CN117395661A - Internet of vehicles identity authentication method, system, electronic equipment and medium - Google Patents
Internet of vehicles identity authentication method, system, electronic equipment and medium Download PDFInfo
- Publication number
- CN117395661A CN117395661A CN202311684892.7A CN202311684892A CN117395661A CN 117395661 A CN117395661 A CN 117395661A CN 202311684892 A CN202311684892 A CN 202311684892A CN 117395661 A CN117395661 A CN 117395661A
- Authority
- CN
- China
- Prior art keywords
- vehicle
- board unit
- obu
- identity
- identity authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 75
- 238000004891 communication Methods 0.000 claims abstract description 28
- 238000012795 verification Methods 0.000 claims description 24
- 238000004590 computer program Methods 0.000 claims description 11
- 230000006855 networking Effects 0.000 claims description 9
- 125000004122 cyclic group Chemical group 0.000 claims description 7
- 230000006870 function Effects 0.000 claims description 5
- 238000013507 mapping Methods 0.000 claims description 4
- 230000008569 process Effects 0.000 abstract description 5
- 238000012545 processing Methods 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 5
- 238000013461 design Methods 0.000 description 4
- 230000002093 peripheral effect Effects 0.000 description 4
- 239000000654 additive Substances 0.000 description 2
- 230000000996 additive effect Effects 0.000 description 2
- 230000008901 benefit Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 101001093748 Homo sapiens Phosphatidylinositol N-acetylglucosaminyltransferase subunit P Proteins 0.000 description 1
- 206010039203 Road traffic accident Diseases 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008447 perception Effects 0.000 description 1
- 238000009877 rendering Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/009—Security arrangements; Authentication; Protecting privacy or anonymity specially adapted for networks, e.g. wireless sensor networks, ad-hoc networks, RFID networks or cloud networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/041—Key generation or derivation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/30—Services specially adapted for particular environments, situations or purposes
- H04W4/40—Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
- H04W4/44—Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P] for communication between vehicles and infrastructures, e.g. vehicle-to-cloud [V2C] or vehicle-to-home [V2H]
Abstract
The invention belongs to the technical field of communication, and aims to provide an identity authentication method, an identity authentication system, electronic equipment and a medium for Internet of vehicles. According to the invention, the privacy of the on-board unit OBU can be increased, in the implementation process, the on-board unit OBU can carry out anonymous identity authentication in the trusted center TA based on the anonymous vehicle identity, so that the leakage of vehicle identification information corresponding to the on-board unit OBU to the road side unit RSU and other on-board units OBU is avoided, the safety of the on-board unit OBU is improved, the true identity of a vehicle user is ensured, and the privacy protection performance is stronger.
Description
Technical Field
The invention belongs to the technical field of communication, and particularly relates to an identity authentication method, an identity authentication system, electronic equipment and a medium for Internet of vehicles.
Background
The internet of vehicles, namely the internet of things of vehicles, takes the running vehicles as information perception objects, realizes network connection between the vehicles and X (namely the vehicles, the people, the roads and the service platform) by means of a new generation information communication technology, improves the overall intelligent driving level of the vehicles, provides safe, comfortable, intelligent and efficient driving feeling and traffic service for users, improves the traffic running efficiency, and improves the intelligent level of social traffic service. In the application process, the Internet of vehicles can provide a guarantee for the distance between vehicles, and the probability of collision accidents of the vehicles is reduced; the system can also help the car owners to navigate in real time, and improve the efficiency of traffic operation through communication with other vehicles and network systems.
The vehicle identity authentication technology is an application foundation of the internet of vehicles service, and the authenticity and the effectiveness of the received messages are judged among vehicles based on the identity authentication technology, so that serious traffic accidents caused by malicious messages of the vehicles are avoided.
However, in the prior art, because information interaction between a vehicle, other vehicles and a drive test unit is frequent in a vehicle network environment, in the process of vehicle identity authentication, a situation that personal information of a legal vehicle user is exposed exists, and a malicious user can acquire a large amount of surrounding vehicle information in a mode of scanning, broadcasting information and the like, so that the prior art is difficult to cope with information protection requirements of the vehicle.
Disclosure of Invention
The invention aims to solve the technical problems at least to a certain extent, and provides a vehicle networking identity authentication method, a system, electronic equipment and a medium.
In order to achieve the above purpose, the present invention adopts the following technical scheme:
in a first aspect, the invention provides a method for authenticating identity of internet of vehicles, which is realized based on an internet of vehicles identity authentication system, wherein the internet of vehicles identity authentication system comprises an on-board unit (OBU), a Road Side Unit (RSU) in communication connection with all on-board units (OBU) in a first designated area, and a trusted center (TA) in communication connection with the Road Side Unit (RSU); the method comprises the following steps:
the trusted center TA initializes global parameters to obtain global basic parameters, and shares the global basic parameters with the road side unit RSU and the vehicle-mounted unit OBU;
the on-board unit OBU receives the vehicle identification information ID i And based on the global basic parameter, the vehicle identification information ID i Encrypting to obtain the vehicleAnonymous vehicle identity corresponding to the OBU of the carrying unit;
the on-board unit OBU sends a vehicle registration request carrying anonymous vehicle identification to the trusted center TA through the road side unit RSU so as to perform network access registration in the trusted center TA;
the vehicle-mounted unit OBU receives a driver identity authentication request input by a driver, performs driver identity authentication according to the driver identity authentication request, and enters the next step after the authentication is passed;
the on-board unit OBU sends an anonymous identity authentication request carrying an anonymous vehicle identity to the trusted center TA through the road side unit RSU, so that the trusted center TA performs anonymous identity authentication on the on-board unit OBU and accesses the on-board unit OBU after authentication is passed.
The invention can increase the privacy of the on-board unit OBU, in the implementation process, the on-board unit OBU can carry out anonymous identity authentication in the trusted center TA based on the anonymous vehicle identity mark thereof, thereby avoiding the vehicle identity information ID corresponding to the on-board unit OBU i Leakage to road side unit RSU and other on-vehicle unit OBU does benefit to the security that promotes on-vehicle unit OBU self, has guaranteed vehicle user's true identity, and privacy protection performance is stronger.
The association relation between the vehicle identity authentication equipment and the vehicle identity information in the technical scheme is invisible to the application client and the application server of the Internet of vehicles, and the safety of the vehicle identity authentication can be better ensured even if the intelligent terminal or the application server is attacked, so that the vehicle identity authentication system is suitable for complex application environments of the Internet of vehicles.
In one possible design, the global basic parameter includes G 1 、G 2 、q、e、k’、K pub 、H 1 And g; wherein q is any prime number randomly selected from the prime number set; g 1 Is an addition cyclic group with the order of prime number q; g 2 Is a multiplication loop group with the order of prime number q; e is bilinear pair mapping, e: g 1 ×G 1 →G 2 The method comprises the steps of carrying out a first treatment on the surface of the k' is G 1 Is a generator of (a); k (K) pub Is a public key, K pub S×k', s is a private key of the trusted center TA, and is any prime number randomly selected from the prime number set; h 1 For a preset one-way hash function,the method comprises the steps of carrying out a first treatment on the surface of the g is a preset symmetric packet encryption algorithm.
In one possible embodiment, the on-board unit OBU generates the vehicle identification information ID based on the global basic parameter i Encrypting to obtain the anonymous vehicle identity corresponding to the on-board unit OBU, which comprises the following steps:
the on-board unit OBU acquires the current time stamp T i And randomly selecting any prime number x from prime number set i As an intermediate encryption parameter;
the on-board unit OBU is used for controlling the time stamp T i Said intermediate encryption parameter x i And the vehicle identification information ID i Generating anonymous vehicle Identity (IM) corresponding to on-board unit (OBU) i The method comprises the steps of carrying out a first treatment on the surface of the Wherein the anonymous vehicle Identity (IM) i The method comprises the following steps: IM (instant Messaging) i =H 1 (ID i ‖x i ‖T i )∈G 1 The method comprises the steps of carrying out a first treatment on the surface of the Where II is the string splice symbol.
In one possible design, the on-board unit OBU sends, to the trusted center TA through the road side unit RSU, a vehicle registration request carrying an anonymous vehicle identity, so as to perform network entry registration at the trusted center TA, including:
the on-board unit OBU sends a vehicle registration request to the trusted center TA through the road side unit RSU, wherein the vehicle registration request carries an anonymous vehicle Identity (IM) i ;
The trusted center TA is based on the anonymous vehicle identity IM i Obtaining a private key sIM corresponding to the on-board unit OBU i The method comprises the steps of carrying out a first treatment on the surface of the Wherein, private key sIM corresponding to the on-board unit OBU i The method comprises the following steps: sIM i =s×H 1 (IM i ),IM i An anonymous vehicle identity corresponding to the on-board unit OBU;
the trusted center TA will correspond to the private key sIM of the on-board unit i And returning to the on-board unit OBU through the road side unit RSU.
In one possible design, the driver identity request carries vehicle identification information ID i And a vehicle authentication password PW i The method comprises the steps of carrying out a first treatment on the surface of the The on-board unit OBU performs driver identity authentication according to the driver identity authentication request, including:
the OBU of the vehicle-mounted unit is based on the intermediate encryption parameter x i And vehicle identification information ID corresponding to the on-board unit OBU i Authentication password PW for the vehicle i Encryption is carried out to obtain encrypted vehicle information R i And to the encrypted vehicle information R i Storing; wherein the encrypted vehicle information R i The method comprises the following steps: r is R i =H 1 (ID i ‖PW i )⊕x i The method comprises the steps of carrying out a first treatment on the surface of the Wherein # -is exclusive or symbol;
the on-board unit OBU acquires vehicle identity verification information Z corresponding to the on-board unit OBU i Then the vehicle authentication information Z is used for i Storing the information into a preset vehicle identity verification information base;
the on-board unit OBU receives a driver identity authentication request input by a driver, wherein the driver identity authentication request carries vehicle identification information ID corresponding to the on-board unit OBU i And a vehicle authentication password PW i ;
The on-board unit OBU is used for controlling the vehicle according to the vehicle identification information ID i Vehicle verification password PW i Encrypted vehicle information R i Obtaining the intermediate encryption parameter x i The method comprises the steps of carrying out a first treatment on the surface of the Wherein x is i =R i ⊕H 1 (ID i ‖PW i );
The on-board unit OBU is used for controlling the vehicle according to the vehicle identification information ID i Vehicle verification password PW i Said intermediate encryption parameter x i Obtaining the identity verification information Z of the vehicle to be verified i 'A'; wherein Z is i ’=H 1 (ID i ‖PW i ‖x i );
Judging the to-be-calibratedVerification information Z for vehicle identification i ' whether or not to match the vehicle authentication information Z corresponding to the on-board unit OBU in the vehicle authentication information base i And if so, finishing identity authentication of the driver.
In one possible embodiment, the on-board unit OBU obtains vehicle authentication information Z corresponding to the on-board unit OBU i Comprising:
the on-board unit OBU is used for controlling the vehicle identification information ID i The vehicle verification password PW i And the intermediate encryption parameter x i Obtaining vehicle identity verification information Z corresponding to the on-board unit OBU i The method comprises the steps of carrying out a first treatment on the surface of the Wherein Z is i =H 1 (ID i ‖PW i ‖x i )。
In a second aspect, the present invention provides a vehicle networking identity authentication system, configured to implement a vehicle networking identity authentication method according to any one of the above-mentioned aspects; the internet of vehicles identity authentication system comprises an on-board unit OBU, a road side unit RSU which is in communication connection with all on-board units OBU of a first designated area, and a trusted center TA which is in communication connection with the road side unit RSU.
In one possible design, the internet of vehicles identity authentication system further comprises a region server LS, through which all road side units RSU of the second designated region are communicatively connected to the trusted center TA.
In a third aspect, the present invention provides an electronic device, comprising:
a memory for storing computer program instructions; the method comprises the steps of,
and the processor is used for executing the computer program instructions so as to finish the operation of the internet of vehicles identity authentication method according to any one of the above.
In a fourth aspect, the present invention provides a computer readable storage medium storing computer program instructions readable by a computer, the computer program instructions being configured to perform operations of the internet of vehicles identity authentication method as claimed in any one of the preceding claims when run.
Drawings
FIG. 1 is a flow chart of a method of Internet of vehicles identity authentication in an embodiment;
fig. 2 is a block diagram of an electronic device in an embodiment.
Detailed Description
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the present invention will be briefly described below with reference to the accompanying drawings and the description of the embodiments or the prior art, and it is obvious that the following description of the structure of the drawings is only some embodiments of the present invention, and other drawings can be obtained according to these drawings without inventive effort to a person skilled in the art. It should be noted that the description of these examples is for aiding in understanding the present invention, but is not intended to limit the present invention.
Example 1:
the embodiment discloses a vehicle networking identity authentication method, which is realized based on a vehicle networking identity authentication system, wherein the vehicle networking identity authentication system comprises a vehicle-mounted unit OBU, a road side unit RSU which is in communication connection with all vehicle-mounted units OBU of a first designated area, and a trusted center TA which is in communication connection with the road side unit RSU; specifically, a Road Side Unit (RSU) is a device which is installed On a Road Side in an electronic toll collection (Electronic Toll Collection, ETC) system, adopts a special short-range communication technology (Dedicated Short Range Communication, DSRC) technology, communicates with an On Board Unit (OBU) and realizes vehicle identification and electronic deduction. A trust center (trusted authority, TA) is a third party trust authority. In this embodiment, the on-board units OBU are connected to the trusted center TA by using a cellular network, and information interaction is performed between the on-board units OBU and the road side unit RSU in a short-distance range by a broadcasting manner.
It should be understood that in this embodiment, the on-board unit OBU and the road side unit RSU may be, but are not limited to, a computer device or a virtual machine with a certain computing resource, for example, an electronic device such as a personal computer, a smart phone, a personal digital assistant, or a wearable device, or a virtual machine, which is not limited herein.
As shown in fig. 1, a method for authenticating identity of internet of vehicles may, but is not limited to, include the following steps:
s1, initializing global parameters by the trusted center TA to obtain global basic parameters, and sharing the global basic parameters to the road side unit RSU and the vehicle-mounted unit OBU; in this embodiment, the on-board unit OBU and the road side unit RSU both construct data encryption and identity authentication based on the global basic parameters.
Specifically, in this embodiment, the global basic parameter includes G 1 、G 2 、q、e、k’、K pub 、H 1 And g; wherein q is any prime number randomly selected from the prime number set; g 1 Is an addition cyclic group with the order of prime number q; g 2 Is a multiplication loop group with the order of prime number q; e is bilinear pair mapping, e: g 1 ×G 1 →G 2 The method comprises the steps of carrying out a first treatment on the surface of the k' is G 1 Is a generator of (a); k (K) pub Is a public key, K pub S×k', s is a private key of the trusted center TA, and is any prime number randomly selected from the prime number set; h 1 For a preset one-way hash function,the method comprises the steps of carrying out a first treatment on the surface of the g is a preset symmetric packet encryption algorithm.
In this embodiment, the initializing global parameters by the trusted center TA to obtain global basic parameters includes:
randomly selecting any prime number q and any prime number s from the prime number set, and taking the prime number s as a private key of the trusted center TA;
obtaining an addition cyclic group G with the order of prime number q according to prime number q 1 ;
Obtaining a multiplication loop group G with the order of prime number q according to prime number q 2 ;
According to additive cyclic group G 1 And multiplication loop group G 2 Obtaining a bilinear pair mapping e; wherein e: g 1 ×G 1 →G 2 The method comprises the steps of carrying out a first treatment on the surface of the In this embodiment, the bilinear pair map e has bilinear, non-degenerate, and computable propertiesIs a characteristic of (a).
According to additive cyclic group G 1 Obtaining a generator k';
obtaining a public key K from the generator K' and the private key s of the trusted center TA pub The method comprises the steps of carrying out a first treatment on the surface of the Wherein K is pub =s×k’;
Obtaining a preset single hash functionThe method comprises the steps of carrying out a first treatment on the surface of the In this embodiment, the one-way hash function H 1 The cryptographic algorithm SM3 and the like can be used, and are not limited thereto.
It should be noted that, in this embodiment, the symmetric packet encryption algorithm g may be a national encryption algorithm SM1, SM4, etc., which is not limited herein.
In this embodiment, the trusted center TA shares the global basic parameter with the road side unit RSU and the on-board unit OBU, including:
s101, the trusted center TA shares the global basic parameters to the road side unit RSU through the area server LS;
s102, broadcasting the global basic parameter to the on-board unit OBU by the road side unit RSU as an area broadcasting message so as to realize sharing of the global basic parameter to the on-board unit OBU.
In this embodiment, the road side unit RSU and the area server LS both register in the trusted center TA after the trusted center TA shares the global basic parameters, and when registering, the road side unit RSU and the area server LS both can obtain the corresponding private key from the trusted center TA, so as to realize the identity authentication in the trusted center TA based on the private key later and access the trusted center TA.
S2, the on-board unit OBU receives the vehicle identification information ID i And based on the global basic parameter, the vehicle identification information ID i And encrypting to obtain the anonymous vehicle identity corresponding to the on-board unit OBU.
In this embodiment, in step S2, the on-board unit OBU performs the following on the global basic parameterVehicle identification information ID i Encrypting to obtain the anonymous vehicle identity corresponding to the on-board unit OBU, which comprises the following steps:
s201, the on-board unit OBU acquires a current time stamp T i And randomly selecting any prime number x from prime number set i As an intermediate encryption parameter;
s202, the on-board unit OBU is used for acquiring the time stamp T i Said intermediate encryption parameter x i And the vehicle identification information ID i Generating anonymous vehicle Identity (IM) corresponding to on-board unit (OBU) i The method comprises the steps of carrying out a first treatment on the surface of the Wherein the anonymous vehicle Identity (IM) i The method comprises the following steps: IM (instant Messaging) i =H 1 (ID i ‖x i ‖T i )∈G 1 The method comprises the steps of carrying out a first treatment on the surface of the Wherein, II is character string splice symbol, which means that two characters are connected in series to form a character string; in this embodiment, a single hash function H is used 1 Generating anonymous vehicle Identity (IM) corresponding to on-board unit (OBU) i Can facilitate anonymous vehicle Identity (IM) i Adding the cyclic group G to the system parameters falling into the trusted center TA 1 Within the range of which it is located.
S3, the on-board unit OBU sends a vehicle registration request carrying an anonymous vehicle identity to the trusted center TA through the road side unit RSU so as to perform network access registration in the trusted center TA and obtain a private key corresponding to the on-board unit OBU.
In this embodiment, the sending, by the on-board unit OBU, a vehicle registration request carrying an anonymous vehicle identity identifier to the trusted center TA through the road side unit RSU, so as to perform network access registration in the trusted center TA, includes:
s301, the on-board unit OBU sends a vehicle registration request to the trusted center TA through the road side unit RSU, wherein the vehicle registration request carries an anonymous vehicle Identity (IM) i ;
S302, the trusted center TA uses the anonymous vehicle identity IM i Obtaining a private key sIM corresponding to the on-board unit OBU i The method comprises the steps of carrying out a first treatment on the surface of the Wherein, private key sIM corresponding to the on-board unit OBU i The method comprises the following steps: sIM i =s×H 1 (IM i ),IM i An anonymous vehicle identity corresponding to the on-board unit OBU;
s303, the trusted center TA uses a private key sIM corresponding to the vehicle-mounted unit i And returning to the on-board unit OBU through the road side unit RSU.
S4, the vehicle-mounted unit OBU receives a driver identity authentication request input by a driver, performs driver identity authentication according to the driver identity authentication request, and enters the next step after the authentication is passed.
In this embodiment, the driver identity authentication request carries the vehicle identification information ID i And a vehicle authentication password PW i The method comprises the steps of carrying out a first treatment on the surface of the The on-board unit OBU performs driver identity authentication according to the driver identity authentication request, including:
s401, the on-board unit OBU is used for controlling the intermediate encryption parameter x i And vehicle identification information ID corresponding to the on-board unit OBU i Authentication password PW for the vehicle i Encryption is carried out to obtain encrypted vehicle information R i And to the encrypted vehicle information R i Storing; wherein the encrypted vehicle information R i The method comprises the following steps: r is R i =H 1 (ID i ‖PW i )⊕x i The method comprises the steps of carrying out a first treatment on the surface of the Wherein # -is exclusive or symbol;
s402, the on-board unit OBU acquires vehicle identity verification information Z corresponding to the on-board unit OBU i Then the vehicle authentication information Z is used for i Storing the information into a preset vehicle identity verification information base;
specifically, the on-board unit OBU acquires vehicle authentication information Z corresponding to the on-board unit OBU i Comprising:
the on-board unit OBU is used for controlling the vehicle identification information ID i The vehicle verification password PW i And the intermediate encryption parameter x i Obtaining vehicle identity verification information Z corresponding to the on-board unit OBU i The method comprises the steps of carrying out a first treatment on the surface of the Wherein Z is i =H 1 (ID i ‖PW i ‖x i )。
S403, the on-board unit OBU receives a driver identity authentication request input by a driver, wherein the driver identity authentication request carries vehicle identification information ID corresponding to the on-board unit OBU i And a vehicle authentication password PW i ;
S404, the on-board unit OBU is used for controlling the vehicle according to the vehicle identification information ID i Vehicle verification password PW i Encrypted vehicle information R i Obtaining the intermediate encryption parameter x i The method comprises the steps of carrying out a first treatment on the surface of the Wherein x is i =R i ⊕H 1 (ID i ‖PW i );
S405, the on-board unit OBU is used for controlling the vehicle according to the vehicle identification information ID i Vehicle verification password PW i Said intermediate encryption parameter x i Obtaining the identity verification information Z of the vehicle to be verified i 'A'; wherein Z is i ’=H 1 (ID i ‖PW i ‖x i );
S406, judging the identity verification information Z of the vehicle to be verified i ' whether or not to match the vehicle authentication information Z corresponding to the on-board unit OBU in the vehicle authentication information base i And if so, the identity authentication of the driver is completed, and the vehicle-mounted unit OBU enters an operating state.
S5, the on-board unit OBU sends an anonymous identity authentication request carrying an anonymous vehicle identity to the trusted center TA through the road side unit RSU, so that the trusted center TA performs anonymous identity authentication on the on-board unit OBU and accesses the on-board unit OBU after authentication is passed, and the on-board unit OBU communicates with the internet of vehicles where the trusted center TA is located based on a private key corresponding to the on-board unit OBU.
In this embodiment, the internet of vehicles identity authentication system further includes an area server LS, and all road side units RSUs in the second designated area are all in communication connection with the trusted center TA through the area server LS.
The embodiment can increase the privacy of the on-board unit OBU, in the implementation process, the on-board unit OBU can carry out anonymous identity authentication on the trusted center TA based on the anonymous vehicle identity mark,avoiding vehicle identification information ID corresponding to on-board unit OBU i Leakage to road side unit RSU and other on-vehicle unit OBU does benefit to the security that promotes on-vehicle unit OBU self, has guaranteed vehicle user's true identity, and privacy protection performance is stronger.
Example 2:
the embodiment discloses a vehicle networking identity authentication system, which is used for realizing the vehicle networking identity authentication method in the embodiment 1; as shown in fig. 2, the internet of vehicles identity authentication system includes an on-board unit OBU, a road side unit RSU communicatively connected to all on-board units OBU of the first designated area, and a trusted center TA communicatively connected to the road side unit RSU.
In this embodiment, to expand the application range of the trusted center TA, the identity authentication system for the internet of vehicles further includes an area server LS, and all road side units RSU in the second designated area are all in communication connection with the trusted center TA through the area server LS.
Example 3:
on the basis of embodiment 1 or 2, this embodiment discloses an electronic device, which may be a smart phone, a tablet computer, a notebook computer, a desktop computer, or the like. An electronic device may be referred to as being used for a terminal, a portable terminal, a desktop terminal, etc., as shown in fig. 2, the electronic device includes:
a memory for storing computer program instructions; the method comprises the steps of,
a processor configured to execute the computer program instructions to perform the operations of the internet of vehicles identity authentication method according to any one of embodiment 1.
In particular, processor 301 may include one or more processing cores, such as a 4-core processor, an 8-core processor, and the like. The processor 301 may be implemented in at least one hardware form of DSP (Digital Signal Processing ), FPGA (Field-Programmable Gate Array, field programmable gate array), PLA (Programmable Logic Array ). The processor 301 may also include a main processor, which is a processor for processing data in an awake state, also called a CPU (Central Processing Unit ), and a coprocessor; a coprocessor is a low-power processor for processing data in a standby state. In some embodiments, the processor 301 may integrate a GPU (Graphics Processing Unit, image processor) for rendering and drawing of content required to be displayed by the display screen.
Memory 302 may include one or more computer-readable storage media, which may be non-transitory. Memory 302 may also include high-speed random access memory, as well as non-volatile memory, such as one or more magnetic disk storage devices, flash memory storage devices. In some embodiments, a non-transitory computer readable storage medium in memory 302 is used to store at least one instruction for execution by processor 301 to implement the internet of vehicles identity authentication method provided by embodiment 1 herein.
In some embodiments, the terminal may further optionally include: a communication interface 303, and at least one peripheral device. The processor 301, the memory 302 and the communication interface 303 may be connected by a bus or signal lines. The respective peripheral devices may be connected to the communication interface 303 through a bus, signal line, or circuit board. Specifically, the peripheral device includes: at least one of radio frequency circuitry 304, a display screen 305, and a power supply 306.
The communication interface 303 may be used to connect at least one peripheral device associated with an I/O (Input/Output) to the processor 301 and the memory 302. In some embodiments, processor 301, memory 302, and communication interface 303 are integrated on the same chip or circuit board; in some other embodiments, either or both of the processor 301, the memory 302, and the communication interface 303 may be implemented on separate chips or circuit boards, which is not limited in this embodiment.
The Radio Frequency circuit 304 is configured to receive and transmit RF (Radio Frequency) signals, also known as electromagnetic signals. The radio frequency circuitry 304 communicates with a communication network and other communication devices via electromagnetic signals.
The display screen 305 is used to display a UI (User Interface). The UI may include graphics, text, icons, video, and any combination thereof.
The power supply 306 is used to power the various components in the electronic device.
Example 4:
on the basis of any one of embodiments 1 to 3, this embodiment discloses a computer-readable storage medium for storing computer-readable computer program instructions configured to perform the operations of the internet of vehicles identity authentication method as described in embodiment 1 when executed.
It will be apparent to those skilled in the art that the modules or steps of the invention described above may be implemented in a general purpose computing device, they may be concentrated on a single computing device, or distributed across a network of computing devices, or they may alternatively be implemented in program code executable by computing devices, such that they may be stored in a memory device for execution by the computing devices, or they may be separately fabricated into individual integrated circuit modules, or multiple modules or steps within them may be fabricated into a single integrated circuit module. Thus, the present invention is not limited to any specific combination of hardware and software.
Finally, it should be noted that the above embodiments are merely illustrative of the technical solution of the present invention, and not limiting thereof; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some of the technical features thereof can be replaced by equivalents. Such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.
Claims (10)
1. The identity authentication method for the Internet of vehicles is characterized by comprising the following steps of: the method is realized based on an internet of vehicle identity authentication system, and the internet of vehicle identity authentication system comprises an on-board unit OBU, a road side unit RSU which is in communication connection with all the on-board units OBU of a first designated area, and a trusted center TA which is in communication connection with the road side unit RSU; the method comprises the following steps:
the trusted center TA initializes global parameters to obtain global basic parameters, and shares the global basic parameters with the road side unit RSU and the vehicle-mounted unit OBU;
the on-board unit OBU receives the vehicle identification information ID i And based on the global basic parameter, the vehicle identification information ID i Encrypting to obtain an anonymous vehicle identity corresponding to the on-board unit OBU;
the on-board unit OBU sends a vehicle registration request carrying anonymous vehicle identification to the trusted center TA through the road side unit RSU so as to perform network access registration in the trusted center TA;
the vehicle-mounted unit OBU receives a driver identity authentication request input by a driver, performs driver identity authentication according to the driver identity authentication request, and enters the next step after the authentication is passed;
the on-board unit OBU sends an anonymous identity authentication request carrying an anonymous vehicle identity to the trusted center TA through the road side unit RSU, so that the trusted center TA performs anonymous identity authentication on the on-board unit OBU and accesses the on-board unit OBU after authentication is passed.
2. The internet of vehicles identity authentication method according to claim 1, wherein: the global basic parameters include G 1 、G 2 、q、e、k’、K pub 、H 1 And g; wherein q is any prime number randomly selected from the prime number set; g 1 Is an addition cyclic group with the order of prime number q; g 2 Is a multiplication loop group with the order of prime number q; e is bilinear pair mapping, e: g 1 ×G 1 →G 2 The method comprises the steps of carrying out a first treatment on the surface of the k' is G 1 Is a generator of (a); k (K) pub Is a public key, K pub S×k', s is a private key of the trusted center TA, and is any prime number randomly selected from the prime number set; h 1 For a preset one-way hash function,the method comprises the steps of carrying out a first treatment on the surface of the g is a preset symmetric packet encryption algorithm.
3. The internet of vehicles identity authentication method according to claim 2, wherein: the on-board unit OBU performs the global basic parameter on the vehicle identification information ID i Encrypting to obtain the anonymous vehicle identity corresponding to the on-board unit OBU, which comprises the following steps:
the on-board unit OBU acquires the current time stamp T i And randomly selecting any prime number x from prime number set i As an intermediate encryption parameter;
the on-board unit OBU is used for controlling the time stamp T i Said intermediate encryption parameter x i And the vehicle identification information ID i Generating anonymous vehicle Identity (IM) corresponding to on-board unit (OBU) i The method comprises the steps of carrying out a first treatment on the surface of the Wherein the anonymous vehicle Identity (IM) i The method comprises the following steps: IM (instant Messaging) i =H 1 (ID i ‖x i ‖T i )∈G 1 The method comprises the steps of carrying out a first treatment on the surface of the Where II is the string splice symbol.
4. The internet of vehicles identity authentication method according to claim 2, wherein: the on-board unit OBU sends a vehicle registration request carrying an anonymous vehicle identity to the trusted center TA through the road side unit RSU, so as to perform network access registration in the trusted center TA, including:
the on-board unit OBU sends a vehicle registration request to the trusted center TA through the road side unit RSU, wherein the vehicle registration request carries an anonymous vehicle Identity (IM) i ;
The trusted center TA is based on the anonymous vehicle identity IM i Obtaining a private key sIM corresponding to the on-board unit OBU i The method comprises the steps of carrying out a first treatment on the surface of the Wherein, private key sIM corresponding to the on-board unit OBU i The method comprises the following steps: sIM i =s×H 1 (IM i ),IM i An anonymous vehicle identity corresponding to the on-board unit OBU;
the trusted center TA will be in communication withPrivate key sIM corresponding to the vehicle-mounted unit i And returning to the on-board unit OBU through the road side unit RSU.
5. A method for authenticating identity of internet of vehicles according to claim 3, wherein: the driver identity authentication request carries vehicle identification information ID i And a vehicle authentication password PW i The method comprises the steps of carrying out a first treatment on the surface of the The on-board unit OBU performs driver identity authentication according to the driver identity authentication request, including:
the OBU of the vehicle-mounted unit is based on the intermediate encryption parameter x i And vehicle identification information ID corresponding to the on-board unit OBU i Authentication password PW for the vehicle i Encryption is carried out to obtain encrypted vehicle information R i And to the encrypted vehicle information R i Storing; wherein the encrypted vehicle information R i The method comprises the following steps: r is R i =H 1 (ID i ‖PW i )⊕x i The method comprises the steps of carrying out a first treatment on the surface of the Wherein # -is exclusive or symbol;
the on-board unit OBU acquires vehicle identity verification information Z corresponding to the on-board unit OBU i Then the vehicle authentication information Z is used for i Storing the information into a preset vehicle identity verification information base;
the on-board unit OBU receives a driver identity authentication request input by a driver, wherein the driver identity authentication request carries vehicle identification information ID corresponding to the on-board unit OBU i And a vehicle authentication password PW i ;
The on-board unit OBU is used for controlling the vehicle according to the vehicle identification information ID i Vehicle verification password PW i Encrypted vehicle information R i Obtaining the intermediate encryption parameter x i The method comprises the steps of carrying out a first treatment on the surface of the Wherein x is i =R i ⊕H 1 (ID i ‖PW i );
The on-board unit OBU is used for controlling the vehicle according to the vehicle identification information ID i Vehicle verification password PW i Said intermediate encryption parameter x i Obtaining the identity verification information Z of the vehicle to be verified i 'A'; wherein Z is i ’=H 1 (ID i ‖PW i ‖x i );
Judging the identity verification information Z of the vehicle to be verified i ' whether or not to match the vehicle authentication information Z corresponding to the on-board unit OBU in the vehicle authentication information base i And if so, finishing identity authentication of the driver.
6. The internet of vehicles identity authentication method according to claim 5, wherein: the on-board unit OBU acquires vehicle identity verification information Z corresponding to the on-board unit OBU i Comprising:
the on-board unit OBU is used for controlling the vehicle identification information ID i The vehicle verification password PW i And the intermediate encryption parameter x i Obtaining vehicle identity verification information Z corresponding to the on-board unit OBU i The method comprises the steps of carrying out a first treatment on the surface of the Wherein Z is i =H 1 (ID i ‖PW i ‖x i )。
7. The utility model provides a car networking identity authentication system which characterized in that: for implementing the internet of vehicles identity authentication method according to any one of claims 1 to 6; the internet of vehicles identity authentication system comprises an on-board unit OBU, a road side unit RSU which is in communication connection with all on-board units OBU of a first designated area, and a trusted center TA which is in communication connection with the road side unit RSU.
8. The internet of vehicles identity authentication system of claim 7, wherein: the internet of vehicles identity authentication system further comprises an area server LS, and all road side units RSU of the second designated area are in communication connection with the trusted center TA through the area server LS.
9. An electronic device, characterized in that: comprising the following steps:
a memory for storing computer program instructions; the method comprises the steps of,
a processor for executing the computer program instructions to perform the operations of the internet of vehicles identity authentication method as claimed in any one of claims 1 to 6.
10. A computer readable storage medium storing computer program instructions readable by a computer, characterized by: the computer program instructions are configured to perform the operations of the internet of vehicles identity authentication method of any one of claims 1 to 6 when run.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311684892.7A CN117395661B (en) | 2023-12-11 | 2023-12-11 | Internet of vehicles identity authentication method, system, electronic equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311684892.7A CN117395661B (en) | 2023-12-11 | 2023-12-11 | Internet of vehicles identity authentication method, system, electronic equipment and medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117395661A true CN117395661A (en) | 2024-01-12 |
| CN117395661B CN117395661B (en) | 2024-03-12 |
Family
ID=89470588
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311684892.7A Active CN117395661B (en) | 2023-12-11 | 2023-12-11 | Internet of vehicles identity authentication method, system, electronic equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117395661B (en) |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103078930A (en) * | 2012-12-31 | 2013-05-01 | 广东工业大学 | Information distribution system based on vehicle internet |
| CN104363586A (en) * | 2014-11-14 | 2015-02-18 | 安徽大学 | Lightweight-class roaming access authentication method for Internet of Vehicles |
| CN104702418A (en) * | 2015-04-07 | 2015-06-10 | 江苏大学 | Vehicle identity authentication method capable of evenly sharing RSU calculated amount |
| CN106330910A (en) * | 2016-08-25 | 2017-01-11 | 重庆邮电大学 | Strong privacy protection dual authentication method based on node identities and reputations in Internet of vehicles |
| KR101700588B1 (en) * | 2015-09-15 | 2017-02-13 | 가톨릭관동대학교산학협력단 | VANET system using a Mutual Authentication Scheme and Black Hole detection method using thereof |
| CN109067525A (en) * | 2018-08-01 | 2018-12-21 | 安徽大学 | Message authentication method based on half credible administrative center in car networking |
| CN109194610A (en) * | 2018-07-24 | 2019-01-11 | 北京交通大学 | Vehicle-mounted mist data lightweight anonymous access authentication method based on block chain auxiliary |
| CN109412816A (en) * | 2018-12-20 | 2019-03-01 | 东北大学 | A kind of vehicle-mounted net anonymous communication system and method based on ring signatures |
| CN110913390A (en) * | 2019-10-22 | 2020-03-24 | 如般量子科技有限公司 | Anti-quantum computing vehicle networking method and system based on identity secret sharing |
| US20200322135A1 (en) * | 2017-12-20 | 2020-10-08 | Lg Electronics Inc. | Cryptographic methods and systems for authentication in connected vehicle systems and for other uses |
| CN114390474A (en) * | 2022-01-12 | 2022-04-22 | 重庆邮电大学 | Lightweight two-factor vehicle networking bidirectional anonymous authentication system and method based on BS-PUF |
| CN116614811A (en) * | 2023-06-19 | 2023-08-18 | 安徽江淮汽车集团股份有限公司 | Distributed information authentication method and system for Internet of vehicles |
-
2023
- 2023-12-11 CN CN202311684892.7A patent/CN117395661B/en active Active
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103078930A (en) * | 2012-12-31 | 2013-05-01 | 广东工业大学 | Information distribution system based on vehicle internet |
| CN104363586A (en) * | 2014-11-14 | 2015-02-18 | 安徽大学 | Lightweight-class roaming access authentication method for Internet of Vehicles |
| CN104702418A (en) * | 2015-04-07 | 2015-06-10 | 江苏大学 | Vehicle identity authentication method capable of evenly sharing RSU calculated amount |
| KR101700588B1 (en) * | 2015-09-15 | 2017-02-13 | 가톨릭관동대학교산학협력단 | VANET system using a Mutual Authentication Scheme and Black Hole detection method using thereof |
| CN106330910A (en) * | 2016-08-25 | 2017-01-11 | 重庆邮电大学 | Strong privacy protection dual authentication method based on node identities and reputations in Internet of vehicles |
| US20200322135A1 (en) * | 2017-12-20 | 2020-10-08 | Lg Electronics Inc. | Cryptographic methods and systems for authentication in connected vehicle systems and for other uses |
| CN109194610A (en) * | 2018-07-24 | 2019-01-11 | 北京交通大学 | Vehicle-mounted mist data lightweight anonymous access authentication method based on block chain auxiliary |
| CN109067525A (en) * | 2018-08-01 | 2018-12-21 | 安徽大学 | Message authentication method based on half credible administrative center in car networking |
| CN109412816A (en) * | 2018-12-20 | 2019-03-01 | 东北大学 | A kind of vehicle-mounted net anonymous communication system and method based on ring signatures |
| CN110913390A (en) * | 2019-10-22 | 2020-03-24 | 如般量子科技有限公司 | Anti-quantum computing vehicle networking method and system based on identity secret sharing |
| CN114390474A (en) * | 2022-01-12 | 2022-04-22 | 重庆邮电大学 | Lightweight two-factor vehicle networking bidirectional anonymous authentication system and method based on BS-PUF |
| CN116614811A (en) * | 2023-06-19 | 2023-08-18 | 安徽江淮汽车集团股份有限公司 | Distributed information authentication method and system for Internet of vehicles |
Non-Patent Citations (1)
| Title |
|---|
| SONGHAO BAI ET AL.: "Anonymous Identity Authentication scheme for Internet of Vehicles based on moving target Defense", 2021 INTERNATIONAL CONFERENCE ON ADVANCED COMPUTING AND ENDOGENOUS SECURITY, 17 January 2023 (2023-01-17) * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117395661B (en) | 2024-03-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Zhong et al. | Conditional privacy-preserving authentication using registration list in vehicular ad hoc networks | |
| CN108322486B (en) | Authentication method for multi-server architecture under Internet of vehicles cloud environment | |
| CN109005538B (en) | Message authentication method between unmanned vehicle and multi-mobile-edge computing server | |
| US20170180330A1 (en) | Method and electronic device for vehicle remote control and a non-transitory computer readable storage medium | |
| CN107483191B (en) | SM2 algorithm key segmentation signature system and method | |
| Tan et al. | Secure certificateless authentication and road message dissemination protocol in VANETs | |
| EP3843355A1 (en) | Method for sending message, method for verifying message, device, and communication system | |
| CN110826043A (en) | Digital identity application system and method, identity authentication system and method | |
| CN111222178B (en) | Data signature method and device | |
| CN109361718A (en) | Identity identifying method, device and medium | |
| CN102546172A (en) | Access control method of intelligent card, intelligent card, terminal and system | |
| WO2019007298A1 (en) | Systems and methods for data transmission | |
| Han et al. | Zero-knowledge identity authentication for internet of vehicles: Improvement and application | |
| CN111247770B (en) | Method and related system for protecting vehicle external communication by using IBC | |
| CN117395661B (en) | Internet of vehicles identity authentication method, system, electronic equipment and medium | |
| CN115242412B (en) | Certificateless aggregation signature method and electronic equipment | |
| US20200374116A1 (en) | System and method for computing an escrow session key and a private session key for encoding digital communications between two devices | |
| CN114339675B (en) | Lightweight authentication and key sharing system and method for Internet of vehicles | |
| CN111444498B (en) | Unlocking method and shared service system | |
| US11902451B2 (en) | Cross-blockchain identity and key management | |
| CN115567297A (en) | Cross-site request data processing method and device | |
| CN113453223B (en) | Key updating method, system, device, storage medium and terminal | |
| CN114978645A (en) | Data processing method and device based on block chain, server and storage medium | |
| CN112150151B (en) | Secure payment method, apparatus, electronic device and storage medium | |
| Pulagara et al. | An intelligent and robust conditional privacy preserving authentication and group‐key management scheme for vehicular ad hoc networks using elliptic curve cryptosystem |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |