CN111182497A - V2X anonymous authentication method, device and storage medium - Google Patents

V2X anonymous authentication method, device and storage medium Download PDF

Info

Publication number
CN111182497A
CN111182497A CN201911382878.5A CN201911382878A CN111182497A CN 111182497 A CN111182497 A CN 111182497A CN 201911382878 A CN201911382878 A CN 201911382878A CN 111182497 A CN111182497 A CN 111182497A
Authority
CN
China
Prior art keywords
current
virtual identity
signature
message
identifier
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201911382878.5A
Other languages
Chinese (zh)
Inventor
李政
肖佃艳
王智勇
吴昊
李承泽
陈燕呢
吴志敏
黄磊
申任远
范乐君
袁静
张伟
赵怀瑾
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
National Computer Network and Information Security Management Center
Original Assignee
National Computer Network and Information Security Management Center
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by National Computer Network and Information Security Management Center filed Critical National Computer Network and Information Security Management Center
Priority to CN201911382878.5A priority Critical patent/CN111182497A/en
Publication of CN111182497A publication Critical patent/CN111182497A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/40Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/009Security arrangements; Authentication; Protecting privacy or anonymity specially adapted for networks, e.g. wireless sensor networks, ad-hoc networks, RFID networks or cloud networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/75Temporary identity

Abstract

The embodiment of the invention discloses a V2X anonymous authentication method, equipment and a storage medium. The embodiment of the invention firstly obtains a message to be received, extracts a current digital signature and a current virtual identity from the message to be received, and carries out signature verification operation on the current digital signature according to the current virtual identity. The embodiment of the invention is different from a common information protection mode, signature verification is carried out by using the current virtual identity instead of using a certificate, the calculation amount caused by the signature verification mode is less than that when the certificate is used, the calculation efficiency is greatly improved, and the real-time requirement when a large number of communication messages are processed can be met. In addition, in the message authentication process, the virtual identity is randomly transformed, so that the anonymity requirement of V2X communication can be met, and the dangers of tracking and positioning the vehicle by an attacker are avoided.

Description

V2X anonymous authentication method, device and storage medium
Technical Field
The invention relates to the technical field of information security, in particular to a V2X anonymous authentication method, equipment and a storage medium.
Background
With the development and popularization of the fifth Generation mobile communication technology (5G, 5th-Generation), the internet of vehicles has been further developed.
For example, in the case of a communication system using vehicular wireless communication technology (V2X, vehicle to X), as an important component of the internet of vehicles, information interaction between the vehicle and other entities is implemented, for example, information interaction between the vehicle and a surrounding vehicle, a road side unit or a pedestrian, and a road side unit may be other units such as a traffic light.
It is noted that, when the V2X communication system is carried by a vehicle-mounted terminal mounted on a vehicle, the real-time status of other participants in the traffic system can be acquired, thereby avoiding danger, reducing congestion, and promoting efficient and safe operation of the intelligent traffic system.
However, since the V2X communication system relates to key data such as user personal identification information, vehicle location, vehicle status, driving track, infrastructure information around traffic, and national geographic information, and these key data will directly affect the decision of intelligently driving the vehicle, it is important to protect the V2X communication message from being stolen, tampered or utilized by an illegal attacker.
For the data security problem of the V2X communication system, at present, there are a plurality of information protection methods.
For example, one type Of information protection is a conventional Public key infrastructure/authentication center (PKI/CA) authentication technology, which binds a digital Certificate with a user identity, and can be used by an attacker to track a vehicle due to the use Of the user identity; on the other hand, the authentication technology has low calculation efficiency and is difficult to meet the real-time requirement of the intelligent driving vehicle.
Another type of information protection is the PILOT PKI scheme proposed by the european union of vehicle-to-vehicle communications (C2C-CC) based on the PRESERVE PKI scheme, which addresses the problem of identity authentication in the vehicle-to-vehicle/vehicle-infrastructure (V2V/V2I, vehicle-to-vehicle/vehicle-to-infrastructure) communication scenario.
As for the PILOT PKI scheme, a multi-layer CA mechanism is adopted, and the anonymity protection of the networked automobile is realized through a pseudonymous certificate technology.
Specifically, the PILOT CA will provide traceability of false messages or malicious vehicles through a pseudonymous certificate (or authentication ticket). However, the method of using the pseudonymous certificate (or the authentication ticket) for identity verification is computationally inefficient, and cannot meet the real-time authentication requirement under a large amount of communication messages.
In summary, the common information protection methods are low in calculation efficiency, and cannot meet the real-time authentication requirements under a large number of communication messages.
Disclosure of Invention
In order to solve the above problem, embodiments of the present invention provide a V2X anonymous authentication method, device, and storage medium.
In a first aspect, an embodiment of the present invention provides a V2X anonymous authentication method, applied to a first communication device, including:
acquiring a message to be received;
extracting a current digital signature and a current virtual identity from the message to be received;
and performing signature verification operation on the current digital signature according to the current virtual identity.
Preferably, after extracting the current digital signature and the current virtual identity from the message to be received, the V2X anonymous authentication method further includes:
extracting a current index from the message to be received;
inquiring a corresponding current master public key according to the current index;
the performing, according to the current virtual identity, a signature verification operation on the current digital signature specifically includes:
and performing signature verification operation on the message to be received by using the current digital signature, the current virtual identity and the current master public key through a preset signature verification algorithm.
In a second aspect, an embodiment of the present invention provides an anonymous authentication method for V2X, which is applied to a second communications device, and includes:
if the message content to be sent is detected, the current master public key is obtained;
randomly selecting a current virtual identity within a preset range, and determining a current signature private key corresponding to the current virtual identity;
performing digital signature operation on the message content according to the current master public key and the current signature private key to obtain a current digital signature;
and sending the message content, the current digital signature and the current virtual identity to first communication equipment so that the first communication equipment can carry out signature verification operation on the current digital signature according to the current virtual identity.
Preferably, the sending the message content, the current digital signature, and the current virtual identity to a first communication device for the first communication device to perform signature verification operation on the current digital signature according to the current virtual identity specifically includes:
and sending the message content, the current digital signature, the current virtual identity and the current index corresponding to the current master public key to first communication equipment so that the first communication equipment can inquire the corresponding current master public key according to the current index and carry out signature verification operation on the current digital signature, the current virtual identity and the current master public key through a preset signature verification algorithm.
Preferably, before acquiring the current master public key if the message content to be sent is detected, the anonymous authentication method using V2X further includes:
acquiring a device identifier of second communication equipment;
and sending the equipment identifier to an identifier management server so that the identifier management server generates a current virtual identity identifier according to the equipment identifier, generates a corresponding current signature private key according to the current virtual identity identifier, and feeds back the current virtual identity identifier and the current signature private key to the second communication equipment.
In a third aspect, an embodiment of the present invention provides an anonymous authentication method for V2X, which is applied to an identity management server, and includes:
receiving a device identifier sent by second communication equipment;
generating a current virtual identity according to the equipment identifier;
generating a corresponding current signature private key according to the current virtual identity;
and sending the current virtual identity and the current signature private key to the second communication equipment so that the second communication equipment obtains a current main public key and message content to be sent, obtains the current virtual identity, determines a current signature private key corresponding to the current virtual identity, and digitally signs the message content according to the current main public key and the current signature private key.
Preferably, the generating a current virtual identity according to the device identifier specifically includes:
acquiring a current random number;
and converting the equipment identifier into a current virtual identity identifier corresponding to the current random number.
Preferably, the converting the device identifier into a current virtual identity identifier corresponding to the current random number specifically includes:
and operating the equipment identifier and the current random number through a preset hash algorithm to generate a current virtual identity identifier corresponding to the current random number.
In a fourth aspect, an embodiment of the present invention provides an anonymous authentication apparatus for V2X, including:
the message acquisition module is used for acquiring a message to be received;
the signature acquisition module is used for extracting a current digital signature and a current virtual identity from the message to be received;
and the signature verification module is used for performing signature verification operation on the current digital signature according to the current virtual identity.
In a fifth aspect, an electronic device includes a memory, a processor, and a computer program stored on the memory and executable on the processor, and the processor implements the steps of the V2X anonymous authentication method provided in the first, second, and third aspects of the present invention when executing the program.
In a sixth aspect, a non-transitory computer readable storage medium, on which a computer program is stored, is characterized in that the computer program, when executed by a processor, implements the steps of the V2X anonymous authentication method provided in the first, second and third aspects of the present invention.
The V2X anonymous authentication method, the device and the storage medium provided by the embodiment of the invention firstly obtain a message to be received, extract a current digital signature and a current virtual identity from the message to be received, and carry out signature verification operation on the current digital signature according to the current virtual identity. The embodiment of the invention is different from a common information protection mode, signature verification is carried out by using the current virtual identity instead of using a certificate, the calculation amount caused by the signature verification mode is less than that when the certificate is used, the calculation efficiency is greatly improved, and the real-time requirement when a large number of communication messages are processed can be met.
Drawings
Fig. 1 is a flowchart of a V2X anonymous authentication method according to an embodiment of the present invention;
fig. 2 is a flowchart of a V2X anonymous authentication method according to another embodiment of the present invention;
fig. 3 is a flowchart of a V2X anonymous authentication method according to another embodiment of the present invention;
fig. 4 is a flowchart of a V2X anonymous authentication method according to another embodiment of the present invention;
FIG. 5 is a communication framework partitioning diagram according to another embodiment of the present invention;
fig. 6 is a schematic structural diagram of a V2X anonymous authentication processing apparatus according to an embodiment of the present invention;
fig. 7 is a schematic physical structure diagram of an electronic device according to an embodiment of the present invention;
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a flowchart of a V2X anonymous authentication method according to an embodiment of the present invention, as shown in fig. 1, applied to a first communication device, where the method includes:
and S1, acquiring the message to be received.
The execution subject of the embodiment of the present invention is an electronic device, and specifically, the electronic device of the embodiment of the present invention may be a communication device. The communication device can be applied to a V2X communication scene, and therefore, the communication device can also be referred to as a V2X communication device. The V2X communication device may be a vehicle mounted terminal.
For convenience of distinction, the execution subject according to the embodiment of the present invention is referred to as a first communication device, and if the vehicle-mounted terminal is taken as an example, the first communication device may be referred to as a vehicle-mounted terminal a, and the vehicle-mounted terminal a may monitor a broadcast message sent from a vehicle-mounted terminal B or a roadside infrastructure, where the broadcast message may be referred to as a message to be received.
S2, extracting the current digital signature and the current virtual identity from the message to be received.
If the vehicle-mounted terminal A receives the broadcast message sent by the vehicle-mounted terminal B, the legitimacy of the broadcast message can be verified firstly, so that an attacker can be prevented from utilizing the broadcast message.
In a specific implementation, the message to be received may include a current digital signature and a current virtual identity, and the current digital signature may be denoted as (h ', S').
It is to be understood that the current digital signature corresponds to a current virtual identity, which is different from the device identity of the communication device, which is used to uniquely mark the hardware, but which is used to characterize the virtual identity of a communication device. One communication device has only one device identity, however, one communication device may have more than or equal to 2 virtual identities at the same time.
The device identifier may be a unique serial code pre-burned in a security chip of the communication device.
As can be seen, the message to be received is not directly associated with the device identifier, for example, the message to be received does not include the device identifier, so that the message to be received has a certain anonymity, and the information security is improved.
And S3, performing signature verification operation on the current digital signature according to the current virtual identity.
Therefore, the current digital signature line corresponding to the current virtual identity is signed and verified through the current virtual identity. It should be known that, in a common information protection manner, a certificate is used for signature verification instead of a current virtual identity, the calculation amount caused by applying the certificate and using the certificate is large, the calculation is also complex, however, the calculation difficulty of the calculation process caused by the identifier used here is low, and the signature verification process is also direct, so that the calculation efficiency is greatly improved, and the real-time requirement in processing a large number of communication messages can be met.
The V2X anonymous authentication method provided by the embodiment of the invention comprises the steps of firstly obtaining a message to be received, extracting a current digital signature and a current virtual identity from the message to be received, and carrying out signature verification operation on the current digital signature according to the current virtual identity. The embodiment of the invention is different from a common information protection mode, signature verification is carried out by using the current virtual identity instead of using a certificate, the calculation amount caused by the signature verification mode is less than that when the certificate is used, the calculation efficiency is greatly improved, and the real-time requirement when a large number of communication messages are processed can be met.
Fig. 2 is a flowchart of a V2X anonymous authentication method according to another embodiment of the present invention, which can be based on the embodiment shown in fig. 1.
In this embodiment, after performing signature verification operation on the current digital signature according to the current virtual identity, the anonymous authentication method using V2X further includes:
and if the signature verification is successful, receiving the message to be received.
If the verification is successful, the message to be received can be formally received, and subsequent operations are performed, for example, the message to be received can be locally stored, or further data analysis can be performed based on the message to be received.
Of course, if the signature verification fails, the message to be received may be directly discarded.
On the basis of the foregoing embodiment, preferably, after S2, the V2X anonymous authentication method further includes:
s201, extracting the current index from the message to be received.
The message to be received may carry a current index, and the current index may be an index corresponding to the current master public key.
And S202, inquiring the corresponding current master public key according to the current index.
First, a plurality of sets of master key pairs are generated at the identity management server, wherein each master key pair (msk, mpk) comprises a master private key msk and a master public key mpk, and the master public key mpk is to be disclosed to the outside.
Then, a single byte can be set as the index of the master key pair, and the index can be denoted as IND. Therefore, an index IND will correspond to a master key pair and thus to a master public key mpk.
The identity management server may then serve both the index IND and the master public key mpk to the communication device.
As can be seen, the index IND and the master public key mpk that exist correspondingly may be stored at the first communication device, so that the corresponding current master public key may be queried according to the current index from the corresponding relationship between the index and the master public key.
The S3 specifically includes:
s301, performing signature verification operation on the message to be received by using the current digital signature, the current virtual identity and the current master public key through a preset signature verification algorithm.
It will be appreciated that, in terms of signature verification operations, a broadcast message will be signature verified based on the identifier to determine whether the sender of the broadcast message is legitimate.
As for the specific implementation of the signature verification operation, various implementations may be adopted, for example, the signature verification operation of the message to be received may be performed through the current digital signature, the current virtual identity, and the current master public key. The current digital signature may be denoted as (h ', S '), the current virtual identity may be denoted as PID ', the adopted preset identity cryptographic standard may be SM9, the adopted preset signature verification algorithm may be a signature verification algorithm corresponding to the preset identity cryptographic standard, and the signature verification algorithm corresponding to SM9 may be denoted as SM9_ verify.
Wherein, SM9 is a cipher standard with correlation standard of "GM/T0044-2016 SM9 cipher algorithm".
As for the signature verification algorithm SM9_ verify may be embodied as,
Result=SM9_verify(M′,(h′,S′),PID′,mpk),
wherein Result represents the verification Result, when Result is 1, the signature verification is successful, and when Result is not 1, the signature verification is failed; m 'represents the message content in the message to be received, (h', S ') represents the current digital signature, PID' represents the current virtual identity and mpk represents the current master public key.
In addition, the message format of the message to be received may be set to include a message content field, a digital signature field, a virtual identity field, an index field, and the like. For example, the message content field is filled with the message content M 'of the message to be received, the digital signature field is filled with the current digital signature (h', S '), the virtual identity field is filled with the current virtual identity PID', and the index field is filled with the index IND corresponding to the current master public key.
As for the message format of the message to be received, see table 1 below.
TABLE 1 message format of message to be received
M′ (h′,S′) PID′ IND
The V2X anonymous authentication method provided by the embodiment of the invention processes the message to be received based on the signature verification result, so that the broadcast message sent by an illegal attacker can be resisted.
Fig. 3 is a flowchart of a V2X anonymous authentication method according to yet another embodiment of the present invention.
In this embodiment, the second communication device includes:
and S4, if the message content to be sent is detected, acquiring the current master public key.
The execution subject of the embodiment of the present invention is an electronic device, and specifically, the electronic device of the embodiment of the present invention may be a communication device.
For convenience of distinction, the execution subject according to the embodiment of the present invention is referred to as a second communication device, and if the vehicle-mounted terminal is taken as an example, the second communication device may be referred to as a vehicle-mounted terminal B.
As for the embodiment shown in fig. 1, the present embodiment relates to a verification process for receiving a message and performing signature verification, and the present embodiment relates to a signature process for signing a message when sending a message.
For example, if the in-vehicle terminal B intends to send a certain message content to the outside, the type of the receiving party is not limited at this time, and the receiving party receiving the message content may be the in-vehicle terminal a or other communication devices.
In order to generate a digital signature of the message content to be sent, a master public key which is sent by a certain label management server can be selected and recorded as a current master public key.
S5, randomly selecting the current virtual identity in the preset range, and determining the current signature private key corresponding to the current virtual identity.
Then, a virtual id and a private signature key corresponding to the virtual id are selected, after all, multiple sets of virtual ids and private signature keys can be used in the vehicle-mounted terminal B, and one virtual id and a private signature key corresponding to the virtual id are a set.
The preset range refers to a plurality of virtual identity identifications acquired in advance.
Therefore, the embodiment of the invention can randomly change the virtual identity by randomly selecting the current virtual identity, can meet the anonymity requirement of V2X communication, and avoids dangerous conditions such as tracking and positioning the vehicle by an attacker.
S6, according to the current master public key and the current signature private key, performing digital signature operation on the message content to obtain a current digital signature.
A specific manner of generation of the digital signature may be given, but is by way of example only.
For example, a digital signature operation may be performed on the message content through a signature generation algorithm corresponding to a preset identification code standard according to the current master public key and the current signature private key, so as to obtain a current digital signature. For example, the preset id cryptographic standard may be SM9, the signature generation algorithm corresponding to SM9 is SM9_ sign, and the signature private key and the master public key distributed by the tag management server may be used together to generate the digital signature.
As for the signature generation algorithm SM9_ sign may be embodied as,
(h,S)=SM9_sign(M,mpk,sk(1)),
wherein, (h, S) represents the current digital signature, M represents the message content in the message to be sent, mpk represents the current master public key and sk(1)Representing the current signature private key.
S7, sending the message content, the current digital signature, and the current virtual identity to a first communication device, so that the first communication device performs signature verification operation on the current digital signature according to the current virtual identity.
Finally, the message content, the current digital signature and the current virtual identity may be sent to the recipient, so that the recipient can perform signature verification by the current virtual identity to learn its validity.
Wherein the current digital signature can be concatenated with the message content for transmission to the recipient.
In addition, the finally sent message content, the current digital signature and the current virtual identity can be packaged into a message to be sent, and the message to be sent is sent to a receiver in the form of the message to be sent.
According to the V2X anonymous authentication method provided by the embodiment of the invention, the signature operation of the message is carried out based on the current signature private key corresponding to the current virtual identity, and the identity of the user is not represented due to the fact that the virtual identity is used instead of the equipment identity, so that the message has anonymity. Secondly, because the embodiment of the invention adopts the signature operation rather than the certificate with the virtual identity, the calculation efficiency is improved, the calculation complexity is reduced, and the real-time requirement when a large amount of communication messages are processed can be met.
On the basis of the foregoing embodiment, preferably, the sending the message content, the current digital signature, and the current virtual identity to a first communication device for the first communication device to perform signature verification operation on the current digital signature according to the current virtual identity specifically includes:
and sending the message content, the current digital signature, the current virtual identity and the current index corresponding to the current master public key to first communication equipment so that the first communication equipment can inquire the corresponding current master public key according to the current index and carry out signature verification operation on the current digital signature, the current virtual identity and the current master public key through a preset signature verification algorithm.
Specifically, the message content, the current digital signature, the current virtual identity, and the current index may also be packaged as a message to be sent, and sent to the receiving party in the form of a message to be sent.
In addition, if the message format of the message to be sent is further refined, the message to be sent mentioned here can be referred to as table 2 below.
TABLE 2 message Format of message to be sent
M (h,S) PID_A IND
The format of the message to be sent in table 2 includes a message content field, a digital signature field, a virtual identity field, and an index field, where the message content field is filled with the message content M to be sent, the digital signature field is filled with the current digital signature (h, S), the virtual identity field is filled with the current virtual identity PID _ a used in real time, and the index field is filled with the current index IND corresponding to the current master public key.
By sending the message to be sent to the receiver, the receiver can inquire the current main public key used by the sender during signature, and signature verification operation can be carried out on the basis of the current main public key and in cooperation with the current digital signature and the current virtual identity.
On the basis of the foregoing embodiment, preferably, before acquiring the current master public key if the content of the message to be sent is detected, the anonymous authentication method using V2X further includes:
acquiring a device identifier of second communication equipment;
and sending the equipment identifier to an identifier management server so that the identifier management server generates a current virtual identity identifier according to the equipment identifier, generates a corresponding current signature private key according to the current virtual identity identifier, and feeds back the current virtual identity identifier and the current signature private key to the second communication equipment.
For example, the second communication device obtains the device identifier of its own hardware first, and sends the device identifier to the identifier management server side, where the identifier management server is used to manage the virtual identity identifier and the signature private key.
As for the identifier management server, the identifier management server may generate a first preset number of current virtual identifiers according to the device identifier, where the first preset number may be 1, and may also be a positive integer greater than or equal to 2. Then, a corresponding current signature private key is generated according to each current virtual identity.
Then, the current virtual id existing in pair and the current signature private key may be sent back to the in-vehicle terminal B.
Therefore, the method can be delivered to the label management server to perform the generation operation of the current virtual identity and the current signature private key, so that one group of the virtual identity and the signature private key can be selected to perform the signature operation when the vehicle-mounted terminal B performs the message sending operation each time.
Fig. 4 is a flowchart of a V2X anonymous authentication method according to another embodiment of the present invention.
In this embodiment, the identifier management server includes:
and S8, receiving the device identification sent by the second communication device.
The execution subject of the embodiment of the present invention is an electronic device, and specifically, the electronic device of the embodiment of the present invention may be an identifier management server. Furthermore, the embodiment of the invention mainly relates to the generation operation of the virtual identity and the signature private key.
Specifically, for example, the second communication device, that is, the vehicle-mounted terminal B, first obtains a device identifier of its own hardware, and sends the device identifier to the identifier management server side, where the identifier management server is configured to manage the virtual identity identifier and the signature private key.
And S9, generating the current virtual identity according to the equipment identity.
And S10, generating a corresponding current signature private key according to the current virtual identity.
As for the identifier management server, the identifier management server may generate a first preset number of current virtual identifiers according to the device identifier, where the first preset number may be 1, and may also be a positive integer greater than or equal to 2. Then, a corresponding current signature private key is generated according to each current virtual identity.
S11, sending the current virtual identity and the current signature private key to the second communication device, so that the second communication device obtains a current master public key and message content to be sent, obtains the current virtual identity, determines a current signature private key corresponding to the current virtual identity, and digitally signs the message content according to the current master public key and the current signature private key.
Then, the current virtual identity and the current signature private key which exist in pairs can be sent back to the vehicle-mounted terminal B, and one group of the current virtual identity and the current signature private key can be selected to carry out signature operation when the vehicle-mounted terminal B carries out message sending operation each time.
In addition, in the embodiment of the present invention, only the second communication device is taken as an example, and the device identifier of the first communication device may also be obtained, so that the virtual identity identifier and the signature private key corresponding to the device identifier of the first communication device are sent to the first communication device.
According to the V2X anonymous authentication method provided by the embodiment of the invention, the device identification based on uniqueness is used for generating a plurality of virtual identity identifications representing different virtual identities, during actual signature verification and signature operation, the communication device side uses the virtual identity identification for actual signature verification operation, and uses the signature private key corresponding to the virtual identity identification for signature operation, so that the calculation efficiency is improved. The information security is enhanced without using the device identification itself.
On the basis of the foregoing embodiment, preferably, the generating a current virtual identity according to the device identifier specifically includes:
acquiring a current random number;
and converting the equipment identifier into a current virtual identity identifier corresponding to the current random number.
In particular, since each device identification may generate a plurality of different virtual identities, i.e. different virtual identity identifications. Different virtual identities may be generated based on random numbers, each time a different random number will convert the device identity into a different virtual identity.
On the basis of the foregoing embodiment, preferably, the converting the device identifier into a current virtual identity identifier corresponding to the current random number specifically includes:
and operating the equipment identifier and the current random number through a preset hash algorithm to generate a current virtual identity identifier corresponding to the current random number.
With regard to the tag management server, the tag management server side may also call a master Key pair generation algorithm corresponding to SM9 to generate a master Key pair, which is Key _ Gen. The tag management server can also be called as a PID management center, and a master key pair can be marked as (msk, mpk), wherein msk is a master private key and mpk is a master public key to be disclosed to the outside.
Then, the index of the master key pair can be recorded as IND and is disclosed to the outside.
In addition, the PID management center may generate a first preset number of current virtual ids according to the device identifier, which will be described in detail below.
Specifically, the PID management center may apply a hash algorithm to generate a plurality of virtual identities of a certain vehicle-mounted terminal.
For example, the device identifier may be padded to 2 times the preset identifier length by adding redundancy, and then a hash algorithm (e.g., SHA-2) may be invoked to generate the virtual identity.
If a 256-bit virtual identity is to be generated, for example, the following formula may be applied,
PID=SHA256(ID||Rand),
wherein, PID represents the generated current virtual identity, ID represents the equipment identification, and Rand is the current random number, i.e. a random character string.
Therefore, for the same ID, random number Rand is randomly selected every time, or specifically, a character string is randomly selected every time, so that a random PID sequence can be correspondingly generated, wherein the PID sequence is (PID)(1),PID(2),PID(3),…,PID(n)) And n is a positive integer.
In addition, the PID management center side may also generate a corresponding current signature private key according to the current virtual identity, which will be described in detail below.
In particular toThe private key generation algorithm PIDsk _ Gen corresponding to the SM9 cryptographic algorithm is called as PID(i)Generating a corresponding private signature key sk(i)Wherein i is a positive integer. At this time, the PID management center generates a plurality of virtual identities and signature private keys for the device identifier of the in-vehicle terminal, for example,
[(PID(1),sk(1)),(PID(2),sk(2)),…,(PID(n),sk(n))],
it can be seen that the virtual identity and the private signature key will exist in pairs. The PID management center may then distribute these virtual identities to the corresponding in-vehicle terminals.
In addition, the private key generation algorithm PIDsk _ Gen corresponding to the SM9 calling cryptographic algorithm is PID(i)Generating a corresponding private signature key sk(i)Can be according to PID(i)And generating a corresponding signature private key sk by using a main private key msk corresponding to the index(i)
In addition, referring to fig. 5, the vehicle-mounted terminals a to E are different communication devices, and the PID management center is the above-mentioned tag management server.
The root CA can be a server and can be used as a root certificate issuing mechanism for generating, issuing, maintaining and managing digital identity certificates of long-term CA and PID management center; and after the certificate is issued, the certificate can be in an off-line state for a long time, and the certificate can be started again when the certificate of the long-term CA and the PID management center needs to be updated and revoked.
The long-term CA may be a server that performs long-term digital identity certificate generation, issuance, and maintenance management.
As for the root CA and long-term CA, the functions are the same as those of the CA center in the classical PKI/CA system, and are not described in detail here.
Fig. 6 is a schematic structural diagram of a V2X anonymous authentication processing apparatus according to an embodiment of the present invention, as shown in fig. 6, the apparatus includes: a message acquisition module 301, a signature acquisition module 302 and a signature verification module 303;
a message obtaining module 301, configured to obtain a message to be received;
a signature obtaining module 302, configured to extract a current digital signature and a current virtual identity from the message to be received;
and the signature verification module 303 is configured to perform a signature verification operation on the current digital signature according to the current virtual identity.
The V2X anonymous authentication device provided by the embodiment of the invention firstly obtains a message to be received, extracts a current digital signature and a current virtual identity from the message to be received, and carries out signature verification operation on the current digital signature according to the current virtual identity. The embodiment of the invention is different from a common information protection mode, signature verification is carried out by using the current virtual identity instead of using a certificate, the calculation amount caused by the signature verification mode is less than that when the certificate is used, the calculation efficiency is greatly improved, and the real-time requirement when a large number of communication messages are processed can be met.
The device embodiment provided in the embodiments of the present invention is for implementing the above method embodiments, and for details of the process and the details, reference is made to the above method embodiments, which are not described herein again.
Fig. 7 is a schematic entity structure diagram of an electronic device according to an embodiment of the present invention, and as shown in fig. 7, the electronic device may include: a processor (processor)401, a communication Interface (communication Interface)402, a memory (memory)403 and a bus 404, wherein the processor 401, the communication Interface 402 and the memory 403 complete communication with each other through the bus 404. The communication interface 402 may be used for information transfer of an electronic device. Processor 401 may call logic instructions in memory 403 to perform a method comprising:
acquiring a message to be received;
extracting a current digital signature and a current virtual identity from the message to be received;
and performing signature verification operation on the current digital signature according to the current virtual identity.
In addition, the logic instructions in the memory 403 may be implemented in the form of software functional units and stored in a computer readable storage medium when the software functional units are sold or used as independent products. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the above-described method embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The electronic device may be a communication device, or other types of electronic devices such as a tag management server.
In another aspect, an embodiment of the present invention further provides a non-transitory computer-readable storage medium, on which a computer program is stored, where the computer program is implemented by a processor to perform the method provided by the foregoing embodiments, for example, including:
acquiring a message to be received;
extracting a current digital signature and a current virtual identity from the message to be received;
and performing signature verification operation on the current digital signature according to the current virtual identity.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (10)

1. A V2X anonymous authentication method applied to a first communication device, comprising:
acquiring a message to be received;
extracting a current digital signature and a current virtual identity from the message to be received;
and performing signature verification operation on the current digital signature according to the current virtual identity.
2. The V2X anonymous authentication method according to claim 1, wherein after extracting the current digital signature and the current virtual ID from the message to be received, the V2X anonymous authentication method further comprises:
extracting a current index from the message to be received;
inquiring a corresponding current master public key according to the current index;
the performing, according to the current virtual identity, a signature verification operation on the current digital signature specifically includes:
and performing signature verification operation on the message to be received by using the current digital signature, the current virtual identity and the current master public key through a preset signature verification algorithm.
3. A V2X anonymous authentication method, applied to a second communication device, comprises the following steps:
if the message content to be sent is detected, the current master public key is obtained;
randomly selecting a current virtual identity within a preset range, and determining a current signature private key corresponding to the current virtual identity;
performing digital signature operation on the message content according to the current master public key and the current signature private key to obtain a current digital signature;
and sending the message content, the current digital signature and the current virtual identity to first communication equipment so that the first communication equipment can carry out signature verification operation on the current digital signature according to the current virtual identity.
4. The V2X anonymous authentication method according to claim 3, wherein the sending the message content, the current digital signature, and the current virtual id to a first communication device for the first communication device to perform a signature verification operation on the current digital signature according to the current virtual id specifically includes:
and sending the message content, the current digital signature, the current virtual identity and the current index corresponding to the current master public key to first communication equipment so that the first communication equipment can inquire the corresponding current master public key according to the current index and carry out signature verification operation on the current digital signature, the current virtual identity and the current master public key through a preset signature verification algorithm.
5. The V2X anonymous authentication method according to claim 3, wherein before acquiring the current master public key if message content to be sent is detected, the V2X anonymous authentication method further comprises:
acquiring a device identifier of second communication equipment;
and sending the equipment identifier to an identifier management server so that the identifier management server generates a current virtual identity identifier according to the equipment identifier, generates a corresponding current signature private key according to the current virtual identity identifier, and feeds back the current virtual identity identifier and the current signature private key to the second communication equipment.
6. A V2X anonymous authentication method is applied to an identification management server and comprises the following steps:
receiving a device identifier sent by second communication equipment;
generating a current virtual identity according to the equipment identifier;
generating a corresponding current signature private key according to the current virtual identity;
and sending the current virtual identity and the current signature private key to the second communication equipment so that the second communication equipment obtains a current main public key and message content to be sent, obtains the current virtual identity, determines a current signature private key corresponding to the current virtual identity, and digitally signs the message content according to the current main public key and the current signature private key.
7. The V2X anonymous authentication method according to claim 6, wherein the generating a current virtual identity according to the device identity specifically includes:
acquiring a current random number;
and converting the equipment identifier into a current virtual identity identifier corresponding to the current random number.
8. The V2X anonymous authentication method according to claim 7, wherein the converting the device identifier into a current virtual identity identifier corresponding to the current nonce specifically includes:
and operating the equipment identifier and the current random number through a preset hash algorithm to generate a current virtual identity identifier corresponding to the current random number.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor when executing the program performs the steps of the V2X anonymous authentication method according to any one of claims 1 to 8.
10. A non-transitory computer readable storage medium having stored thereon a computer program, which when executed by a processor, carries out the steps of the V2X anonymous authentication method according to any one of claims 1 to 8.
CN201911382878.5A 2019-12-27 2019-12-27 V2X anonymous authentication method, device and storage medium Pending CN111182497A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911382878.5A CN111182497A (en) 2019-12-27 2019-12-27 V2X anonymous authentication method, device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911382878.5A CN111182497A (en) 2019-12-27 2019-12-27 V2X anonymous authentication method, device and storage medium

Publications (1)

Publication Number Publication Date
CN111182497A true CN111182497A (en) 2020-05-19

Family

ID=70654153

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911382878.5A Pending CN111182497A (en) 2019-12-27 2019-12-27 V2X anonymous authentication method, device and storage medium

Country Status (1)

Country Link
CN (1) CN111182497A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112039918A (en) * 2020-09-10 2020-12-04 四川长虹电器股份有限公司 Internet of things credible authentication method based on identification cryptographic algorithm
CN112702191A (en) * 2020-12-11 2021-04-23 福建天晴在线互动科技有限公司 Link tracking method and terminal
CN113207105A (en) * 2021-03-29 2021-08-03 北京汽车研究总院有限公司 V2X anonymous communication method, device, electronic equipment and storage medium
CN113691958A (en) * 2021-09-02 2021-11-23 北卡科技有限公司 SM 9-based V2X identity authentication method
CN113795008A (en) * 2021-03-29 2021-12-14 荣耀终端有限公司 V2X signature verification method and device, electronic equipment and readable storage medium

Citations (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1961605A (en) * 2004-05-28 2007-05-09 皇家飞利浦电子股份有限公司 Privacy-preserving information distributing system
CN1973516A (en) * 2004-05-06 2007-05-30 艾利森电话股份有限公司 Method of and system for storage of I-WLAN temporary indentities
CN101841521A (en) * 2010-01-22 2010-09-22 中国科学院计算机网络信息中心 Method, server and system for authenticating identify information in DNS message
CN101867587A (en) * 2010-07-09 2010-10-20 北京交通大学 Anonymous authentication method and system
CN104935548A (en) * 2014-03-17 2015-09-23 腾讯科技(深圳)有限公司 Identity verification method, device and system based on intelligent tattooing equipment
CN105207778A (en) * 2014-07-03 2015-12-30 清华大学深圳研究生院 Method of realizing package identity identification and digital signature on access gateway equipment
CN105246071A (en) * 2014-07-11 2016-01-13 电信科学技术研究院 Message generation and authentication methods and equipment in Internet-of-vehicles system
CN105323753A (en) * 2014-05-30 2016-02-10 中国电信股份有限公司 In-vehicle safety module, vehicular system and method for information interaction between vehicles
CN107026874A (en) * 2017-06-02 2017-08-08 李维刚 One kind instruction signature and verification method and system
US20170300928A1 (en) * 2015-06-04 2017-10-19 Chronicled, Inc. Open registry for identity of things
CN104737493B (en) * 2012-10-26 2017-11-21 诺基亚技术有限公司 It is used for the method and apparatus of data safety in mobile ad-hoc network
CN108964919A (en) * 2018-05-02 2018-12-07 西南石油大学 The lightweight anonymous authentication method with secret protection based on car networking
CN108959883A (en) * 2018-06-25 2018-12-07 兴唐通信科技有限公司 A kind of network identity real name identification method based on quick response matrix code
CN109729504A (en) * 2018-12-04 2019-05-07 深圳供电局有限公司 A method of vehicle authentic authentication and caching based on block chain
CN109922475A (en) * 2019-04-19 2019-06-21 郑州轻工业学院 Vehicle authentication and message verification method under In-vehicle networking environment
CN110071809A (en) * 2019-04-24 2019-07-30 汇智点亮科技(北京)有限公司 Virtual and true identity and its associate management system and method, device and medium

Patent Citations (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1973516A (en) * 2004-05-06 2007-05-30 艾利森电话股份有限公司 Method of and system for storage of I-WLAN temporary indentities
CN1961605A (en) * 2004-05-28 2007-05-09 皇家飞利浦电子股份有限公司 Privacy-preserving information distributing system
CN101841521A (en) * 2010-01-22 2010-09-22 中国科学院计算机网络信息中心 Method, server and system for authenticating identify information in DNS message
CN101867587A (en) * 2010-07-09 2010-10-20 北京交通大学 Anonymous authentication method and system
CN104737493B (en) * 2012-10-26 2017-11-21 诺基亚技术有限公司 It is used for the method and apparatus of data safety in mobile ad-hoc network
CN104935548A (en) * 2014-03-17 2015-09-23 腾讯科技(深圳)有限公司 Identity verification method, device and system based on intelligent tattooing equipment
CN105323753A (en) * 2014-05-30 2016-02-10 中国电信股份有限公司 In-vehicle safety module, vehicular system and method for information interaction between vehicles
CN105207778A (en) * 2014-07-03 2015-12-30 清华大学深圳研究生院 Method of realizing package identity identification and digital signature on access gateway equipment
CN105246071A (en) * 2014-07-11 2016-01-13 电信科学技术研究院 Message generation and authentication methods and equipment in Internet-of-vehicles system
US20170300928A1 (en) * 2015-06-04 2017-10-19 Chronicled, Inc. Open registry for identity of things
CN107026874A (en) * 2017-06-02 2017-08-08 李维刚 One kind instruction signature and verification method and system
CN108964919A (en) * 2018-05-02 2018-12-07 西南石油大学 The lightweight anonymous authentication method with secret protection based on car networking
CN108959883A (en) * 2018-06-25 2018-12-07 兴唐通信科技有限公司 A kind of network identity real name identification method based on quick response matrix code
CN109729504A (en) * 2018-12-04 2019-05-07 深圳供电局有限公司 A method of vehicle authentic authentication and caching based on block chain
CN109922475A (en) * 2019-04-19 2019-06-21 郑州轻工业学院 Vehicle authentication and message verification method under In-vehicle networking environment
CN110071809A (en) * 2019-04-24 2019-07-30 汇智点亮科技(北京)有限公司 Virtual and true identity and its associate management system and method, device and medium

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
杨亚涛等: "基于SM9算法可证明安全的区块链隐私保护方案", 《软件学报》 *
袁峰等: "SM9标识密码算法综述", 《信息安全研究》 *

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112039918A (en) * 2020-09-10 2020-12-04 四川长虹电器股份有限公司 Internet of things credible authentication method based on identification cryptographic algorithm
CN112702191A (en) * 2020-12-11 2021-04-23 福建天晴在线互动科技有限公司 Link tracking method and terminal
CN113207105A (en) * 2021-03-29 2021-08-03 北京汽车研究总院有限公司 V2X anonymous communication method, device, electronic equipment and storage medium
CN113795008A (en) * 2021-03-29 2021-12-14 荣耀终端有限公司 V2X signature verification method and device, electronic equipment and readable storage medium
CN113207105B (en) * 2021-03-29 2022-07-26 北京汽车研究总院有限公司 V2X anonymous communication method, device, electronic equipment and storage medium
CN113795008B (en) * 2021-03-29 2022-08-02 荣耀终端有限公司 V2X signature verification method and device, electronic equipment and readable storage medium
CN113691958A (en) * 2021-09-02 2021-11-23 北卡科技有限公司 SM 9-based V2X identity authentication method
CN113691958B (en) * 2021-09-02 2023-06-09 北卡科技有限公司 SM 9-based V2X identity authentication method

Similar Documents

Publication Publication Date Title
CN109788482B (en) Method and system for anonymous authentication of messages between vehicles in Internet of vehicles environment
CN111182497A (en) V2X anonymous authentication method, device and storage medium
CN104683112B (en) A kind of car car safety communicating method that certification is assisted based on RSU
CN111314056B (en) Heaven and earth integrated network anonymous access authentication method based on identity encryption system
CN101667916B (en) Method of identifying user identity by digital certificate based on separating mapping network
CN108683647B (en) Data transmission method based on multiple encryption
CN107483191B (en) SM2 algorithm key segmentation signature system and method
CN108260102B (en) LTE-R vehicle-ground communication non-access layer authentication method based on proxy signature
CN109067525A (en) Message authentication method based on half credible administrative center in car networking
CN112311537B (en) Block chain-based equipment access authentication system and method
CN109005032B (en) Routing method and device
CN108964896B (en) Kerberos identity authentication system and method based on group key pool
CN110336664B (en) SM2 cryptographic algorithm-based cross-domain authentication method for information service entity
CN102082665A (en) Identity authentication method, system and equipment in EAP (Extensible Authentication Protocol) authentication
CN108076016B (en) Authentication method and device between vehicle-mounted devices
CN112311779B (en) Data access control method and device applied to block chain system
CN104955040B (en) Network authentication method and equipment
CN105450623A (en) Access authentication method of electric automobile
CN114697122A (en) Data transmission method and device, electronic equipment and storage medium
CN108632037B (en) Public key processing method and device of public key infrastructure
CN113382002A (en) Data request method, request response method, data communication system, and storage medium
CN112383897A (en) Information transmission method, device, medium and electronic equipment based on intelligent network connection
CN111314269B (en) Address automatic allocation protocol security authentication method and equipment
CN111800270B (en) Certificate signing method and device, storage medium and computer equipment
CN113163375B (en) Air certificate issuing method and system based on NB-IoT communication module

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20200519

RJ01 Rejection of invention patent application after publication