CN103974255B - A kind of vehicle access system and method - Google Patents

A kind of vehicle access system and method Download PDF

Info

Publication number
CN103974255B
CN103974255B CN201410187144.2A CN201410187144A CN103974255B CN 103974255 B CN103974255 B CN 103974255B CN 201410187144 A CN201410187144 A CN 201410187144A CN 103974255 B CN103974255 B CN 103974255B
Authority
CN
China
Prior art keywords
vehicle
digital certificate
request
intelligent transportation
transportation server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410187144.2A
Other languages
Chinese (zh)
Other versions
CN103974255A (en
Inventor
钟焰涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Yulong Computer Telecommunication Scientific Shenzhen Co Ltd
Original Assignee
Yulong Computer Telecommunication Scientific Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yulong Computer Telecommunication Scientific Shenzhen Co Ltd filed Critical Yulong Computer Telecommunication Scientific Shenzhen Co Ltd
Priority to CN201410187144.2A priority Critical patent/CN103974255B/en
Publication of CN103974255A publication Critical patent/CN103974255A/en
Application granted granted Critical
Publication of CN103974255B publication Critical patent/CN103974255B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention provides a kind of vehicle access system and methods, and the system comprises communication unit, digital certificate center, access unit and intelligent transportation servers.The communication unit is used to send the first request to digital certificate center and generates the authorization messages for including digital certificate after digital certificate is returned at digital certificate center, and authorization message is sent to the access unit;The digital certificate center be used for according to described first request to generate with the first corresponding digital certificate of request and, digital certificate is back to communication unit;The access unit is used to receive the authorization messages for including the digital certificate that the communication unit is sent, and sends the second request to the intelligent transportation server according to the authorization messages;The intelligent transportation server is used to verify whether second request is legal and determines whether that vehicle accesses the intelligent transportation server according to verification result.The technical program solves the problems, such as the privacy and security during existing vehicle access.

Description

A kind of vehicle access system and method
Technical field
The present invention relates to a kind of vehicle access system and methods.
Background technology
Intelligent transportation system (Intelligent Transport System, abbreviation ITS) be by advanced information technology, Mechanics of communication, sensing technology, control technology and computer technology etc. are effectively integrated into entire traffic management body System, and set up it is a kind of in a wide range of, it is comprehensive play a role, in real time, accurately and efficiently comprehensive transport and management System.The automobile of user can enjoy various easily transport services after accessing ITS systems in the process of moving, for example, can be with Real-time Traffic Information is received, the information such as journey periphery hotel, market can be understood at any time, can also realize that vehicle is not required to parking and hands over Receive toll, the electronic charging function of cross-bridge-expense.
But vehicle, when accessing ITS systems, due to being directly to initiate access application with real information by vehicle, there are vehicles Driving trace, the disclosure risk of running time, and its communication data after ITS systems are accessed also easily is cut by third party It takes.
The content of the invention
In view of this, a kind of safer vehicle access system is provided and method is actually necessary.
The vehicle access system that the embodiment of the present invention is provided, including communication unit, digital certificate center, access unit and Intelligent transportation server.
The communication unit is used to send the first request to the digital certificate center, and first request is for number of request Word certificate and, after returning to digital certificate at the digital certificate center, generation includes the authorization messages of the digital certificate, And the authorization message is sent to the access unit.
The digital certificate center be used for according to described first request to generate with the described first corresponding digital certificate of request, And the digital certificate is back to the communication unit.
The access unit is asked for receiving the authorization messages according to authorization messages generation second, and will Second request is sent to the intelligent transportation server, and second request hands over the vehicle access intelligence for request Logical server.
Whether the intelligent transportation server is legal for verifying second request, and is judged whether according to verification result The vehicle is allowed to access the intelligent transportation server.
Further, the communication unit requests to generate module including essential information generation module, first, request sends mould Block, certificate receiving module and authorization messages generation module, wherein:The essential information generation module for generate vehicle assumed name and Public-private key pair;Described first requests to generate module for according to first request of the vehicle assumed name and public key generation;Institute Request sending module is stated for the described first request to be sent to the digital certificate center;The certificate receiving module is used to connect Receive the digital certificate that the digital certificate center returns;The authorization messages generation module is used for according to the vehicle assumed name, institute It states public key, the private key and the digital certificate and generates the authorization messages.
Further, the vehicle assumed name is for the replacement title as the vehicle, to represent the vehicle as application The user of the digital certificate, the vehicle assumed name are a random number.
Further, the access unit is used to be generated according to the vehicle assumed name, the public key and the digital certificate Second request.
Further, when the verification result that the intelligent transportation server returns is legal, the intelligent transportation service Device allow the vehicle access the intelligent transportation server and, when the verification result that the intelligent transportation server returns For it is illegal when, the intelligent transportation server forbids the vehicle to access the intelligent transportation server.
The embodiment of the present invention additionally provides a kind of vehicle cut-in method, applied to by communication unit, digital certificate center, connect Enter the vehicle access system that unit and intelligent transportation server are formed, the described method includes:
The communication unit sends the first request to digital certificate center, and first request is for digital certificate request;
The digital certificate center according to described first request to generate with the described first corresponding digital certificate of request, with And the digital certificate is back to the communication unit;
The communication unit receives the digital certificate that the digital certificate center returns, and is generated according to the digital certificate Authorization messages, while the authorization messages are sent to the access unit;
The access unit receives the authorization messages, according to the second request of authorization messages generation, and by described the Two requests are sent to the intelligent transportation server;
Whether the second request is legal described in the intelligent transportation server authentication, and is determined whether according to verification result The vehicle accesses the intelligent transportation server.
Further, before the communication unit sends the first request to digital certificate center, the method further includes: The communication unit generates vehicle assumed name and public-private key pair and according to the vehicle assumed name and public key generation described first Request.
Further, the communication unit is according to digital certificate generation authorization messages:The communication unit according to The vehicle assumed name, the public key, the private key and the digital certificate generate the authorization messages;The access unit according to The authorization messages generation second is asked:The access unit is demonstrate,proved according to the vehicle assumed name, the public key and the number Inteilectual asks into described second.
Further, the vehicle assumed name is for the replacement title as the vehicle, to represent the vehicle as application The user of the digital certificate, the vehicle assumed name are a random number.
Further, when the verification result that the intelligent transportation server returns is legal, the intelligent transportation service Device allows the vehicle to access the intelligent transportation server;
When the verification result that the intelligent transportation server returns is illegal, the intelligent transportation server is forbidden described Vehicle accesses the intelligent transportation server.
When current vehicle is accessed intelligent transportation server by the technical program, digital certificate request is independently initiated by vehicle simultaneously The process that access application is directly initiated with real information is improved to:By generating vehicle assumed name, realizing is needing interactive vehicle true It is all substituted when real information using vehicle assumed name, information of vehicles lets out when accessing intelligent transportation system so as to avoid vehicle Dew.
Description of the drawings
The Organization Chart for the vehicle access system that Fig. 1 is provided by the first embodiment of the present invention.
Fig. 2 is the Organization Chart for the communication unit that the vehicle access system that first embodiment provides includes.
The flow chart for the vehicle cut-in method that Fig. 3 is provided by the second embodiment of the present invention.
Specific implementation method
It is to better understand the objects, features and advantages of the present invention, below in conjunction with the accompanying drawings and specific real Example is applied the present invention is further described in detail.It should be noted that in the case where there is no conflict, embodiments herein And the feature in embodiment can be mutually combined.
Many details are elaborated in the following description to facilitate a thorough understanding of the present invention, still, the present invention may be used also To be implemented using other different from other modes described here, therefore, protection scope of the present invention and from described below Specific embodiment limitation.
Refer to Fig. 1, the vehicle access system 100 that the first embodiment of the present invention is provided, for the vehicle to be connect Enter intelligent transportation server, the vehicle access system 100 includes:Communication unit 10, digital certificate center 20, access unit 30 With intelligent transportation server 40.
The communication unit 10 is used to send the first request to the digital certificate center 20, and first request is used for please Ask digital certificate and, after returning to the digital certificate at the digital certificate center 20, generation include the digital certificate Authorization messages, and the authorization message is sent to the access unit 30, the authorization messages are single for authorizing the access Member 30 is initiated to access the request of the intelligent transportation server 40.
In the above-described embodiments, the communication unit 10 requests to generate module including essential information generation module 11, first 12nd, request sending module 13, certificate receiving module 14 and authorization messages generation module 15.
The essential information generation module 11 is used to generate vehicle assumed name a and public-private key to (pk, sk).
In the above-described embodiments, the vehicle assumed name a is specially a random integers, for the replacement name as the vehicle Claim, for expressing its user for application digital certificate.
In the above-described embodiments, it is used as vehicle assumed name by generating random number, on the one hand by the real information of the vehicle, For example vehicle code, car plate etc. are used to distinguish the Information hiding of vehicle, realize the safety of the information of vehicles;The opposing party The random number is filled into the described first request, seems particularly necessary in following two situations by face:
Situation one
It is multiple when the communication unit 10 is ensures that the digital certificate center 20 receives first request really When sending first request, the digital certificate center 20 for the principle for only providing same user a digital certificate, It fills to the random number of the described first request and can be used for identifying whether to have provided digital certificate to the user, to avoid Repeat the difficulty of subsequent authentication caused by providing.
Situation two
When having multiple communication units 10 to need to apply digital certificate, the digital certificate center 20 can profit The first different requests from different communication unit 10 are distinguished with the difference of the random number.
In the above-described embodiments, the public-private key is common concepts in cryptography to (pk, sk), by a public key Pk and private key sk composition.Public key pk can use corresponding commonly used in encrypted session key, verification digital signature or encryption The data of private key decryption.Public key pk is outwardly disclosed, and private key sk is then protected as security information.Using this key pair when It waits, if encrypting one piece of data with one of key, it is necessary to another secret key decryption.For example just must with public key encryption data It must be decrypted with private key, if must also use public key decryptions with private key encryption, otherwise decryption will not succeed.
In the above-described embodiments, the private key sk is the random number randomly selected, and public key pk is by private key sk and encryption What the systematic parameter of system was calculated, it can specifically pass through the symmetry Encryption Algorithm such as DES algorithms, 3DES algorithms, TDEA algorithms Generation, which is not described herein again.
Described first requests to generate module 12 for according to the vehicle assumed name a and public key pk generations first request.
In the above-described embodiments, the message package of first request concretely following several forms, specific form by Consult definite communication protocol in advance or password judges, the specific form includes the content that message package includes and each content goes out Existing order, the message packages of following several forms only to it includes content be defined, do not limit each content occur it is suitable Sequence:
The first:Packet1 → (vehicle assumed name, public key) → (a, pk)
It is automatic to know after the digital certificate center 20 receives the Packet1 during using the first message packet format Different content in not described message package on vehicle assumed name position and public key bits, and vehicle assumed name a and public key pk are regarded as respectively, And for the vehicle assumed name a and public key pk generation certification certificates.
Second:Packet2 → (encryption data bag, public key) → ((a, pk)pk,pk)
During using second of message packet format, the encryption data bag is suitable by the vehicle assumed name a and the public key pk The secondary character string connected and composed is encrypted by the public key pk.Described in being received when the digital certificate center 20 After Packet2, the public key pk described in automatic identification in message package public key bits, and decrypt the encryption data using the public key pk Bag so as to obtain the vehicle assumed name a, and generates certification certificate further directed to the vehicle assumed name a and public key pk.
The third:Packet3 → (encryption data bag, vehicle assumed name, public key) → ((a, pk)pk,a,pk)
During using the third message packet format, the vehicle assumed name a also serves as public information and appears in the data packet, Difference with the Packet1 is adding vehicle assumed name a as public information in the message package.The benefit so brought It is that digital certificate center 20 can detect the vehicle assumed name in the message package first after the message package Packet3 is detected Whether whether a has freshness, i.e., do not received before, and decrypted with this public key pk for judging whether to next step Operation.It if for example, the vehicle assumed name has freshness, carries out in next step, the encryption data is decrypted with the public key pk The data packet if the vehicle assumed name a does not have freshness, is directly made discard processing by bag.
In any one above-mentioned message package, since the public key pk is needed to 20 disclosure of digital certificate center, therefore in institute It states in message package, the public key pk is presented with plaintext version.
In any one above-mentioned message package, a request can also be included in specific position and identified, the specific position And judged by consulting definite communication protocol or password in advance, the request mark is that a request is issued for marking the message package The message package issued licence, so as to which information is automatically decomposed in the digital certificate center 20.
The request sending module 13 is used to the described first request being sent to the digital certificate center 20.
The certificate receiving module 14 is used to receive the digital certificate that the digital certificate center 20 returns.
In the above-described embodiments, after the digital certificate 20 receives first request, can be asked according to described first Corresponding digital certificate is sought survival into, and the digital certificate is back to the communication unit 10, the certificate receiving module 14 Receive the digital certificate.
The authorization messages generation module 15 be used for according to the vehicle assumed name a, the public key pk, the private key sk and from The digital certificate that the digital certificate center 20 returns generates the authorization messages, and is sent to the access unit 30.
In the above-described embodiments, the specific form of the authorization messages equally by consulting definite communication protocol or mouth in advance Order judges, the specific form includes the order that the content that includes of message package and each content occur, same in the authorization messages Sample can contain one and authorize mark, described to authorize mark for marking the message package that the message package is an authorization messages.For example, institute Stating authorization messages can be:(public key, private key, vehicle assumed name, digital certificate, request mark) → (pk, sk, a, cert, ap), wherein Ap is to authorize mark.
In the above-described embodiments, the communication unit 10 can be an independent terminal, such as mobile phone, PAD, handset etc., Can also be the module built in one, for example, a built-in module that can completely realize communication function in the car, this hair It is bright to be not construed as limiting.
In the above-described embodiments, the essential information generation module 11, first request to generate module 12, request sending module 13rd, certificate receiving module 14 and authorization messages generation module 15 can be as the separate modular built in script in terminal or multiple modules In the presence of can be also present in by forming a special applications in terminal, the present invention is not construed as limiting.The digital certificate center 20 For according to described first request to generate with the described first corresponding digital certificate of request and, the digital certificate is returned To the communication unit 10.
In the above-described embodiments, the digital certificate center 20 is CA mechanisms, and also known as certificate awards card (Certificate Authority) center, the effect of the digital certificate, which is that the user listed in certification is legal, possesses the public affairs listed in certificate Key is opened, is bound to the present embodiment, is that the corresponding vehicles of the vehicle assumed name a are the legal user for possessing certificate.The number The hash algorithm that 20 generally use both sides of word certificate center make an appointment is calculated the message digest of a fixed digit, and Mathematically ensure that as long as any message digest value one, recalculated will not be consistent with original value in change message. It so ensures that the unalterable feature of message namely ensure that the authenticity of certificate.
The access unit 30 is used to receive the authorization messages for including the digital certificate that the communication unit 10 is sent, And it is sent to the intelligent transportation server 40 according to the second request of authorization messages generation, and by the second request, described the Two requests access the intelligent transportation server 40 for request.
In the above-described embodiments, the access unit 30 is the built-in vehicle for accessing the intelligent transportation service The separate unit of device 40.
In the above-described embodiments, the access unit 30 is specifically used for according to the vehicle assumed name a, the public key pk and institute State digital certificate generation second request.
The specific form of second request is equally judged by consulting definite communication protocol or password in advance, described specific Form includes the order that the content that includes of message package and each content occur, can also be in certain bits in the described second request It puts and is identified comprising a request, the specific position is also to be judged by consulting definite communication protocol or password in advance, described to ask Mark is sought for marking message package of the message package for a request access intelligent transportation server 40, so as to which the intelligence is handed over Logical server 40 can automatically decompose information.The intelligent transportation server 40 is used to verify whether second request closes Method, and determine whether that the vehicle accesses the intelligent transportation server 40 according to verification result.
In the above-described embodiments, when the verification result that the intelligent transportation server 40 returns is legal, the intelligence Transportation server 40 allows the vehicle to access the intelligent transportation server 40;It is returned when the intelligent transportation server 40 When verification result is illegal, the intelligent transportation server 40 forbids the vehicle to access the intelligent transportation server 40.
In the above-described embodiments, the intelligent transportation server 40 has been previously implanted the digital certificate center 30 and has been used Digital certificate generation method, hash algorithm as the aforementioned.When the intelligent transportation server 40 receives second request Afterwards, i.e., the public key pk decryption related news bags in the described second request obtain the vehicle assumed name a and public key, and according to institute It states digital certificate generation method and reappears the generating process of the digital certificate, and judge the digital certificate of this generation and described the Whether the digital certificate carried in two requests is consistent, if unanimously, to be legal, the intelligent transportation server 40 allows the vehicle The access intelligent transportation server 40;If inconsistent, to be illegal, the intelligent transportation server 40 does not allow the vehicle The access intelligent transportation server 40.
In the above-described embodiments, the verification computing and the digital certificate center 20 that the intelligent transportation server 40 carries out It is the computing of equidirectional, i.e.,:(pk a) generates number to cert1=Hash in the following way at the digital certificate center 20 Certificate, then the intelligent transportation server 40 also carry out following computing cert2=Hash (pk a), then verify that cert1 is equal to Whether cert2 is true.
In the above-mentioned technical solutions, the relation of the digital certificate center 20 and the intelligent transportation server 40 between the two It is:Can be two entities in two systems or a system, the present invention is not construed as limiting.
Through the above technical solutions, when current vehicle is accessed intelligent transportation server, digital card is independently initiated by vehicle Book is asked and is directly improved to the process of real information initiation access application:By generating vehicle assumed name, realizing is needing to hand over It is all substituted when mutual vehicle real information using vehicle assumed name, information of vehicles when avoiding vehicle access intelligent transportation system Leakage, be more conducive to vehicle traveling and the communication information secrecy.
Further, public and private key pair is generated for vehicle by communication unit and is added using public and private key to carrying out communication The close confidentiality that communication data has been effectively ensured.The embodiment of the present invention additionally provides a kind of vehicle cut-in method, for by described in Vehicle accesses intelligent transportation server, and the vehicle cut-in method may be employed single by communication unit, digital certificate center, access Member and intelligent transportation server form the vehicle access system 100 realize, the described method includes:
S202, the communication unit 10 send the first request to digital certificate center 20, and described first asks to ask Digital certificate;
S204, the digital certificate center 20 request to generate number corresponding with the described first request according to described first and demonstrate,prove Book and, the digital certificate is back to the communication unit 10;
S206, the communication unit 10 receive the digital certificate that the digital certificate center 20 returns, and according to the number Word certificates constructing authorization messages, and the authorization messages are sent to the access unit 30;
S208, the access unit 30 receive the authorization messages, according to the second request of authorization messages generation, and will Second request is sent to the intelligent transportation server 40, and second request is for ask will be described in vehicle access Intelligent transportation server;
S210, the intelligent transportation server 40 verifies second request, and is determined whether according to verification result The vehicle accesses the intelligent transportation server.
In the above-described embodiments, further included before the S202:
The communication unit 10 generates vehicle assumed name a and public-private key to (pk, sk) and according to the vehicle assumed name a And public key pk generations first request.
In the above-described embodiments, the vehicle assumed name a is a random integers, for the replacement title as the vehicle, For expressing its user for application digital certificate.
In the above-described embodiments, it is used as vehicle assumed name by generating random number, on the one hand by the real information of the vehicle, For example vehicle code, car plate etc. are used to distinguish the Information hiding of vehicle, realize the safety of information of vehicles;On the other hand, The random number is filled into the described first request, seems particularly necessary in following two situations:
Situation one
It is multiple when the communication unit 10 is ensures that the digital certificate center 20 receives first request really When sending first request, the digital certificate center 20 for the principle for only providing same user a digital certificate, It fills to the random number of the described first request and can be used for identifying whether to have provided digital certificate to the user, to avoid Repeat the difficulty of subsequent authentication caused by providing.
Situation two
When having multiple communication units 10 to need to apply digital certificate, the digital certificate center 20 can profit Distinguishing the first different requests from different communication unit 10 with the difference of the random number is particularly important.
In the above-described embodiments, the message package of first request concretely following several forms, specific form by Consult definite communication protocol in advance or password judges, the specific form includes the content that message package includes and each content goes out Existing order, the message packages of following several forms only to it includes content be defined, do not limit each content occur it is suitable Sequence:
The first:Packet1 → (vehicle assumed name, public key) → (a)
It is automatic to know after the digital certificate center 20 receives the Packet1 during using the first message packet format Different content on not described message package vehicle assumed name position and public key bits, and vehicle assumed name a and public key pk are regarded as respectively, and For the vehicle assumed name a and public key pk generation certification certificates.
Second:Packet2 → (encryption data bag, public key) → ((a, pk)pk,pk)
During using second of message packet format, the encryption data bag is suitable by the vehicle assumed name a and the public key pk The secondary character string connected and composed is encrypted by the public key pk.Described in being received when the digital certificate center 20 After Packet2, the public key pk described in automatic identification in message package public key bits, and decrypt the encryption data using the public key pk Bag so as to obtain the vehicle assumed name a, and generates certification certificate further directed to the vehicle assumed name a and public key pk.
The third:Packet3 → (encryption data bag, vehicle assumed name, public key) → ((a, pk)pk,a,pk)
During using the third message packet format, the vehicle assumed name a also serves as public information and appears in the data packet, With the difference of the Packet1 in adding vehicle assumed name a in the message package as public information.That so brings is good During place, after the message package Packet3 is detected, the vehicle that can be detected first in the message package is false at digital certificate center 20 Whether whether name a has freshness, i.e., do not received before, and the public key pk decryption of next step is judged whether to this Operation.It if for example, the vehicle assumed name a has freshness, carries out in next step, the encryption number is decrypted with the public key pk According to bag, if the vehicle assumed name a does not have freshness, the data packet is directly made into discard processing.
In any one above-mentioned message package, since the public key pk is needed to 20 disclosure of digital certificate center, therefore in institute It states in message package, the public key pk is presented with plaintext version.
In any one above-mentioned message package, a request can also be included in specific position and identified, the specific position And judged by consulting definite communication protocol or password in advance, the request mark is that a request is issued for marking the message package The message package issued licence, so as to which the digital certificate center 20 will decompose automatically.
In the above-described embodiments, to be that the user listed in certification is legal possess in certificate for the effect of the digital certificate The public-key cryptography listed.The hash algorithm that the 20 generally use both sides of digital certificate center make an appointment is calculated one admittedly The message digest of number is positioned, as long as and mathematically ensureing to change any message digest value one, recalculated in message It will not be consistent with original value.It so ensures that the unalterable feature of message namely ensure that the authenticity of certificate.
In the above-described embodiments, the communication unit 10 in the S208 is specific according to digital certificate generation authorization messages For:
The communication unit 10 is given birth to according to the vehicle assumed name a, the public key pk, the private key sk and the digital certificate Into the authorization messages.
In the above-described embodiments, the specific form of the authorization messages equally by consulting definite communication protocol or mouth in advance Order judges, the specific form includes the order that the content that includes of message package and each content occur, same in the authorization messages Sample can contain one and authorize mark, described to authorize mark for marking the message package that the message package is an authorization messages.For example, institute Stating authorization messages can be:(public key, private key, vehicle assumed name, digital certificate, request mark) → (pk, sk, a, cert, ap), wherein Ap is to authorize mark.
In the above-described embodiments, the communication unit 10 can be an independent terminal, such as mobile phone, PAD, handset etc., Can also be the module built in one, for example, a built-in module that can completely realize communication function in the car, this hair It is bright to be not construed as limiting.
In the above-described embodiments, the access unit 30 in the S208 is according to the second request of authorization messages generation Specially:According to the vehicle assumed name a, the public key pk and the digital certificate generation second request.
The specific form of second request is equally judged by consulting definite communication protocol or password in advance, described specific Form includes the order that the content that includes of message package and each content occur, can also be in certain bits in the described second request It puts and is identified comprising a request, the specific position is also to be judged by consulting definite communication protocol or password in advance, described to ask Mark is sought for marking message package of the message package for a request access intelligent transportation server 40, so as to which the intelligence is handed over Logical server 40 automatically decomposes information.
In the above-described embodiments, the access unit 30 is the built-in vehicle for accessing the intelligent transportation service The separate unit of device 40.
The S210 can be:When the verification result that the intelligent transportation server 40 returns is legal, the intelligence Transportation server 40 allows the vehicle to access the intelligent transportation server 40;It is returned when the intelligent transportation server 40 When verification result is illegal, the intelligent transportation server 40 forbids the vehicle to access the intelligent transportation server 40.
In the above-described embodiments, the intelligent transportation server 40 has been previously implanted the digital certificate center 20 and has been used Digital certificate generation method, hash algorithm as the aforementioned.When the intelligent transportation server 40 receives the second message Afterwards, i.e., the public key decryptions related news bag in the second message obtains the vehicle assumed name a and public key pk, and according to institute It states digital certificate generation method and reappears the generating process of the digital certificate, and judge the digital certificate of this generation and described the Whether the digital certificate carried in two message is consistent, if unanimously, to be legal, the intelligent transportation server 40 allows the vehicle The access intelligent transportation server 40;If inconsistent, to be illegal, the intelligent transportation server 40 does not allow the vehicle The access intelligent transportation server 40.
In the above-described embodiments, the verification computing and the digital certificate center 20 that the intelligent transportation server 40 carries out It is the computing of equidirectional, i.e.,:(pk a) generates number to cert1=Hash in the following way at the digital certificate center 20 Certificate, then the intelligent transportation server 40 also carry out following computing cert2=Hash (pk a), then verify that cert1 is equal to Whether cert2 is true.
In the above-mentioned technical solutions, the relation of the digital certificate center 20 and the intelligent transportation server 40 between the two It is:Can be two entities in two systems or a system, the present invention is not construed as limiting.
Through the above technical solutions, when current vehicle is accessed intelligent transportation server, digital card is independently initiated by vehicle Book is asked and is directly improved to the process of real information initiation access application:By generating vehicle assumed name, realizing is needing to hand over It is all substituted when mutual vehicle real information using vehicle assumed name, information of vehicles when avoiding vehicle access intelligent transportation system Leakage, be more conducive to vehicle traveling and the communication information secrecy.
Further, public and private key pair is generated for vehicle by mobile terminal and is added using public and private key to carrying out communication The close confidentiality that communication data has been effectively ensured.
Technique according to the invention scheme is described in detail above in association with attached drawing, the present invention can automatically be returned in user setting Different processing methods is performed when multiple with reference to user's concrete condition so that user obtains message in time.
The foregoing is only a preferred embodiment of the present invention, is not intended to limit the invention, for the skill of this field For art personnel, the invention may be variously modified and varied.Within the spirit and principles of the invention, that is made any repaiies Change, equivalent substitution, improvement etc., should all be included in the protection scope of the present invention.

Claims (8)

1. a kind of vehicle access system, for the vehicle to be accessed intelligent transportation server, which is characterized in that the vehicle connects Entering system includes communication unit, digital certificate center, access unit and intelligent transportation server, wherein:
The communication unit is used to send the first request to the digital certificate center, and described first asks to ask digital card Book and, after returning to digital certificate at the digital certificate center, generation includes the authorization messages of the digital certificate, and general The authorization messages are sent to the access unit;
The digital certificate center be used for according to described first request to generate with the described first corresponding digital certificate of request, with And the digital certificate is back to the communication unit;The access unit is used to receive the authorization messages, and according to institute The second request of authorization messages generation is stated, and the second request is sent to the intelligent transportation server, second request is used for The vehicle is accessed the intelligent transportation server by request;
Whether the intelligent transportation server is legal for verifying second request, and is determined whether according to verification result The vehicle accesses the intelligent transportation server;Wherein, the communication unit includes essential information generation module, the first request Generation module, request sending module, certificate receiving module and authorization messages generation module, wherein:
The essential information generation module is used to generate vehicle assumed name and public-private key pair;
Described first requests to generate module for according to first request of the vehicle assumed name and public key generation;
The request sending module is used to the described first request being sent to the digital certificate center;
The certificate receiving module is used to receive the digital certificate that the digital certificate center returns;
The authorization messages generation module is used for according to the vehicle assumed name, the public key, the private key and the digital certificate Generate the authorization messages.
2. vehicle access system according to claim 1, which is characterized in that the vehicle assumed name is used to be used as the vehicle Replacement title, to represent the vehicle as the user for applying for the digital certificate, the vehicle assumed name is a random number.
3. the vehicle access system according to claim 1, which is characterized in that the access unit is false according to the vehicle Name, the public key and digital certificate generation second request.
4. according to any one of them vehicle access system of claims 1 to 3, which is characterized in that when the intelligent transportation takes When the verification result that business device returns is legal, the intelligent transportation server allows the vehicle to access the intelligent transportation service Device;
When the verification result that the intelligent transportation server returns is illegal, the intelligent transportation server forbids the vehicle Access the intelligent transportation server.
5. a kind of vehicle cut-in method, applied to by communication unit, digital certificate center, access unit and intelligent transportation server The vehicle access system of composition, the described method includes:
The communication unit sends the first request to digital certificate center, and first request is for digital certificate request;
The digital certificate center according to described first request to generate with the described first corresponding digital certificate of request and, will The digital certificate is back to the communication unit;
The communication unit receives the digital certificate that the digital certificate center returns, and is generated and authorized according to the digital certificate Message, while the authorization messages are sent to the access unit;
The access unit receives the authorization messages, according to the second request of authorization messages generation, and please by described second It asks and is sent to the intelligent transportation server, the vehicle is accessed the intelligent transportation service by second request for request Device;
Whether the second request is legal described in the intelligent transportation server authentication, and according to determining whether verification result Vehicle accesses the intelligent transportation server;Wherein, before the communication unit sends the first request to digital certificate center, The method further includes:Communication unit generation vehicle assumed name and public-private key pair and, according to the vehicle assumed name and Public key generation first request.
6. vehicle cut-in method according to claim 5, which is characterized in that the communication unit is according to the digital certificate Generating authorization messages is:The communication unit is given birth to according to the vehicle assumed name, the public key, the private key and the digital certificate Into the authorization messages;
The access unit is asked according to authorization messages generation second:The access unit according to the vehicle assumed name, The public key and digital certificate generation second request.
7. vehicle cut-in method according to claim 5, which is characterized in that the vehicle assumed name is used to be used as the vehicle Replacement title, to represent the vehicle as the user for applying for the digital certificate, the vehicle assumed name is a random number.
8. according to any one of them vehicle cut-in method of claim 5 to 7, which is characterized in that
When the verification result that the intelligent transportation server returns is legal, the intelligent transportation server allows the vehicle Access the intelligent transportation server;
When the verification result that the intelligent transportation server returns is illegal, the intelligent transportation server forbids the vehicle Access the intelligent transportation server.
CN201410187144.2A 2014-05-05 2014-05-05 A kind of vehicle access system and method Active CN103974255B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410187144.2A CN103974255B (en) 2014-05-05 2014-05-05 A kind of vehicle access system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410187144.2A CN103974255B (en) 2014-05-05 2014-05-05 A kind of vehicle access system and method

Publications (2)

Publication Number Publication Date
CN103974255A CN103974255A (en) 2014-08-06
CN103974255B true CN103974255B (en) 2018-06-05

Family

ID=51243195

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410187144.2A Active CN103974255B (en) 2014-05-05 2014-05-05 A kind of vehicle access system and method

Country Status (1)

Country Link
CN (1) CN103974255B (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR3030850B1 (en) * 2014-12-23 2020-01-24 Valeo Comfort And Driving Assistance METHOD FOR CONTROLLING ACCESS TO AT LEAST ONE FUNCTIONALITY OF A MOTOR VEHICLE
CN105516134B (en) * 2015-12-08 2018-10-30 浪潮(北京)电子信息产业有限公司 A kind of authentication method and system of the system integration
CN105704160B (en) * 2016-04-12 2019-01-08 南京理学工程数据技术有限公司 Vehicle-mounted data real-time computing technique
CN106506161B (en) * 2016-10-31 2023-08-15 宇龙计算机通信科技(深圳)有限公司 Privacy protection method and privacy protection device in vehicle communication
CN108055236A (en) * 2017-11-03 2018-05-18 深圳市轱辘车联数据技术有限公司 A kind of data processing method, mobile unit and electronic equipment
CN111917685B (en) 2019-05-07 2022-05-31 华为云计算技术有限公司 Method for applying for digital certificate
CN113810411B (en) * 2021-09-17 2023-02-14 公安部交通管理科学研究所 Traffic control facility digital certificate management method and system
WO2024113077A1 (en) * 2022-11-28 2024-06-06 华为技术有限公司 Communication method and apparatus, and vehicle
CN117676580B (en) * 2023-12-14 2024-05-17 上海博汽智能科技有限公司 Safety authentication method based on vehicle-mounted gateway

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1961605A (en) * 2004-05-28 2007-05-09 皇家飞利浦电子股份有限公司 Privacy-preserving information distributing system

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1753569B (en) * 2005-11-02 2010-05-12 中国移动通信集团公司 System and method for treating mobile communication data business based on false code
US9313659B2 (en) * 2011-01-20 2016-04-12 Koninklijke Philips N.V. Authentication and authorization of cognitive radio devices
CN103281191B (en) * 2013-05-30 2016-02-17 江苏大学 The method and system communicated is carried out based on car networking

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1961605A (en) * 2004-05-28 2007-05-09 皇家飞利浦电子股份有限公司 Privacy-preserving information distributing system

Also Published As

Publication number Publication date
CN103974255A (en) 2014-08-06

Similar Documents

Publication Publication Date Title
CN103974255B (en) A kind of vehicle access system and method
EP3726865A1 (en) Method for generating and using virtual key of vehicle, system for same, and user terminal
CN104683112B (en) A kind of car car safety communicating method that certification is assisted based on RSU
CN101547095B (en) Application service management system and management method based on digital certificate
CN1714529B (en) Domain-based digital-rights management system with easy and secure device enrollment
CN101300808B (en) Method and arrangement for secure autentication
CN106161032B (en) A kind of identity authentication method and device
CN112528250B (en) System and method for realizing data privacy and digital identity through block chain
CN109309565A (en) A kind of method and device of safety certification
CN103532713B (en) Sensor authentication and shared key production method and system and sensor
US8806206B2 (en) Cooperation method and system of hardware secure units, and application device
CN108141444B (en) Improved authentication method and authentication device
CN107454079A (en) Lightweight device authentication and shared key machinery of consultation based on platform of internet of things
CN110198295A (en) Safety certifying method and device and storage medium
JPH06223041A (en) Rarge-area environment user certification system
CN106953732B (en) Key management system and method for chip card
JP2008060789A (en) Public key distribution system and public key distribution method
CN104322003A (en) Cryptographic authentication and identification method using real-time encryption
CN104424446A (en) Safety verification and transmission method and system
CN112565294B (en) Identity authentication method based on block chain electronic signature
CN103684798A (en) Authentication system used in distributed user service
CN109831311A (en) A kind of server validation method, system, user terminal and readable storage medium storing program for executing
CN108964897A (en) Identity authorization system and method based on group communication
CN109618313B (en) Vehicle-mounted Bluetooth device and connection method and system thereof
CN109495441A (en) Access authentication method, device, relevant device and computer readable storage medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant