Disclosure of Invention
The embodiment of the invention provides a communication method of a vehicle-mounted T-BOX and a cloud server and related equipment, which can improve the safety authentication efficiency of the vehicle-mounted T-BOX.
In a first aspect, an embodiment of the present invention provides a communication method for an on-vehicle T-BOX and a cloud server, which is applied to the cloud server, and the method includes:
receiving a handshake signal of an onboard T-BOX, wherein the handshake signal comprises a first CA certificate of the onboard T-BOX;
when first equipment information contained in the first CA certificate is determined to be matched in an authentication failure database, acquiring authentication failure times corresponding to the first equipment information within a first preset time before the current time according to an authentication failure time record of the authentication failure database, wherein the authentication failure database comprises a corresponding relation between the equipment information of a vehicle-mounted T-BOX and the authentication failure time;
determining that the authentication failure times are smaller than a failure time threshold, or when the first equipment information is not matched in the authentication failure database, performing CA authentication on the vehicle-mounted T-BOX according to the first CA certificate;
when the authentication failure times are determined to be larger than or equal to the failure time threshold, adding the current time as the authentication failure time of the first equipment information into the authentication failure database, and returning a handshake failure signal to the vehicle-mounted T-BOX;
when CA authentication is determined not to pass, adding the current moment as authentication failure time of the first equipment information into the authentication failure database, and returning a handshake failure signal to the vehicle-mounted T-BOX;
when CA authentication is determined to pass, a handshake success signal is sent to the vehicle-mounted T-BOX;
and receiving a data report message sent by the vehicle-mounted T-BOX after the vehicle-mounted T-BOX successfully grips, and processing the data report message, wherein the data report message comprises service data of the vehicle-mounted T-BOX and second equipment information.
Optionally, the processing the data reporting packet includes:
when the first equipment information and the second equipment information are determined to be inconsistent, filtering a data report message of the vehicle-mounted T-BOX, adding the first equipment information and the second equipment information to the authentication failure database, and adding the current time as the authentication failure time of the first equipment information and the authentication failure time of the second equipment information to the authentication failure database;
and processing the service data of the vehicle-mounted T-BOX when the first equipment information is determined to be consistent with the second equipment information.
Optionally, the CA authentication includes:
performing one-way CA authentication according to a first trust certificate database and the first CA certificate, wherein the first trust certificate database comprises CA certificates of a plurality of vehicle-mounted T-BOX trusted by the cloud server;
when a first CA certificate is matched in the first trust certificate database, determining that the first CA certificate passes CA authentication;
determining that the first CA certificate is not CA-authenticated when the first CA certificate is not matched in the first trust certificate database.
Optionally, the CA authentication includes:
performing a first one-way CA authentication according to a first trust certificate database and the first CA certificate to generate a first one-way CA authentication result, wherein the first trust certificate database comprises CA certificates of a plurality of vehicle-mounted T-BOX trusted by the cloud server;
sending a second CA certificate of the cloud server to the vehicle-mounted T-BOX so that the vehicle-mounted T-BOX performs second one-way CA authentication on the cloud server according to the second CA certificate and a second trust certificate database to generate a second one-way CA authentication result, wherein the second trust certificate database comprises CA certificates of a plurality of cloud servers trusted by the vehicle-mounted T-BOX;
receiving the second one-way CA authentication result sent by the vehicle-mounted T-BOX;
when the first one-way CA authentication result and the second one-way CA authentication result both pass one-way authentication, determining that the first CA certificate passes two-way CA authentication;
and when the first one-way CA authentication result and/or the second one-way CA authentication result is/are not passed through one-way authentication, determining that the first CA certificate is not passed through two-way CA authentication.
Optionally, the method further comprises:
and deleting the record of the authentication failure time of which the time difference with the current time is greater than a second preset time length in the authentication failure database.
Optionally, the method further comprises:
before receiving a handshake signal of the vehicle-mounted T-BOX, sending a pre-configuration file to the vehicle-mounted T-BOX, so that when the vehicle-mounted T-BOX sends the data report message, the service data is determined according to the pre-configuration file, and the pre-configuration file is used for appointing the service data uploaded by the vehicle-mounted T-BOX.
In a second aspect, an embodiment of the present invention provides a cloud server, including:
the receiving module is used for receiving a handshake signal of the vehicle-mounted T-BOX, wherein the handshake signal comprises a first CA certificate of the vehicle-mounted T-BOX;
the acquisition module is used for acquiring the authentication failure times corresponding to the first equipment information within a first preset time before the current time according to the authentication failure time record of the authentication failure database when the first equipment information contained in the first CA certificate is matched in the authentication failure database, wherein the authentication failure database comprises the corresponding relation between the equipment information of the vehicle-mounted T-BOX and the authentication failure time;
the first processing module is used for determining that the authentication failure times are smaller than a failure time threshold value, or carrying out CA authentication on the vehicle-mounted T-BOX according to the first CA certificate when the first equipment information is not matched in the authentication failure database;
the second processing module is used for adding the current moment as the authentication failure time of the first equipment information into the authentication failure database and returning a handshake failure signal to the vehicle-mounted T-BOX when the authentication failure times are determined to be larger than or equal to the failure times threshold;
the third processing module is used for adding the current moment as the authentication failure time of the first equipment information into the authentication failure database when the CA authentication is determined not to pass, and returning a handshake failure signal to the vehicle-mounted T-BOX;
the fourth processing module is used for sending a handshake success signal to the vehicle-mounted T-BOX when the CA authentication is determined to pass;
the receiving module is further configured to receive a data reporting message sent by the vehicle-mounted T-BOX after the handshake is successful, where the data reporting message includes service data of the vehicle-mounted T-BOX and second device information;
and the fifth processing module is used for processing the data reporting message.
Optionally, the fifth processing module includes:
a first sub-module, configured to filter a data report packet of the on-vehicle T-BOX when it is determined that the first device information and the second device information are inconsistent, add the first device information and the second device information to the authentication failure database, and add a current time to the authentication failure database as authentication failure time of each of the first device information and the second device information;
and the second sub-module is used for processing the service data of the vehicle-mounted T-BOX when the first equipment information is determined to be consistent with the second equipment information.
In a third aspect, an embodiment of the present invention provides a cloud server, including: a processor and a memory;
the processor is connected with the memory, wherein the memory is used for storing program codes, and the processor is used for calling the program codes to execute the communication method between the vehicle-mounted T-BOX and the cloud server.
In a fourth aspect, an embodiment of the present invention provides a computer storage medium storing a computer program, the computer program comprising program instructions that, when executed by a processor, perform the communication method between the vehicle-mounted T-BOX and the cloud server according to the first aspect.
According to the communication method, after the handshake signal of the vehicle-mounted T-BOX is received, the handshake signal carries the first CA certificate, and when the authentication failure database is matched with the first equipment information contained in the first CA certificate, the authentication failure times corresponding to the first equipment information are determined according to the authentication failure time record and the first preset duration. And when the authentication failure times are smaller than the failure time threshold value or the first equipment information is not matched in the authentication failure database, carrying out CA authentication according to the first CA certificate. And when the authentication failure times are larger than or equal to the failure time threshold, adding the current time as the authentication failure time of the first equipment information into an authentication failure database, and returning a handshake failure signal to the vehicle-mounted T-BOX. And when the CA authentication fails, adding the current moment as the authentication failure time of the first equipment information into an authentication failure database, and returning a handshake failure signal to the vehicle-mounted T-BOX. And when the CA authentication is determined to pass, sending a handshake success signal to the vehicle-mounted T-BOX so as to receive a data report message sent by the vehicle-mounted T-BOX after the handshake success, and processing the data report message, wherein the data report message comprises service data of the vehicle-mounted T-BOX and second equipment information. Therefore, in the embodiment of the invention, the first CA certificate included in the handshake signal is utilized to complete the authentication of the authentication failure times of the vehicle-mounted T-BOX and the dual authentication of the CA authentication, and the safety authentication efficiency of the vehicle-mounted T-BOX and the safety of data communication can be effectively improved.
Detailed Description
The technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention.
It should be understood that the terms "first," "second," and the like in the description and claims of this application and in the drawings are used for distinguishing between different objects and not for describing a particular order. Furthermore, the terms "include" and "have," as well as any variations thereof, are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those steps or elements listed, but may alternatively include other steps or elements not listed, or inherent to such process, method, article, or apparatus.
Reference in the specification to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the invention. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is explicitly and implicitly understood by the person skilled in the art that the described embodiments of the invention can be combined with other embodiments.
In the prior art, before reporting service data to a background server, a vehicle-mounted T-BOX terminal in a vehicle networking system needs to execute a security verification process between the vehicle-mounted T-BOX terminal and the background server, generally, the security verification is performed through bidirectional CA authentication, so that more time is spent on the security verification, and the security verification efficiency of the vehicle-mounted T-BOX is low. In order to solve the technical problems, the application provides a communication method of the vehicle-mounted T-BOX and the cloud server, which can effectively improve the safety verification efficiency of the vehicle-mounted T-BOX and the data communication safety of the cloud server.
Referring to fig. 1, fig. 1 is a schematic scene diagram of a communication method between an on-vehicle T-BOX and a cloud server according to an embodiment of the present invention; in fig. 1, before reporting service data to the cloud server 102, the T-BOX terminal 101 mounted on the vehicle transmits a communication handshake signal to the cloud server 102, where the handshake signal includes a CA certificate of the T-BOX terminal 101, and the CA certificate includes first device information of the T-BOX terminal 101. After receiving the handshake signal, the cloud server 102 performs information matching according to the authentication failure database 103 to determine whether the first device information is matched, and the authentication failure database 103 stores a corresponding relationship between the device information of the vehicle-mounted T-BOX with which authentication fails and authentication failure time. And when the first equipment information is not matched, performing CA authentication. In another case, when the first device information is matched, assuming that the matched time is a, the authentication failure times of the first device information are further determined. The number of authentication failure times corresponding to the first device information within 5 minutes (the time length may be adjusted) before the time a in the authentication failure database 103 is determined, and the number is used as the number of authentication failure times. And when the authentication failure times are less than the set threshold value, the CA authentication is continued. And when the authentication failure times are greater than or equal to the threshold, adding the current time as the new authentication failure time of the first device information into the authentication failure database 103, and returning a handshake failure signal to the T-BOX terminal 101.
If the CA passes the authentication, the handshake is successful, a handshake success signal is returned to the T-BOX terminal 101, and at this time, the T-BOX terminal 101 is allowed to send a data report message to the cloud server 102. If the CA authentication fails, a handshake failure signal is returned to the T-BOX terminal 101, and the current time is used as the new authentication failure time of the first device information and is added to the authentication failure database 103.
Then, in order to further improve the security of data communication, after the cloud server 102 receives the data report message, second device information of the T-BOX terminal 101 is acquired from the message, and device authentication is performed on the T-BOX terminal 101 according to the first device information and the second device information, when the first device information and the second device information are consistent, it indicates that the device authentication is passed, and the cloud server 102 processes service data in the message. When the first equipment information is inconsistent with the second equipment information and the equipment authentication is not passed, filtering the data report message and not processing the data report message; and adds the first device information and the second device information to the authentication failure database 103, and adds the current time as the authentication failure time of each of the first device information and the second device information to the authentication failure database 103.
By the method, the double authentication of the authentication failure times authentication and the CA authentication of the vehicle-mounted T-BOX can be completed by using the communication handshake signals, and the safety authentication efficiency of the vehicle-mounted T-BOX and the safety of data communication can be effectively improved. Moreover, after the double authentication, an equipment authentication link is also set, and the data communication safety of the cloud server is further improved.
Please refer to fig. 2, which is a flowchart illustrating a communication method between a vehicle-mounted T-BOX and a cloud server according to an embodiment of the present invention; the method is applied to the cloud server, and the communication method of the vehicle-mounted T-BOX and the cloud server comprises the following steps:
step 201, receiving a handshake signal of the vehicle-mounted T-BOX, wherein the handshake signal comprises a first CA certificate of the vehicle-mounted T-BOX;
specifically, the cloud server receives a handshake signal sent by the vehicle-mounted T-BOX, wherein the handshake signal comprises a first CA certificate of the vehicle-mounted T-BOX.
Step 202, when determining that first equipment information contained in a first CA certificate is matched in an authentication failure database, acquiring the authentication failure times corresponding to the first equipment information within a first preset time before the current time according to an authentication failure time record of the authentication failure database, wherein the authentication failure database comprises the corresponding relation between the equipment information of a vehicle-mounted T-BOX and the authentication failure time;
specifically, an authentication failure database is arranged in the cloud server, wherein the database stores the device information of the vehicle-mounted T-BOX which fails in authentication every time and the corresponding authentication failure time. And the cloud server performs matching in the authentication failure database according to the first equipment information contained in the first CA certificate, and then determines the authentication failure times corresponding to the first equipment information when determining the record matched with the first equipment information. The method comprises the steps of determining a time point when first equipment information is matched in a database, determining the number of authentication failure times corresponding to the first equipment information in the database in a time period of a first preset time before the time point according to the time point, and taking the number as the authentication failure times corresponding to the first equipment information.
The specific value of the first preset time period can be set according to needs, such as 5 minutes, 10 minutes or 20 minutes. Assuming that the time point matched with the first device information is A, in 5 minutes before the time point A is determined in the authentication failure database, the number of authentication failure times corresponding to the first device information is used as the authentication failure times.
Step 203, determining that the authentication failure times are smaller than a failure time threshold, or when the first equipment information is not matched in the authentication failure database, performing CA authentication on the vehicle-mounted T-BOX according to the first CA certificate;
specifically, when the number of authentication failures of the first device information is less than the failure number threshold, then the CA authentication is performed on the in-vehicle T-BOX according to the first CA certificate. In addition, when the first device information is not matched in the authentication failure database, CA authentication is performed on the vehicle-mounted T-BOX according to the first CA certificate.
Step 204, when the authentication failure times are determined to be larger than or equal to the failure time threshold, adding the current time as the authentication failure time of the first equipment information into an authentication failure database, and returning a handshake failure signal to the vehicle-mounted T-BOX;
specifically, when the authentication failure times of the first device information are determined to be greater than or equal to the failure time threshold, the vehicle-mounted T-BOX corresponding to the first device information frequently requests to report data, the safety of the vehicle-mounted T-BOX is low, at the moment, the vehicle-mounted T-BOX is prohibited from reporting data, a handshake failure signal is returned to the vehicle-mounted T-BOX, and the current time (the time when the authentication failure times are determined to be greater than or equal to the failure time threshold) is taken as the new authentication failure time of the first device information and added to the authentication failure database. The specific size of the failure number threshold may be set according to actual needs, for example, 10 times, 20 times, or 50 times.
Step 205, when determining that the CA authentication fails, adding the current moment as the authentication failure time of the first device information into an authentication failure database, and returning a handshake failure signal to the vehicle-mounted T-BOX;
specifically, when the CA authentication fails, the CA certificate of the vehicle-mounted T-BOX is not trusted, the safety of the vehicle-mounted T-BOX cannot be guaranteed at the moment, the CA authentication fails, the moment when the CA authentication fails is determined to be the authentication failure time of the first equipment information and is added into an authentication failure database, a handshake failure signal is returned to the vehicle-mounted T-BOX, and the vehicle-mounted T-BOX is informed of the handshake interaction result.
Step 206, when the CA authentication is determined to pass, a handshake success signal is sent to the vehicle-mounted T-BOX;
specifically, when the CA passes the authentication, the cloud server sends a handshake success signal to the vehicle-mounted T-BOX, and the vehicle-mounted T-BOX is allowed to upload a data report message to the cloud server.
And step 207, receiving a data report message sent by the vehicle-mounted T-BOX after the handshake is successful, and processing the data report message, wherein the data report message comprises the service data of the vehicle-mounted T-BOX and the second equipment information.
Specifically, after receiving the handshake success signal, the vehicle-mounted T-BOX uploads a data report message to the cloud server, and the cloud server processes the message, wherein the data report message comprises service data of the vehicle-mounted T-BOX and second equipment information of the vehicle-mounted T-BOX. Herein, the service data reported by the cloud server by the vehicle-mounted T-BOX terminal may include a driving mileage, a vehicle water temperature, a remaining oil amount, a vehicle condition report, a driving report, an oil consumption statistic, a fault reminding, a violation query, a position track, a driving behavior, a safety anti-theft function, an appointment service, a remote vehicle finding, a monitoring central control warning, an airbag state and the like.
In the embodiment of the invention, the first CA certificate included in the handshake signal is utilized to complete the authentication of the authentication failure times of the vehicle-mounted T-BOX and the dual authentication of the CA authentication, thereby effectively improving the safety authentication efficiency of the vehicle-mounted T-BOX and the safety of data communication. When the authentication fails for the authentication times, the safety authentication process of the vehicle-mounted T-BOX is directly stopped, so that the authentication speed of the vehicle-mounted T-BOX is accelerated to a certain extent; and double safety certification is carried out on the vehicle-mounted T-BOX, so that the data communication safety performance of the cloud server is effectively improved.
In a possible embodiment, in step 207, the processing the data reporting packet includes:
step 2071, when the first device information and the second device information are determined to be inconsistent, filtering a data report message of the vehicle-mounted T-BOX, adding the first device information and the second device information to an authentication failure database, and adding the current time as the respective authentication failure time of the first device information and the second device information to the authentication failure database;
specifically, in the new equipment authentication link, whether second equipment information and first equipment information in a data report message are consistent or not is determined, when the second equipment information and the first equipment information are inconsistent, it is indicated that a CA certificate may be falsely used by the vehicle-mounted T-BOX, and the security cannot be guaranteed, at this time, the data report message is not continuously processed, the first equipment information and the second equipment information are added to an authentication failure database, and the time when the two pieces of equipment information are inconsistent is taken as the authentication failure time of the first equipment information and the second equipment information and is added to the authentication failure database.
And 2072, processing the service data of the vehicle T-BOX when the first device information is determined to be consistent with the second device information.
Specifically, when the first equipment information and the second equipment information are determined to be consistent, the service data of the vehicle-mounted T-BOX is continuously processed. Therefore, the risk that the vehicle-mounted T-BOX falsely reports data through the CA certificate without authorization is avoided, and the safety of cloud service can be effectively improved by combining the authentication failure times, the CA authentication and the equipment authentication.
In one possible embodiment, in step 203, the CA authentication may be a one-way authentication including:
step S11, performing one-way CA authentication according to a first trust certificate database and a first CA certificate, wherein the first trust certificate database comprises CA certificates of a plurality of vehicle-mounted T-BOX trusted by a cloud server;
specifically, a first trust certificate database is arranged in the cloud server, wherein CA certificates of the vehicle-mounted T-BOX trusted by the plurality of cloud servers are stored, and the CA certificates may be uploaded to the cloud server by a background worker in advance.
Step S21, when the first trust certificate database matches the first CA certificate, determining that the first CA certificate passes CA authentication;
specifically, matching is performed in the first trust certificate database according to the first CA certificate, and when the first CA certificate is matched, it is determined that the first CA certificate passes through the CA certificate. The CA certificate comprises the certificate valid date, the certificate serial number, the public key and the equipment information of the vehicle-mounted T-BOX, so that when the certificate is matched with the certificate valid date, the certificate serial number of the first CA certificate can be inquired to determine whether the first CA certificate exists in the first trust certificate database.
In step S31, when the first CA certificate is not matched in the first trust certificate database, it is determined that the first CA certificate is not authenticated by CA.
Specifically, when the first CA certificate is not matched in the first trust certificate database, it indicates that the first CA certificate is not authenticated by the CA.
The one-way CA authentication has the advantage of fast authentication speed, but the authentication reliability is low.
In another possible embodiment, in order to improve the reliability of the CA authentication, in step 203, the CA authentication is a bidirectional authentication including:
step S12, performing first one-way CA authentication according to a first trust certificate database and a first CA certificate to generate a first one-way CA authentication result, wherein the first trust certificate database comprises CA certificates of a plurality of vehicle-mounted T-BOX trusted by a cloud server;
specifically, the first unidirectional CA authentication may be performed according to the method from step S11 to step S31, and a first unidirectional CA authentication result is generated, which is not described again. When the authentication passes, the first one-way CA authentication result is that the one-way authentication passes; and when the authentication fails, the first one-way CA authentication result is that the one-way authentication fails. The first one-way CA authentication result may be represented by "0" and "1", where 0 represents non-authentication and 1 represents authentication. "true" and "false" can also be used to indicate that true represents authenticated and false represents not authenticated.
Step S22, sending a second CA certificate of the cloud server to the vehicle-mounted T-BOX so that the vehicle-mounted T-BOX performs second one-way CA authentication on the cloud server according to the second CA certificate and a second trust certificate database to generate a second one-way CA authentication result, wherein the second trust certificate database comprises CA certificates of a plurality of cloud servers trusted by the vehicle-mounted T-BOX;
specifically, the cloud server sends a second CA certificate of the cloud server to the vehicle-mounted T-BOX, and the vehicle-mounted T-BOX performs second one-way CA authentication according to the second CA certificate and a second trust certificate database so as to generate a second one-way CA authentication result. Similarly, a second trust certificate database is arranged on the vehicle-mounted T-BOX, the data stores CA certificates of a plurality of vehicle-mounted T-BOX trusted cloud servers, and the CA certificates can be stored in the vehicle-mounted T-BOX in advance before the vehicle is delivered out of the vehicle. And the second one-way CA authentication result may also be expressed by "0" and "1", or by "true" and "false".
Step S32, receiving a second one-way CA authentication result sent by the vehicle-mounted T-BOX;
specifically, the vehicle-mounted T-BOX returns the second one-way CA authentication result to the cloud server.
Step S42, when the first one-way CA authentication result and the second one-way CA authentication result both pass one-way authentication, determining that the first CA certificate passes two-way CA authentication;
specifically, the cloud server integrates the first one-way CA authentication result and the second one-way CA authentication result to determine a final result of the bidirectional CA authentication. And when the first one-way CA authentication result and the second one-way CA authentication result both pass one-way authentication, determining that the first CA certificate passes two-way CA authentication.
And step S52, when the first one-way CA authentication result and/or the second one-way CA authentication result is/are not passed the one-way authentication, determining that the first CA certificate is not passed the two-way CA authentication.
Specifically, when either or both of the first one-way CA authentication result and the second one-way CA authentication result are not authenticated, it is determined that the first CA certificate is not authenticated by the two-way CA.
In one possible embodiment, the authentication failure database stores the authentication failure time belonging to the same device information in the same folder according to the device information, and the name of the folder may be the device information, such as the device number. Therefore, when the authentication failure times are determined, the corresponding folder is determined according to the first device information, and then the number of the authentication failure times meeting the conditions in the folder is determined according to the first preset time length. The authentication failure time is stored in different folders, so that the speed of determining the authentication failure times is improved conveniently.
In one possible embodiment, the communication method of the vehicle-mounted T-BOX and the cloud server further comprises the following steps:
and deleting the record of the authentication failure time of which the time difference with the current time is greater than a second preset time length in the authentication failure database.
Specifically, a specific value of the second preset time period may be set as needed, for example, 1 hour, 12 hours, or 1 month. And deleting the data records of the authentication failure time, of which the time difference with the current time is greater than a second preset time length, in the authentication failure database, so as to reduce the size of the authentication failure database.
In one possible embodiment, the communication method of the vehicle-mounted T-BOX and the cloud server further comprises the following steps:
and before receiving a handshake signal of the vehicle-mounted T-BOX, sending a pre-configuration file to the vehicle-mounted T-BOX so that the vehicle-mounted T-BOX returns service data according to the pre-configuration file, wherein the pre-configuration file is used for appointing the service data uploaded by the vehicle-mounted T-BOX.
Specifically, the staff member can determine the specific information contained in the pre-configuration file according to the data processing requirement, for example, the service data needing to be uploaded by the vehicle-mounted T-BOX, such as water temperature, mileage and the like, is specified in the pre-configuration file. The pre-configuration file may also specify the data type and upload period of the onboard T-BOX upload data. For example, the service data is classified in advance, and the service data can be divided into data which must be uploaded and data which can be uploaded, such as the water temperature of a vehicle. And the upload period may be 1 time per month, or 1 time per week, or once per day. The staff can set in the pre-configuration file to determine the type of data to be uploaded and the uploading period. And the cloud server issues the pre-configuration file to the specified vehicle-mounted T-BOX so as to instruct the vehicle-mounted T-BOX to upload corresponding data, or upload specified data to the cloud server according to a specified period. By using the method of the embodiment of the invention, after the triple authentication is passed, the service data can be uploaded to the cloud server, and then the cloud server performs statistical processing and the like on the data.
Based on the description of the communication method embodiment of the vehicle-mounted T-BOX and the cloud server, the embodiment of the present invention further discloses a cloud server, and referring to fig. 3, fig. 3 is a schematic structural diagram of a cloud server provided in the embodiment of the present invention, where the cloud server 300 includes:
the receiving module 301 is configured to receive a handshake signal of the vehicle-mounted T-BOX, where the handshake signal includes a first CA certificate of the vehicle-mounted T-BOX;
an obtaining module 302, configured to obtain, when first device information included in a first CA certificate is determined to be matched in an authentication failure database, an authentication failure frequency corresponding to the first device information within a first preset time before a current time according to an authentication failure time record of the authentication failure database, where the authentication failure database includes a correspondence between device information of a vehicle-mounted T-BOX and the authentication failure time;
the first processing module 303 is configured to determine that the authentication failure number is smaller than a failure number threshold, or perform CA authentication on the vehicle-mounted T-BOX according to the first CA certificate when the first device information is not matched in the authentication failure database;
the second processing module 304 is configured to, when it is determined that the authentication failure number is greater than or equal to the failure number threshold, add the current time as authentication failure time of the first device information to the authentication failure database, and return a handshake failure signal to the on-vehicle T-BOX;
a third processing module 305, configured to add the current time as the authentication failure time of the first device information to the authentication failure database when determining that the CA authentication fails, and return a handshake failure signal to the on-board T-BOX;
the fourth processing module 306 is configured to send a handshake success signal to the vehicle-mounted T-BOX when it is determined that the CA authentication passes;
the receiving module 301 is further configured to receive a data report message sent by the vehicle-mounted T-BOX after the handshake is successful, where the data report message includes service data of the vehicle-mounted T-BOX and second device information;
a fifth processing module 307, configured to process the data reporting packet.
In one possible embodiment, the fifth processing module 307 comprises:
the first submodule is used for filtering a data reporting message of the vehicle-mounted T-BOX when the first equipment information is determined to be inconsistent with the second equipment information, adding the first equipment information and the second equipment information to an authentication failure database, and adding the current time as the respective authentication failure time of the first equipment information and the second equipment information to the authentication failure database;
and the second sub-module is used for processing the service data of the vehicle-mounted T-BOX when the first equipment information is determined to be consistent with the second equipment information.
In one possible embodiment, the first processing module 303 includes:
the third sub-module is used for performing one-way CA authentication according to the first trust certificate database and the first CA certificate, wherein the first trust certificate database comprises CA certificates of a plurality of vehicle-mounted T-BOX trusted by the cloud server; when the first CA certificate is matched in the first trust certificate database, determining that the first CA certificate passes CA authentication; when the first CA certificate is not matched in the first trust certificate database, it is determined that the first CA certificate is not authenticated by CA.
In one possible embodiment, the first processing module 303 includes:
the fourth sub-module is used for performing first one-way CA authentication according to the first trust certificate database and the first CA certificate to generate a first one-way CA authentication result, wherein the first trust certificate database comprises CA certificates of a plurality of vehicle-mounted T-BOX trusted by the cloud server;
the fifth submodule is used for sending a second CA certificate of the cloud server to the vehicle-mounted T-BOX so that the vehicle-mounted T-BOX can carry out second one-way CA authentication on the cloud server according to the second CA certificate and a second trust certificate database to generate a second one-way CA authentication result, wherein the second trust certificate database comprises CA certificates of a plurality of cloud servers trusted by the vehicle-mounted T-BOX;
the sixth submodule is used for receiving a second one-way CA authentication result sent by the vehicle-mounted T-BOX; when the first one-way CA authentication result and the second one-way CA authentication result both pass one-way authentication, determining that the first CA certificate passes two-way CA authentication; and when the first one-way CA authentication result and/or the second one-way CA authentication result is/are not passed through one-way authentication, determining that the first CA certificate is not passed through two-way CA authentication.
In one possible embodiment, the cloud server 300 further includes:
and the deleting module is used for deleting the record of the authentication failure time of which the time difference with the current time is greater than a second preset time length in the authentication failure database.
In one possible embodiment, the cloud server 300 further includes:
and the sending module is used for sending a pre-configuration file to the vehicle-mounted T-BOX before receiving the handshake signal of the vehicle-mounted T-BOX so as to ensure that the vehicle-mounted T-BOX determines the service data according to the pre-configuration file when sending the data report message, and the pre-configuration file is used for appointing the service data uploaded by the vehicle-mounted T-BOX.
It is to be noted that, for a specific implementation manner of the function of the cloud server 300, reference may be made to the above description of the communication method between the vehicle-mounted T-BOX and the cloud server, and details are not repeated here. Each unit or module in the cloud server may be respectively or completely combined into one or several other units or modules to form the cloud server, or some unit(s) or module(s) thereof may be further split into multiple functionally smaller units or modules to form the cloud server, which may implement the same operation without affecting implementation of technical effects of embodiments of the present invention. The above units or modules are divided based on logic functions, and in practical applications, the functions of one unit (or module) may also be implemented by a plurality of units (or modules), or the functions of a plurality of units (or modules) may be implemented by one unit (or module).
Based on the description of the method embodiment and the device embodiment, the embodiment of the invention also provides a cloud server.
Fig. 4 is a schematic structural diagram of a cloud server according to an embodiment of the present invention. The cloud server 400 may include: the processor 401, the network interface 404 and the memory 405, and the cloud server 400 may further include: a user interface 403, and at least one communication bus 402. Wherein a communication bus 402 is used to enable connective communication between these components. The user interface 403 may include a Display (Display) and a Keyboard (Keyboard), and the selectable user interface 403 may also include a standard wired interface and a standard wireless interface. The network interface 404 may optionally include a standard wired interface, a wireless interface (e.g., a WI-FI interface). The memory 405 may be a high-speed RAM memory or a non-volatile memory (e.g., at least one disk memory). The memory 405 may alternatively be at least one storage device located remotely from the aforementioned processor 401. As shown in fig. 4, the memory 405, which is a type of computer storage medium, may include therein an operating system, a network communication module, a user interface module, and a device control application program.
In the cloud server 400 shown in fig. 4, the network interface 404 may provide a network communication function; and the user interface 403 is primarily an interface for providing input to a user; and processor 401 may be configured to invoke a device control application stored in memory 405 to implement the above-described method of communication between the on-board T-BOX and the cloud server.
It should be understood that the cloud server 400 described in the embodiment of the present invention may perform the foregoing communication method between the vehicle-mounted T-BOX and the cloud server, and details are not described herein. In addition, the beneficial effects of the same method are not described in detail.
Further, here, it is to be noted that: an embodiment of the present invention further provides a computer storage medium, and the computer program includes program instructions, and when the processor executes the program instructions, the foregoing description of the communication method between the vehicle-mounted T-BOX and the cloud server can be executed, and therefore, details will not be repeated here. In addition, the beneficial effects of the same method are not described in detail. For technical details not disclosed in the embodiments of the computer storage medium to which the present invention relates, reference is made to the description of the method embodiments of the present invention.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware related to instructions of a computer program, which can be stored in a computer-readable storage medium, and when executed, the processes of the embodiments of the methods described above can be included. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like.
The above disclosure is only for the purpose of illustrating the preferred embodiments of the present invention, and it is therefore to be understood that the invention is not limited by the scope of the appended claims.