CN104053149A - Method and system for realizing security mechanism of vehicle networking equipment - Google Patents
Method and system for realizing security mechanism of vehicle networking equipment Download PDFInfo
- Publication number
- CN104053149A CN104053149A CN201310077109.0A CN201310077109A CN104053149A CN 104053149 A CN104053149 A CN 104053149A CN 201310077109 A CN201310077109 A CN 201310077109A CN 104053149 A CN104053149 A CN 104053149A
- Authority
- CN
- China
- Prior art keywords
- certificate
- request
- solicited message
- information
- external system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The invention discloses a method and system for realizing a security mechanism of vehicle networking equipment. With the method and system, a problem that no standard in the prior art is involved in security mechanism realization of the vehicle networking equipment can be solved. According to the embodiment of the invention, the method comprises the following steps: receiving request information that is sent by an external system and is related with the security mechanism of the vehicle networking equipment; according to the received request information, determining a security service operation needed to be invoked and data needed by the processing process of the security service operation and carrying out corresponding treatment on the determined data by using the determined security service operation; and returning the treatment result to the external system.
Description
Technical field
The present invention relates to wireless communication field, particularly a kind of method and system of the security mechanism that realizes car networked devices.
Background technology
Car networked system mainly comprises mobile unit (the On-Board Unit being arranged on vehicle, OBU), be arranged on roadside equipment (the Road Side Unit of trackside, and provide the service entities of various information services (as service provider (Service Provider RSU), SP)), shown in Figure 1.Wherein, between OBU and OBU, and between OBU and RSU, all adopt Dedicated Short Range Communications (Dedicated Short Range Communication, DSRC) technology, between RSU and service entities, can adopt private network or public network to communicate by letter.Here OBU, RSU and service entities are referred to as to equipment.The main application purpose of car networking technology is to reduce the generation of traffic accident.
The main application scenarios of car networked system comprises following three kinds:
1) position of OBU monitoring vehicle and driving information, and vehicle is broadcasted these information towards periphery, the OBU on this vehicle also receives the information of the OBU transmission of other vehicles simultaneously; OBU on this vehicle will analyze the driving information of this vehicle and other vehicles, and possible traffic is threatened in time and notified to driver;
2) RSU broadcasts various traffic safety informations to OBU, and as road speed-limiting messages, traffic lights information, road construction information etc., RSU also can understand traffic conditions by monitoring OBU broadcast message, and reports monitor message to traffic control center;
3) SP can communicate with OBU and RSU respectively by wired or air interface, so that corresponding service function to be provided, as the collection of transport information with broadcast, road and bridge and parking fee collective system, and the broadcast of Weather information and local service information etc.
For avoiding receiving the information of falseness or malice, the car networked devices in car networked system must use the message that message certificate is broadcast it to carry out digital signature.For example, be protection OBU user's privacy, that in car networked system, transmits is necessary encrypted to the individual relevant data of OBU.In addition, in car networked system, the mutual information integrity protection of each equipment is also must considered problem.At present, the car networking certification mechanism of extensively being approved is based on public key infrastructure (Public Key Infrastructure, PKI) public key certificate authentication mechanism, but, rivest, shamir, adelman is not also suitable for the enciphering/deciphering of large data, so the data security in car networked system generally realizes by mixing application rivest, shamir, adelman and symmetric encipherment algorithm.In addition, the value-added service that some is additional, as road and bridge or parking fee collective system, may need independent security mechanism.Visible, in car networked system, the demand of the fail safe of each equipment is more and more diversified.
In the current also formulation stage in research and relevant criterion of car networking technology, many subjects under discussion are not yet paid close attention to.To so far, relevant technical standard does not all relate to the technical scheme of the security mechanism that realizes car networked devices, to meet the various security requiremenies of car networked devices, finds no relevant research work yet this subject under discussion is discussed.
Summary of the invention
The embodiment of the present invention provides a kind of method and system of the security mechanism that realizes car networked devices.All do not relate to the problem of the technical scheme of the security mechanism that realizes car networked devices for solving prior art standard.
The embodiment of the present invention provides a kind of method of the security mechanism that realizes car networked devices, comprising:
Receive the relevant solicited message of the security mechanism to car networked devices that external system sends;
According to the solicited message receiving, determine that the security service that need to call operates and the required data of processing procedure of described security service operation, and adopt described security service operation to process accordingly established data; And
Result is returned to described external system.
The system of a kind of security mechanism that realizes car networked devices that the embodiment of the present invention provides, comprising:
Interface arrangement, receive the relevant solicited message of the security mechanism to car networked devices that external system sends, determine the security service operation in the application apparatus that need to call according to described request information, and described request information is sent to described application apparatus, and the result receiving is returned to described external system;
Application apparatus, for according to the solicited message receiving, determines the required data of processing procedure of described security service operation, and adopts described security service operation to process accordingly established data, and result is returned to described interface arrangement;
Storage device, for storing the security information relevant to the security mechanism of car networked devices.
The embodiment of the present invention receives the relevant solicited message of the security mechanism to car networked devices that external system sends; According to the solicited message receiving, determine that the security service that need to call operates and the required data of processing procedure of this security service operation, and adopt definite security service operation to process accordingly established data; And result is returned to external system.The embodiment of the present invention has proposed a kind of specific implementation of the security mechanism that can realize car networked devices.
Brief description of the drawings
Fig. 1 is the structural representation of car networked system in background technology;
Fig. 2 is the system configuration schematic diagram of the embodiment of the present invention embodiment of the present invention security mechanism that realizes car networked devices;
Fig. 3 is the preferred structure schematic diagram of the embodiment of the present invention system that realizes the security mechanism of car networked devices;
Fig. 4 is the schematic flow sheet of embodiment of the present invention the first preferred embodiment;
Fig. 5 is the schematic flow sheet of embodiment of the present invention the first preferred embodiment;
Fig. 6 is the schematic flow sheet of embodiment of the present invention the first preferred embodiment;
Fig. 7 is the method flow diagram that the embodiment of the present invention embodiment of the present invention realizes the security mechanism of car networked devices.
Embodiment
Below in conjunction with Figure of description, the embodiment of the present invention is described in further detail.
Shown in Figure 2, the system of the security mechanism of car networked devices that what the embodiment of the present invention provided realize, comprising:
Interface arrangement 10, receive the relevant solicited message of the security mechanism to car networked devices that external system sends, determine the security service operation in the application apparatus 20 that need to call according to this solicited message, and described request information is sent to application apparatus 20, and the result receiving is returned to described external system;
Wherein, external system refers to the other system outside the system of the present embodiment, as for initiate to specify message carry out the security service application system of ciphertext operation, for the parameter of external data (as positional information, the current time information etc. of car networked devices) and data supply system are provided, for initiating device authentication and the authoring system etc. of certificate request.
Application apparatus 20, for according to the solicited message receiving, determine the required data of processing procedure of the security service operation that need to carry out, and according to this security service operation and established data, process accordingly, and result is returned to described interface arrangement 10;
Storage device 30, for storing the security information relevant to the security mechanism of car networked devices.
Preferably, in the embodiment of the present invention, car networked devices can be: in OBU, RSU and service system for carrying out the one of equipment of information processing.
In force, the system of the embodiment of the present invention can be completed with external system and be carried out information interaction by interface arrangement 10, completes various operations and the service relevant to the security mechanism of car networked devices by application apparatus 20.
In force, the storage device 30 of the system of the embodiment of the present invention stores following three kinds of information:
Publicly-owned secure data, system outside and the data relevant to the security mechanism of car networked devices that come from the embodiment of the present invention, comprising: the certificate revocation list that root certificate, each certificate are corresponding and belong to the device certificate (as certificate of certification, certificate of registry, the certificate of authority etc.) of other car networked devices;
For example, root ca certificate, the certificate revocation list that each CA certificate is corresponding, and belong to the certificate (as certification CA certificate, registration CA certificate and authorize the hashed value of CA certificate or these certificates) of other car networked devices;
Private security data, by (the Certificate Authority of various authentication centers, CA) be presented to the device certificate of this car networked devices, for example, be presented to the certificate of certification of this car networked devices by device authentication mechanism, registration body is presented to the certificate of registry of this car networked devices, and is presented to certificate of authority of this car networked devices etc. by authorized organization;
Key data and sensitive data, wherein, key data comprises: be presented to key that the public key certificate of this car networked devices is corresponding to (this key is to comprising PKI and private key) with authentication center, and external system writes native system and the symmetric key relevant to the various application of native system; Sensitive data is the data that can not be modified or can not be read by external system, comprise that the parameter information of this car networked devices is (as equipment Serial Number, information of vehicles etc.), and the root certificate of various CA or the hashed value of these root certificates (as the root certificate of the root certificate of the root certificate of certification CA, registration CA and mandate CA).
Preferably, the form of the solicited message that external system sends is [AppID, AppPara], and wherein AppID is application identities, the security service operation that need to call for identifying this solicited message, AppPara is the required input parameter information of processing procedure of this security service operation;
It should be noted that, for different solicited messages, the particular content difference of this input parameter information; For example, if this solicited message writes certificate for request, in this input parameter information, at least comprise certificate to be written; And for example, if this solicited message Generates Certificate and applies for request for request, in this input parameter information, at least comprise the attribute information (as effective deadline information, right expression information etc.) of certificate to be applied for.
Further, interface arrangement 10 specifically for: according to the application identities of carrying in the solicited message receiving, determine and need to call security service corresponding with this application identities in application apparatus 20 operation; And
Application apparatus 20 specifically for: according to the input parameter information of carrying in this solicited message, determine the required data of processing procedure of this security service operation.
In force, the solicited message that interface arrangement 10 receives comprises but is not limited to the one in following message:
For the first solicited message that specify message is carried out to ciphertext operation;
Be used to indicate the second solicited message of the application request that Generates Certificate; And
For writing the 3rd solicited message of the certificate that the CA of authentication center issues.
Below for different solicited messages, to describing alternately between the interface arrangement in the system of the embodiment of the present invention, application apparatus and storage device.
The first situation, solicited message are the first solicited message for specify message being carried out to ciphertext operation:
Interface arrangement 10 specifically for: receive the first solicited message that external system sends, and this first solicited message sent to application apparatus 20; And the Dealing with encrypt code result of application apparatus 20 is returned to external system;
Application apparatus 20 specifically for: according to the first solicited message, determine that this ciphertext operates required public key certificate and need to carry out the specify message of Dealing with encrypt code; And according to definite public key certificate, from storage device 30, obtain the first key that this public key certificate is corresponding to (this first key is to comprising PKI and private key); According to the private key of this first cipher key pair, specify message is carried out to Dealing with encrypt code; And the result of Dealing with encrypt code is returned to interface arrangement 10.
Wherein, Dealing with encrypt code includes but not limited to following processing: encryption, decryption processing and digital signature and checking processing.For example, OBU is to the safety traffic message of the broadcasting processing of signing, and RSU is to the road construction information of the broadcasting processing of signing, and information service firm is signed and processed etc. the advertisement information of broadcasting.
Further, application apparatus 20 also for:
After definite ciphertext operates required public key certificate, from storage device 30, obtain the certificate revocation list that this public key certificate is corresponding, and obtain the required external information (as current time information) of validity for verifying this public key certificate from external system; According to the external information getting and certificate revocation list corresponding to this public key certificate, verify that whether before the deadline and do not cancelled this public key certificate; After being verified, carry out Dealing with encrypt code.
Concrete, this application apparatus 20, according to the external information of obtaining, verifies that whether this public key certificate is in the term of validity (in the term of validity information whether external information that judgement is obtained comprises in this public key certificate); This application apparatus 20 is according to the certificate revocation list obtaining, and verifies whether this public key certificate is not cancelled and (judges that this public key certificate whether in this certificate revocation list, if so, illustrates that this public key certificate is cancelled; If not, illustrate that this public key certificate is not cancelled); The embodiment of the present invention does not limit the execution sequence of above-mentioned two proof procedures, can first verify that whether this public key certificate is in the term of validity, then verifies whether this public key certificate is not cancelled; Also can first verify whether this public key certificate is not cancelled, then verify that whether this public key certificate is in the term of validity;
At definite this public key certificate before the deadline and while not cancelled, this application apparatus 20 carries out Dealing with encrypt code;
At definite this public key certificate not before the deadline, or this public key certificate has been while having been cancelled, and this application apparatus 20 does not carry out any processing; Preferably, this application apparatus 20 returns and processes unsuccessfully to interface arrangement 10, further can carry failure cause.
The second situation, solicited message are the second solicited message that is used to indicate the application request that Generates Certificate:
Interface arrangement 10 specifically for: receive the second solicited message that external system sends, determine that according to this second solicited message the security service that need to call is operating as the application request that Generates Certificate, and this second solicited message is sent to application apparatus 20; And the certificate request request that application apparatus 20 is generated returns to external system;
Application apparatus 20 specifically for: according to the second solicited message, determine required device certificate in the attribute information of certificate to be applied for and this application request process that Generates Certificate; Generate the second key that certificate to be applied for is corresponding to and by this second key to being stored in storage device 30, wherein this second key is to comprising PKI and private key; Obtain from storage device 30 private key that described device certificate is corresponding, and use private key that device certificate is corresponding to the processing of signing of the signing messages of the attribute information that comprises certificate to be applied for and PKI corresponding to certificate to be applied for; And according to the attribute information of the result of this signature processing, certificate to be applied for and PKI corresponding to this certificate to be applied for, generate corresponding certificate request request; And the certificate request request of generation is returned to interface arrangement 10.
Wherein, the attribute information of certificate to be applied for includes but not limited to a kind of or combination in following message:
The classification (as certificate of certification, certificate of registry, the certificate of authority etc.) of the right expression information of the valid expiration date information of certificate to be applied for, certificate to be applied for, certificate to be applied for etc.
Further, application apparatus 20 also for:
After determining device certificate required in the application request process that Generates Certificate, according to definite device certificate and certificate to be applied for, obtain from storage device 30 certificate revocation list that this device certificate is corresponding, the root certificate that this certificate to be applied for is corresponding and certificate revocation list corresponding to this root certificate, and obtain the required external information of validity for Authentication devices certificate and root certificate from external system; According to the external information getting and corresponding certificate revocation list, verify that respectively whether before the deadline and do not cancelled root certificate that this device certificate and this certificate to be applied for are corresponding; After being verified, generate corresponding certificate request request.
It should be noted that, the proof procedure of the root certificate that device certificate and certificate to be applied for are corresponding, similar to the proof procedure of above-mentioned public key certificate, repeat no more herein.
The third situation, solicited message are the 3rd solicited message for writing the certificate that CA issues:
Interface arrangement 10 specifically for: receive the 3rd solicited message that external system sends, according to the 3rd solicited message, determine that the security service that need to call is operating as to write the certificate that CA issues, and the 3rd solicited message is sent to application apparatus 20; And the result of application apparatus 20 is returned to external system;
Application apparatus 20 specifically for: according to the 3rd solicited message, determine the certificate that this CA that need to write issues; The right private key of the key certificate that CA is issued and self generation and that be stored in storage device 30 carries out association process, and the certificate after association process is stored in to storage device 30.
Preferably, if ask to write the certificate of native system in the 3rd solicited message, be the certificate that CA issues according to the certificate request request generating in the second situation:
Application apparatus specifically for: the private key of the second cipher key pair of preserving in the certificate that CA is issued and storage device 30 carries out association process, and the certificate after association process is stored in to storage device 30.
Further, application apparatus 20 also for:
After determining the certificate that CA issues, the certificate of issuing according to CA, obtain the certificate revocation list that certificate that this CA issues is corresponding, corresponding root certificate and certificate revocation list corresponding to this root certificate of certificate that this CA issues from storage device 30, and obtain the required external information of validity for verifying certificate that this CA issues and corresponding root certificate thereof from external system; According to the external information getting and corresponding certificate revocation list, verify that whether before the deadline and do not cancelled this root certificate; After being verified, according to the external information getting, corresponding certificate revocation list and this root certificate, verify the validity of the certificate that this CA issues; After being verified, the certificate that CA is issued is stored in storage device 30.
In force, in order to ensure the validity of the certificate revocation list that each certificate is corresponding, certificate revocation list corresponding to each certificate of storing in can regular update storage device.
It should be noted that, the proof procedure of the certificate that CA issues and root certificate thereof, similar to the proof procedure of above-mentioned public key certificate, repeat no more herein.
Introduce the preferred implementation of one of the system of the security mechanism that realizes car networked devices of the embodiment of the present invention below, shown in Figure 3, in the present embodiment, interface arrangement 10, according to the content of native system and external system interactive information, further comprises: Secure Application service interface 110, safety are supported service interface 120 and certificate and cipher key management services interface 130;
Application apparatus 20 further comprises: Secure Application service unit 210, safety are supported service unit 220, certificate and cipher key management services unit 230 and safety compute unit 240;
Storage device 30 further comprises: publicly-owned safe data storage unit 310, private security data memory cell 320 and key and sensitive data memory cell 330.
Preferably, safety compute unit 240 and key and sensitive data memory cell 330 can be deployed in same unit, thereby provide believable computing environment for native system.
In force, outside security service application system can be called required Secure Application service unit 210 by Secure Application service interface 110 and carry out respective handling, for example, and data encryption, data deciphering, and the security service such as digital signature and checking;
Safety supports service interface 120 to support that by safety service unit 220 calls, and native system can support service interface 120 to obtain various external datas from external system by safety, for example, and current location information and the current time information etc. of car networked devices;
Outside certification or authoring system can be processed the various operations relevant to the various certificates of car networked devices and key by certificate and cipher key management services interface 130, for example, and the application of certificate and importing, and importing and the renewal etc. of key;
In force, publicly-owned safe data storage unit 310 storages come from the public safety data of native system outside, for example, the root certificate of various CA is (as certification root certificate, registration root certificate and mandate root certificate, or the hashed value of those root certificates), the certificate revocation list that various CA certificates are corresponding, and belong to the certificate of other car networked devices; Preferably, the root certificate that each CA is corresponding and/or the device certificate of other car networked devices are stored in key and sensitive data memory cell 330 simultaneously, in order to avoid it is illegally distorted;
Private security data memory cell 320 is stored the device certificate that is presented to this car networked devices from various CA, for example, be presented to the certificate of certification of this car networked devices by device authentication mechanism, registration body is presented to the certificate of registry of this car networked devices, and is presented to certificate of authority of this car networked devices etc. by authorized organization;
Key and sensitive data memory cell 330, the key of this unit storage comprises the key pair corresponding with the public key certificate that is presented to this car networked devices, and outside writes native system and the symmetric key relevant to the various application of native system; The sensitive data of this unit storage has parameter information (for example equipment Serial Number of this car networked devices, information of vehicles etc.), and the hashed value of various crucial certificates or these certificates (for example authenticating root certificate, the root certificate of registration CA and the root certificate of mandate CA etc. of CA), to guarantee that these root certificates can not illegally be changed or replace; Wherein, equipment Serial Number writes this equipment in the time that this car networked devices is produced, and can not be modified; The symmetric key of this unit storage and private key can not be read by other entities except safety compute unit.
In force, safety compute unit 240 can directly obtain carrying out key required in computational process from key and sensitive data memory cell 130.
Taking the system shown in Fig. 3 as example, for different solicited messages, the processing procedure of native system is elaborated below.
Embodiment mono-, device certificate application process, outside device authentication and authoring system are initiated a certificate request flow process, and shown in Figure 4, the present embodiment specific implementation process is as follows:
1) outside device authentication and authoring system generate a certificate request request by certificate and cipher key management services interface requirement native system, send to certificate and cipher key management services unit the application request (i.e. the second solicited message) that Generates Certificate;
2) the input parameter information of carrying in this application request that Generates Certificate of certificate and cipher key management services unit resolves, from publicly-owned safe data storage unit, private security data memory cell and/or key and sensitive data memory cell, obtain corresponding data (as device certificate according to the demand of arithmetic logic corresponding to application request that Generate Certificate, the root certificate that certificate to be applied for is corresponding, corresponding certificate revocation list, and equipment Serial Number etc.).
3) certificate and cipher key management services unit support service unit to obtain the data (as current time) of native system outside according to the demand of arithmetic logic corresponding to application request that Generate Certificate by calling safety.
4) certificate and cipher key management services unit to all data that get (comprising the data that get from self storage device and the data that get from external system) according to arithmetic logic corresponding to application request that Generate Certificate process accordingly (as Authentication devices certificate and root certificate whether before the deadline and do not cancelled).
5) certificate and cipher key management services unit send key to generating and PKI derivation request to safety compute unit.
6) safety compute unit, according to the key that receives to generating and PKI is derived request, generates key pair, and by key to being stored in key and sensitive data memory cell.
7) PKI of cipher key pair is returned to certificate and cipher key management services unit by safety compute unit.
8) certificate and cipher key management services unit generate signature operation request according to the attribute information of the PKI receiving and certificate to be applied for (as valid expiration date information of certificate to be applied for, right expression information, classification information etc.), and this signature operation request is sent to safety compute unit.
9) the signature operation request that safety compute unit resolves is received, and from key and sensitive data memory cell, obtain the required private key of signature operation.
10) the safety compute unit data to be signed that request is carried to the signature operation processing of signing, and result is returned to certificate and cipher key management services unit.
11) certificate and cipher key management services unit generate corresponding certificate request request, and this certificate request request are returned to outside device authentication and authoring system by certificate and cipher key management services interface according to the signature result receiving, attribute information and the PKI of certificate to be applied for;
Further, the certificate request request of receiving is sent to corresponding CA by outside device authentication and authoring system.
Describe as an example of generation certificate of registry application request example below, the application process of other device certificate similarly, will not enumerate herein, and in the present embodiment, the process that generates certificate of registry application request is as follows:
1) outside software certification and authoring system send by certificate and cipher key management services interface the service request that is used to indicate native system generation certificate of registry application request to native system;
Wherein, the form of this service request is [AppID, AppPara], and wherein AppID is application identities, the security service operation that need to call for identifying this service request, and AppPara is the required input parameter information of processing procedure of this security service operation;
Concrete, the certificate of native system and cipher key management services interface are receiving after this service request, according to the value of the application identities AppID in this service request, determine the certificate of registry application module of calling in certificate and cipher key management services unit, and the value of the input parameter AppPara carrying in this service request is passed to this certificate of registry application module.
2) the input parameter AppPara that certificate of registry application module parses receives, and according to the demand of corresponding arithmetic logic, from private security data memory cell, obtain certificate of certification Cert, from publicly-owned safe data storage unit, obtain registration CA root certificate ERootCACert and certificate revocation list (Certificate Revocation List corresponding to this registration CA root certificate, CRL), and from key and sensitive data memory cell obtain device identification EquipmentID(as equipment Serial Number).
3) certificate of registry application module is called the time-obtaining module of supporting safely in service unit to obtain current time Time.
4) according to current time Time authentication verification certificate and registration CA root certificate before the deadline whether, and whether authentication verification certificate and registration CA root certificate be in certificate revocation list for certificate of registry application module; If certificate of certification or registration CA root certificate had lost efficacy or cancelled, stop this certificate of registry application process; If certificate of certification and registration CA root certificate all before the deadline and do not cancelled, continue to carry out the process that generates certificate of registry application request.
5) certificate of registry application module sends key to generating and PKI derivation request to safety compute unit.
6) safety compute unit generate key to [PrivKey, PubKey], wherein PrivKey is private key, PubKey is PKI, and by the key of generation to being stored in key and sensitive data memory cell.
7) the PKI PubKey of cipher key pair is returned to certificate of registry application module by safety compute unit.
8) certificate of registry application module generates signature operation request according to the attribute information of the PKI of receiving and certificate to be applied for, and this signature operation request is sent to safety compute unit, wherein, the content of this signature operation request is: [Op, KeyID, SObject], Op is operation mark, KeyID is key identification, and SObject is data to be signed.
9) safety compute unit determines that according to the value of Op this is operating as signature operation, obtains the private key for signing according to the value of KeyID from key and sensitive data memory cell.
10) safety compute carries out digital signature processing to data to be signed SObject, and signature result is returned to certificate of registry application module.
11) certificate of registry requisition procedure module is according to the application request that Generates Certificate of the attribute information of signature result, certificate to be applied for and PKI, and this request is returned to outside device authentication and authoring system by certificate and cipher key management services interface.
Further, the certificate request request of receiving is sent to registration CA by this device authentication and authoring system.
Embodiment bis-, device certificate ablation process, suppose CA according to certificate request request issue corresponding certificate, and the certificate of issuing is returned to device authentication and authoring system, this device authentication and authoring system are initiated a certificate by certificate and cipher key management services interface to native system and are write flow process, shown in Figure 5, the present embodiment specific implementation process is as follows:
1) device authentication and authoring system send the service request that is used to indicate native system and writes the certificate that CA issues to certificate and cipher key management services interface.
2) input parameter carrying in certificate and this service request of cipher key management services unit resolves, and from publicly-owned safe data storage unit, private security data memory cell and/or key and sensitive data memory cell, obtain respectively corresponding data (as registration CA root certificate according to the demand that writes the arithmetic logic that certificate is corresponding, corresponding certificate revocation list, and equipment Serial Number etc.).
3) certificate and cipher key management services unit support service unit to obtain the data (as current time) of native system outside according to the demand that writes the arithmetic logic that certificate is corresponding by calling safety.
4) certificate and cipher key management services unit be according to the current time getting and corresponding certificate revocation list, and whether the certificate that checking need to write and corresponding root ca certificate thereof before the deadline and do not cancelled, if so, carry out following processing procedure; If not, stop current ablation process.
5) certificate and cipher key management services unit verify that according to this root ca certificate whether the certificate that need to write is effective, if so, carry out following processing procedure; If not, stop current ablation process.
6) certificate storage that certificate and cipher key management services unit write needs in private security data memory cell, and by this certificate with in key and sensitive data memory cell, store and do associated with private key corresponding to this certificate.
7) certificate and cipher key management services unit return to device authentication and authoring system by execution result by certificate and cipher key management services interface.
Describe as example to write certificate of registry below, the ablation process of other device certificate similarly, will not enumerate herein, in the present embodiment, CA issues corresponding certificate of registry according to certificate of registry application request, and the certificate of registry ECert issuing is returned to device authentication and authoring system, and this device authentication and authoring system are initiated a certificate ablation process by certificate and the cipher key management services interface of native system, and this process that writes certificate of registry is as follows:
1) device authentication and authoring system are receiving after the certificate of registry that CA issues, and send and are used to indicate certificate write request to the certificate of native system and cipher key management services interface;
Wherein, the form of this write request is [AppID, AppPara], and AppID is application identities, the security service operation that need to call for identifying this service request; AppPara is the required input parameter information of processing procedure of this security service operation;
Concrete, the certificate of native system and cipher key management services interface are according to the value of the application identities AppID in the service request receiving, determine the certificate writing module that call in certificate and cipher key management services unit, and the value of the input parameter AppPara carrying in this service request is passed to this certificate writing module, wherein, this input parameter includes the certificate of registry ECert that CA issues.
2) certificate writing module is resolved the input parameter receiving, extract certificate of registry, and from publicly-owned safe data storage unit, obtain registration CA root certificate ERootCert and corresponding certificate revocation list CRL according to the type of this certificate of registry, and obtain device identification EquipmentID(as equipment Serial Number from key and sensitive data memory cell).
3) certificate writing module calls the time-obtaining module of supporting safely in service unit to obtain current time Time.
4) certificate writing module judges according to the device identification getting whether this ECert is to be presented to this car networked devices, and whether before the deadline to verify this ECert and ERootCACert according to the current time getting, and verify that this ECert and ERootCACert are whether in certificate revocation list CRL;
If this ECert and/or ERootCACert had lost efficacy or cancelled, stop this certificate ablation process;
If this ECert and ERootCACert all before the deadline and do not cancelled, continue to carry out the ablation process of certificate.
5) certificate writing module verifies that according to ERootCert whether ECert to be written is effective;
If so, carry out the ablation process of certificate;
If not, stop current ablation process.
6) certificate writing module deposits ECert to be written in private security data unit, and by this ECert with in key and sensitive data memory cell, do associated with private key corresponding to this ECert.
7) certificate writing module returns to device authentication and authoring system by execution result by certificate and cipher key management services interface.
Embodiment tri-, Dealing with encrypt code process, shown in Figure 6, the present embodiment specific implementation process is as follows:
1) outside Secure Application service system sends the service request that is used to indicate native system and specify message is carried out to ciphertext operation to the Secure Application service interface of native system.
2) service request of receiving is resolved in Secure Application service, and operate the demand of corresponding arithmetic logic according to ciphertext, from publicly-owned safe data storage unit, private security data memory cell and/or key and sensitive data memory cell, obtain corresponding data (as signing certificate respectively, corresponding certificate revocation list, and device identification etc.).
3) Secure Application service unit operates the demand of corresponding arithmetic logic according to ciphertext, calls safety and supports service unit for example, to obtain the data (current location information of car networked devices and current time information) of native system outside.
4) Secure Application service unit to all data of obtaining according to ciphertext operate corresponding arithmetic logic process accordingly (for example authentication certificate whether before the deadline and do not cancelled).
5) Secure Application service unit sends safety operation request (for example information signature request) to safety compute unit.
6) the safety operation request that safety compute unit resolves is received, and from key and sensitive data memory cell, obtain corresponding data and key (for example signature private key).
7) safety compute unit, according to the specify message of carrying in the data that get and safety operation request, carries out corresponding ciphertext operation (for example data signature operation), and result is returned to Secure Application service unit.
8) Secure Application service unit, according to the result that receives, generates corresponding security service and replys, and this is replied by security service interface and returns to outside security service application system.
Be treated to example and describe specify message is carried out to digital signature below, other Dealing with encrypt code processes similarly, will not enumerate herein, and in the present embodiment, the process of digital signature processing is as follows:
1) Secure Application service system sends the service request that is used to indicate native system and specify message is carried out to digital signature processing to Secure Application service interface;
Wherein, the form of this service request is [AppID, AppPara], and wherein AppID is application identities, the security service operation that need to call for identifying this service request; AppPara is the required input parameter information of processing procedure of security service operation;
Concrete, the Secure Application service interface of native system, according to the value of the application identities AppID in the service request receiving, is determined the information signature module of calling in Secure Application service unit, and the value of input parameter AppPara is passed to this information signature module.
2) input parameter that information signature module parses receives, process the demand of corresponding arithmetic logic according to digital signature, from private security data memory cell, obtain signing certificate Cert, from publicly-owned safe data storage unit, obtain corresponding certificate revocation list CRL, and from key and sensitive data memory cell, obtain device identification (as the mark VehicleID of this car networked devices place vehicle).
3) information signature module is called the position acquisition module of supporting safely in service unit to obtain vehicle current location Location, calls the time-obtaining module of supporting safely in service unit to obtain current time Time.
4) information signature module is according to the current time that gets, and whether before the deadline checking Cert, and checks that this Cert is whether in certificate revocation list;
If this Cert before the deadline and do not cancelled, continue to carry out this information signature process;
If this Cert had lost efficacy or cancelled, stop this information signature process.
5) information signature module sends signature operation request to safety compute unit;
Wherein, the form of this signature operation request is [Op, KeyID, SObject], and Op is operation mark, and KeyID is key identification, and SObject is signature object (being specify message).
6) safety compute unit determines that according to the value of Op this is operating as signature operation, obtains the private key for signing according to the value of KeyID from key and sensitive data memory cell.
7) safety compute unit, according to the private key getting, carries out signature operation to signed data SObject, and signature result is returned to information signature module.
8) information signature module returns to outside security service application system by signature result by security service interface.
Said method handling process can realize with software program, and this software program can be stored in storage medium, in the time that the software program of storage is called, carries out said method step.
Based on above-described embodiment, the embodiment of the present invention also provides a kind of method of the security mechanism that realizes car networked devices, shown in Figure 7, comprises the following steps:
The relevant solicited message of the security mechanism to car networked devices that step 71, reception external system send;
The solicited message that step 72, basis receive, determines that the security service that need to call operates and the required data of processing procedure of this security service operation, and adopts this security service operation to process accordingly established data;
Step 73, result is returned to this external system.
Further, step 72 comprises:
According to the application identities of carrying in the solicited message receiving, determine the security service operation corresponding with this application identities; And
According to the input parameter information of carrying in definite security service operation and this solicited message, determine the required data of processing procedure of this security service operation.
As a kind of implementation, if solicited message is the first solicited message for specify message being carried out to ciphertext operation, the method for the embodiment of the present invention specifically comprises:
Receive the first solicited message that external system sends;
According to this first solicited message, determine that this security service is operating as ciphertext operation, and this ciphertext operates required public key certificate and need to carry out the specify message of Dealing with encrypt code; And according to this public key certificate, obtain the first key pair that this public key certificate is corresponding;
According to the private key of this first cipher key pair, this specify message is carried out to Dealing with encrypt code;
The result of Dealing with encrypt code is returned to external system.
Preferably, after definite ciphertext operates required public key certificate, and before carrying out Dealing with encrypt code, also comprise:
The secure data of storing from self, obtain the certificate revocation list that this public key certificate is corresponding, and obtain the required external information of validity for verifying this public key certificate from external system;
According to getting certificate revocation list and external information, verify that whether before the deadline and do not cancelled this public key certificate; And
After being verified, triggering and carry out Dealing with encrypt code.
As another kind of implementation, if solicited message is the second solicited message that is used to indicate the application request that Generates Certificate, the method for the embodiment of the present invention specifically comprises:
Receive the second solicited message that external system sends;
According to this second solicited message, determine that this security service is operating as the application request that Generates Certificate, and determine the attribute information of certificate to be applied for and Generate Certificate and apply for required device certificate in request process;
Generate the second key that certificate to be applied for is corresponding to and preserve, wherein this second key is to comprising PKI and private key;
Obtain the private key that this device certificate is corresponding, and use private key that this device certificate is corresponding to the processing of signing of the signing messages of the attribute information that comprises certificate to be applied for and PKI corresponding to this certificate to be applied for;
According to the attribute information of the result of this signature processing, certificate to be applied for and PKI corresponding to this certificate to be applied for, generate corresponding certificate request request; And
The certificate request request of generation is returned to external system.
Preferably, after determining device certificate required in the application request process that Generates Certificate, and before the application request that Generates Certificate, also comprise:
According to definite device certificate and described in certificate to be applied for, the secure data of storing from self, obtain the certificate revocation list that this device certificate is corresponding, the root certificate that certificate to be applied for is corresponding and certificate revocation list corresponding to this root certificate, and obtain the required external information of validity for verifying the root certificate that this device certificate and certificate to be applied for are corresponding from external system;
According to the external information getting and corresponding certificate revocation list, verify that respectively whether before the deadline and do not cancelled root certificate that this device certificate and this certificate to be applied for are corresponding;
After being verified, trigger the process of the application request that Generates Certificate.
As another way of realization, if solicited message is the 3rd solicited message for writing the certificate that the CA of authentication center issues, the method for the embodiment of the present invention specifically comprises:
Receive the 3rd solicited message that external system sends;
According to the 3rd solicited message, determine that this security service is operating as to write the certificate that certificate that CA issues and this CA issue;
The private key of the cipher key pair that the certificate of issuing with this CA that the certificate that this CA is issued generates with self is corresponding carries out association process, and preserves the certificate after association process; And
Result is returned to external system.
Preferably, after determining the certificate that CA issues, and before the certificate of issuing at this CA of preservation, also comprise:
The certificate of issuing according to this CA, from the secure data of self storage, obtain the certificate revocation list that certificate that this CA issues is corresponding, corresponding root certificate and certificate revocation list corresponding to this root certificate of certificate that this CA issues, and obtain the required external information of validity for verifying certificate that this CA issues and corresponding root certificate thereof from external system;
According to the external information getting, corresponding certificate revocation list, verify that whether before the deadline and do not cancelled root certificate that certificate that this CA issues is corresponding;
After being verified, root certificate corresponding to certificate of issuing according to the external information getting, corresponding certificate revocation list and this CA, verifies the validity of the certificate that this CA issues;
After being verified, the processing procedure of the certificate that this CA of triggering preservation issues.
Those skilled in the art should understand, embodiments of the invention can be provided as method, system or computer program.Therefore, the present invention can adopt complete hardware implementation example, completely implement software example or the form in conjunction with the embodiment of software and hardware aspect.And the present invention can adopt the form at one or more upper computer programs of implementing of computer-usable storage medium (including but not limited to magnetic disc store, CD-ROM, optical memory etc.) that wherein include computer usable program code.
The present invention is with reference to describing according to flow chart and/or the block diagram of the method for the embodiment of the present invention, equipment (system) and computer program.Should understand can be by the flow process in each flow process in computer program instructions realization flow figure and/or block diagram and/or square frame and flow chart and/or block diagram and/or the combination of square frame.Can provide these computer program instructions to the processor of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing device to produce a machine, the instruction that makes to carry out by the processor of computer or other programmable data processing device produces the device for realizing the function of specifying at flow process of flow chart or multiple flow process and/or square frame of block diagram or multiple square frame.
These computer program instructions also can be stored in energy vectoring computer or the computer-readable memory of other programmable data processing device with ad hoc fashion work, the instruction that makes to be stored in this computer-readable memory produces the manufacture that comprises command device, and this command device is realized the function of specifying in flow process of flow chart or multiple flow process and/or square frame of block diagram or multiple square frame.
These computer program instructions also can be loaded in computer or other programmable data processing device, make to carry out sequence of operations step to produce computer implemented processing on computer or other programmable devices, thereby the instruction of carrying out is provided for realizing the step of the function of specifying in flow process of flow chart or multiple flow process and/or square frame of block diagram or multiple square frame on computer or other programmable devices.
Although described the preferred embodiments of the present invention, once those skilled in the art obtain the basic creative concept of cicada, can make other change and amendment to these embodiment.So claims are intended to be interpreted as comprising preferred embodiment and fall into all changes and the amendment of the scope of the invention.
Obviously, those skilled in the art can carry out various changes and modification and not depart from the spirit and scope of the present invention the present invention.Like this, if these amendments of the present invention and within modification belongs to the scope of the claims in the present invention and equivalent technologies thereof, the present invention is also intended to comprise these changes and modification interior.
Claims (17)
1. a method that realizes the security mechanism of car networked devices, is characterized in that, the method comprises:
Receive the relevant solicited message of the security mechanism to car networked devices that external system sends;
According to the solicited message receiving, determine that the security service that need to call operates and the required data of processing procedure of described security service operation, and adopt described security service operation to process accordingly established data;
Result is returned to described external system.
2. the method for claim 1, is characterized in that, the solicited message that described basis receives, and required data in the definite security service operation that need to call and described security service operating process, comprising:
According to the application identities of carrying in the solicited message receiving, determine the security service operation corresponding with described application identities; And
According to the input parameter information of carrying in definite security service operation and described request information, determine the required data of processing procedure of described security service operation.
3. method as claimed in claim 1 or 2, is characterized in that, if described request information is the first solicited message for specify message being carried out to ciphertext operation;
Receive the first solicited message that external system sends;
According to described the first solicited message, determine that this security service is operating as ciphertext operation, and described ciphertext operates required public key certificate and need to carry out the specify message of Dealing with encrypt code; And according to described public key certificate, obtain the first key pair that described public key certificate is corresponding;
According to the private key of described the first cipher key pair, described specify message is carried out to Dealing with encrypt code;
The result of Dealing with encrypt code is returned to described external system.
4. method as claimed in claim 3, is characterized in that, after definite described ciphertext operates required public key certificate, and before carrying out Dealing with encrypt code, also comprises:
The secure data of storing from self, obtain the certificate revocation list that described public key certificate is corresponding, and obtain the required external information of validity for verifying described public key certificate from external system;
According to getting certificate revocation list and external information, verify that whether before the deadline and do not cancelled described public key certificate;
After being verified, triggering and carry out Dealing with encrypt code.
5. method as claimed in claim 3, is characterized in that, described Dealing with encrypt code at least comprises encryption, decryption processing and digital signature and checking processing.
6. method as claimed in claim 1 or 2, is characterized in that, if described request information is the second solicited message that is used to indicate the application request that Generates Certificate;
Receive the second solicited message that external system sends;
According to described the second solicited message, determine that this security service is operating as the application request that Generates Certificate, and determine the attribute information of certificate to be applied for and Generate Certificate and apply for required device certificate in request process;
The second key that described in generation, certificate to be applied for is corresponding is to also preserving, and wherein said the second key is to comprising PKI and private key;
Obtain the private key that described device certificate is corresponding, and use private key that described device certificate is corresponding to the attribute information that comprises certificate to be applied for and described in the processing of signing of the signing messages of PKI corresponding to certificate to be applied for;
According to the attribute information of the result of described signature processing, certificate to be applied for and described in PKI corresponding to certificate to be applied for, generate corresponding certificate request request;
The certificate request request of generation is returned to described external system.
7. method as claimed in claim 6, is characterized in that, after determining device certificate required in the application request process that Generates Certificate, and before the application request that Generates Certificate, also comprises:
According to definite device certificate and described in certificate to be applied for, the secure data of storing from self, obtain the certificate revocation list that described device certificate is corresponding, the root certificate that certificate described to be applied for is corresponding and certificate revocation list corresponding to this root certificate, and from external system obtain for verify described device certificate and described in the required external information of validity of root certificate corresponding to certificate to be applied for;
According to the external information getting and corresponding certificate revocation list, verify respectively described device certificate and described in root certificate corresponding to certificate to be applied for whether before the deadline and do not cancelled;
After being verified, trigger the process of the application request that Generates Certificate.
8. method as claimed in claim 1 or 2, is characterized in that, if described request information is the 3rd solicited message for writing the certificate that the CA of authentication center issues;
Receive the 3rd solicited message that external system sends;
According to described the 3rd solicited message, determine that this security service is operating as to write the certificate that certificate that CA issues and described CA issue;
The private key of the cipher key pair that the certificate of issuing with described CA that the certificate that described CA is issued generates with self is corresponding carries out association process, and preserves the certificate after association process;
Result is returned to described external system.
9. method as claimed in claim 8, is characterized in that, after determining the certificate that described CA issues, and before the certificate of issuing at the described CA of preservation, also comprises:
The certificate of issuing according to described CA, from the secure data of self storage, obtain the certificate revocation list that certificate that described CA issues is corresponding, corresponding root certificate and certificate revocation list corresponding to this root certificate of certificate that described CA issues, and obtain the required external information of validity for verifying certificate that described CA issues and corresponding root certificate thereof from external system;
According to the external information getting, corresponding certificate revocation list, verify that whether before the deadline and do not cancelled root certificate that certificate that described CA issues is corresponding;
After being verified, root certificate corresponding to certificate of issuing according to the external information getting, corresponding certificate revocation list and described CA, verifies the validity of the certificate that described CA issues;
After being verified, the processing procedure of the certificate that the described CA of triggering preservation issues.
10. a system that realizes the security mechanism of car networked devices, is characterized in that, this system comprises:
Interface arrangement, receive the relevant solicited message of the security mechanism to car networked devices that external system sends, determine the security service operation in the application apparatus that need to call according to described request information, and described request information is sent to described application apparatus, and the result receiving is returned to described external system;
Application apparatus, for according to the solicited message receiving, determines the required data of processing procedure of described security service operation, and adopts described security service operation to process accordingly established data, and result is returned to described interface arrangement;
Storage device, for storing the security information relevant to the security mechanism of car networked devices.
11. systems as claimed in claim 10, is characterized in that,
Described interface arrangement specifically for: according to the application identities of carrying in the solicited message receiving, determine and need to call security service corresponding with described application identities in described application apparatus operation;
Described application apparatus specifically for: according to the input parameter information of carrying in described request information, determine the required data of processing procedure of described security service operation.
12. systems as described in claim 10 or 11, is characterized in that, if described request information is the first solicited message for specify message being carried out to ciphertext operation;
Described interface arrangement specifically for: receive the first solicited message that external system sends, determine that according to described the first solicited message the security service that need to call is operating as ciphertext operation, and described the first solicited message is sent to described application apparatus; And the Dealing with encrypt code result of described application apparatus is returned to external system;
Described application apparatus specifically for: according to described the first solicited message, determine that described ciphertext operates required public key certificate and need to carry out the specify message of Dealing with encrypt code; And according to described public key certificate, from described storage device, obtain the first key pair that described public key certificate is corresponding; According to the private key of described the first cipher key pair, described specify message is carried out to Dealing with encrypt code; And the result of Dealing with encrypt code is returned to described interface arrangement.
13. systems as claimed in claim 12, is characterized in that, described application apparatus also for:
After definite described ciphertext operates required public key certificate, obtain from described storage device the certificate revocation list that described public key certificate is corresponding, and obtain the required external information of validity for verifying described public key certificate from external system; According to the external information getting and the certificate revocation list that gets, verify that whether before the deadline and do not cancelled described public key certificate; After being verified, carry out Dealing with encrypt code.
14. systems as described in claim 10 or 11, is characterized in that, if described request information is the second solicited message that is used to indicate the application request that Generates Certificate;
Described interface arrangement specifically for: receive the second solicited message that external system sends, determine that according to described the second solicited message the security service that need to call is operating as the application request that Generates Certificate, and described the second solicited message is sent to described application apparatus; And the certificate request request that described application apparatus is generated returns to external system;
Described application apparatus specifically for: according to described the second solicited message, determine certificate to be applied for attribute information and described in Generate Certificate application request process in required device certificate; The second key that described in generation, certificate to be applied for is corresponding to and by described the second key to being stored in described storage device, wherein said the second key is to comprising PKI and private key; Obtain from described storage device the private key that described device certificate is corresponding, and use private key that described device certificate is corresponding to the attribute information that comprises certificate to be applied for and described in the processing of signing of the signing messages of PKI corresponding to certificate to be applied for; And according to the attribute information of the result of described signature processing, certificate to be applied for and described in PKI corresponding to certificate to be applied for, generate corresponding certificate request request; And the certificate request request of generation is returned to described interface arrangement.
15. systems as claimed in claim 14, is characterized in that, described application apparatus also for:
After determining device certificate required in the application request process that Generates Certificate, according to definite device certificate and described in certificate to be applied for, obtain from described storage device the certificate revocation list that described device certificate is corresponding, the root certificate that certificate described to be applied for is corresponding and certificate revocation list corresponding to this root certificate, and obtain the required external information of validity of the root certificate for verifying described device certificate and get from external system; According to the external information getting and corresponding certificate revocation list, verify respectively described device certificate and described in root certificate corresponding to certificate to be applied for whether before the deadline and do not cancelled; After being verified, generate corresponding certificate request request.
16. systems as described in claim 10 or 11, is characterized in that, if described request information is the 3rd solicited message for writing the certificate that the CA of authentication center issues;
Described interface arrangement specifically for: receive the 3rd solicited message that external system sends, according to described the 3rd solicited message, determine that the security service that need to call is operating as to write the certificate that CA issues, and described the 3rd solicited message is sent to described application apparatus; And the result of described application apparatus is returned to external system;
Described application apparatus specifically for: according to described the 3rd solicited message, determine the certificate that described CA issues; The right private key of the key certificate that described CA is issued and self generation and that be stored in described storage device carries out association process, and the certificate after association process is stored in to described storage device.
17. systems as claimed in claim 16, is characterized in that, described application apparatus also for:
After determining the certificate that described CA issues, the certificate of issuing according to described CA, obtain the certificate revocation list that certificate that described CA issues is corresponding, corresponding root certificate and certificate revocation list corresponding to this root certificate of certificate that described CA issues from storage device, and obtain the required external information of validity for verifying certificate that described CA issues and corresponding root certificate thereof from external system; According to the external information getting, corresponding certificate revocation list, verify that whether before the deadline and do not cancelled root certificate that certificate that described CA issues is corresponding; After being verified, root certificate corresponding to certificate of issuing according to the external information getting, corresponding certificate revocation list and described CA, verifies the validity of the certificate that described CA issues; After being verified, the certificate that described CA is issued is stored in described storage device.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310077109.0A CN104053149B (en) | 2013-03-12 | 2013-03-12 | A kind of method and system for the security mechanism for realizing car networking equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310077109.0A CN104053149B (en) | 2013-03-12 | 2013-03-12 | A kind of method and system for the security mechanism for realizing car networking equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104053149A true CN104053149A (en) | 2014-09-17 |
| CN104053149B CN104053149B (en) | 2017-11-14 |
Family
ID=51505420
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310077109.0A Active CN104053149B (en) | 2013-03-12 | 2013-03-12 | A kind of method and system for the security mechanism for realizing car networking equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104053149B (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107710795A (en) * | 2015-06-24 | 2018-02-16 | 英特尔公司 | For vehicle to any things(V2X)The enhanced adjacent service of communication(ProSe)Agreement |
| CN107919955A (en) * | 2017-12-28 | 2018-04-17 | 北京奇虎科技有限公司 | A kind of vehicle network safety certifying method, system, vehicle, device and medium |
| CN108243005A (en) * | 2017-10-26 | 2018-07-03 | 招商银行股份有限公司 | Application for registration verification method, participant manage system, equipment and medium |
| CN109039654A (en) * | 2018-08-30 | 2018-12-18 | 深圳市元征科技股份有限公司 | TBOX identity identifying method and terminal device |
| CN109076338A (en) * | 2016-04-07 | 2018-12-21 | Gogo有限责任公司 | For the system and method to onboard services authentication application program |
| CN109314646A (en) * | 2016-06-28 | 2019-02-05 | 株式会社自动网络技术研究所 | Communication system and vehicular communication unit |
| CN109495498A (en) * | 2018-12-12 | 2019-03-19 | 北京车联天下信息技术有限公司 | The ca authentication method, apparatus and car networking information management system of vehicle arrangement |
| CN109783122A (en) * | 2019-01-29 | 2019-05-21 | 重庆邮电大学 | A kind of software security upgrade method and system based on V2X roadside device |
| WO2021109651A1 (en) * | 2019-12-06 | 2021-06-10 | 华为技术有限公司 | Certificate revocation list updating method and related device |
| CN113821248A (en) * | 2021-09-13 | 2021-12-21 | 阿波罗智联(北京)科技有限公司 | Service method of vehicle-end software, vehicle-end software and related equipment thereof |
| CN113826350A (en) * | 2019-03-25 | 2021-12-21 | 美光科技公司 | Secure communication in traffic control networks |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1956376A (en) * | 2005-10-25 | 2007-05-02 | 中兴通讯股份有限公司 | Broadband access user authentication method |
| US20090316907A1 (en) * | 2008-06-19 | 2009-12-24 | International Business Machines Corporation | System and method for automated validation and execution of cryptographic key and certificate deployment and distribution |
| CN102571340A (en) * | 2010-12-23 | 2012-07-11 | 普天信息技术研究院有限公司 | Certificate authentication device as well as access method and certificate update method thereof |
| CN102624681A (en) * | 2011-01-30 | 2012-08-01 | 索尼公司 | Method and system for distributing copyrighted digital content in peer-to-peer network |
| CN102906755A (en) * | 2009-12-17 | 2013-01-30 | 桑迪士克科技股份有限公司 | Content control method using certificate revocation lists |
-
2013
- 2013-03-12 CN CN201310077109.0A patent/CN104053149B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1956376A (en) * | 2005-10-25 | 2007-05-02 | 中兴通讯股份有限公司 | Broadband access user authentication method |
| US20090316907A1 (en) * | 2008-06-19 | 2009-12-24 | International Business Machines Corporation | System and method for automated validation and execution of cryptographic key and certificate deployment and distribution |
| CN102906755A (en) * | 2009-12-17 | 2013-01-30 | 桑迪士克科技股份有限公司 | Content control method using certificate revocation lists |
| CN102571340A (en) * | 2010-12-23 | 2012-07-11 | 普天信息技术研究院有限公司 | Certificate authentication device as well as access method and certificate update method thereof |
| CN102624681A (en) * | 2011-01-30 | 2012-08-01 | 索尼公司 | Method and system for distributing copyrighted digital content in peer-to-peer network |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107710795A (en) * | 2015-06-24 | 2018-02-16 | 英特尔公司 | For vehicle to any things(V2X)The enhanced adjacent service of communication(ProSe)Agreement |
| US10805395B2 (en) | 2015-06-24 | 2020-10-13 | Intel Corporation | Enhanced proximity services (ProSe) protocols for vehicle-to-anything (V2X) communication |
| CN109076338A (en) * | 2016-04-07 | 2018-12-21 | Gogo有限责任公司 | For the system and method to onboard services authentication application program |
| CN109076338B (en) * | 2016-04-07 | 2022-02-01 | 高高商务航空有限责任公司 | System and method for authenticating an application to an onboard service |
| CN109314646A (en) * | 2016-06-28 | 2019-02-05 | 株式会社自动网络技术研究所 | Communication system and vehicular communication unit |
| CN109314646B (en) * | 2016-06-28 | 2021-07-20 | 株式会社自动网络技术研究所 | Communication system and in-vehicle communication device |
| CN108243005A (en) * | 2017-10-26 | 2018-07-03 | 招商银行股份有限公司 | Application for registration verification method, participant manage system, equipment and medium |
| CN108243005B (en) * | 2017-10-26 | 2021-07-20 | 招商银行股份有限公司 | Application registration verification method, participant management system, device and medium |
| CN107919955A (en) * | 2017-12-28 | 2018-04-17 | 北京奇虎科技有限公司 | A kind of vehicle network safety certifying method, system, vehicle, device and medium |
| CN109039654A (en) * | 2018-08-30 | 2018-12-18 | 深圳市元征科技股份有限公司 | TBOX identity identifying method and terminal device |
| CN109495498A (en) * | 2018-12-12 | 2019-03-19 | 北京车联天下信息技术有限公司 | The ca authentication method, apparatus and car networking information management system of vehicle arrangement |
| CN109783122A (en) * | 2019-01-29 | 2019-05-21 | 重庆邮电大学 | A kind of software security upgrade method and system based on V2X roadside device |
| CN113826350A (en) * | 2019-03-25 | 2021-12-21 | 美光科技公司 | Secure communication in traffic control networks |
| WO2021109651A1 (en) * | 2019-12-06 | 2021-06-10 | 华为技术有限公司 | Certificate revocation list updating method and related device |
| CN113821248A (en) * | 2021-09-13 | 2021-12-21 | 阿波罗智联(北京)科技有限公司 | Service method of vehicle-end software, vehicle-end software and related equipment thereof |
| CN113821248B (en) * | 2021-09-13 | 2022-10-04 | 阿波罗智联(北京)科技有限公司 | Service method of vehicle-end software, vehicle-end software and related equipment thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104053149B (en) | 2017-11-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11888993B2 (en) | Digital certificate application method | |
| CN104053149A (en) | Method and system for realizing security mechanism of vehicle networking equipment | |
| CN110769393B (en) | Identity authentication system and method for vehicle-road cooperation | |
| JP5261614B2 (en) | Communication system, in-vehicle terminal, roadside device | |
| EP3726865A1 (en) | Method for generating and using virtual key of vehicle, system for same, and user terminal | |
| JP6065113B2 (en) | Data authentication apparatus and data authentication method | |
| CN104780141A (en) | Method and equipment for acquiring message certificate in Internet-of-vehicles system | |
| CN110365486B (en) | Certificate application method, device and equipment | |
| CN105246071B (en) | A kind of message in car networking system generates and verification method, equipment | |
| CN112543927B (en) | Equipment upgrading method and related equipment | |
| KR101837338B1 (en) | Cloud-Assisted Conditional Privacy Preserving Authentication Method for VANET and System Therefor | |
| CN108306727A (en) | For encrypting, decrypting and the method and apparatus of certification | |
| US20160112206A1 (en) | System and Method for Vehicle Messaging Using a Public Key Infrastructure | |
| US20200235946A1 (en) | Security management system for vehicle communication, operating method thereof, and message-processing method of vehicle communication service provision system having the same | |
| KR101429212B1 (en) | Method and apparatus for authenticating group driving of moving object | |
| CN105577613A (en) | Secret key information transmitting method, secret key information receiving method, equipment and system thereof | |
| WO2014121708A2 (en) | Message certification application method, device, and system | |
| CN103986687A (en) | Method for realizing authorization management of vehicle networking device, device and systems | |
| CN113114699B (en) | Vehicle terminal identity certificate application method | |
| CN109756336B (en) | Authentication method, V2X computing system and V2X computing node | |
| CN108632250A (en) | The method and apparatus of the generation of instruction manipulation session master key, operational order transmission | |
| CN108650220A (en) | Provide, obtain method, the equipment of mobile terminal certificate and automobile end chip certificate | |
| JP2011228777A (en) | Key generating device, data providing device, terminal device, and program | |
| Funderburg et al. | Pairing-free signatures with insider-attack resistance for vehicular ad-hoc networks (VANETs) | |
| CN113765667B (en) | Anonymous certificate application method, device authentication method, device, apparatus and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |