CN110912864A - Electric equipment, charging equipment and identity authentication method thereof - Google Patents
Electric equipment, charging equipment and identity authentication method thereof Download PDFInfo
- Publication number
- CN110912864A CN110912864A CN201811087983.1A CN201811087983A CN110912864A CN 110912864 A CN110912864 A CN 110912864A CN 201811087983 A CN201811087983 A CN 201811087983A CN 110912864 A CN110912864 A CN 110912864A
- Authority
- CN
- China
- Prior art keywords
- authentication
- charging
- response message
- request message
- authentication response
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Charge And Discharge Circuits For Batteries Or The Like (AREA)
- Electric Propulsion And Braking For Vehicles (AREA)
Abstract
The invention discloses an electric device, a charging device and a method for performing identity authentication, wherein the method comprises the following steps: receiving a first authentication request message from a charging device; calculating first content information to be signed by using a first private key uniquely corresponding to the identity of the electric equipment to obtain first signature information; and sending a first authentication response message to the charging device, wherein the first authentication response message comprises first signature information and first content information, so that the charging device verifies the identity of the electric device by processing the received first authentication response message by using a first public key corresponding to the first private key. The invention realizes the safety authentication mechanism of the identity information of the electric equipment and ensures the service safety between the charging equipment and the electric equipment.
Description
Technical Field
The invention relates to the technical field of charging safety, in particular to an electric device, a charging device and an identity authentication method thereof.
Background
With the vigorous promotion of energy conservation and emission reduction and green travel in China, electric vehicles are gradually becoming the first choice for people to go out, wherein the main factor related to the development speed is charging, and charging is just needed for users who pass in cities or go out between cities.
The charging technology is difficult to complete the electricity replenishment of hundreds of kilometers of a vehicle in a short time, even if the charging technology is fast. Therefore, how to ensure the high efficiency and safety of charging in the charging process is very important.
In an existing electric Vehicle charging scheme, simple Identification information such as a Vehicle Identification Number (VIN) code is often used between an electric Vehicle and charging equipment for verification, after verification, charging can be triggered, and safety of the charging equipment has risks:
the VIN code is reproducible information and is positioned at the windshield of the electric vehicle, so that the VIN can be easily obtained, and the VIN code is very easy to counterfeit as the unique identification and the identity indication of the electric vehicle.
Therefore, the conventional electric vehicle and charging equipment do not have a safety region with a high safety level for safely storing sensitive information, and a safe electric vehicle and charging equipment identity authentication method is lacked.
Disclosure of Invention
The invention provides an electric device, a charging device and an identity authentication method thereof, which aim to solve the problem of potential safety hazard in the charging of the electric device.
In a first aspect, the present invention provides a method for authenticating an identity of an electric device, including:
receiving a first authentication request message from a charging device;
calculating first content information to be signed by using a first private key uniquely corresponding to the identity of the electric equipment to obtain first signature information;
and sending a first authentication response message to the charging device, wherein the first authentication response message comprises first signature information and first content information, so that the charging device verifies the identity of the electric device by processing the received first authentication response message by using a first public key corresponding to the first private key.
In a second aspect, the present invention provides an identity authentication method for a charging device, where the method includes:
sending a first authentication request message to the electrically powered device;
receiving a first authentication response message from the electric device, and decrypting first signature information in the first authentication response message by using a first public key corresponding to a first private key;
and comparing the decryption result with the first content information in the first authentication response message, and authenticating the electric equipment.
In a third aspect, the present invention provides an electrically powered device comprising:
a request receiving unit for receiving a first authentication request message from the charging device;
the authentication calculation unit is used for calculating first content information needing to be signed by using a first private key uniquely corresponding to the identity of the electric equipment to obtain first signature information;
and the authentication response unit is used for sending a first authentication response message to the charging device, wherein the first authentication response message contains first signature information and first content information, so that the charging device processes the received first authentication response message by using a first public key corresponding to the first private key to verify the identity of the electric device.
In a fourth aspect, the present invention provides a charging device for performing identity authentication, including:
a request transmitting unit for transmitting a first authentication request message to the electric device;
the decryption unit is used for receiving the first authentication response message from the electric equipment and decrypting the first signature information in the first authentication response message by using a first public key corresponding to the first private key;
and the identity authentication unit is used for comparing the decryption result with the first content information in the first authentication response message and carrying out identity authentication on the electric equipment.
In a fifth aspect, the present invention provides an electrically powered device comprising:
the programmable safety module is used for calculating first content information to be signed by using a first private key uniquely corresponding to the identity of the electric equipment to obtain first signature information after receiving the encryption request message from the charging management module, and sending a first authentication response message to the charging management module, wherein the first authentication response message comprises the first signature information and the first content information;
the charging management module is used for sending an encryption request message to the programmable security module after receiving a first authentication request message sent by the charging equipment, and sending a first authentication response message to the charging equipment after receiving the first authentication response message from the programmable security module, so that the charging equipment processes the received first authentication response message by using a first public key corresponding to the first private key to verify the identity of the electric equipment.
In a sixth aspect, the present invention provides a charging apparatus comprising:
the programmable security module is used for sending a first authentication request message to the charging main control module, receiving a first authentication response message sent by the charging main control module, decrypting first signature information in the first authentication response message by using a first public key corresponding to a first private key, comparing a decryption result with first content information in the first authentication response message, and authenticating the identity of the electric equipment;
and the charging main control module is used for sending the first authentication request message to the electric equipment after receiving the first authentication request message sent by the programmable safety module, and sending the first authentication response message to the programmable safety module after receiving the first authentication response message sent by the electric equipment.
The electric equipment, the charging equipment and the identity authentication method provided by the embodiment of the invention have the following specific beneficial effects:
the safety storage function and the authentication mechanism of the identity information of the electric equipment are realized, and the service safety between the charging equipment and the electric equipment is ensured.
Drawings
Fig. 1 is a flowchart of a method for authenticating an identity of an electric device according to an embodiment of the present invention;
fig. 2 is a flowchart of a method for identity authentication in cooperation with an internal module of an electric device according to an embodiment of the present invention;
fig. 3 is a flowchart of a method for authenticating an identity of a charging device according to an embodiment of the present invention;
fig. 4 is a flowchart of a method for performing identity authentication in cooperation with an internal module of a charging device according to an embodiment of the present invention;
fig. 5 is a flowchart of a bidirectional authentication process implemented by interaction between an electric vehicle and a charging device according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of an electric device according to a second embodiment of the present invention;
fig. 7 is a schematic structural diagram of a charging device according to a second embodiment of the present invention;
fig. 8 is a schematic structural diagram of an electric device according to a third embodiment of the present invention;
fig. 9 is a schematic structural diagram of a charging device according to a third embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the present invention will be described in further detail with reference to the accompanying drawings, and it is apparent that the described embodiments are only a part of the embodiments of the present invention, not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example one
The embodiment of the invention provides a method for authenticating an identity of an electric device, which is implemented by matching the electric device with a charging device, and the flow chart of the method for authenticating the identity of the electric device in the embodiment of the invention is given from the electric device side, as shown in fig. 1, the method comprises the following steps:
when identity authentication is required to be performed on the electric equipment, the charging equipment sends a first authentication request message to the electric equipment, wherein the first authentication request message can carry a first random number RAN;
102, calculating first content information to be signed by using a first private key uniquely corresponding to the identity of the electric equipment to obtain first signature information;
in an implementation, the first content information may include information carried in the first authentication request message and information generated by the electric device itself, or may include only information generated by the electric device itself, and these information may be customized, may be defined as a certain specific content, may be defined as a random number, and the like.
Specifically, in this embodiment, the electric device receives the first authentication request message, acquires the VIN, generates a second random number, and uses the VIN and the second random number as the first content information;
the first content information to be signed is calculated by using the first private key to obtain first signature information, specifically, the first content information to be signed is subjected to hash operation to obtain a summary, then the first private key is used for calculating the summary to obtain the first signature information, specifically, an existing signature algorithm can be adopted, and details are not described here.
In implementation, when the charging device receives the first authentication response message, the first public key is used for decrypting the first signature information in the first authentication response message, the first content information in the first authentication response message is compared with the decryption result, and when the results are consistent, the verification is passed, otherwise, the verification is not passed, so that the one-way authentication of the electric device is realized.
In an implementation, the first content information in the first authentication response message may include the VIN and the second random number.
According to the method for authenticating the identity of the electric equipment, the electric equipment carries out signature calculation by using the private key which is uniquely corresponding to the identity of the electric equipment according to the request of the charging equipment, so that the charging equipment can pass the identity authentication of the electric equipment only after the signature is correctly calculated, the identity security authentication of the electric equipment is realized, and the safety of the service is ensured.
The embodiment of the invention can realize the one-way authentication of the charging equipment to the electric equipment, namely the charging equipment can identify the electric equipment as valid and effective electric equipment, and can settle accounts for users corresponding to the electric equipment at the background according to the VIN transmitted in the authentication process, and the authentication of the charging equipment can not be carried out according to different business safety requirements.
In order to meet some business safety requirements, the charging equipment can be further authenticated by the electric equipment, namely bidirectional authentication is carried out, the legal identity of the charging equipment is identified, and the electric equipment can receive charging of the charging equipment after the authentication is passed.
As an optional implementation, the method further comprises:
receiving a second authentication request message from the charging equipment, wherein the second authentication request message comprises second content information and second signature information obtained by the charging equipment through calculation on the second content information by using a second private key uniquely corresponding to the identity of the charging equipment;
and decrypting the second signature information by using a second public key corresponding to the second private key, comparing the decrypted result with second content information in the second authentication request message, and verifying the identity of the charging equipment.
The second content information may include content information generated by the charging device itself, or information generated by the electric device, the electric device needs to send information to the charging device, and the charging device uses the information as a part of the second content information.
The second private key is used for calculating the second content information to obtain a second signature, specifically, the second content information to be signed can be subjected to hash operation to obtain a summary, then the second private key is used for calculating the summary to obtain the second signature information, the existing signature algorithm can be adopted, and the signature process is not detailed here.
As an optional implementation manner, the second authentication request message further includes a second digital certificate obtained by the certificate authority signing the second public key;
and obtaining a second public key corresponding to the second private key according to the stored second root certificate.
The electric device in this embodiment may be an electric vehicle or other electric devices that need to charge a pile, and specifically may be an electric vehicle.
In implementation, the electric device in this embodiment includes a charging management module and a programmable security module, and a flowchart of a method for authenticating an identity of the electric device in this embodiment is given below from the perspective of cooperation of the two modules, as shown in fig. 2, and includes:
in implementation, the first authentication request message carries a first random number, the charging management module obtains the vehicle identification number VIN after receiving the first authentication request message, and sends an encryption request message carrying the first random number and the VIN to the programmable security module.
optionally, the programmable security module generates a second random number after receiving the encryption request message, calculates the first content information using the VIN and the second random number generated by the programmable security module as the first content information by using a first private key uniquely corresponding to the identity of the electric device to obtain first signature information, and sends a first authentication response message to the charging management module.
In implementation, on the basis of the one-way authentication, the two-way authentication may be further implemented, and the method further includes:
the charging management module receives a second authentication request message from the charging equipment, and sends the second authentication request message to the programmable security module, wherein the second authentication request message comprises second content information and second signature information obtained by calculating the second content information by using a second private key;
and after receiving the second authentication request message, the programmable security module acquires a second public key by using the stored second decryption related information, decrypts the second signature information by using the second public key, obtains a decryption result by comparing the decryption result with second content information in the second authentication request message, and verifies the identity of the charging equipment.
In implementation, the second authentication request message further includes a second digital certificate obtained after the certificate authority signs the second public key, the electric device stores a second root certificate used for obtaining the second public key in the second digital certificate, and after receiving the second authentication request message, the electric device decrypts the second digital certificate by using the second root certificate to obtain the second public key, and then decrypts the second signature information by using the second public key.
The method for authenticating the identity of the charging device according to the embodiment of the present invention is given from the charging device side, as shown in fig. 3, and includes:
step 301, sending a first authentication request message to an electric device;
the first random number RAN may be carried in the first authentication request message.
Step 302, receiving a first authentication response message from the electric device, and decrypting first signature information in the first authentication response message by using a first public key corresponding to a first private key;
in implementation, the first private key and the first public key are asymmetric key pairs, and in order to implement the authentication of the charging device to the electric device, the first authentication response message further includes a first digital certificate obtained after the certificate authority signs the first public key, that is, the first authentication response message carries the second random number RAN2, the VIN, and the first digital certificate.
And calculating the first signature information by using the first root certificate to obtain a first public key, and decrypting the first signature information in the first authentication response message by using the first public key.
Step 303, comparing the decryption result with the first content information in the first authentication response message, and performing identity authentication on the electric device.
The charging device generates the RAN1 by itself, decrypts the first content information to include the RAN1, the RAN2 and the VIN, and verifies whether the first content information is correct by using the RAN1 of the charging device and the RAN2 in the first authentication response message, and if the first content information is correct, the verification is passed.
As an optional implementation, the method further includes:
and sending a second authentication request message to the electric equipment so that the electric equipment processes the second authentication request message by using a second public key corresponding to a second private key to authenticate the charging equipment, wherein the second authentication request message comprises second content information and second signature information obtained by calculating the second content information by using the stored second private key.
In implementation, the first private key and the first public key are asymmetric key pairs, and in order to implement the authentication of the charging device to the electric device, the first authentication response message further includes a first digital certificate obtained after the certificate authority signs the first public key, that is, the first authentication response message carries the second random number, the VIN, and the first digital certificate.
And obtaining a first public key corresponding to the first private key by using the first root certificate stored in the charging equipment.
Optionally, the second content information in the second authentication request message is null; or, the second content information in the second authentication request message includes a third random number.
In implementation, the electric device in this embodiment includes a charging main control module and a programmable security module, and a flowchart of a method for authenticating an identity of the charging device in this embodiment is given below from the perspective of cooperation of the two modules, as shown in fig. 4, and includes:
And step 404, the programmable security module compares the decryption result with the first content information in the first authentication response message to authenticate the electric equipment.
And when the comparison result is consistent, the identity authentication of the electric equipment is passed, otherwise, the identity authentication of the electric equipment of the charging equipment is not passed, and the subsequent charging can be executed.
Optionally, the programmable security module sends a second authentication request message to the charging master control module, where the second authentication request message includes second content information and second signature information obtained by calculating the second content information using a stored second private key;
and the charging main control module receives the second authentication request message and then sends the second authentication request message to the electric equipment so that the electric equipment decrypts the second signature information by using the second public key, and the charging equipment is authenticated by comparing the second signature information with the decryption result.
Taking an electric device as an electric vehicle as an example, from the perspective of matching the electric vehicle and a charging device, the operation of inserting a gun for charging should be completed when the electric vehicle is connected with the charging device, as shown in fig. 5, in this embodiment, an identity authentication process is added to the electric vehicle 10 and the charging device 20 on the basis of completing the gun insertion, and the charging is performed after the identity authentication process is completed, and the specific process is as follows:
step 501, after gun insertion is completed, a charging main control module in charging equipment sends a gun insertion PSU request to a programmable safety module;
a programmable safety module PSU in the charging equipment, which is referred to as a charging pile PSU hereinafter for short;
after the electric automobile and the charging equipment are plugged, a national standard access (registration) process is completed between the plugging gun and the charging equipment.
Step 502, the charging pile PSU receives the gun-plugging PSU request and then generates a first random number RAN1, and sends the RAN1 carried in the gun-plugging PSU response message to the charging main control module;
the random number RAN1 is generated by a random number generator internal to the security chip PSU.
Step 503, the charging master control module sends a first authentication request message to a charging management unit BMS of the electric vehicle, wherein the RAN1 is carried in the first authentication request message;
a programmable safety module PSU of the electric vehicle, hereinafter referred to as a vehicle PSU;
the first authentication request message is specifically sent to the BMS via the bayonet.
Step 504, after receiving the first authentication request message, the charging management unit BMS acquires the VIN of the electric vehicle, and sends the VIN and Rand1 to the vehicle PSU through an encryption request message;
the encryption request message is a CAN message.
The encryption request message is a gun insertion request message.
Step 505, the vehicle PSU generates a second random number Rand2, and calculates a signature for RAN1, RAN2 and VIN by using a first private key to obtain first signature information Sign 1-Sign (Rand1, Rand2, VIN);
the specific adopted signature algorithm is determined according to the PSU internal algorithm support capacity, and as an optional implementation mode, an elliptic curve digital signature algorithm ECDSA is adopted;
step 506, the vehicle PSU sends a first authentication response message to the BMS, wherein the first authentication response message comprises Sign1, a first digital certificate, Rand2 and VIN;
the first authentication response message is specifically a gun insertion response message.
Step 507, the vehicle BMS sends a first authentication response message to the charging master control module, wherein the first authentication response message carries Sign1, the first digital certificate, Rand2 and the VIN;
step 508, the charging main control module sends the first authentication response message to the charging pile PSU as a gun insertion authentication request, wherein the message carries Sign1, the first digital certificate, Rand2 and the VIN code;
step 509, the charging pile PSU verifies the first digital certificate of the vehicle by using the root certificate, and verifies the signature Sign1 by using a first public key corresponding to the first digital certificate;
and step 510, after the verification is successful, sending a charging indication message to the charging main control unit, indicating that the electric vehicle can be charged.
And verifying Sign, namely decrypting Sign1 by using the first public key, verifying the decryption result according to the first content information in the first authentication response message and the RAN1 of the user, and if the decryption result is consistent with the first content information in the first authentication response message, indicating that the authentication is successful.
Above process completion charging equipment is to electric automobile's one-way authentication, charging equipment distinguishable this electric automobile is legal effectual electric automobile promptly, and can settle accounts the user at the back stage according to the VIN sign indicating number that the in-process transmitted, it is different according to business safety demand, here do not accomplish electric automobile to charging equipment's authentication, two-way authentication promptly, can increase electric automobile to charging equipment's authentication according to the business demand here, distinguishable charging equipment's legal identity, the authentication is through the acceptable electric pile of filling of back charge and is charged, specifically realize the authentication to charging equipment through following step.
Step 511, the charging pile PSU calculates a signature Sign2 ═ Sign (Rand2), and sends a second authentication request message to the charging master control module, wherein the second authentication request message includes Sign2 and a second digital certificate;
the second authentication request message may be a bayonet authentication response message.
Step 512, the charging main control module sends the second authentication request message to the car BMS as a gun insertion authentication response;
step 513, the vehicle BMS forwards the second authentication request message to the vehicle PSU;
and 514, the vehicle PSU verifies the second digital certificate by using the root certificate, verifies Sign2 by using a second public key corresponding to the second digital certificate, and if the verification is successful, the charging equipment passes the identity authentication and receives charging.
The invention provides high-security level protection by a mode of arranging security chips in the vehicle end and the charging pile, can effectively realize end-to-end security protection, and provides security guarantee for subsequent business security, such as settlement after authentication, and has the following advantages:
the safety chip provides a safety storage capacity, and unique private information such as a digital certificate, a private key, a symmetric key and the like of the equipment (such as a vehicle end or a charging pile) is programmed in the chip before delivery, so that the chip is used for safety operation such as authentication.
The security chip provides a high-security-level authentication algorithm, so that the identity validity of a legal vehicle end and a charging pile can be safely protected, and an attacker cannot crack private information in the security chip to counterfeit the identity.
The vehicle end and charging pile safety chip can provide a data safety uploading function after authentication, and confidentiality and integrity protection is carried out on sensitive data.
Example two
An embodiment of the present invention provides an electric device, as shown in fig. 6, including:
the programmable security module 601 is configured to store a first private key uniquely corresponding to the identity of the electric device, calculate first signature information from first content information to be signed by using the first private key after receiving an encryption request message from the charging management module, and send a first authentication response message to the charging management module, where the authentication response message includes the first signature information and the first content information;
the programmable security module 601 is a security chip, the security chip provides a secure storage capability, and the security chip writes a first private key uniquely corresponding to the electric device before leaving a factory, so that the charging device can perform identity authentication by using a first public key corresponding to the first private key.
The charging management module 602 is configured to send an encryption request message to the programmable security module after receiving a first authentication request message sent by the charging device, and send a first authentication response message to the charging device after receiving the first authentication response message from the programmable security module, so that the charging device processes the received first authentication response message by using a first public key corresponding to the first private key, to verify the identity of the electric device.
In this embodiment, the charging device has an identity authentication function, and may use the first public key to process the received first authentication response message to verify the identity of the electric device.
The charging equipment is internally provided with a programmable security module PSU for storing and acquiring the first public key, the security chip provides security storage capacity, relevant information for acquiring the first public key is programmed before leaving a factory, and the security of decrypting all corresponding first private keys is ensured.
The embodiment of the invention provides high-security-level protection by means of the built-in security chips of the electric equipment and the charging equipment, can effectively realize security protection on the identity of the electric equipment, and provides security guarantee for subsequent service security between the electric equipment and the charging equipment.
In implementation, the charging management module is further configured to receive a second authentication request message from the charging device, and send the second authentication request message to the programmable security module, where the second authentication request message includes second content information and second signature information obtained by calculating the second content information using a second private key;
the second private key is private information which is stored in a programmable security module of the charging device and uniquely corresponds to the identity of the charging device, and the second private key can be written into the programmable security module of the charging device in a programming mode before leaving a factory.
The programmable security module is further configured to store related information used for obtaining the second public key, and is configured to, after receiving the second authentication request message, obtain the second public key by using the related information used for obtaining the second public key, decrypt the second signature information by using the second public key, obtain a decrypted result by comparing the decrypted result with second content information in the second authentication request message, and verify the identity of the charging device.
Besides the first private key, the programmable security module PSU in the electric device also stores the relevant information for obtaining the second public key, and the relevant information for obtaining the second public key can be written into the programmable security module of the charging device in a programming manner before leaving the factory. And if the result obtained by decrypting the second signature information is the same as the second content information in the second authentication request message during authentication, the identity authentication is passed, otherwise, the identity authentication is not passed.
In an implementation, the programmable security module 601 further stores a first digital certificate obtained by signing the first public key by the certificate authority, and the first authentication response message further includes the first digital certificate.
The related information for acquiring the first public key stored by the programmable security module of the charging device is a root certificate, so that the charging device can acquire the first public key in the first digital book by using the root certificate after receiving the first authentication response message, decrypt the first signature information by using the first public key, and compare the decryption result with the first content information to realize identity authentication.
When the bidirectional authentication is realized, the second authentication request message further includes a second digital certificate obtained after the certificate authority signs the second public key, and the related information for obtaining the second public key is a second root certificate for obtaining the second public key in the second digital certificate.
For the charging equipment, a second digital certificate is stored in the programmable security module, for the electric equipment, a second root certificate is stored in the programmable security module, after a second authentication request message is received, a second public key is obtained by utilizing the root certificate to verify the signature of the second digital certificate, the second public key is utilized to decrypt the second signature information of the second authentication request message, the obtained result is compared with second content information, the identity of the charging equipment is verified, if the result is consistent, the identity is verified, and otherwise, the identity is not verified.
In this embodiment, the programmable security module 601 communicates with the charging management module 602 in a controller area network CAN manner.
An embodiment of the present invention provides a charging apparatus, as shown in fig. 7, including:
the programmable security module 701 is configured to send a first authentication request message to the charging master control module, receive a first authentication response message sent by the charging master control module, decrypt first signature information in the first authentication response message by using a first public key corresponding to a first private key, compare a decryption result with first content information in the first authentication response message, and perform identity authentication on the electric device;
the programmable security module 701 preferably employs a security chip, the security chip provides a secure storage capability, and the security chip writes first decryption related information before leaving a factory.
The charging main control module 702 is configured to send the first authentication request message to the electric device after receiving the first authentication request message sent by the programmable security module, and send the first authentication response message to the programmable security module after receiving the first authentication response message sent by the electric device.
In implementation, the programmable security module 701 is further configured to store a second private key uniquely corresponding to the identity of the charging device, and send a second authentication request message to the charging main control module, where the second authentication request message includes second content information and second signature information obtained by calculating the second content information using the second private key;
and the safety chip writes a second private key uniquely corresponding to the identity of the charging equipment before leaving a factory so as to realize the identity authentication of the charging equipment by the electric equipment.
In this embodiment, the charging device stores information related to obtaining the first public key, has an identity authentication function for the electric device, and uses the first public key to process the received first authentication response message to verify the identity of the electric device.
In implementation, the charging main control module 702 receives the second authentication request message and then sends the second authentication request message to the electric device, so that the electric device decrypts the second authentication request message by using the second public key, and by comparing the decrypted result with the second content information, the identity verification of the charging device is implemented, and when the compared result is consistent, the verification is passed, otherwise, the verification is not passed.
In an implementation, the first authentication response message further includes a first digital certificate, and the information stored by the programmable security module 201 for obtaining the first public key is a first root certificate used for obtaining the first public key in the first digital certificate.
When the bidirectional authentication is implemented, the programmable security module 702 further stores a second digital certificate obtained after the certificate authority signs the second public key, and the second authentication request message further includes the second digital certificate.
For the electric device, a second root certificate needs to be stored in the programmable security module 701, so that after the second authentication request message is received, a second public key is obtained by utilizing the root certificate to verify the signature of the second digital certificate, the second public key is utilized to decrypt the second signature information of the second authentication request message, the obtained result is compared with the second content information, the charging device is authenticated, if the result is consistent, the authentication is passed, otherwise, the authentication is not passed.
Preferably, the programmable safety module 701 communicates with the charging master control module 702 through a customized interface.
EXAMPLE III
An embodiment of the present invention provides an electric device for performing identity authentication, as shown in fig. 8, including:
a request receiving unit 801 for receiving a first authentication request message from the charging apparatus;
the authentication calculation unit 802 is configured to calculate first content information to be signed by using a first private key uniquely corresponding to an identity of the electric device to obtain first signature information;
an authentication response unit 803, configured to send a first authentication response message to the charging device, where the first authentication response message includes first signature information and first content information, so that the charging device processes the received first authentication response message with a first public key corresponding to the first private key to verify the identity of the electric device.
An embodiment of the present invention further provides a charging device for performing identity authentication, as shown in fig. 9, including:
a request transmitting unit 901 for transmitting a first authentication request message to the electric device;
a decryption unit 902, configured to receive the first authentication response message from the electric device, and decrypt the first signature information in the first authentication response message by using a first public key corresponding to the first private key;
and the identity authentication unit 903 is used for comparing the decryption result with the first content information in the first authentication response message, and performing identity authentication on the electric equipment.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.
Claims (12)
1. A method for identity authentication of an electric device, comprising:
receiving a first authentication request message from a charging device;
calculating first content information to be signed by using a first private key uniquely corresponding to the identity of the electric equipment to obtain first signature information;
and sending a first authentication response message to the charging device, wherein the first authentication response message comprises first signature information and first content information, so that the charging device verifies the identity of the electric device by processing the received first authentication response message by using a first public key corresponding to the first private key.
2. The method of claim 1, further comprising:
receiving a second authentication request message from the charging equipment, wherein the second authentication request message comprises second content information and second signature information calculated by the charging equipment on the second content information by using a second private key;
and decrypting the second signature information by using a second public key corresponding to the second private key, comparing the decrypted result with second content information in the second authentication request message, and verifying the identity of the charging equipment.
3. The method according to claim 2, wherein the second authentication request message further includes a second digital certificate obtained by signing a second public key by a certificate authority;
and obtaining a second public key corresponding to the second private key according to the stored second root certificate.
4. The method of claim 1, wherein the first authentication request message carries a first random number, further comprising:
acquiring a vehicle identification number VIN after receiving the first authentication request message, and generating a second random number;
wherein the first content information in the first authentication response message comprises the VIN and the second random number.
5. A charging device identity authentication method is characterized by comprising the following steps:
sending a first authentication request message to the electrically powered device;
receiving a first authentication response message from the electric device, and decrypting first signature information in the first authentication response message by using a first public key corresponding to a first private key;
and comparing the decryption result with the first content information in the first authentication response message, and authenticating the electric equipment.
6. The method of claim 5, further comprising:
and sending a second authentication request message to the electric equipment so that the electric equipment processes the second authentication request message by using a second public key corresponding to a second private key to authenticate the charging equipment, wherein the second authentication request message comprises second content information and second signature information obtained by calculating the second content information by using the stored second private key.
7. The method according to claim 5, wherein the first authentication response message further comprises the first digital certificate;
and obtaining a first public key corresponding to the first private key by using the first root certificate stored in the charging equipment.
8. The method according to claim 6, wherein the first authentication request message carries a first random number, and the first content information in the first authentication response message comprises a Vehicle Identification Number (VIN) and a second random number;
second content information in the second authentication request message is null; or, the second content information in the second authentication request message includes a third random number.
9. An electrically powered device for performing identity authentication, comprising:
a request receiving unit for receiving a first authentication request message from the charging device;
the authentication calculation unit is used for calculating first content information needing to be signed by using a first private key uniquely corresponding to the identity of the electric equipment to obtain first signature information;
and the authentication response unit is used for sending a first authentication response message to the charging device, wherein the first authentication response message contains first signature information and first content information, so that the charging device processes the received first authentication response message by using a first public key corresponding to the first private key to verify the identity of the electric device.
10. A charging device for performing identity authentication, comprising:
a request transmitting unit for transmitting a first authentication request message to the electric device;
the decryption unit is used for receiving the first authentication response message from the electric equipment and decrypting the first signature information in the first authentication response message by using a first public key corresponding to the first private key;
and the identity authentication unit is used for comparing the decryption result with the first content information in the first authentication response message and carrying out identity authentication on the electric equipment.
11. An electrically powered device, comprising:
the programmable safety module is used for calculating first content information to be signed by using a first private key uniquely corresponding to the identity of the electric equipment to obtain first signature information after receiving the encryption request message from the charging management module, and sending a first authentication response message to the charging management module, wherein the first authentication response message comprises the first signature information and the first content information;
the charging management module is used for sending an encryption request message to the programmable security module after receiving a first authentication request message sent by the charging equipment, and sending a first authentication response message to the charging equipment after receiving the first authentication response message from the programmable security module, so that the charging equipment processes the received first authentication response message by using a first public key corresponding to the first private key to verify the identity of the electric equipment.
12. A charging device, comprising:
the programmable security module is used for sending a first authentication request message to the charging main control module, receiving a first authentication response message sent by the charging main control module, decrypting first signature information in the first authentication response message by using a first public key corresponding to a first private key, comparing a decryption result with first content information in the first authentication response message, and authenticating the identity of the electric equipment;
and the charging main control module is used for sending the first authentication request message to the electric equipment after receiving the first authentication request message sent by the programmable safety module, and sending the first authentication response message to the programmable safety module after receiving the first authentication response message sent by the electric equipment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811087983.1A CN110912864A (en) | 2018-09-18 | 2018-09-18 | Electric equipment, charging equipment and identity authentication method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811087983.1A CN110912864A (en) | 2018-09-18 | 2018-09-18 | Electric equipment, charging equipment and identity authentication method thereof |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110912864A true CN110912864A (en) | 2020-03-24 |
Family
ID=69813568
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811087983.1A Pending CN110912864A (en) | 2018-09-18 | 2018-09-18 | Electric equipment, charging equipment and identity authentication method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110912864A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111674568A (en) * | 2020-03-31 | 2020-09-18 | 杭州龙纪科技有限公司 | Authentication charging system and authentication charging method for mars vehicle |
| CN111781928A (en) * | 2020-06-30 | 2020-10-16 | 杭州海康机器人技术有限公司 | AGV access method, AGV access device, scheduling system, dispatching equipment and storage medium |
| CN112216026A (en) * | 2020-09-03 | 2021-01-12 | 北京握奇智能科技有限公司 | Electric vehicle charging non-inductive payment method and system based on front-mounted OBU |
| CN113665401A (en) * | 2021-07-27 | 2021-11-19 | 国创移动能源创新中心(江苏)有限公司 | Direct current charging method and system for electric automobile |
| CN114394026A (en) * | 2021-12-21 | 2022-04-26 | 中汽创智科技有限公司 | Electric vehicle charging method, system and device, charging pile and storage medium |
| CN114710291A (en) * | 2022-02-28 | 2022-07-05 | 太原理工大学 | Efficient authentication transaction method for charging pile |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102045340A (en) * | 2010-10-15 | 2011-05-04 | 国家电网公司 | Secure data exchange method and system for electric vehicle and charging and exchanging power station |
| US20150329005A1 (en) * | 2012-07-11 | 2015-11-19 | Pioneer Corporation | Information update system and method, vehicle, charger and server apparatus |
| CN106330444A (en) * | 2015-06-19 | 2017-01-11 | 中兴新能源汽车有限责任公司 | Electric vehicle authentication method and device |
-
2018
- 2018-09-18 CN CN201811087983.1A patent/CN110912864A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102045340A (en) * | 2010-10-15 | 2011-05-04 | 国家电网公司 | Secure data exchange method and system for electric vehicle and charging and exchanging power station |
| US20150329005A1 (en) * | 2012-07-11 | 2015-11-19 | Pioneer Corporation | Information update system and method, vehicle, charger and server apparatus |
| CN106330444A (en) * | 2015-06-19 | 2017-01-11 | 中兴新能源汽车有限责任公司 | Electric vehicle authentication method and device |
Non-Patent Citations (2)
| Title |
|---|
| 周世杰等: "《普通高等学校信息安全"十一五"规划教材 网络与系统防御技术》", 31 August 2007 * |
| 谷利泽等: "《现代密码学教程 第2版》", 31 March 2015 * |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111674568A (en) * | 2020-03-31 | 2020-09-18 | 杭州龙纪科技有限公司 | Authentication charging system and authentication charging method for mars vehicle |
| CN111674568B (en) * | 2020-03-31 | 2022-06-10 | 杭州龙纪科技有限公司 | Authentication charging system and authentication charging method for mars vehicle |
| CN111781928A (en) * | 2020-06-30 | 2020-10-16 | 杭州海康机器人技术有限公司 | AGV access method, AGV access device, scheduling system, dispatching equipment and storage medium |
| CN111781928B (en) * | 2020-06-30 | 2024-05-28 | 杭州海康机器人股份有限公司 | AGV access method, AGV access device, AGV scheduling system, AGV equipment and storage medium |
| CN112216026A (en) * | 2020-09-03 | 2021-01-12 | 北京握奇智能科技有限公司 | Electric vehicle charging non-inductive payment method and system based on front-mounted OBU |
| CN113665401A (en) * | 2021-07-27 | 2021-11-19 | 国创移动能源创新中心(江苏)有限公司 | Direct current charging method and system for electric automobile |
| CN113665401B (en) * | 2021-07-27 | 2023-12-12 | 国创移动能源创新中心(江苏)有限公司 | Direct-current charging method and system of electric automobile |
| CN114394026A (en) * | 2021-12-21 | 2022-04-26 | 中汽创智科技有限公司 | Electric vehicle charging method, system and device, charging pile and storage medium |
| CN114394026B (en) * | 2021-12-21 | 2024-05-24 | 中汽创智科技有限公司 | Electric automobile charging method, system, device, charging pile and storage medium |
| CN114710291A (en) * | 2022-02-28 | 2022-07-05 | 太原理工大学 | Efficient authentication transaction method for charging pile |
| CN114710291B (en) * | 2022-02-28 | 2023-07-04 | 太原理工大学 | Efficient authentication transaction method for charging pile |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110912864A (en) | Electric equipment, charging equipment and identity authentication method thereof | |
| CN103167491B (en) | A kind of mobile terminal uniqueness authentication method based on software digital certificate | |
| CN109495307A (en) | Method for upgrading system, OTA upgrade package encryption method, terminal device and vehicle | |
| CN106656488B (en) | Key downloading method and device for POS terminal | |
| CN102510333B (en) | Authorization method and system | |
| TW201916633A (en) | Certificate management-based method and system for charging electric vehicle | |
| CN106329585B (en) | Wireless charging authentication method and device | |
| CN103269271B (en) | A kind of back up the method and system of private key in electronic signature token | |
| US10131243B2 (en) | Method and device for identifying an electric vehicle by receiving a current contract key in an electric vehicle | |
| CN111376865B (en) | Vehicle digital key activation method, system and storage medium | |
| CN107277033B (en) | Charging and battery replacing equipment and authentication method and system for object to be charged and battery replaced | |
| CN111791741A (en) | Charging authentication method, charging pile, monitoring platform, BMS (battery management system), authentication chip and medium | |
| CN106227503A (en) | Safety chip COS firmware update, service end, terminal and system | |
| CN109617675B (en) | Method and system for authenticating identifiers of both sides between charge and discharge facility and user terminal | |
| CN112689981B (en) | Communication authentication system and method between vehicle, charging station, and charging station management server | |
| TW201212615A (en) | Method and device for allocating a measured value detected by a charging station to a user | |
| CN103095456A (en) | Method and system for processing transaction messages | |
| CN103067402A (en) | Method and system for digital certificate generation | |
| CN112019326A (en) | Vehicle charging safety management method and system | |
| KR20160073087A (en) | A method and an apparatus for certificating in a Battery Management System and a certification server | |
| CN103684797A (en) | Subscriber and subscriber terminal equipment correlation authentication method and system | |
| CN106156677A (en) | Identity card card reading method and system | |
| CN103281188B (en) | A kind of back up the method and system of private key in electronic signature token | |
| CN104702566A (en) | Use authorization method and use authorization device for virtual equipment | |
| KR101919693B1 (en) | Anonymous payment method to provide location privacy for wireless charging of electrical vehicles and system therefor |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200324 |
|
| RJ01 | Rejection of invention patent application after publication |