US 12,323,889 B2
Security protection method in in-vehicle system and device
Changjian Gao, Shenzhen (CN); Yong Wang, Shenzhen (CN); and Yinghui Yu, Beijing (CN)
Assigned to Shenzhen Yinwang Intelligent Technologies Co., Ltd., Shenzhen (CN)
Filed by Shenzhen Yinwang Intelligent Technologies Co., Ltd., Guangdong (CN)
Filed on Feb. 18, 2022, as Appl. No. 17/675,966.
Application 17/675,966 is a continuation of application No. PCT/CN2020/110078, filed on Aug. 19, 2020.
Claims priority of application No. 201910770024.8 (CN), filed on Aug. 20, 2019.
Prior Publication US 2022/0173902 A1, Jun. 2, 2022
Int. Cl. H04W 4/44 (2018.01); H04L 9/08 (2006.01); H04L 9/32 (2006.01); H04L 67/12 (2022.01)
CPC H04W 4/44 (2018.02) [H04L 9/0825 (2013.01); H04L 9/0877 (2013.01); H04L 9/3247 (2013.01); H04L 67/12 (2013.01)] 18 Claims
OG exemplary drawing
 
1. An in-vehicle security protection system, comprising:
an electronic control unit (ECU);
a domain controller coupled to the ECU; and
a gateway coupled to the domain controller,
wherein the ECU is configured to generate a public key of the ECU and a private key of the ECU by using a first security protection module deployed on the ECU, wherein the first security protection module is configured to provide security protection for the ECU, and a security level of the first security protection module is a first security level,
wherein the ECU is further configured to sign a firmware digest of the ECU by using the private key of the ECU to obtain first signature information,
wherein the ECU is further configured to send the first signature information, the public key of the ECU, and the firmware digest of the ECU to the domain controller,
wherein the domain controller is configured to receive the first signature information, the public key of the ECU, and the firmware digest of the ECU from the ECU,
wherein the domain controller is further configured to generate a public key of the domain controller and a private key of the domain controller by using a second security protection module, wherein the second security protection module is configured to provide security protection for the domain controller, and a security level of the second security protection module is a second security level,
wherein the domain controller is further configured to perform verification on the first signature information by using the public key of the ECU,
wherein the domain controller is further configured to, when the first signature information has been verified, sign the firmware digest of the ECU by using the private key of the domain controller, to obtain second signature information,
wherein the domain controller is further configured to send the second signature information, the public key of the domain controller, and the firmware digest of the ECU to the gateway,
wherein the gateway is configured to receive the second signature information, the public key of the domain controller, and the firmware digest of the ECU from the domain controller,
wherein the gateway is further configured to generate a public key of the gateway and a private key of the gateway by using a third security protection module, wherein the third security protection module is configured to provide security protection for the gateway, and a security level of the third security protection module is a third security level,
wherein the gateway is further configured to perform verification on the second signature information by using the public key of the domain controller,
wherein the gateway is further configured to, when the second signature information has been verified, sign the firmware digest of the ECU by using the private key of the gateway, to obtain third signature information, and
wherein the gateway is further configured to send the third signature information, the public key of the gateway, and the firmware digest of the ECU to a server external to the in-vehicle security protection system.