CN107204850A - A kind of lightweight car networking safety communicating method - Google Patents
A kind of lightweight car networking safety communicating method Download PDFInfo
- Publication number
- CN107204850A CN107204850A CN201710418304.3A CN201710418304A CN107204850A CN 107204850 A CN107204850 A CN 107204850A CN 201710418304 A CN201710418304 A CN 201710418304A CN 107204850 A CN107204850 A CN 107204850A
- Authority
- CN
- China
- Prior art keywords
- car
- mounted terminal
- key
- cloud platform
- car networking
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/108—Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The present embodiments relate to the car networking communications field, and in particular to a kind of lightweight car networking safety communicating method.Including:The car-mounted terminal generates random parameter RAND 1, and calculates cryptographic Hash H1;The car-mounted terminal sends access request message Access request and gives car networking safe cloud platform;The car-mounted terminal is after the access response message that the safe cloud platform of the car networking is sent is received, the freshness of the timestamp received is examined first, calculate cryptographic Hash H4, and examine whether cryptographic Hash H4 matches with the cryptographic Hash H3 of the car networking safe cloud platform transmission, if H4=H3, then the car networking secure cloud platform authentication is passed through, can be communicated;Then session key session key, if H4 ≠ H3, the car-mounted terminal is connected with the car networking secure cloud platform interrupt.This method ensure that the secure interactive of data between vehicle termination and internet cloud platform.
Description
Technical field
The present invention relates to the car networking communications field, and in particular to a kind of lightweight car networking safety communicating method.
Background technology
Car networking system can be divided into cloud, pipe, three parts of end, wherein, high in the clouds is car networking cloud platform or server, pipe
The communication pipe between car-mounted terminal and car networking cloud platform or server is referred to, end refers to car-mounted terminal.
As automobile end is the progressively ripe of car-mounted terminal access technology, the function of network vehicular applications is also obtained
Greatly abundant and extend, these all lay a good foundation for the prosperity of car networking application market, but the thing followed one is not
Negligible problem is exactly safety problem, how to ensure the sensitive information that vehicle is interacted by network (i.e. communication pipe) with the external world
Safety obtained very big concern.If transmission safety cannot be guaranteed, sensitive data can be caused to be stolen, distort, or even lead
Car-mounted terminal and vehicle is caused to be remotely controlled.
Interacting as application layer communication, existing conventional standard peace between car-mounted terminal and car networking cloud platform or server
Full agreement is SSL (Secure Socket Layer), TLS (Transport Layer Security), DTLS (Datagram
Transport Layer Security) etc., or some off-gauge privately owned security protocols.
For standard security protocols, shaking hands for being taken turns more between car-mounted terminal and car networking cloud platform is interacted,
The bidirectional identity authentication and key agreement between car connection terminal and platform can be just completed, meanwhile, that is used in interaction is more
For Asymmetric Cryptography algorithm, overall calculating is consumed for resource-constrained car-mounted terminal and not applied to, even provides
Source is equally huge for the pressure of platform side than more rich car-mounted terminal, and magnanimity terminal access platform or causes Dos to attack simultaneously
Hit, cause platform paralysis not run normally.
For some nonstandard security protocols, its security can not usually be ensured, be pacified in car-mounted terminal with platform side
In full verification process, there can be the security risks such as Replay Attack or forgery attack.In addition, car-mounted terminal carries out safety with platform side
The key of communication, is often platform side generation, is transmitted further to end side, can so cause the burden of platform side key management, and
Car-mounted terminal is difficult the synchronous of holding key updating with platform side, once key updating synchronization failure, two ends will be unable to carry out again
Secure communication.
Therefore, it is necessary to provide a kind of communication means for being capable of safety, it is ensured that between vehicle termination and internet cloud platform
The secure interactive of data.
The content of the invention
The embodiments of the invention provide a kind of lightweight car networking safety communicating method, with solve existing vehicle termination with mutually
Data are capable of the technical problem of secure interactive between networking cloud platform.
A kind of lightweight car networking safety communicating method provided in an embodiment of the present invention, applied to car-mounted terminal side, including:
The car-mounted terminal generates random parameter RAND 1, and calculate cryptographic Hash H1=hash (device ID, T1, RAND1,
Device Key, period time, hash algorithm), wherein device ID are the identity of car-mounted terminal, and T1 is mark
Remember the timestamp of time instantly, device Key are the key of the car-mounted terminal, and period time are car-mounted terminal access car connection
The heartbeat cycle time of safe cloud platform is netted, hash algorithm are the hash algorithm used;
The car-mounted terminal send access request message Access request (device ID, T1, H1, deviceID,
RAND1, period time, hash algorithm) give the safe cloud platform of car networking;
The car-mounted terminal is examined first after the access response message that the safe cloud platform of the car networking is sent is received
The freshness of the timestamp received, calculates cryptographic Hash H4=hash (T2, RAND1, RAND2, device Key), and examine
Whether the cryptographic Hash H3 sent with the safe cloud platform of the car networking is matched cryptographic Hash H4, if H4=H3, to the car networking
Secure cloud platform authentication passes through, and can be communicated;Then session key session key=hash (RAND1,
RAND2, device key), the session key session key are used as the car-mounted terminal and car networking safety
The encryption of cloud platform secure communication or tegrity protection key;If H4 ≠ H3, the car-mounted terminal and the car networking secure cloud
Platform interrupt is connected.
Further, the hash algorithm is SHA-256.
Further, the car-mounted terminal utilizes the session key session with the safe cloud platform of the car networking
Key carries out Security Data Transmission, and the session key session key are split as two parts, and a part is encryption key, one
It is divided into tegrity protection key.
Further, the freshness for the timestamp that the inspection is received, including:Utilize car-mounted terminal time instantly
T1 subtracts the time T that the car networking cloud platform is sent, and checks whether to be less than time gate threshold value a △ T, i.e. T1-T<△ T, such as
Fruit, which is less than, then assert that the access response message is that the car networking cloud platform is newly sent.
A kind of lightweight car networking safety communicating method provided in an embodiment of the present invention, applied to the safe cloud platform of car networking
Side, including:
The car networking cloud platform examines the timestamp received after the request message of car-mounted terminal transmission is received
Freshness, using the car networking cloud platform, time T1 subtracts the time T that the car-mounted terminal is sent instantly, checks whether to be less than
One time gate threshold value △ T, i.e. T1-T<△ T, if less than then assert that the request message is that the car-mounted terminal is newly sent;
The key device Key of the car-mounted terminal of tenant are found according to the identity device ID of car-mounted terminal, and are calculated
Cryptographic Hash H2=hash (Project ID, T1, device Key, period time, hash algorithm), wherein
Device ID are the identity of car-mounted terminal, and T1 is marks the timestamp of time instantly, and device Key are close for the car-mounted terminal
Key, period time are the heartbeat cycle time that car-mounted terminal accesses car networking cloud platform, and hash algorithm are used
Hash algorithm;
Examining the cryptographic Hash H2, whether the cryptographic Hash H1 sent with the car-mounted terminal is matched, if H2=H1, to institute
State car-mounted terminal certification to pass through, generation random parameter RAND 2, session key session key=hash (RAND1,
RAND2, device key), wherein session key session key are used as the follow-up car-mounted terminal and the platform
Between secure communication encryption or tegrity protection key;Cryptographic Hash H3=hash (T2, RAND1, RAND2, device are calculated again
Key);
The car networking cloud platform sends access response message Access response (H3, T2, RAND2) to the car
Mounted terminal;
If H2 ≠ H1, the car-mounted terminal is connected with the car networking secure cloud platform interrupt.
Further, the hash algorithm is SHA-256.
Further, in addition to, the car-mounted terminal and the car networking cloud platform utilize the session key session
Key carries out Security Data Transmission, and the session key session key are split as two parts, and a part is encryption key, one
It is divided into tegrity protection key.
Compared with prior art, the embodiment of the present invention propose a kind of lightweight safety communicating method, car-mounted terminal with
Only needing to once shake hands between car networking cloud platform can complete to be mutually authenticated and key agreement, and the key generated is by both
Joint consultation is generated, be not by platform generate after be sent to car-mounted terminal, it is to avoid Key Exposure and key updating are asynchronous
The problem of, meanwhile, agreement, which is based on timestamp mechanism, can take precautions against Replay Attack.
Brief description of the drawings
Technical scheme in order to illustrate the embodiments of the present invention more clearly, makes required in being described below to embodiment
Accompanying drawing is briefly introduced, it should be apparent that, drawings in the following description are only some embodiments of the present invention, for this
For the those of ordinary skill in field, without having to pay creative labor, it can also be obtained according to these accompanying drawings
His accompanying drawing.
Fig. 1 is the flow chart of communication means described in one embodiment of the invention;
Fig. 2 is the hardware configuration connection diagram of the electronic equipment of communication means described in one embodiment of the invention.
Fig. 3 is the secure interactive communication process between car-mounted terminal described in one embodiment of the invention and car networking cloud platform
Figure
Embodiment
In order that the object, technical solutions and advantages of the present invention are clearer, below in conjunction with accompanying drawing the present invention is made into
One step it is described in detail, it is clear that described embodiment is only a part of embodiment of the invention, rather than whole implementation
Example.Based on the embodiment in the present invention, what those of ordinary skill in the art were obtained under the premise of creative work is not made
All other embodiment, belongs to the scope of protection of the invention.
The preferred embodiment that the invention will now be described in detail with reference to the accompanying drawings.
Embodiment 1
According to the safety problem of existing scheme, the embodiment of the present invention proposes a kind of lightweight car networking safety communicating method,
The lightweight safety certification between car-mounted terminal and car networking cloud platform is the method achieve, symmetric key mechanisms, i.e. car are utilized
The identity device ID and corresponding symmetric key device key for the car-mounted terminal are prefixed between mounted terminal and platform,
Two-way authentication and key can be completed using only needing to interact by a wheel between the key car-mounted terminal and car networking cloud platform
Consult, it should be pointed out that car-mounted terminal need it is synchronous with the car networking cloud platform retention time, can be to prevent using timestamp mechanism
The Replay Attack that model attacker is initiated after intercepting messages again.
As shown in figure 1, a kind of lightweight car networking safety communicating method provided in an embodiment of the present invention, applied to vehicle-mounted end
Side, including:
The car-mounted terminal generates random parameter RAND 1, and calculate cryptographic Hash H1=hash (device ID,
T1, RAND1, device Key, period time, hash algorithm), wherein device ID are vehicle-mounted end
The identity at end, T1 is marks the timestamp of time instantly, and device Key are the key of the car-mounted terminal, and period time are
Car-mounted terminal accesses the heartbeat cycle time of the safe cloud platform of car networking, and hashalgorithm is the hash algorithm used;It is described
Hash algorithm includes SHA-256, MD2, MD4, MD5 and SHA-1.
The car-mounted terminal send access request message Access request (device ID, T1, H1, deviceID,
RAND1, period time, hash algorithm) give the safe cloud platform of car networking;
The car-mounted terminal is examined first after the access response message that the safe cloud platform of the car networking is sent is received
The freshness of the timestamp received, calculates cryptographic Hash H4=hash (T2, RAND1, RAND2, device Key), and examine
Whether the cryptographic Hash H3 sent with the safe cloud platform of the car networking is matched cryptographic Hash H4, if H4=H3, to the car networking
Secure cloud platform authentication passes through, and can be communicated;Then session key session key=hash (RAND1,
RAND2, device key), the session key session key are used as the car-mounted terminal and car networking safety
The encryption of cloud platform secure communication or tegrity protection key;If H4 ≠ H3, the car-mounted terminal and the car networking secure cloud
Platform interrupt is connected.
In addition, the car-mounted terminal is entered with the safe cloud platform of the car networking using the session key session key
Row Security Data Transmission, the session key session key are split as two parts, and a part is encryption key, and a part is
Tegrity protection key.
Wherein, the freshness for the timestamp that the inspection is received, including:Using the car-mounted terminal, time T1 subtracts instantly
The time T for going the car networking cloud platform to send, checks whether to be less than time gate threshold value a △ T, i.e. T1-T<△ T, if small
In then assert that the access response message is that the car networking cloud platform is newly sent.
Compared with prior art, the embodiment of the present invention propose a kind of lightweight safety communicating method, car-mounted terminal with
Only needing to once shake hands between car networking cloud platform can complete to be mutually authenticated and key agreement, and the key generated is by both
Joint consultation is generated, be not by platform generate after be sent to car-mounted terminal, it is to avoid Key Exposure and key updating are asynchronous
The problem of, meanwhile, agreement, which is based on timestamp mechanism, can take precautions against Replay Attack.
Embodiment 2
A kind of lightweight car networking safety communicating method provided in an embodiment of the present invention, applied to the safe cloud platform of car networking
Side, including:
The car networking cloud platform examines the timestamp received after the request message of car-mounted terminal transmission is received
Freshness, using the car networking cloud platform, time T1 subtracts the time T that the car-mounted terminal is sent instantly, checks whether to be less than
One time gate threshold value △ T, i.e. T1-T<△ T, if less than then assert that the request message is that the car-mounted terminal is newly sent;
The key device Key of the car-mounted terminal of tenant are found according to the identity device ID of car-mounted terminal, and are calculated
Cryptographic Hash H2=hash (Project ID, T1, device Key, period time, hash algorithm), wherein
Device ID are the identity of car-mounted terminal, and T1 is marks the timestamp of time instantly, and device Key are close for the car-mounted terminal
Key, period time are the heartbeat cycle time that car-mounted terminal accesses car networking cloud platform, and hash algorithm are used
Hash algorithm;The hash algorithm includes SHA-256, MD2, MD4, MD5 and SHA-1.
Examining the cryptographic Hash H2, whether the cryptographic Hash H1 sent with the car-mounted terminal is matched, if H2=H1, to institute
State car-mounted terminal certification to pass through, generation random parameter RAND 2, session key session key=hash (RAND1,
RAND2, device key), wherein session key session key are used as the follow-up car-mounted terminal and the platform
Between secure communication encryption or tegrity protection key;Cryptographic Hash H3=hash (T2, RAND1, RAND2, device are calculated again
Key);
The car networking cloud platform sends access response message Access response (H3, T2, RAND2) to the car
Mounted terminal;
If H2 ≠ H1, the car-mounted terminal is connected with the car networking secure cloud platform interrupt.
In addition, the car-mounted terminal enters line number with the car networking cloud platform using the session key session key
According to safe transmission, the session key session key are split as two parts, and a part is encryption key, and a part is complete
Property protection key.
Compared with prior art, the embodiment of the present invention propose a kind of lightweight safety communicating method, car-mounted terminal with
Only needing to once shake hands between car networking cloud platform can complete to be mutually authenticated and key agreement, and the key generated is by both
Joint consultation is generated, be not by platform generate after be sent to car-mounted terminal, it is to avoid Key Exposure and key updating are asynchronous
The problem of, meanwhile, agreement, which is based on timestamp mechanism, can take precautions against Replay Attack.
Embodiment 3
According to the safety problem of existing scheme, the embodiment of the present invention proposes a kind of lightweight car networking safety communicating method,
The lightweight safety certification between car-mounted terminal and car networking cloud platform is the method achieve, symmetric key mechanisms, i.e. car are utilized
The identity device ID and corresponding symmetric key device key for the car-mounted terminal are prefixed between mounted terminal and platform,
Two-way authentication and key can be completed using only needing to interact by a wheel between the key car-mounted terminal and car networking cloud platform
Consult, it should be pointed out that car-mounted terminal need it is synchronous with the car networking cloud platform retention time, can be to prevent using timestamp mechanism
The Replay Attack that model attacker is initiated after intercepting messages again.
As shown in figure 3, the secure interactive communication process between car-mounted terminal and car networking cloud platform that the present embodiment is provided
It is as follows:
Step 0:Car-mounted terminal generate random parameter RAND 1, and calculate cryptographic Hash H1=hash (device ID, T1,
RAND1,device Key,period time,hash algorithm).Wherein device ID are the identity of car-mounted terminal,
T1 is marks the timestamp of time instantly, and device Key are the key of the car-mounted terminal, and period time connect for car-mounted terminal
Enter the heartbeat cycle time of car networking cloud platform, hash algorithm are the hash algorithm used, and the hash algorithm includes
SHA-256, MD2, MD4, MD5 and SHA-1.
Step 1:Car-mounted terminal transmission access request message Access request (device ID, T1, H1,
DeviceID, RAND1, period time, hash algorithm) give the safe cloud platform of car networking;
Step 2:Car networking cloud platform examines the freshness of the timestamp received after request message is received, first,
Using platform, the time subtracts the time that car-mounted terminal is sent instantly, checks whether to be less than a time gate threshold value, if less than then
It is that car-mounted terminal is newly sent to assert the message, i.e. T-T1<=△ T;The device Key of tenant are found according to device ID,
And cryptographic Hash H2=hash (Project ID, T1, device Key, period time, hash algorithm) is calculated, if
H2=H1, then pass through to car-mounted terminal certification, generation RAND2, calculating session key=hash (RAND1, RAND2,
Device key), otherwise, middle connection breaking;Cryptographic Hash H3=hash (T2, RAND1, RAND2, device Key) is calculated again.Its
Middle session key are used as the encryption of secure communication or tegrity protection key between follow-up car-mounted terminal and platform.
Step 3:Car networking cloud platform sends access response message Access response (H3, T2, RAND2)
Step 4:Car-mounted terminal examines the timestamp received first after the access response message of platform transmission is received
Freshness, specific check system is identical with step 2.Calculate cryptographic Hash H4=hash (T2, RAND1, RAND2, device
Key), if H4=H3, platform authentication is passed through, otherwise, middle connection breaking, then calculate session key=hash (RAND1,
RAND2,device key)。
After completion of the above steps, car-mounted terminal carries out data surface with car networking cloud platform later use session key
Safe transmission, session key are removable to be divided into two parts, and a part is encryption key, and a part is tegrity protection key.
Compared with prior art, this patent proposes a kind of safety communicating method of lightweight, car-mounted terminal and car networking cloud
Only needing to once shake hands between platform can complete to be mutually authenticated and key agreement, and the key generated is by both joint consultations
Generation, be not by platform generate after be sent to car-mounted terminal, it is to avoid Key Exposure and the nonsynchronous problem of key updating, together
When, agreement, which is based on timestamp mechanism, can take precautions against Replay Attack.
Embodiment 4
A kind of electronic equipment, including:At least one processor;And, it is connected with least one described processor communication
Memory;Wherein, have can be by the instruction of one computing device for the memory storage, and the instruction is by described at least one
Individual computing device, so that at least one described processor can:A kind of lightweight car networking peace provided in an embodiment of the present invention
Full communication method, applied to car-mounted terminal side, including:
The car-mounted terminal generates random parameter RAND 1, and calculate cryptographic Hash H1=hash (device ID,
T1, RAND1, device Key, period time, hash algorithm), wherein device ID are vehicle-mounted end
The identity at end, T1 is marks the timestamp of time instantly, and device Key are the key of the car-mounted terminal, and period time are
Car-mounted terminal accesses the heartbeat cycle time of the safe cloud platform of car networking, and hashalgorithm is the hash algorithm used;It is described
Hash algorithm includes SHA-256, MD2, MD4, MD5 and SHA-1.
The car-mounted terminal send access request message Access request (device ID, T1, H1, deviceID,
RAND1, period time, hash algorithm) give the safe cloud platform of car networking;
The car-mounted terminal is examined first after the access response message that the safe cloud platform of the car networking is sent is received
The freshness of the timestamp received, calculates cryptographic Hash H4=hash (T2, RAND1, RAND2, device Key), and examine
Whether the cryptographic Hash H3 sent with the safe cloud platform of the car networking is matched cryptographic Hash H4, if H4=H3, to the car networking
Secure cloud platform authentication passes through, and can be communicated;Then session key session key=hash (RAND1,
RAND2, device key), the session key session key are used as the car-mounted terminal and car networking safety
The encryption of cloud platform secure communication or tegrity protection key;If H4 ≠ H3, the car-mounted terminal and the car networking secure cloud
Platform interrupt is connected.
In addition, the car-mounted terminal is entered with the safe cloud platform of the car networking using the session key session key
Row Security Data Transmission, the session key session key are split as two parts, and a part is encryption key, and a part is
Tegrity protection key.
Wherein, the freshness for the timestamp that the inspection is received, including:Using the car-mounted terminal, time T1 subtracts instantly
The time T for going the car networking cloud platform to send, checks whether to be less than time gate threshold value a △ T, i.e. T1-T<△ T, if small
In then assert that the access response message is that the car networking cloud platform is newly sent.
Embodiment 5
The embodiment of the present application provides a kind of nonvolatile computer storage media, and the computer-readable storage medium is stored with
Computer executable instructions, the computer executable instructions can perform the method in above-mentioned any means embodiment.
Embodiment 6
Fig. 2 be the present embodiment provide execution park control method electronic equipment hardware architecture diagram, such as Fig. 2 institutes
Show, the equipment includes:
In one or more processors 210 and memory 220, Fig. 2 by taking a processor 210 as an example.
The equipment of intelligent method can also include:Input unit 230 and output device 240.
Processor 210, memory 220, input unit 230 and output device 240 can pass through bus or other modes
In connection, Fig. 2 exemplified by being connected by bus.
Memory 220 is as a kind of non-volatile computer readable storage medium storing program for executing, available for storage non-volatile software journey
Corresponding programmed instruction/the mould of method in sequence, non-volatile computer executable program and module, such as the embodiment of the present application
Block.Processor 210 is stored in non-volatile software program, instruction and module in memory 220 by operation, so as to perform
The various function application of server and data processing, that is, realize above method embodiment method.
Memory 220 can include storing program area and storage data field, wherein, storing program area can store operation system
Application program required for system, at least one function;Storage data field can be stored according to using created data etc. in method.
In addition, memory 220 can include high-speed random access memory, nonvolatile memory, for example, at least one can also be included
Individual disk memory, flush memory device or other non-volatile solid state memory parts.
Input unit 230 can receive the numeral or character information of input, and produce with the user of electronic equipment set with
And the relevant key signals input of function control.Output device 240 may include the display devices such as display screen.
One or more of modules are stored in the memory 220, when by one or more of processors
During 210 execution, the method in above-mentioned any means embodiment is performed.
The said goods can perform the method that the embodiment of the present application is provided, and possesses the corresponding functional module of execution method and has
Beneficial effect.Not ins and outs of detailed description in the present embodiment, reference can be made to the method that the embodiment of the present application is provided.
The car-mounted terminal of the embodiment of the present invention exists in a variety of forms, includes but is not limited to:
(1) mobile communication equipment:The characteristics of this kind equipment is that possess mobile communication function, and to provide speech, data
Communicate as main target.This Terminal Type includes:Smart mobile phone (such as iPhone), multimedia handset, feature mobile phone, and it is low
Hold mobile phone etc..
(2) super mobile personal computer equipment:This kind equipment belongs to the category of personal computer, there is calculating and processing work(
Can, typically also possess mobile Internet access characteristic.This Terminal Type includes:PDA, MID and UMPC equipment etc., such as iPad.
(3) portable entertainment device:This kind equipment can show and play content of multimedia.The kind equipment includes:Audio,
Video player (such as iPod), handheld device, e-book, and intelligent toy and portable car-mounted navigation equipment.
(4) server:The equipment for providing the service of calculating, the composition of server is total including processor, hard disk, internal memory, system
Line etc., server is similar with general computer architecture, but is due to need to provide highly reliable service, therefore in processing energy
Require higher in terms of power, stability, reliability, security, scalability, manageability.
(5) other electronic installations with data interaction function, such as television set, vehicle-mounted large-size screen monitors.
Device embodiment described above is only schematical, wherein the unit illustrated as separating component can
To be or may not be physically separate, the part shown as unit can be or may not be physics list
Member, you can with positioned at a place, or can also be distributed on multiple NEs.It can be selected according to the actual needs
In some or all of module realize the purpose of this embodiment scheme.
Through the above description of the embodiments, those skilled in the art can be understood that each embodiment can
Realized by the mode of software plus required general hardware platform, naturally it is also possible to pass through hardware.Understood based on such, on
The part that technical scheme substantially in other words contributes to prior art is stated to embody in the form of software product, should
Computer software product can be stored in a computer-readable storage medium, such as ROM/RAM, magnetic disc, CD, including some fingers
Order is to cause a computer equipment (can be personal computer, server, or network equipment etc.) to perform each implementation
Method described in some parts of example or embodiment.
Finally it should be noted that:The above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although
The present invention is described in detail with reference to the foregoing embodiments, it will be understood by those within the art that:It still may be used
To be modified to the technical scheme described in foregoing embodiments, or equivalent substitution is carried out to which part technical characteristic;
And these modification or replace, do not make appropriate technical solution essence depart from various embodiments of the present invention technical scheme spirit and
Scope.
Claims (7)
1. a kind of lightweight car networking safety communicating method, applied to car-mounted terminal side, it is characterised in that including:
The car-mounted terminal generates random parameter RAND 1, and calculate cryptographic Hash H1=hash (device ID, T1, RAND1,
Device Key, period time, hash algorithm), wherein device ID are the identity of car-mounted terminal, and T1 is mark
Instantly the timestamp of time, device Key are the key of the car-mounted terminal, and period time are that car-mounted terminal accesses car networking
The heartbeat cycle time of safe cloud platform, hash algorithm are the hash algorithm used;
The car-mounted terminal send access request message Access request (device ID, T1, H1, device ID,
RAND1, period time, hash algorithm) give the safe cloud platform of car networking;
The car-mounted terminal is examined receive first after the access response message that the safe cloud platform of the car networking is sent is received
The freshness of the timestamp arrived, calculates cryptographic Hash H4=hash (T2, RAND1, RAND2, device Key), and examine cryptographic Hash
Whether the cryptographic Hash H3 sent with the safe cloud platform of the car networking is matched H4, if H4=H3, to the car networking secure cloud
Platform authentication passes through, and can be communicated;Then session key session key=hash (RAND1, RAND2,
Device key), the session key session key are used as the car-mounted terminal and the safe cloud platform of the car networking
The encryption of secure communication or tegrity protection key;If H4 ≠ H3, in the car-mounted terminal and the safe cloud platform of the car networking
Connection breaking.
2. the method as described in claim 1, it is characterised in that:The hash algorithm is SHA-256.
3. method as claimed in claim 2, it is characterised in that:Also include, the car-mounted terminal and the car networking secure cloud
Platform carries out Security Data Transmission using the session key session key, and the session key session key are split as
Two parts a, part is encryption key, and a part is tegrity protection key.
4. the method as described in one of claim 1-3, it is characterised in that:The freshness for the timestamp that the inspection is received,
Including:Using the car-mounted terminal, time T1 subtracts the time T that the car networking cloud platform is sent instantly, checks whether to be less than one
Individual time gate threshold value △ T, i.e. T1-T<△ T, if less than then assert that the access response message is that the car networking cloud platform is newly sent out
Send.
5. a kind of lightweight car networking safety communicating method, applied to car networking secure cloud platform side, it is characterised in that including:
The car networking cloud platform receive car-mounted terminal transmission request message after, examine receive timestamp it is fresh
Property, using the car networking cloud platform, time T1 subtracts the time T that the car-mounted terminal is sent instantly, checks whether to be less than one
Time gate threshold value △ T, i.e. T1-T<△ T, if less than then assert that the request message is that the car-mounted terminal is newly sent;
The key device Key of the car-mounted terminal of tenant are found according to the identity device ID of car-mounted terminal, and calculate Hash
Value H2=hash (Project ID, T1, device Key, period time, hash algorithm), wherein device ID
For the identity of car-mounted terminal, T1 is marks the timestamp of time instantly, and device Key are the key of the car-mounted terminal, period
Time is the heartbeat cycle time that car-mounted terminal accesses car networking cloud platform, and hash algorithm are the hash algorithm used;
Examining the cryptographic Hash H2, whether the cryptographic Hash H1 sent with the car-mounted terminal is matched, if H2=H1, to the car
Mounted terminal certification passes through, generation random parameter RAND 2, session key session key=hash (RAND1, RAND2,
Device key), wherein session key session key are used as subsequently between the car-mounted terminal and the platform leading to safely
The encryption of letter or tegrity protection key;Cryptographic Hash H3=hash (T2, RAND1, RAND2, device Key) is calculated again;
The car networking cloud platform sends access response message Access response (H3, T2, RAND2) to the vehicle-mounted end
End;
If H2 ≠ H1, the car-mounted terminal is connected with the car networking secure cloud platform interrupt.
6. method as claimed in claim 5, it is characterised in that:The hash algorithm is SHA-256.
7. the method as described in claim 5 or 6, it is characterised in that:Also include, the car-mounted terminal is put down with the car networking cloud
Platform carries out Security Data Transmission using the session key session key, and the session key session key are split as two
Part a, part is encryption key, and a part is tegrity protection key.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710418304.3A CN107204850A (en) | 2017-06-06 | 2017-06-06 | A kind of lightweight car networking safety communicating method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710418304.3A CN107204850A (en) | 2017-06-06 | 2017-06-06 | A kind of lightweight car networking safety communicating method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107204850A true CN107204850A (en) | 2017-09-26 |
Family
ID=59906827
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710418304.3A Withdrawn CN107204850A (en) | 2017-06-06 | 2017-06-06 | A kind of lightweight car networking safety communicating method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107204850A (en) |
Cited By (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107493165A (en) * | 2017-10-09 | 2017-12-19 | 重庆邮电大学 | A kind of car networking certification and cryptographic key negotiation method with strong anonymity |
CN108243181A (en) * | 2017-10-09 | 2018-07-03 | 北京车和家信息技术有限公司 | A kind of car networking terminal, data ciphering method and car networking server |
CN108632250A (en) * | 2018-03-27 | 2018-10-09 | 北京安御道合科技有限公司 | The method and apparatus of the generation of instruction manipulation session master key, operational order transmission |
CN108683647A (en) * | 2018-04-28 | 2018-10-19 | 重庆交通大学 | A kind of data transmission method based on multi-enciphering |
CN109286500A (en) * | 2018-09-30 | 2019-01-29 | 百度在线网络技术(北京)有限公司 | Vehicle Electronic Control Unit ECU authentication method, device and equipment |
CN109922459A (en) * | 2019-01-18 | 2019-06-21 | 卡斯柯信号有限公司 | A kind of control method synchronizing cycle that can improve more vehicle communication efficiencies |
CN110182218A (en) * | 2019-05-23 | 2019-08-30 | 格陆博科技有限公司 | A kind of power bottom plate domain controller for unmanned electric vehicle |
CN110730063A (en) * | 2018-07-16 | 2020-01-24 | 中国电信股份有限公司 | Security verification method and system, Internet of things platform, terminal and readable storage medium |
CN111182502A (en) * | 2018-11-12 | 2020-05-19 | 上海擎感智能科技有限公司 | Regional Internet of vehicles service interruption method and system for vehicle machines, vehicles and gas stations |
CN111508110A (en) * | 2020-04-12 | 2020-08-07 | 广州通达汽车电气股份有限公司 | Method and device for realizing remote locking of vehicle |
CN111885595A (en) * | 2020-07-24 | 2020-11-03 | 海尔优家智能科技(北京)有限公司 | Intelligent household appliance configuration network access method, device and system |
CN112866173A (en) * | 2019-11-12 | 2021-05-28 | 中国电信股份有限公司 | Method, system and terminal for preventing abnormal connection of terminal of Internet of things |
CN114898503A (en) * | 2021-01-26 | 2022-08-12 | 腾讯科技(深圳)有限公司 | Charging data processing method and system, computer equipment and storage medium |
CN116155625A (en) * | 2023-04-19 | 2023-05-23 | 哈尔滨工业大学(深圳)(哈尔滨工业大学深圳科技创新研究院) | Key exchange method, device, electronic equipment, storage medium and program product |
CN116321156A (en) * | 2023-05-18 | 2023-06-23 | 合肥工业大学 | Lightweight vehicle cloud identity authentication method and communication method |
CN116528228A (en) * | 2023-07-03 | 2023-08-01 | 合肥工业大学 | Internet of vehicles presetting and session key distribution method, communication method and system |
-
2017
- 2017-06-06 CN CN201710418304.3A patent/CN107204850A/en not_active Withdrawn
Cited By (24)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108243181A (en) * | 2017-10-09 | 2018-07-03 | 北京车和家信息技术有限公司 | A kind of car networking terminal, data ciphering method and car networking server |
CN107493165A (en) * | 2017-10-09 | 2017-12-19 | 重庆邮电大学 | A kind of car networking certification and cryptographic key negotiation method with strong anonymity |
CN108632250B (en) * | 2018-03-27 | 2020-12-08 | 北京安御道合科技有限公司 | Method and equipment for generating command control session master key and transmitting operation command |
CN108632250A (en) * | 2018-03-27 | 2018-10-09 | 北京安御道合科技有限公司 | The method and apparatus of the generation of instruction manipulation session master key, operational order transmission |
CN108683647A (en) * | 2018-04-28 | 2018-10-19 | 重庆交通大学 | A kind of data transmission method based on multi-enciphering |
CN108683647B (en) * | 2018-04-28 | 2020-09-11 | 重庆交通大学 | Data transmission method based on multiple encryption |
CN110730063A (en) * | 2018-07-16 | 2020-01-24 | 中国电信股份有限公司 | Security verification method and system, Internet of things platform, terminal and readable storage medium |
CN110730063B (en) * | 2018-07-16 | 2022-11-11 | 中国电信股份有限公司 | Security verification method and system, internet of things platform, terminal and readable storage medium |
CN109286500A (en) * | 2018-09-30 | 2019-01-29 | 百度在线网络技术(北京)有限公司 | Vehicle Electronic Control Unit ECU authentication method, device and equipment |
CN111182502A (en) * | 2018-11-12 | 2020-05-19 | 上海擎感智能科技有限公司 | Regional Internet of vehicles service interruption method and system for vehicle machines, vehicles and gas stations |
CN109922459A (en) * | 2019-01-18 | 2019-06-21 | 卡斯柯信号有限公司 | A kind of control method synchronizing cycle that can improve more vehicle communication efficiencies |
CN110182218A (en) * | 2019-05-23 | 2019-08-30 | 格陆博科技有限公司 | A kind of power bottom plate domain controller for unmanned electric vehicle |
CN112866173A (en) * | 2019-11-12 | 2021-05-28 | 中国电信股份有限公司 | Method, system and terminal for preventing abnormal connection of terminal of Internet of things |
CN112866173B (en) * | 2019-11-12 | 2023-03-21 | 中国电信股份有限公司 | Method, system and terminal for preventing abnormal connection of terminal of Internet of things |
CN111508110A (en) * | 2020-04-12 | 2020-08-07 | 广州通达汽车电气股份有限公司 | Method and device for realizing remote locking of vehicle |
CN111508110B (en) * | 2020-04-12 | 2022-12-27 | 广州通达汽车电气股份有限公司 | Method and device for realizing remote locking of vehicle |
CN111885595A (en) * | 2020-07-24 | 2020-11-03 | 海尔优家智能科技(北京)有限公司 | Intelligent household appliance configuration network access method, device and system |
CN111885595B (en) * | 2020-07-24 | 2024-01-23 | 海尔优家智能科技(北京)有限公司 | Intelligent household appliance configuration networking method, device and system |
CN114898503A (en) * | 2021-01-26 | 2022-08-12 | 腾讯科技(深圳)有限公司 | Charging data processing method and system, computer equipment and storage medium |
CN116155625A (en) * | 2023-04-19 | 2023-05-23 | 哈尔滨工业大学(深圳)(哈尔滨工业大学深圳科技创新研究院) | Key exchange method, device, electronic equipment, storage medium and program product |
CN116321156A (en) * | 2023-05-18 | 2023-06-23 | 合肥工业大学 | Lightweight vehicle cloud identity authentication method and communication method |
CN116321156B (en) * | 2023-05-18 | 2023-08-04 | 合肥工业大学 | Lightweight vehicle cloud identity authentication method and communication method |
CN116528228A (en) * | 2023-07-03 | 2023-08-01 | 合肥工业大学 | Internet of vehicles presetting and session key distribution method, communication method and system |
CN116528228B (en) * | 2023-07-03 | 2023-08-25 | 合肥工业大学 | Internet of vehicles presetting and session key distribution method, communication method and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107204850A (en) | A kind of lightweight car networking safety communicating method | |
US11509485B2 (en) | Identity authentication method and system, and computing device | |
CN112733107B (en) | Information verification method, related device, equipment and storage medium | |
US10237241B2 (en) | Transport layer security latency mitigation | |
CN111314274B (en) | Vehicle-mounted terminal and center platform bidirectional authentication method and system | |
CN110992027B (en) | Efficient transaction method and device for realizing privacy protection in block chain | |
CN104170312B (en) | For using the method and apparatus that hardware security engine is securely communicated by network | |
US9197629B2 (en) | Remote direct memory access authentication of a device | |
CN105873031B (en) | Distributed unmanned plane cryptographic key negotiation method based on credible platform | |
CN110492990A (en) | Private key management method, apparatus and system under block chain scene | |
CN105208041B (en) | Cloud storage application encryption data packet crack method based on HOOK | |
CN109951546A (en) | Transactions requests processing method, device, equipment and medium based on intelligent contract | |
CN113225351B (en) | Request processing method and device, storage medium and electronic equipment | |
WO2023174038A9 (en) | Data transmission method and related device | |
CN111404695A (en) | Token request verification method and device | |
CN112308236A (en) | Method, device, electronic equipment and storage medium for processing user request | |
CN113157635B (en) | Method and device for realizing contract call on FPGA | |
CN109088731B (en) | Internet of things cloud communication method and device | |
CN110276693A (en) | Settlement of insurance claim method and system | |
CN115150200A (en) | Electric power data sharing system and equipment based on block chain | |
CN109413105A (en) | A kind of network request processing method, device, computer equipment and storage medium | |
CN107633390A (en) | A kind of cloud wallet management method and server | |
CN111105777B (en) | Voice data acquisition and playing method and device, key package updating method and device and storage medium | |
CN112887097A (en) | Signature method based on SM2 elliptic curve, related device and storage medium | |
CN111970281B (en) | Routing equipment remote control method and system based on verification server and electronic equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20170926 |
|
WW01 | Invention patent application withdrawn after publication |