CN104899954A - Vehicle system reverse authentication management device and method - Google Patents
Vehicle system reverse authentication management device and method Download PDFInfo
- Publication number
- CN104899954A CN104899954A CN201510375664.0A CN201510375664A CN104899954A CN 104899954 A CN104899954 A CN 104899954A CN 201510375664 A CN201510375664 A CN 201510375664A CN 104899954 A CN104899954 A CN 104899954A
- Authority
- CN
- China
- Prior art keywords
- harvester
- information
- identity device
- ciphertext
- treating apparatus
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Traffic Control Systems (AREA)
Abstract
The invention comprises a vehicle system reverse authentication management device and method. The device comprises a server, a switch and more than one sub-processing unit, wherein the server is connected with the sub-processing units through the switch; each sub-processing unit comprises an identification device, a collecting device, a processing device, a voice alarming device and a server. The method includes identification device activation, blacklist inspection, random number loopback encryption authentication. The vehicle system reverse authentication management device and method has the advantages that by the remote wireless communication interface manner of the identification device and the collecting device, vehicle access legality judgment can be completed when a vehicle enters a garden gate control range, and vehicle management timeliness and foreseeability are guaranteed; meanwhile, the authentication manner using the SM1 password algorithm, 'one vehicle one password' independent key design and random number participation is used, and vehicle management system safety is increased.
Description
Technical field
The present invention relates to a kind of Vehicular system against authentication management device and management method, particularly relate to a kind of Vehicular system against authentication management device and management method, belong to technical field of security and protection.
Background technology
Vehicle management system is used widely at safety-security area, and vehicle management system spreads to the places such as government, machine-operated cause, enterprise, plant area, school, school district day by day as the security device controlling vehicles while passing garden.Thus reach the safety management requirement of garden.
The deployment of current vehicle management system mainly comprises: for identifying the identify label device (car plate or electronic tag etc.) of testing vehicle register; For the collector (Car license recognition device or card reader etc.) of collection vehicle identity; For retraining the clearance device (barrier gate device or railing etc.) of vehicle pass-through; For the pick-up unit (wagon detector or video triggering etc.) of vehicle detection; The treating apparatus controlled for vehicle identification information data analysis and other utility appliance such as relative alarm, instruction.
Workflow is as follows: (1) vehicle enters garden process: vehicle carries identify label and enters garden.(2) vehicle detection process: detect traffick by vehicle detection apparatus and triggering collection device collection vehicle mark.(3) collecting vehicle information process: be transferred to processor by the identification information of collecting vehicle information device collection vehicle.(4) information of vehicles processing procedure: the legitimacy of vehicle identity information analyzed by Vehicular system processor, judges legal output all-clear.(5) vehicle clearance processing procedure: after vehicle clearance device receives all-clear, control lever arm of keeping off a car and lift, vehicle is let pass.(6) registration of vehicle traffic information: generate vehicle pass-through information (time, position etc.) and be saved to rear cover server.(7) to roll garden process away from identical with above-mentioned (1)-(6) process for vehicle.
In the project application process of reality, owing to being subject to the restriction of construction site condition, or this garden belongs to exploitation formula garden, does not allow to dispose mounting vehicle clearance device.By auxiliary warning or indicating device, managerial personnel only judge whether vehicle has the authority of turnover garden.Such application mode will certainly cause the hysteresis quality of management, and after namely vehicle has entered garden, the identity of vehicle has been verified in the comparison of managerial personnel's; Vehicle management efficiency for large discharge cannot promote.Vehicle identity information used in addition is easily replicated (deck, copy electronic tag), its poor stability.
In sum, be also applicable to and the techniques and methods of maturation at present, both met the open requirement that vehicle management system is disposed, ageing, foreseeability and safety issue that testing vehicle register differentiates can be solved again.
Summary of the invention
The invention provides a kind of Vehicular system against the management devices of certification and management method.
Technical scheme one:
Vehicular system, against a management devices for certification, comprises server, switch and more than one sub-processing unit; Described server connects each described sub-processing unit through affiliated switch; Described sub-processing unit comprises identity device, harvester, treating apparatus, phonetic alarm device; Described identity device is arranged in pilothouse, comprise the first secure storage module supporting cryptographic algorithm, the information that described first secure storage module stores comprises independent authentication key K EY ', application key K EY and identification information Ci, and described first secure storage module can generate random number R; Described harvester comprises the second secure storage module supporting cryptographic algorithm, stores the independent authentication key K EY ' of registered in advance vehicle, application key K EY in described second secure storage module; Described first secure storage module and the second secure storage module support SM1 cryptographic algorithm; The network interface of described server and the network interface of described treating apparatus are bi-directionally connected;
Described harvester sends the active information for activating described identity device in real time; Described identity device is in state of activation after receiving described active information; The independent authentication key K EY ' stored in first secure storage module described in it, identification information Ci and random number R are sent to described harvester by the identity device being in state of activation; The identification information Ci received is forwarded to described treating apparatus by described harvester; Black list information is forwarded to the display of described identity device through described harvester by described treating apparatus, sends described blacklist letter simultaneously and plays to ceasing described phonetic alarm device; Described harvester uses described application key K EY, carries out dispersion encryption obtain temporary key KEY1 to identification information Ci, and uses temporary key KEY1 that described random number R is encrypted as the first ciphertext R ', and described first ciphertext R ' is back to described identity device; Described identity device uses separate keys KEY ' to be encrypted operation to random number R, obtains the second ciphertext R ", more described first ciphertext R ' and described second ciphertext R " whether identical; Differentiation result is sent to described harvester, by its display.
Described identity device and harvester wireless connections, described treating apparatus connects described harvester by RS485 interface, connects described phonetic alarm device by RS232 interface, is bi-directionally connected by TCP/IP network and described server
Technical scheme two:
Apply the management method of described Vehicular system against the management devices of certification, be made up of following concrete steps:
Step 1: identity device activates: described harvester sends the active information for activating described identity device in real time; Described identity device is in state of activation after receiving described active information;
Step 2: blacklist is verified: be made up of following sub-step:
Step 2-1: the independent authentication key K EY ' stored in the first secure storage module described in it, identification information Ci and random number R are sent to described harvester by the identity device being in state of activation;
Step 2-2: the identification information Ci received is forwarded to described treating apparatus by described harvester;
Step 2-3: described treating apparatus judges whether described identification information Ci is black list information; If so, turn to step 2-3, if not, turn to step 4;
Step 2-3: black list information is sent to described phonetic alarm device and harvester by described treating apparatus respectively; Turn to step 2-4;
Step 2-4: described phonetic alarm device plays described black list information; The black list information received is forwarded to described identity device by described harvester; Turn to step 2-5;
Step 2-5: described identity device shows the black list information received;
Step 3: random number loopback encrypting and authenticating: be made up of following sub-step:
Step 3-1: described harvester uses the application key K EY of the corresponding vehicle prestored, dispersion encryption is carried out to identification information Ci and obtains temporary key KEY1, and use temporary key KEY1 that described random number R is encrypted as the first ciphertext R ', described first ciphertext R ' is back to described identity device;
Step 3-2: described identity device uses separate keys KEY ' to be encrypted operation to random number R, obtains the second ciphertext R ", more described first ciphertext R ' and described second ciphertext R " whether identical, if different, turn to step 3-3, otherwise, turn to step 3-4;
Step 3-3: certification information unauthorized is sent to described harvester, turns to step 3-5;
Step 3-4: certification legal information is sent to described harvester, turns to step 3-5;
Step 3-5: judge whether the authentication result that described harvester receives is certification legal information, if so, turns to step 3-6, if not, turns to step 3-7;
Step 3-6: described harvester sends and allows traffic information to described identity device; Turn to step 3-11;
Step 3-7: information is sent to described identity device and treating apparatus to described harvester by no through traffic respectively; Turn to step 3-8;
Step 3-8: described identity device display no through traffic information, turns to step 3-9;
Step 3-9: no through traffic that information is sent to described phonetic alarm device by described for described treating apparatus, turns to step 3-10;
Step 3-10: information that described in phonetic alarm device broadcasting, no through traffic, turns to step 4;
Step 3-11: described identity device display allows traffic information, turns to step 4;
Step 4: terminate.
Beneficial effect of the present invention is:
1) the present invention is by the legitimacy of vehicles identifications device authentication harvester, completes the management of vehicles while passing garden.Meanwhile, there is the function of display certification discriminant information and broadcasting certification discriminant information.When it solving the open deployment of Vehicular system, ageing, the foreseeability that testing vehicle register differentiates and safety issue
2) the present invention adopts SM1 cryptographic algorithm, the separate keys design of " car one is close " and the authentication mode of random number participation, improves the security of vehicle management system.
Accompanying drawing explanation
Fig. 1 is the theory diagram of the embodiment of the present invention 1;
Fig. 2 is the theory diagram of the embodiment of the present invention 1 subelement;
Fig. 3 is the main flow chart of the embodiment of the present invention 2;
Fig. 4 is the process flow diagram of the embodiment of the present invention 2 step 2;
Fig. 5 is the process flow diagram of the embodiment of the present invention 2 step 3.
Embodiment
Below in conjunction with Fig. 1 to Fig. 5 and specific embodiment, the present invention is further illustrated.
Embodiment 1:
As shown in Figure 1, a kind of Vehicular system, against the management devices of certification, comprises server, switch and more than one sub-processing unit; Described server connects each described sub-processing unit through affiliated switch.As shown in Figure 2, described sub-processing unit comprises identity device, harvester, treating apparatus, phonetic alarm device; Described identity device is arranged in pilothouse, comprise the first secure storage module supporting cryptographic algorithm, the information that described first secure storage module stores comprises independent authentication key K EY ', application key K EY and identification information Ci, and described first secure storage module can generate random number R; Described harvester comprises the second secure storage module supporting cryptographic algorithm, stores the independent authentication key K EY ' of registered in advance vehicle, application key K EY in described second secure storage module; Described first secure storage module and the second secure storage module support SM1 cryptographic algorithm; The network interface of described server and the network interface of described treating apparatus are bi-directionally connected;
Described harvester sends the active information for activating described identity device in real time; Described identity device is in state of activation after receiving described active information; The independent authentication key K EY ' stored in first secure storage module described in it, identification information Ci and random number R are sent to described harvester by the identity device being in state of activation; The identification information Ci received is forwarded to described treating apparatus by described harvester; Black list information is forwarded to the display of described identity device through described harvester by described treating apparatus, sends described blacklist letter simultaneously and plays to ceasing described phonetic alarm device; Described harvester uses described application key K EY, carries out dispersion encryption obtain temporary key KEY1 to identification information Ci, and uses temporary key KEY1 that described random number R is encrypted as the first ciphertext R ', and described first ciphertext R ' is back to described identity device; Described identity device uses separate keys KEY ' to be encrypted operation to random number R, obtains the second ciphertext R ", more described first ciphertext R ' and described second ciphertext R " whether identical; Differentiation result is sent to described harvester, by its display.
Described identity device and harvester wireless connections, described treating apparatus connects described harvester by RS485 interface, connects described phonetic alarm device by RS232 interface, is bi-directionally connected by TCP/IP network and described server
Described identity device and harvester wireless connections, described treating apparatus connects described harvester by RS485 interface, connects described phonetic alarm device by RS232 interface, is bi-directionally connected by TCP/IP network and described server.
Embodiment 2:
As shown in Figure 3, a kind ofly apply the management method of described Vehicular system against the management devices of certification, be made up of following concrete steps:
Step 1: identity device activates: described harvester sends the active information for activating described identity device in real time; Described identity device is in state of activation after receiving described active information;
Step 2: as shown in Figure 4, blacklist is verified: be made up of following sub-step:
Step 2-1: the independent authentication key K EY ' stored in the first secure storage module described in it, identification information Ci and random number R are sent to described harvester by the identity device being in state of activation;
Step 2-2: the identification information Ci received is forwarded to described treating apparatus by described harvester;
Step 2-3: described treating apparatus judges whether described identification information Ci is black list information; If so, turn to step 2-3, if not, turn to step 4;
Step 2-3: black list information is sent to described phonetic alarm device and harvester by described treating apparatus respectively; Turn to step 2-4;
Step 2-4: described phonetic alarm device plays described black list information; The black list information received is forwarded to described identity device by described harvester; Turn to step 2-5;
Step 2-5: described identity device shows the black list information received;
Step 3: as shown in Figure 5, random number loopback encrypting and authenticating: be made up of following sub-step:
Step 3-1: described harvester uses the application key K EY of the corresponding vehicle prestored, dispersion encryption is carried out to identification information Ci and obtains temporary key KEY1, and use temporary key KEY1 that described random number R is encrypted as the first ciphertext R ', described first ciphertext R ' is back to described identity device;
Step 3-2: described identity device uses separate keys KEY ' to be encrypted operation to random number R, obtains the second ciphertext R ", more described first ciphertext R ' and described second ciphertext R " whether identical, if different, turn to step 3-3, otherwise, turn to step 3-4;
Step 3-3: certification information unauthorized is sent to described harvester, turns to step 3-5;
Step 3-4: certification legal information is sent to described harvester, turns to step 3-5;
Step 3-5: judge whether the authentication result that described harvester receives is certification legal information, if so, turns to step 3-6, if not, turns to step 3-7;
Step 3-6: described harvester sends and allows traffic information to described identity device; Turn to step 3-11;
Step 3-7: information is sent to described identity device and treating apparatus to described harvester by no through traffic respectively; Turn to step 3-8;
Step 3-8: described identity device display no through traffic information, turns to step 3-9;
Step 3-9: no through traffic that information is sent to described phonetic alarm device by described for described treating apparatus, turns to step 3-10;
Step 3-10: information that described in phonetic alarm device broadcasting, no through traffic, turns to step 4;
Step 3-11: described identity device display allows traffic information, turns to step 4;
Step 4: terminate.
Claims (3)
1. Vehicular system is against a management devices for certification, it is characterized in that: comprise server, switch and more than one sub-processing unit; Described server connects each described sub-processing unit through affiliated switch; Described sub-processing unit comprises identity device, harvester, treating apparatus and phonetic alarm device; Described identity device is arranged in pilothouse, comprise the first secure storage module supporting cryptographic algorithm, the information that described first secure storage module stores comprises independent authentication key K EY ', application key K EY and identification information Ci, and described first secure storage module can generate random number R; Described harvester comprises the second secure storage module supporting cryptographic algorithm, stores the independent authentication key K EY ' of registered in advance vehicle, application key K EY in described second secure storage module; Described first secure storage module and the second secure storage module support SM1 cryptographic algorithm; The network interface of described server and the network interface of described treating apparatus are bi-directionally connected;
Described harvester sends the active information for activating described identity device in real time; Described identity device is in state of activation after receiving described active information; The independent authentication key K EY ' stored in first secure storage module described in it, identification information Ci and random number R are sent to described harvester by the identity device being in state of activation; The identification information Ci received is forwarded to described treating apparatus by described harvester; Black list information is forwarded to the display of described identity device through described harvester by described treating apparatus, sends described black list information simultaneously and plays to described phonetic alarm device; Described harvester uses described application key K EY, carries out dispersion encryption obtain temporary key KEY1 to identification information Ci, and uses temporary key KEY1 that described random number R is encrypted as the first ciphertext R ', and described first ciphertext R ' is back to described identity device; Described identity device uses separate keys KEY ' to be encrypted operation to random number R, obtains the second ciphertext R ", more described first ciphertext R ' and described second ciphertext R " whether identical; Differentiation result is sent to described harvester, by its display.
2. Vehicular system according to claim 1 is against the management devices of certification, it is characterized in that: described identity device and harvester wireless connections, described treating apparatus connects described harvester by RS485 interface, connect described phonetic alarm device by RS232 interface, be bi-directionally connected by TCP/IP network and described server.
3. apply described Vehicular system against a management method for the management devices of certification, it is characterized in that comprising following concrete steps:
Step 1: identity device activates: described harvester sends the active information for activating described identity device in real time; Described identity device is in state of activation after receiving described active information;
Step 2: blacklist is verified: be made up of following sub-step:
Step 2-1: the independent authentication key K EY ' stored in the first secure storage module described in it, identification information Ci and random number R are sent to described harvester by the identity device being in state of activation;
Step 2-2: the identification information Ci received is forwarded to described treating apparatus by described harvester;
Step 2-3: described treating apparatus judges whether described identification information Ci is black list information; If so, turn to step 2-3, if not, turn to step 3;
Step 2-3: black list information is sent to described phonetic alarm device and harvester by described treating apparatus respectively; Turn to step 2-4;
Step 2-4: described phonetic alarm device plays described black list information; The black list information received is forwarded to described identity device by described harvester; Turn to step 2-5;
Step 2-5: described identity device shows the black list information received; Turn to step 4;
Step 3: random number loopback encrypting and authenticating: be made up of following sub-step:
Step 3-1: described harvester uses the application key K EY of the corresponding vehicle prestored, dispersion encryption is carried out to identification information Ci and obtains temporary key KEY1, and use temporary key KEY1 that described random number R is encrypted as the first ciphertext R ', described first ciphertext R ' is back to described identity device;
Step 3-2: described identity device uses separate keys KEY ' to be encrypted operation to random number R, obtains the second ciphertext R ", more described first ciphertext R ' and described second ciphertext R " whether identical, if different, turn to step 3-3, otherwise, turn to step 3-4;
Step 3-3: certification information unauthorized is sent to described harvester, turns to step 3-5;
Step 3-4: certification legal information is sent to described harvester, turns to step 3-5;
Step 3-5: judge whether the authentication result that described harvester receives is certification legal information, if so, turns to step 3-6, if not, turns to step 3-7;
Step 3-6: described harvester sends and allows traffic information to described identity device; Turn to step 3-11;
Step 3-7: information is sent to described identity device and treating apparatus to described harvester by no through traffic respectively; Turn to step 3-8;
Step 3-8: described identity device display no through traffic information, turns to step 3-9;
Step 3-9: no through traffic that information is sent to described phonetic alarm device by described for described treating apparatus, turns to step 3-10;
Step 3-10: information that described in phonetic alarm device broadcasting, no through traffic, turns to step 4;
Step 3-11: described identity device display allows traffic information, turns to step 4;
Step 4: terminate.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510375664.0A CN104899954B (en) | 2015-07-01 | 2015-07-01 | A kind of Vehicular system is against authentication management device and management method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510375664.0A CN104899954B (en) | 2015-07-01 | 2015-07-01 | A kind of Vehicular system is against authentication management device and management method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104899954A true CN104899954A (en) | 2015-09-09 |
| CN104899954B CN104899954B (en) | 2017-12-26 |
Family
ID=54032597
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510375664.0A Active CN104899954B (en) | 2015-07-01 | 2015-07-01 | A kind of Vehicular system is against authentication management device and management method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104899954B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101127660A (en) * | 2007-09-17 | 2008-02-20 | 陈洪 | Car monitoring system based on electronic identity recognition |
| JP2009135688A (en) * | 2007-11-29 | 2009-06-18 | Fujitsu Ten Ltd | Authentication method, authentication system, and on-vehicle device |
| CN201402475Y (en) * | 2008-11-18 | 2010-02-10 | 上海东海电脑股份有限公司 | Electronic charging on-vehicle unit with independent safety control module |
| CN201707721U (en) * | 2010-01-12 | 2011-01-12 | 江苏省现代企业信息化应用支撑软件工程技术研发中心 | Automatic management system for vehicle access |
| CN202142113U (en) * | 2011-06-16 | 2012-02-08 | 上海宝康电子控制工程有限公司 | Vehicle management system for closed community |
| CN103152174A (en) * | 2013-01-28 | 2013-06-12 | 深圳市捷顺科技实业股份有限公司 | Data processing method, device and parking lot management system applied to parking lot |
-
2015
- 2015-07-01 CN CN201510375664.0A patent/CN104899954B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101127660A (en) * | 2007-09-17 | 2008-02-20 | 陈洪 | Car monitoring system based on electronic identity recognition |
| JP2009135688A (en) * | 2007-11-29 | 2009-06-18 | Fujitsu Ten Ltd | Authentication method, authentication system, and on-vehicle device |
| CN201402475Y (en) * | 2008-11-18 | 2010-02-10 | 上海东海电脑股份有限公司 | Electronic charging on-vehicle unit with independent safety control module |
| CN201707721U (en) * | 2010-01-12 | 2011-01-12 | 江苏省现代企业信息化应用支撑软件工程技术研发中心 | Automatic management system for vehicle access |
| CN202142113U (en) * | 2011-06-16 | 2012-02-08 | 上海宝康电子控制工程有限公司 | Vehicle management system for closed community |
| CN103152174A (en) * | 2013-01-28 | 2013-06-12 | 深圳市捷顺科技实业股份有限公司 | Data processing method, device and parking lot management system applied to parking lot |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104899954B (en) | 2017-12-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109729180B (en) | Whole system intelligent community platform | |
| US20040210757A1 (en) | Method and a system for unauthorized vehicle control | |
| CN100580736C (en) | An automatic checking method for vehicle identity on the road | |
| CN105118127B (en) | A kind of guest system and control method thereof | |
| JP4890248B2 (en) | Control access to a given area | |
| US8261319B2 (en) | Logging access attempts to an area | |
| CN106603578B (en) | A kind of centralized T BOX Information Security Defending Systems | |
| US20120295592A1 (en) | Vehicle Component Identification and Configuration Registry Reporting System | |
| US20050033962A1 (en) | Controlling group access to doors | |
| CN109088848A (en) | A kind of intelligent network connection automobile information method for security protection | |
| CN1971656A (en) | Electronic testing system capable of managing motor vehicles and driver reliably | |
| US20160063779A1 (en) | Logging access attempts to an area | |
| WO2014173015A1 (en) | Method, device and system for acquiring information about illegal driver | |
| CN104933792A (en) | Method for controlling vehicle ring authorization through intelligent mobile devices | |
| CN109890009A (en) | A kind of vehicle communication system | |
| CN104899950A (en) | Authorized ingress and egress method for vehicles based on bluetooth recognition | |
| EP3348033A1 (en) | A trusted geolocation beacon and a method for operating a trusted geolocation beacon | |
| CN104882002A (en) | Digitalized intelligent license plate and reading system thereof | |
| CN103177592A (en) | Vehicle cloud intelligence system and implementing method thereof | |
| CN109636986A (en) | Management-control method, system and the car-mounted device of vehicle in a kind of garden | |
| CN104963304A (en) | Bluetooth barrier gate | |
| CN104992485A (en) | Barrier gate controlling and opening method based on Internet of Things | |
| CN108062805B (en) | Vehicle-mounted data processing method and server | |
| CN201937612U (en) | Management system for user right | |
| CN104899954A (en) | Vehicle system reverse authentication management device and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20180612 Address after: 100070 9, two district, 188 South Fourth Ring Road, Fengtai District, Beijing. Patentee after: ChinaComm System Co., Ltd. Address before: 050081 System Integration Department, Hebei Far East Communication System Engineering Co., Ltd., 589 Zhongshan West Road, Shijiazhuang, Hebei Patentee before: Hebei FarEast Communication System Engineering Co., Ltd. |
|
| TR01 | Transfer of patent right |