Abstract: This application relates to a service access method and apparatus, where the method includes: obtaining, from system data, a first identifier corresponding to a service requesting unit; obtaining, from a first access request, a second identifier corresponding to a service, where the first access request indicates that the service requesting unit requests the service from a service providing unit; determining an authentication result based on the first identifier and the second identifier, where the authentication result indicates whether the service requesting unit has permission to access the service; when the authentication result indicates that the service requesting unit has the permission to access the service, generating a second access request; and sending the second access request to the service providing unit. The service access method and apparatus provided in embodiments of this application can improve service access security.

Abstract: A random number generation apparatus includes an electric network frequency (ENF) extractor, an entropy generation module, and an entropy pool. The random number generation apparatus may generate a true random number and a pseudo random number based on an ENF signal of an electric network without using a hardware entropy source.

Abstract: A data transmission method includes: a first electronic control unit (ECU) that obtains to-be-sent data. The first ECU determines a protection policy corresponding to the to-be-sent data from a plurality of protection policies, where the protection policies include a plurality of different encapsulation formats for the to-be-sent data and at least two protection policies with different calculation amounts for processing the to-be-sent data. The first ECU encapsulates the to-be-sent data according to the protection policy corresponding to the to-be-sent data to obtain an encapsulated packet. The first ECU sends the encapsulated packet to a second ECU, where the first ECU and the second ECU are any two ECUs in a vehicle.

Abstract: A vehicle-mounted device upgrade method and a related apparatus, where the method includes an on-board unit (Tbox) of a vehicle that processes a first data segment according to a first algorithm to obtain a first check value, where the first data segment is any data segment in a plurality of data segments included in an upgrade file of a control unit, and the first check value is sent to the control unit, and the Tbox encrypts the first data segment by using a first key to obtain a first encrypted segment, and sends the first encrypted segment to the control unit, so that the control unit stores, in the control unit, the first data segment obtained by decrypting the first encrypted segment by using the first key, where the first data segment is used by the control unit to form the upgrade file for upgrade.

Abstract: A vehicle-mounted device upgrade method and a related apparatus, where the method includes an on-board unit (Tbox) of a vehicle that processes a first data segment according to a first algorithm to obtain a first check value, where the first data segment is any data segment in a plurality of data segments included in an upgrade file of a control unit, and the first check value is sent to the control unit, and the Tbox encrypts the first data segment by using a first key to obtain a first encrypted segment, and sends the first encrypted segment to the control unit, so that the control unit stores, in the control unit, the first data segment obtained by decrypting the first encrypted segment by using the first key, where the first data segment is used by the control unit to form the upgrade file for upgrade.

Abstract: Embodiments of this application provide a key generation method and a related device. The method includes: receiving, by a terminal, a first message sent by a source base station, where the first message includes a key exchange algorithm selected by a target base station and a first public key generated by the target base station; generating, by the terminal, a first shared key based on the key exchange algorithm, the first public key, and a first private key generated by the terminal; and sending, by the terminal, a second message to the target base station, where the second message includes a second public key generated by the terminal. According to the embodiments of this application, a communication latency and network load can be reduced while communication security is ensured.