CN107204850A - A kind of lightweight car networking safety communicating method - Google Patents

A kind of lightweight car networking safety communicating method Download PDF

Info

Publication number
CN107204850A
CN107204850A CN201710418304.3A CN201710418304A CN107204850A CN 107204850 A CN107204850 A CN 107204850A CN 201710418304 A CN201710418304 A CN 201710418304A CN 107204850 A CN107204850 A CN 107204850A
Authority
CN
China
Prior art keywords
car
mounted terminal
key
cloud platform
car networking
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201710418304.3A
Other languages
Chinese (zh)
Inventor
程紫尧
卢楠
郭骅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Huaxia Technology Co Ltd
Beijing Si Rui Rui Intelligent Technology Research Institute Co Ltd
Original Assignee
Beijing Huaxia Technology Co Ltd
Beijing Si Rui Rui Intelligent Technology Research Institute Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Huaxia Technology Co Ltd, Beijing Si Rui Rui Intelligent Technology Research Institute Co Ltd filed Critical Beijing Huaxia Technology Co Ltd
Priority to CN201710418304.3A priority Critical patent/CN107204850A/en
Publication of CN107204850A publication Critical patent/CN107204850A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present embodiments relate to the car networking communications field, and in particular to a kind of lightweight car networking safety communicating method.Including:The car-mounted terminal generates random parameter RAND 1, and calculates cryptographic Hash H1;The car-mounted terminal sends access request message Access request and gives car networking safe cloud platform;The car-mounted terminal is after the access response message that the safe cloud platform of the car networking is sent is received, the freshness of the timestamp received is examined first, calculate cryptographic Hash H4, and examine whether cryptographic Hash H4 matches with the cryptographic Hash H3 of the car networking safe cloud platform transmission, if H4=H3, then the car networking secure cloud platform authentication is passed through, can be communicated;Then session key session key, if H4 ≠ H3, the car-mounted terminal is connected with the car networking secure cloud platform interrupt.This method ensure that the secure interactive of data between vehicle termination and internet cloud platform.

Description

A kind of lightweight car networking safety communicating method
Technical field
The present invention relates to the car networking communications field, and in particular to a kind of lightweight car networking safety communicating method.
Background technology
Car networking system can be divided into cloud, pipe, three parts of end, wherein, high in the clouds is car networking cloud platform or server, pipe The communication pipe between car-mounted terminal and car networking cloud platform or server is referred to, end refers to car-mounted terminal.
As automobile end is the progressively ripe of car-mounted terminal access technology, the function of network vehicular applications is also obtained Greatly abundant and extend, these all lay a good foundation for the prosperity of car networking application market, but the thing followed one is not Negligible problem is exactly safety problem, how to ensure the sensitive information that vehicle is interacted by network (i.e. communication pipe) with the external world Safety obtained very big concern.If transmission safety cannot be guaranteed, sensitive data can be caused to be stolen, distort, or even lead Car-mounted terminal and vehicle is caused to be remotely controlled.
Interacting as application layer communication, existing conventional standard peace between car-mounted terminal and car networking cloud platform or server Full agreement is SSL (Secure Socket Layer), TLS (Transport Layer Security), DTLS (Datagram Transport Layer Security) etc., or some off-gauge privately owned security protocols.
For standard security protocols, shaking hands for being taken turns more between car-mounted terminal and car networking cloud platform is interacted, The bidirectional identity authentication and key agreement between car connection terminal and platform can be just completed, meanwhile, that is used in interaction is more For Asymmetric Cryptography algorithm, overall calculating is consumed for resource-constrained car-mounted terminal and not applied to, even provides Source is equally huge for the pressure of platform side than more rich car-mounted terminal, and magnanimity terminal access platform or causes Dos to attack simultaneously Hit, cause platform paralysis not run normally.
For some nonstandard security protocols, its security can not usually be ensured, be pacified in car-mounted terminal with platform side In full verification process, there can be the security risks such as Replay Attack or forgery attack.In addition, car-mounted terminal carries out safety with platform side The key of communication, is often platform side generation, is transmitted further to end side, can so cause the burden of platform side key management, and Car-mounted terminal is difficult the synchronous of holding key updating with platform side, once key updating synchronization failure, two ends will be unable to carry out again Secure communication.
Therefore, it is necessary to provide a kind of communication means for being capable of safety, it is ensured that between vehicle termination and internet cloud platform The secure interactive of data.
The content of the invention
The embodiments of the invention provide a kind of lightweight car networking safety communicating method, with solve existing vehicle termination with mutually Data are capable of the technical problem of secure interactive between networking cloud platform.
A kind of lightweight car networking safety communicating method provided in an embodiment of the present invention, applied to car-mounted terminal side, including:
The car-mounted terminal generates random parameter RAND 1, and calculate cryptographic Hash H1=hash (device ID, T1, RAND1, Device Key, period time, hash algorithm), wherein device ID are the identity of car-mounted terminal, and T1 is mark Remember the timestamp of time instantly, device Key are the key of the car-mounted terminal, and period time are car-mounted terminal access car connection The heartbeat cycle time of safe cloud platform is netted, hash algorithm are the hash algorithm used;
The car-mounted terminal send access request message Access request (device ID, T1, H1, deviceID, RAND1, period time, hash algorithm) give the safe cloud platform of car networking;
The car-mounted terminal is examined first after the access response message that the safe cloud platform of the car networking is sent is received The freshness of the timestamp received, calculates cryptographic Hash H4=hash (T2, RAND1, RAND2, device Key), and examine Whether the cryptographic Hash H3 sent with the safe cloud platform of the car networking is matched cryptographic Hash H4, if H4=H3, to the car networking Secure cloud platform authentication passes through, and can be communicated;Then session key session key=hash (RAND1, RAND2, device key), the session key session key are used as the car-mounted terminal and car networking safety The encryption of cloud platform secure communication or tegrity protection key;If H4 ≠ H3, the car-mounted terminal and the car networking secure cloud Platform interrupt is connected.
Further, the hash algorithm is SHA-256.
Further, the car-mounted terminal utilizes the session key session with the safe cloud platform of the car networking Key carries out Security Data Transmission, and the session key session key are split as two parts, and a part is encryption key, one It is divided into tegrity protection key.
Further, the freshness for the timestamp that the inspection is received, including:Utilize car-mounted terminal time instantly T1 subtracts the time T that the car networking cloud platform is sent, and checks whether to be less than time gate threshold value a △ T, i.e. T1-T<△ T, such as Fruit, which is less than, then assert that the access response message is that the car networking cloud platform is newly sent.
A kind of lightweight car networking safety communicating method provided in an embodiment of the present invention, applied to the safe cloud platform of car networking Side, including:
The car networking cloud platform examines the timestamp received after the request message of car-mounted terminal transmission is received Freshness, using the car networking cloud platform, time T1 subtracts the time T that the car-mounted terminal is sent instantly, checks whether to be less than One time gate threshold value △ T, i.e. T1-T<△ T, if less than then assert that the request message is that the car-mounted terminal is newly sent;
The key device Key of the car-mounted terminal of tenant are found according to the identity device ID of car-mounted terminal, and are calculated Cryptographic Hash H2=hash (Project ID, T1, device Key, period time, hash algorithm), wherein Device ID are the identity of car-mounted terminal, and T1 is marks the timestamp of time instantly, and device Key are close for the car-mounted terminal Key, period time are the heartbeat cycle time that car-mounted terminal accesses car networking cloud platform, and hash algorithm are used Hash algorithm;
Examining the cryptographic Hash H2, whether the cryptographic Hash H1 sent with the car-mounted terminal is matched, if H2=H1, to institute State car-mounted terminal certification to pass through, generation random parameter RAND 2, session key session key=hash (RAND1, RAND2, device key), wherein session key session key are used as the follow-up car-mounted terminal and the platform Between secure communication encryption or tegrity protection key;Cryptographic Hash H3=hash (T2, RAND1, RAND2, device are calculated again Key);
The car networking cloud platform sends access response message Access response (H3, T2, RAND2) to the car Mounted terminal;
If H2 ≠ H1, the car-mounted terminal is connected with the car networking secure cloud platform interrupt.
Further, the hash algorithm is SHA-256.
Further, in addition to, the car-mounted terminal and the car networking cloud platform utilize the session key session Key carries out Security Data Transmission, and the session key session key are split as two parts, and a part is encryption key, one It is divided into tegrity protection key.
Compared with prior art, the embodiment of the present invention propose a kind of lightweight safety communicating method, car-mounted terminal with Only needing to once shake hands between car networking cloud platform can complete to be mutually authenticated and key agreement, and the key generated is by both Joint consultation is generated, be not by platform generate after be sent to car-mounted terminal, it is to avoid Key Exposure and key updating are asynchronous The problem of, meanwhile, agreement, which is based on timestamp mechanism, can take precautions against Replay Attack.
Brief description of the drawings
Technical scheme in order to illustrate the embodiments of the present invention more clearly, makes required in being described below to embodiment Accompanying drawing is briefly introduced, it should be apparent that, drawings in the following description are only some embodiments of the present invention, for this For the those of ordinary skill in field, without having to pay creative labor, it can also be obtained according to these accompanying drawings His accompanying drawing.
Fig. 1 is the flow chart of communication means described in one embodiment of the invention;
Fig. 2 is the hardware configuration connection diagram of the electronic equipment of communication means described in one embodiment of the invention.
Fig. 3 is the secure interactive communication process between car-mounted terminal described in one embodiment of the invention and car networking cloud platform Figure
Embodiment
In order that the object, technical solutions and advantages of the present invention are clearer, below in conjunction with accompanying drawing the present invention is made into One step it is described in detail, it is clear that described embodiment is only a part of embodiment of the invention, rather than whole implementation Example.Based on the embodiment in the present invention, what those of ordinary skill in the art were obtained under the premise of creative work is not made All other embodiment, belongs to the scope of protection of the invention.
The preferred embodiment that the invention will now be described in detail with reference to the accompanying drawings.
Embodiment 1
According to the safety problem of existing scheme, the embodiment of the present invention proposes a kind of lightweight car networking safety communicating method, The lightweight safety certification between car-mounted terminal and car networking cloud platform is the method achieve, symmetric key mechanisms, i.e. car are utilized The identity device ID and corresponding symmetric key device key for the car-mounted terminal are prefixed between mounted terminal and platform, Two-way authentication and key can be completed using only needing to interact by a wheel between the key car-mounted terminal and car networking cloud platform Consult, it should be pointed out that car-mounted terminal need it is synchronous with the car networking cloud platform retention time, can be to prevent using timestamp mechanism The Replay Attack that model attacker is initiated after intercepting messages again.
As shown in figure 1, a kind of lightweight car networking safety communicating method provided in an embodiment of the present invention, applied to vehicle-mounted end Side, including:
The car-mounted terminal generates random parameter RAND 1, and calculate cryptographic Hash H1=hash (device ID,
T1, RAND1, device Key, period time, hash algorithm), wherein device ID are vehicle-mounted end The identity at end, T1 is marks the timestamp of time instantly, and device Key are the key of the car-mounted terminal, and period time are Car-mounted terminal accesses the heartbeat cycle time of the safe cloud platform of car networking, and hashalgorithm is the hash algorithm used;It is described Hash algorithm includes SHA-256, MD2, MD4, MD5 and SHA-1.
The car-mounted terminal send access request message Access request (device ID, T1, H1, deviceID, RAND1, period time, hash algorithm) give the safe cloud platform of car networking;
The car-mounted terminal is examined first after the access response message that the safe cloud platform of the car networking is sent is received The freshness of the timestamp received, calculates cryptographic Hash H4=hash (T2, RAND1, RAND2, device Key), and examine Whether the cryptographic Hash H3 sent with the safe cloud platform of the car networking is matched cryptographic Hash H4, if H4=H3, to the car networking Secure cloud platform authentication passes through, and can be communicated;Then session key session key=hash (RAND1, RAND2, device key), the session key session key are used as the car-mounted terminal and car networking safety The encryption of cloud platform secure communication or tegrity protection key;If H4 ≠ H3, the car-mounted terminal and the car networking secure cloud Platform interrupt is connected.
In addition, the car-mounted terminal is entered with the safe cloud platform of the car networking using the session key session key Row Security Data Transmission, the session key session key are split as two parts, and a part is encryption key, and a part is Tegrity protection key.
Wherein, the freshness for the timestamp that the inspection is received, including:Using the car-mounted terminal, time T1 subtracts instantly The time T for going the car networking cloud platform to send, checks whether to be less than time gate threshold value a △ T, i.e. T1-T<△ T, if small In then assert that the access response message is that the car networking cloud platform is newly sent.
Compared with prior art, the embodiment of the present invention propose a kind of lightweight safety communicating method, car-mounted terminal with Only needing to once shake hands between car networking cloud platform can complete to be mutually authenticated and key agreement, and the key generated is by both Joint consultation is generated, be not by platform generate after be sent to car-mounted terminal, it is to avoid Key Exposure and key updating are asynchronous The problem of, meanwhile, agreement, which is based on timestamp mechanism, can take precautions against Replay Attack.
Embodiment 2
A kind of lightweight car networking safety communicating method provided in an embodiment of the present invention, applied to the safe cloud platform of car networking Side, including:
The car networking cloud platform examines the timestamp received after the request message of car-mounted terminal transmission is received Freshness, using the car networking cloud platform, time T1 subtracts the time T that the car-mounted terminal is sent instantly, checks whether to be less than One time gate threshold value △ T, i.e. T1-T<△ T, if less than then assert that the request message is that the car-mounted terminal is newly sent;
The key device Key of the car-mounted terminal of tenant are found according to the identity device ID of car-mounted terminal, and are calculated Cryptographic Hash H2=hash (Project ID, T1, device Key, period time, hash algorithm), wherein Device ID are the identity of car-mounted terminal, and T1 is marks the timestamp of time instantly, and device Key are close for the car-mounted terminal Key, period time are the heartbeat cycle time that car-mounted terminal accesses car networking cloud platform, and hash algorithm are used Hash algorithm;The hash algorithm includes SHA-256, MD2, MD4, MD5 and SHA-1.
Examining the cryptographic Hash H2, whether the cryptographic Hash H1 sent with the car-mounted terminal is matched, if H2=H1, to institute State car-mounted terminal certification to pass through, generation random parameter RAND 2, session key session key=hash (RAND1, RAND2, device key), wherein session key session key are used as the follow-up car-mounted terminal and the platform Between secure communication encryption or tegrity protection key;Cryptographic Hash H3=hash (T2, RAND1, RAND2, device are calculated again Key);
The car networking cloud platform sends access response message Access response (H3, T2, RAND2) to the car Mounted terminal;
If H2 ≠ H1, the car-mounted terminal is connected with the car networking secure cloud platform interrupt.
In addition, the car-mounted terminal enters line number with the car networking cloud platform using the session key session key According to safe transmission, the session key session key are split as two parts, and a part is encryption key, and a part is complete Property protection key.
Compared with prior art, the embodiment of the present invention propose a kind of lightweight safety communicating method, car-mounted terminal with Only needing to once shake hands between car networking cloud platform can complete to be mutually authenticated and key agreement, and the key generated is by both Joint consultation is generated, be not by platform generate after be sent to car-mounted terminal, it is to avoid Key Exposure and key updating are asynchronous The problem of, meanwhile, agreement, which is based on timestamp mechanism, can take precautions against Replay Attack.
Embodiment 3
According to the safety problem of existing scheme, the embodiment of the present invention proposes a kind of lightweight car networking safety communicating method, The lightweight safety certification between car-mounted terminal and car networking cloud platform is the method achieve, symmetric key mechanisms, i.e. car are utilized The identity device ID and corresponding symmetric key device key for the car-mounted terminal are prefixed between mounted terminal and platform, Two-way authentication and key can be completed using only needing to interact by a wheel between the key car-mounted terminal and car networking cloud platform Consult, it should be pointed out that car-mounted terminal need it is synchronous with the car networking cloud platform retention time, can be to prevent using timestamp mechanism The Replay Attack that model attacker is initiated after intercepting messages again.
As shown in figure 3, the secure interactive communication process between car-mounted terminal and car networking cloud platform that the present embodiment is provided It is as follows:
Step 0:Car-mounted terminal generate random parameter RAND 1, and calculate cryptographic Hash H1=hash (device ID, T1, RAND1,device Key,period time,hash algorithm).Wherein device ID are the identity of car-mounted terminal, T1 is marks the timestamp of time instantly, and device Key are the key of the car-mounted terminal, and period time connect for car-mounted terminal Enter the heartbeat cycle time of car networking cloud platform, hash algorithm are the hash algorithm used, and the hash algorithm includes SHA-256, MD2, MD4, MD5 and SHA-1.
Step 1:Car-mounted terminal transmission access request message Access request (device ID, T1, H1, DeviceID, RAND1, period time, hash algorithm) give the safe cloud platform of car networking;
Step 2:Car networking cloud platform examines the freshness of the timestamp received after request message is received, first, Using platform, the time subtracts the time that car-mounted terminal is sent instantly, checks whether to be less than a time gate threshold value, if less than then It is that car-mounted terminal is newly sent to assert the message, i.e. T-T1<=△ T;The device Key of tenant are found according to device ID, And cryptographic Hash H2=hash (Project ID, T1, device Key, period time, hash algorithm) is calculated, if H2=H1, then pass through to car-mounted terminal certification, generation RAND2, calculating session key=hash (RAND1, RAND2, Device key), otherwise, middle connection breaking;Cryptographic Hash H3=hash (T2, RAND1, RAND2, device Key) is calculated again.Its Middle session key are used as the encryption of secure communication or tegrity protection key between follow-up car-mounted terminal and platform.
Step 3:Car networking cloud platform sends access response message Access response (H3, T2, RAND2)
Step 4:Car-mounted terminal examines the timestamp received first after the access response message of platform transmission is received Freshness, specific check system is identical with step 2.Calculate cryptographic Hash H4=hash (T2, RAND1, RAND2, device Key), if H4=H3, platform authentication is passed through, otherwise, middle connection breaking, then calculate session key=hash (RAND1, RAND2,device key)。
After completion of the above steps, car-mounted terminal carries out data surface with car networking cloud platform later use session key Safe transmission, session key are removable to be divided into two parts, and a part is encryption key, and a part is tegrity protection key.
Compared with prior art, this patent proposes a kind of safety communicating method of lightweight, car-mounted terminal and car networking cloud Only needing to once shake hands between platform can complete to be mutually authenticated and key agreement, and the key generated is by both joint consultations Generation, be not by platform generate after be sent to car-mounted terminal, it is to avoid Key Exposure and the nonsynchronous problem of key updating, together When, agreement, which is based on timestamp mechanism, can take precautions against Replay Attack.
Embodiment 4
A kind of electronic equipment, including:At least one processor;And, it is connected with least one described processor communication Memory;Wherein, have can be by the instruction of one computing device for the memory storage, and the instruction is by described at least one Individual computing device, so that at least one described processor can:A kind of lightweight car networking peace provided in an embodiment of the present invention Full communication method, applied to car-mounted terminal side, including:
The car-mounted terminal generates random parameter RAND 1, and calculate cryptographic Hash H1=hash (device ID,
T1, RAND1, device Key, period time, hash algorithm), wherein device ID are vehicle-mounted end The identity at end, T1 is marks the timestamp of time instantly, and device Key are the key of the car-mounted terminal, and period time are Car-mounted terminal accesses the heartbeat cycle time of the safe cloud platform of car networking, and hashalgorithm is the hash algorithm used;It is described Hash algorithm includes SHA-256, MD2, MD4, MD5 and SHA-1.
The car-mounted terminal send access request message Access request (device ID, T1, H1, deviceID, RAND1, period time, hash algorithm) give the safe cloud platform of car networking;
The car-mounted terminal is examined first after the access response message that the safe cloud platform of the car networking is sent is received The freshness of the timestamp received, calculates cryptographic Hash H4=hash (T2, RAND1, RAND2, device Key), and examine Whether the cryptographic Hash H3 sent with the safe cloud platform of the car networking is matched cryptographic Hash H4, if H4=H3, to the car networking Secure cloud platform authentication passes through, and can be communicated;Then session key session key=hash (RAND1, RAND2, device key), the session key session key are used as the car-mounted terminal and car networking safety The encryption of cloud platform secure communication or tegrity protection key;If H4 ≠ H3, the car-mounted terminal and the car networking secure cloud Platform interrupt is connected.
In addition, the car-mounted terminal is entered with the safe cloud platform of the car networking using the session key session key Row Security Data Transmission, the session key session key are split as two parts, and a part is encryption key, and a part is Tegrity protection key.
Wherein, the freshness for the timestamp that the inspection is received, including:Using the car-mounted terminal, time T1 subtracts instantly The time T for going the car networking cloud platform to send, checks whether to be less than time gate threshold value a △ T, i.e. T1-T<△ T, if small In then assert that the access response message is that the car networking cloud platform is newly sent.
Embodiment 5
The embodiment of the present application provides a kind of nonvolatile computer storage media, and the computer-readable storage medium is stored with Computer executable instructions, the computer executable instructions can perform the method in above-mentioned any means embodiment.
Embodiment 6
Fig. 2 be the present embodiment provide execution park control method electronic equipment hardware architecture diagram, such as Fig. 2 institutes Show, the equipment includes:
In one or more processors 210 and memory 220, Fig. 2 by taking a processor 210 as an example.
The equipment of intelligent method can also include:Input unit 230 and output device 240.
Processor 210, memory 220, input unit 230 and output device 240 can pass through bus or other modes In connection, Fig. 2 exemplified by being connected by bus.
Memory 220 is as a kind of non-volatile computer readable storage medium storing program for executing, available for storage non-volatile software journey Corresponding programmed instruction/the mould of method in sequence, non-volatile computer executable program and module, such as the embodiment of the present application Block.Processor 210 is stored in non-volatile software program, instruction and module in memory 220 by operation, so as to perform The various function application of server and data processing, that is, realize above method embodiment method.
Memory 220 can include storing program area and storage data field, wherein, storing program area can store operation system Application program required for system, at least one function;Storage data field can be stored according to using created data etc. in method. In addition, memory 220 can include high-speed random access memory, nonvolatile memory, for example, at least one can also be included Individual disk memory, flush memory device or other non-volatile solid state memory parts.
Input unit 230 can receive the numeral or character information of input, and produce with the user of electronic equipment set with And the relevant key signals input of function control.Output device 240 may include the display devices such as display screen.
One or more of modules are stored in the memory 220, when by one or more of processors During 210 execution, the method in above-mentioned any means embodiment is performed.
The said goods can perform the method that the embodiment of the present application is provided, and possesses the corresponding functional module of execution method and has Beneficial effect.Not ins and outs of detailed description in the present embodiment, reference can be made to the method that the embodiment of the present application is provided.
The car-mounted terminal of the embodiment of the present invention exists in a variety of forms, includes but is not limited to:
(1) mobile communication equipment:The characteristics of this kind equipment is that possess mobile communication function, and to provide speech, data Communicate as main target.This Terminal Type includes:Smart mobile phone (such as iPhone), multimedia handset, feature mobile phone, and it is low Hold mobile phone etc..
(2) super mobile personal computer equipment:This kind equipment belongs to the category of personal computer, there is calculating and processing work( Can, typically also possess mobile Internet access characteristic.This Terminal Type includes:PDA, MID and UMPC equipment etc., such as iPad.
(3) portable entertainment device:This kind equipment can show and play content of multimedia.The kind equipment includes:Audio, Video player (such as iPod), handheld device, e-book, and intelligent toy and portable car-mounted navigation equipment.
(4) server:The equipment for providing the service of calculating, the composition of server is total including processor, hard disk, internal memory, system Line etc., server is similar with general computer architecture, but is due to need to provide highly reliable service, therefore in processing energy Require higher in terms of power, stability, reliability, security, scalability, manageability.
(5) other electronic installations with data interaction function, such as television set, vehicle-mounted large-size screen monitors.
Device embodiment described above is only schematical, wherein the unit illustrated as separating component can To be or may not be physically separate, the part shown as unit can be or may not be physics list Member, you can with positioned at a place, or can also be distributed on multiple NEs.It can be selected according to the actual needs In some or all of module realize the purpose of this embodiment scheme.
Through the above description of the embodiments, those skilled in the art can be understood that each embodiment can Realized by the mode of software plus required general hardware platform, naturally it is also possible to pass through hardware.Understood based on such, on The part that technical scheme substantially in other words contributes to prior art is stated to embody in the form of software product, should Computer software product can be stored in a computer-readable storage medium, such as ROM/RAM, magnetic disc, CD, including some fingers Order is to cause a computer equipment (can be personal computer, server, or network equipment etc.) to perform each implementation Method described in some parts of example or embodiment.
Finally it should be noted that:The above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although The present invention is described in detail with reference to the foregoing embodiments, it will be understood by those within the art that:It still may be used To be modified to the technical scheme described in foregoing embodiments, or equivalent substitution is carried out to which part technical characteristic; And these modification or replace, do not make appropriate technical solution essence depart from various embodiments of the present invention technical scheme spirit and Scope.

Claims (7)

1. a kind of lightweight car networking safety communicating method, applied to car-mounted terminal side, it is characterised in that including:
The car-mounted terminal generates random parameter RAND 1, and calculate cryptographic Hash H1=hash (device ID, T1, RAND1, Device Key, period time, hash algorithm), wherein device ID are the identity of car-mounted terminal, and T1 is mark Instantly the timestamp of time, device Key are the key of the car-mounted terminal, and period time are that car-mounted terminal accesses car networking The heartbeat cycle time of safe cloud platform, hash algorithm are the hash algorithm used;
The car-mounted terminal send access request message Access request (device ID, T1, H1, device ID, RAND1, period time, hash algorithm) give the safe cloud platform of car networking;
The car-mounted terminal is examined receive first after the access response message that the safe cloud platform of the car networking is sent is received The freshness of the timestamp arrived, calculates cryptographic Hash H4=hash (T2, RAND1, RAND2, device Key), and examine cryptographic Hash Whether the cryptographic Hash H3 sent with the safe cloud platform of the car networking is matched H4, if H4=H3, to the car networking secure cloud Platform authentication passes through, and can be communicated;Then session key session key=hash (RAND1, RAND2, Device key), the session key session key are used as the car-mounted terminal and the safe cloud platform of the car networking The encryption of secure communication or tegrity protection key;If H4 ≠ H3, in the car-mounted terminal and the safe cloud platform of the car networking Connection breaking.
2. the method as described in claim 1, it is characterised in that:The hash algorithm is SHA-256.
3. method as claimed in claim 2, it is characterised in that:Also include, the car-mounted terminal and the car networking secure cloud Platform carries out Security Data Transmission using the session key session key, and the session key session key are split as Two parts a, part is encryption key, and a part is tegrity protection key.
4. the method as described in one of claim 1-3, it is characterised in that:The freshness for the timestamp that the inspection is received, Including:Using the car-mounted terminal, time T1 subtracts the time T that the car networking cloud platform is sent instantly, checks whether to be less than one Individual time gate threshold value △ T, i.e. T1-T<△ T, if less than then assert that the access response message is that the car networking cloud platform is newly sent out Send.
5. a kind of lightweight car networking safety communicating method, applied to car networking secure cloud platform side, it is characterised in that including:
The car networking cloud platform receive car-mounted terminal transmission request message after, examine receive timestamp it is fresh Property, using the car networking cloud platform, time T1 subtracts the time T that the car-mounted terminal is sent instantly, checks whether to be less than one Time gate threshold value △ T, i.e. T1-T<△ T, if less than then assert that the request message is that the car-mounted terminal is newly sent;
The key device Key of the car-mounted terminal of tenant are found according to the identity device ID of car-mounted terminal, and calculate Hash Value H2=hash (Project ID, T1, device Key, period time, hash algorithm), wherein device ID For the identity of car-mounted terminal, T1 is marks the timestamp of time instantly, and device Key are the key of the car-mounted terminal, period Time is the heartbeat cycle time that car-mounted terminal accesses car networking cloud platform, and hash algorithm are the hash algorithm used;
Examining the cryptographic Hash H2, whether the cryptographic Hash H1 sent with the car-mounted terminal is matched, if H2=H1, to the car Mounted terminal certification passes through, generation random parameter RAND 2, session key session key=hash (RAND1, RAND2, Device key), wherein session key session key are used as subsequently between the car-mounted terminal and the platform leading to safely The encryption of letter or tegrity protection key;Cryptographic Hash H3=hash (T2, RAND1, RAND2, device Key) is calculated again;
The car networking cloud platform sends access response message Access response (H3, T2, RAND2) to the vehicle-mounted end End;
If H2 ≠ H1, the car-mounted terminal is connected with the car networking secure cloud platform interrupt.
6. method as claimed in claim 5, it is characterised in that:The hash algorithm is SHA-256.
7. the method as described in claim 5 or 6, it is characterised in that:Also include, the car-mounted terminal is put down with the car networking cloud Platform carries out Security Data Transmission using the session key session key, and the session key session key are split as two Part a, part is encryption key, and a part is tegrity protection key.
CN201710418304.3A 2017-06-06 2017-06-06 A kind of lightweight car networking safety communicating method Withdrawn CN107204850A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710418304.3A CN107204850A (en) 2017-06-06 2017-06-06 A kind of lightweight car networking safety communicating method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710418304.3A CN107204850A (en) 2017-06-06 2017-06-06 A kind of lightweight car networking safety communicating method

Publications (1)

Publication Number Publication Date
CN107204850A true CN107204850A (en) 2017-09-26

Family

ID=59906827

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710418304.3A Withdrawn CN107204850A (en) 2017-06-06 2017-06-06 A kind of lightweight car networking safety communicating method

Country Status (1)

Country Link
CN (1) CN107204850A (en)

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107493165A (en) * 2017-10-09 2017-12-19 重庆邮电大学 A kind of car networking certification and cryptographic key negotiation method with strong anonymity
CN108243181A (en) * 2017-10-09 2018-07-03 北京车和家信息技术有限公司 A kind of car networking terminal, data ciphering method and car networking server
CN108632250A (en) * 2018-03-27 2018-10-09 北京安御道合科技有限公司 The method and apparatus of the generation of instruction manipulation session master key, operational order transmission
CN108683647A (en) * 2018-04-28 2018-10-19 重庆交通大学 A kind of data transmission method based on multi-enciphering
CN109286500A (en) * 2018-09-30 2019-01-29 百度在线网络技术(北京)有限公司 Vehicle Electronic Control Unit ECU authentication method, device and equipment
CN109922459A (en) * 2019-01-18 2019-06-21 卡斯柯信号有限公司 A kind of control method synchronizing cycle that can improve more vehicle communication efficiencies
CN110182218A (en) * 2019-05-23 2019-08-30 格陆博科技有限公司 A kind of power bottom plate domain controller for unmanned electric vehicle
CN110730063A (en) * 2018-07-16 2020-01-24 中国电信股份有限公司 Security verification method and system, Internet of things platform, terminal and readable storage medium
CN111182502A (en) * 2018-11-12 2020-05-19 上海擎感智能科技有限公司 Regional Internet of vehicles service interruption method and system for vehicle machines, vehicles and gas stations
CN111508110A (en) * 2020-04-12 2020-08-07 广州通达汽车电气股份有限公司 Method and device for realizing remote locking of vehicle
CN111885595A (en) * 2020-07-24 2020-11-03 海尔优家智能科技(北京)有限公司 Intelligent household appliance configuration network access method, device and system
CN112866173A (en) * 2019-11-12 2021-05-28 中国电信股份有限公司 Method, system and terminal for preventing abnormal connection of terminal of Internet of things
CN114898503A (en) * 2021-01-26 2022-08-12 腾讯科技(深圳)有限公司 Charging data processing method and system, computer equipment and storage medium
CN116155625A (en) * 2023-04-19 2023-05-23 哈尔滨工业大学(深圳)(哈尔滨工业大学深圳科技创新研究院) Key exchange method, device, electronic equipment, storage medium and program product
CN116321156A (en) * 2023-05-18 2023-06-23 合肥工业大学 Lightweight vehicle cloud identity authentication method and communication method
CN116528228A (en) * 2023-07-03 2023-08-01 合肥工业大学 Internet of vehicles presetting and session key distribution method, communication method and system

Cited By (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108243181A (en) * 2017-10-09 2018-07-03 北京车和家信息技术有限公司 A kind of car networking terminal, data ciphering method and car networking server
CN107493165A (en) * 2017-10-09 2017-12-19 重庆邮电大学 A kind of car networking certification and cryptographic key negotiation method with strong anonymity
CN108632250B (en) * 2018-03-27 2020-12-08 北京安御道合科技有限公司 Method and equipment for generating command control session master key and transmitting operation command
CN108632250A (en) * 2018-03-27 2018-10-09 北京安御道合科技有限公司 The method and apparatus of the generation of instruction manipulation session master key, operational order transmission
CN108683647A (en) * 2018-04-28 2018-10-19 重庆交通大学 A kind of data transmission method based on multi-enciphering
CN108683647B (en) * 2018-04-28 2020-09-11 重庆交通大学 Data transmission method based on multiple encryption
CN110730063A (en) * 2018-07-16 2020-01-24 中国电信股份有限公司 Security verification method and system, Internet of things platform, terminal and readable storage medium
CN110730063B (en) * 2018-07-16 2022-11-11 中国电信股份有限公司 Security verification method and system, internet of things platform, terminal and readable storage medium
CN109286500A (en) * 2018-09-30 2019-01-29 百度在线网络技术(北京)有限公司 Vehicle Electronic Control Unit ECU authentication method, device and equipment
CN111182502A (en) * 2018-11-12 2020-05-19 上海擎感智能科技有限公司 Regional Internet of vehicles service interruption method and system for vehicle machines, vehicles and gas stations
CN109922459A (en) * 2019-01-18 2019-06-21 卡斯柯信号有限公司 A kind of control method synchronizing cycle that can improve more vehicle communication efficiencies
CN110182218A (en) * 2019-05-23 2019-08-30 格陆博科技有限公司 A kind of power bottom plate domain controller for unmanned electric vehicle
CN112866173A (en) * 2019-11-12 2021-05-28 中国电信股份有限公司 Method, system and terminal for preventing abnormal connection of terminal of Internet of things
CN112866173B (en) * 2019-11-12 2023-03-21 中国电信股份有限公司 Method, system and terminal for preventing abnormal connection of terminal of Internet of things
CN111508110A (en) * 2020-04-12 2020-08-07 广州通达汽车电气股份有限公司 Method and device for realizing remote locking of vehicle
CN111508110B (en) * 2020-04-12 2022-12-27 广州通达汽车电气股份有限公司 Method and device for realizing remote locking of vehicle
CN111885595A (en) * 2020-07-24 2020-11-03 海尔优家智能科技(北京)有限公司 Intelligent household appliance configuration network access method, device and system
CN111885595B (en) * 2020-07-24 2024-01-23 海尔优家智能科技(北京)有限公司 Intelligent household appliance configuration networking method, device and system
CN114898503A (en) * 2021-01-26 2022-08-12 腾讯科技(深圳)有限公司 Charging data processing method and system, computer equipment and storage medium
CN116155625A (en) * 2023-04-19 2023-05-23 哈尔滨工业大学(深圳)(哈尔滨工业大学深圳科技创新研究院) Key exchange method, device, electronic equipment, storage medium and program product
CN116321156A (en) * 2023-05-18 2023-06-23 合肥工业大学 Lightweight vehicle cloud identity authentication method and communication method
CN116321156B (en) * 2023-05-18 2023-08-04 合肥工业大学 Lightweight vehicle cloud identity authentication method and communication method
CN116528228A (en) * 2023-07-03 2023-08-01 合肥工业大学 Internet of vehicles presetting and session key distribution method, communication method and system
CN116528228B (en) * 2023-07-03 2023-08-25 合肥工业大学 Internet of vehicles presetting and session key distribution method, communication method and system

Similar Documents

Publication Publication Date Title
CN107204850A (en) A kind of lightweight car networking safety communicating method
US11509485B2 (en) Identity authentication method and system, and computing device
CN112733107B (en) Information verification method, related device, equipment and storage medium
US10237241B2 (en) Transport layer security latency mitigation
CN111314274B (en) Vehicle-mounted terminal and center platform bidirectional authentication method and system
CN110992027B (en) Efficient transaction method and device for realizing privacy protection in block chain
CN104170312B (en) For using the method and apparatus that hardware security engine is securely communicated by network
US9197629B2 (en) Remote direct memory access authentication of a device
CN105873031B (en) Distributed unmanned plane cryptographic key negotiation method based on credible platform
CN110492990A (en) Private key management method, apparatus and system under block chain scene
CN105208041B (en) Cloud storage application encryption data packet crack method based on HOOK
CN109951546A (en) Transactions requests processing method, device, equipment and medium based on intelligent contract
CN113225351B (en) Request processing method and device, storage medium and electronic equipment
WO2023174038A9 (en) Data transmission method and related device
CN111404695A (en) Token request verification method and device
CN112308236A (en) Method, device, electronic equipment and storage medium for processing user request
CN113157635B (en) Method and device for realizing contract call on FPGA
CN109088731B (en) Internet of things cloud communication method and device
CN110276693A (en) Settlement of insurance claim method and system
CN115150200A (en) Electric power data sharing system and equipment based on block chain
CN109413105A (en) A kind of network request processing method, device, computer equipment and storage medium
CN107633390A (en) A kind of cloud wallet management method and server
CN111105777B (en) Voice data acquisition and playing method and device, key package updating method and device and storage medium
CN112887097A (en) Signature method based on SM2 elliptic curve, related device and storage medium
CN111970281B (en) Routing equipment remote control method and system based on verification server and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20170926

WW01 Invention patent application withdrawn after publication