control local area network system
CN106990726A (en) * 2017-04-18 2017-07-28 上海汽车集团股份有限公司 A kind of vehicle CAN network data access method
US20170361840A1 (en) * 2016-06-21 2017-12-21 Robert Valentine Aftermarket controls for vehicles retrofitted with a non-original powertrain
CN109688146A (en) * 2018-12-29 2019-04-26 北京新能源汽车股份有限公司 Data access method, gateway controller and automobile

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102749901A (en) * 2012-06-29 2012-10-24 惠州市德赛西威汽车电子有限公司 Intelligent isolation method of bus device
CN105763403A (en) * 2014-12-15 2016-07-13 中华汽车工业股份有限公司 Vehicle-mounted control local area network system
US20170361840A1 (en) * 2016-06-21 2017-12-21 Robert Valentine Aftermarket controls for vehicles retrofitted with a non-original powertrain
CN106990726A (en) * 2017-04-18 2017-07-28 上海汽车集团股份有限公司 A kind of vehicle CAN network data access method
CN109688146A (en) * 2018-12-29 2019-04-26 北京新能源汽车股份有限公司 Data access method, gateway controller and automobile

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113766458A (en) * 2021-09-29 2021-12-07 重庆长安汽车股份有限公司 IOT-based method for realizing internet connection of vehicle-end afterloading equipment and method and system for interacting with vehicle remote control terminal
CN113766458B (en) * 2021-09-29 2023-06-02 重庆长安汽车股份有限公司 Method for realizing internet connection by vehicle end back-up equipment based on IOT, method and system for interacting with vehicle remote control terminal

Similar Documents

Publication Publication Date Title
US11496577B2 (en) Broker-based bus protocol and multi-client architecture
US10104094B2 (en) On-vehicle communication system
US20210004221A1 (en) Method and apparatus for updating devices in a remote network
CN111277610B (en) Gateway control system, method, smart device, smart device server
JP7074183B2 (en) Control device, in-vehicle communication system, communication control method and program
US12282325B2 (en) Systems and methods for safety-enabled control
CN104601590A (en) Login method, server and mobile terminal
US11228602B2 (en) In-vehicle network system
CN112291079A (en) Network service configuration method and network management equipment
WO2013175633A1 (en) Communication device, communication system and communication method
US20160234678A1 (en) Configuration of wireless devices
CN108390873B (en) Authentication and binding method, device and system for smart device
CN109714072B (en) Electronic control device, communication management method, and non-transitory storage medium
JP2017028345A (en) Gateway device and control method thereof
CN111385180B (en) Communication tunnel construction method, apparatus, device and medium
CN112219416A (en) Technology for authenticating data transmitted over cellular networks
CN112532663B (en) Household intelligent gateway login method and device
CN112383506A (en) Network control device, method, equipment and medium of non-original module
CN116155579A (en) Secure communication method, system, storage medium and vehicle
US12418409B2 (en) Method and system for securely configuring a plurality of gateway controllers of a vehicle
CN107444300B (en) Method for operating a data processing device for a vehicle
CN116506166A (en) Vehicle-mounted equipment authentication method, device, system, vehicle and readable storage medium
CN109450954A (en) Auto communication interface equipment and its authentication method
CN111824065B (en) A vehicle starting method and device based on double encryption authentication
EP3331257A1 (en) Terminal configuration management method and apparatus

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20210219

RJ01 Rejection of invention patent application after publication
点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载