CN104053149B - A kind of method and system for the security mechanism for realizing car networking equipment - Google Patents
A kind of method and system for the security mechanism for realizing car networking equipment Download PDFInfo
- Publication number
- CN104053149B CN104053149B CN201310077109.0A CN201310077109A CN104053149B CN 104053149 B CN104053149 B CN 104053149B CN 201310077109 A CN201310077109 A CN 201310077109A CN 104053149 B CN104053149 B CN 104053149B
- Authority
- CN
- China
- Prior art keywords
- certificate
- solicited message
- issued
- request
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention discloses a kind of method and system for the security mechanism for realizing car networking equipment, the technical scheme for being not directed to realize the security mechanism of car networking equipment for solving the problems, such as prior art standard.The method of the embodiment of the present invention includes:Receive the solicited message related to the security mechanism of car networking equipment that external system is sent;According to the solicited message received, it is determined that the data needed for the processing procedure for the security service operation and security service operation called are needed, and the data determined using the security service operation pair determined are handled accordingly;And result is returned into external system.
Description
Technical field
The present invention relates to wireless communication field, the method for more particularly to a kind of security mechanism for realizing car networking equipment and it is
System.
Background technology
Car networking system mainly includes the mobile unit being arranged on vehicle(On-Board Unit, OBU), installed in road
The roadside equipment of side(Road Side Unit, RSU)And provide the service entities of various information services(Such as service provider
(Service Provider, SP)), it is shown in Figure 1.Wherein, between OBU and OBU, and using special between OBU and RSU
Use short haul connection(Dedicated Short Range Communication, DSRC)Technology, between RSU and service entities
Private network or public network can be used to communicate.Here OBU, RSU and service entities are referred to as equipment.The main application of car networking technology
Purpose is to reduce the generation of traffic accident.
The main application scenarios of car networking system include following three kinds:
1)The position of OBU monitoring vehicles and driving information, and these information are broadcasted to surrounding vehicles, while on the vehicle
OBU also receives the information that the OBU of other vehicles is sent;OBU on the vehicle believes the traveling for analyzing this vehicle and other vehicles
Breath, and will likely traffic threaten notify in time to driver;
2)RSU broadcasts various traffic safety informations to OBU, such as road speed-limiting messages, traffic lights information, road construction information
It can also understand traffic conditions by monitoring OBU broadcast messages Deng, RSU, and monitoring information is reported to traffic control center;
3)SP can be communicated with OBU and RSU respectively by wired or air interface, to provide corresponding service function,
If the collection of transport information is with broadcasting, road and bridge and parking fee collective system, and the broadcast etc. of Weather information and local service information.
To avoid receiving the information of false or malice, the car networking equipment in car networking system must use Message Authentication pair
Its message broadcast is digitally signed.For example, to protect the privacy of OBU user, that is transmitted in car networking system is individual with OBU
The data that body phase is closed must be encrypted.In addition, the integrity protection of the information of each equipment interaction is also necessary in car networking system
The problem of being considered.At present, the car networking authentication mechanism being widely recognized as is to be based on public key infrastructure(Public Key
Infrastructure, PKI)Public key certificate authentication mechanism, however, rivest, shamir, adelman is not particularly suited for big data
Enciphering/deciphering, so the data safety in car networking system applies rivest, shamir, adelman and symmetric cryptography generally by mixing
Algorithm and realize.In addition, some additional value-added services, such as road and bridge or parking fee collective system, it may be desirable to individually safety
Mechanism.It can be seen that the demand of the security of each equipment is more and more diversified in car networking system.
Car networking technology is not yet paid close attention to also in research and the formulation stage of relevant criterion, many subjects under discussion at present.Extremely
So far, related technical standard is not directed to realize the technical scheme of the security mechanism of car networking equipment, to meet car
The various security requiremenies of networked devices, the research work for also finding no correlation discuss this subject under discussion.
The content of the invention
The embodiments of the invention provide a kind of method and system for the security mechanism for realizing car networking equipment.It is existing for solving
There is the problem of technical standard is not directed to realize the technical scheme of the security mechanism of car networking equipment.
The embodiments of the invention provide a kind of method for the security mechanism for realizing car networking equipment, including:
Receive the solicited message related to the security mechanism of car networking equipment that external system is sent;
According to the solicited message received, it is determined that what security service operation and the security service that needs call operated
Data needed for processing procedure, and the data determined using security service operation pair are handled accordingly;And
Result is returned into the external system.
A kind of system of security mechanism for realizing car networking equipment provided in an embodiment of the present invention, including:
Interface arrangement, the solicited message related to the security mechanism of car networking equipment that external system is sent is received, according to
The solicited message determines to need the security service operation in the application apparatus that calls, and the solicited message is sent to described
Application apparatus, and the result received is returned into the external system;
Application apparatus, for according to the solicited message received, determining needed for the processing procedure that the security service operates
Data, and the data determined using security service operation pair are handled accordingly, and result are returned to
The interface arrangement;
Storage device, for storing the security information related to the security mechanism of car networking equipment.
The embodiment of the present invention receives the solicited message related to the security mechanism of car networking equipment that external system is sent;Root
According to the solicited message received, it is determined that needing needed for the processing procedure for the security service operation and security service operation called
Data, and using determine security service operation pair determine a data handled accordingly;And result is returned
To external system.The embodiment of the present invention proposes a kind of specific implementation for the security mechanism that can realize car networking equipment.
Brief description of the drawings
Fig. 1 is the structural representation of car networking system in background technology;
Fig. 2 is the system architecture signal for the security mechanism that the embodiment of the present invention of the embodiment of the present invention realizes car networking equipment
Figure;
Fig. 3 is the preferred structure schematic diagram of the system for the security mechanism that the embodiment of the present invention realizes car networking equipment;
Fig. 4 is the schematic flow sheet of the first preferred embodiment of the embodiment of the present invention;
Fig. 5 is the schematic flow sheet of the first preferred embodiment of the embodiment of the present invention;
Fig. 6 is the schematic flow sheet of the first preferred embodiment of the embodiment of the present invention;
Fig. 7 is the method flow diagram for the security mechanism that the embodiment of the present invention of the embodiment of the present invention realizes car networking equipment.
Embodiment
The embodiment of the present invention is described in further detail with reference to Figure of description.
It is shown in Figure 2, the system of the security mechanism provided in an embodiment of the present invention for realizing car networking equipment, including:
Interface arrangement 10, receive the solicited message related to the security mechanism of car networking equipment that external system is sent, root
Security service in the application apparatus 20 for determining to need to call according to the solicited message is operated, and the solicited message is sent to and answered
The external system is returned to device 20, and by the result received;
Wherein, external system refers to the other systems outside the system of the present embodiment, is such as used to initiate to specifying message to enter
Row ciphertext operation security service application system, for providing external data(Positional information, current time such as car networking equipment
Information etc.)Parameter and data supply system, the device authentication for initiating certificate request and authoring system etc..
Application apparatus 20, the solicited message received for basis, it is determined that needing the processing of security service operation carried out
Data needed for process, and the data for operating and determining according to the security service, are handled accordingly, and by result
Return to the interface arrangement 10;
Storage device 30, for storing the security information related to the security mechanism of car networking equipment.
Preferably, in the embodiment of the present invention, car networking equipment can be:It is used to carry out in OBU, RSU and service system
One kind in the equipment of information processing.
In force, the system of the embodiment of the present invention can be completed to enter row information friendship with external system by interface arrangement 10
Mutually, the various operations and service related to the security mechanism of car networking equipment are completed by application apparatus 20.
In force, the storage device 30 of the system of the embodiment of the present invention is stored with following three kinds of information:
Publicly-owned secure data, that is, come from its exterior of the embodiment of the present invention and with the security mechanism of car networking equipment
Related data, including:Certificate revocation list corresponding to root certificate, each certificate and the equipment card for belonging to other car networking equipment
Book(Such as certification certificate, certificate of registry, the certificate of authority);
For example, root ca certificate, certificate revocation list corresponding to each CA certificate, and belong to the certificate of other car networking equipment
(Such as certification CA certificate, registration CA certificate and the hashed value of mandate CA certificate or these certificates);
Private security data, i.e., by various authentication centers(Certificate Authority, CA)It is presented to this car networking
The device certificate of equipment, for example, being presented to the certification certificate of this car networking equipment by device authentication mechanism, registration body is presented to
The certificate of registry of this car networking equipment, and certificate of authority of this car networking equipment etc. is presented to by authorized organization;
Key data and sensitive data, wherein, key data includes:The public affairs of this car networking equipment are presented to authentication center
Key pair corresponding to key certificate(The key is to including public key and private key), and external system write the system and and the system
The related symmetric key of various applications;Sensitive data is the data that can not be changed or can not be read by external system, including
The parameter information of this car networking equipment(Such as equipment Serial Number, information of vehicles etc.), and various CA root certificate or these roots card
The hashed value of book(Such as certification CA root certificate, the root certificate for registering CA and the root certificate for authorizing CA).
Preferably, the form for the solicited message that external system is sent is [AppID, AppPara], and wherein AppID is application
Mark, the security service operation called for identifying the solicited message to need, AppPara are the treated of security service operation
Cheng Suoxu input paramete information;
It is it should be noted that different for different solicited messages, the particular content of the input paramete information;If for example,
The solicited message is used to ask write-in certificate, then certificate to be written is comprised at least in the input paramete information;And for example, if should ask
Ask information to be Generated Certificate for request and apply for request, then the attribute information of certificate to be applied is comprised at least in the input paramete information
(Such as effective deadline information, right expression information).
Further, interface arrangement 10 is specifically used for:According to the application identities carried in the solicited message received, it is determined that needing
Call security service operation corresponding with the application identities in application apparatus 20;And
Application apparatus 20 is specifically used for:According to the input paramete information carried in the solicited message, the security service is determined
Data needed for the processing procedure of operation.
In force, the solicited message that interface arrangement 10 receives includes but is not limited to one kind in following message:
For to specifying message to carry out the first solicited message of ciphertext operation;
Apply for the second solicited message of request for indicating to Generate Certificate;And
3rd solicited message of the certificate issued for writing authentication center CA.
Below for different solicited messages, to the interface arrangement in the system of the embodiment of the present invention, application apparatus and deposit
Interaction between storage device illustrates.
The first situation, solicited message are the first solicited message for carrying out ciphertext operation to specified message, then:
Interface arrangement 10 is specifically used for:The first solicited message that external system is sent is received, and by first solicited message
It is sent to application apparatus 20;And the ciphertext result of application apparatus 20 is returned into external system;
Application apparatus 20 is specifically used for:According to the first solicited message, determine public key certificate needed for the operation of this ciphertext and
Need the specified message of progress ciphertext processing;And according to the public key certificate of determination, the public key certificate is obtained from storage device 30
Corresponding first key pair(The first key is to including public key and private key);Disappeared according to the private key of the first key centering to specifying
Breath carries out ciphertext processing;And the result of ciphertext processing is returned into interface arrangement 10.
Wherein, ciphertext processing includes but is not limited to lower column processing:Encryption, decryption processing and digital signature are with testing
Card processing.For example, OBU carries out signature processing to the safety traffic message broadcast, RSU signs to the road construction information broadcast
Name processing, information service firm carry out signature processing etc. to the advertisement information broadcast.
Further, application apparatus 20 is additionally operable to:
It is determined that after public key certificate needed for ciphertext operation, card is obtained corresponding to the public key certificate from storage device 30
Book revocation list, and obtained from external system for verifying the external information needed for the validity of the public key certificate(As currently
Temporal information);According to certificate revocation list corresponding to the external information got and the public key certificate, the public key certificate is verified
Whether it is not revoked before the deadline and;After being verified, ciphertext processing is carried out.
Specifically, whether external information of the application apparatus 20 according to acquisition, verify the public key certificate in the term of validity(Sentence
In the term of validity information whether disconnected external information obtained includes in the public key certificate);The application apparatus 20 is according to acquisition
Certificate revocation list, verifies whether the public key certificate is not revoked(Judge the public key certificate whether in the certificate revocation list
It is interior, if so, then illustrating that the public key certificate has been revoked;If it is not, then illustrate that the public key certificate is not revoked);The embodiment of the present invention
The execution sequence of above-mentioned two verification process is not defined, whether can first verify the public key certificate in the term of validity, then test
Demonstrate,prove whether the public key certificate is not revoked;It can also first verify whether the public key certificate is not revoked, then verify the public key certificate
Whether in the term of validity;
It is determined that the public key certificate before the deadline and when not being revoked, the application apparatus 20 carries out ciphertext processing;
It is determined that the public key certificate not before the deadline, or when the public key certificate has been revoked, the application apparatus 20 does not enter
Any processing of row;Preferably, the application apparatus 20 returns to processing failure to interface arrangement 10, can further carry unsuccessfully former
Cause.
Second of situation, solicited message are to apply for the second solicited message of request for indicating to Generate Certificate, then:
Interface arrangement 10 is specifically used for:The second solicited message that external system is sent is received, according to second solicited message
It is determined that the security service operation for needing to call is generation certificate request request, and second solicited message is sent to application apparatus
20;And the certificate request request that application apparatus 20 generates is returned into external system;
Application apparatus 20 is specifically used for:According to the second solicited message, it is determined that the attribute information of certificate to be applied and this
The device certificate to Generate Certificate needed for application request process;Generate the second key pair corresponding to certificate to be applied and by this second
Key is to being stored in storage device 30, and wherein second key is to including public key and private key;Obtained from storage device 30 described
Private key corresponding to device certificate, and to the attribute information comprising certificate to be applied and treat Shen using private key corresponding to device certificate
Please the signing messages of public key corresponding to certificate carry out signature processing;And according to the signature handle result, certificate to be applied category
Property information and the certificate to be applied corresponding to public key, generate the request of corresponding certificate request;And the certificate request by generation
Request returns to interface arrangement 10.
Wherein, one kind or combination that the attribute information of certificate to be applied includes but is not limited in following message:
The period of validity information of certificate to be applied, the right expression information of certificate to be applied, the classification of certificate to be applied(Such as
Certification certificate, certificate of registry, certificate of authority etc.)Deng.
Further, application apparatus 20 is additionally operable to:
It is determined that after the device certificate to Generate Certificate needed for application request process, according to the device certificate of determination and treat
Apply for certificate, obtain certificate revocation list corresponding to the device certificate from storage device 30, root corresponding to the certificate to be applied is demonstrate,proved
Certificate revocation list corresponding to book and the root certificate, and obtained from external system for verifying having for device certificate and root certificate
External information needed for effect property;According to the external information and corresponding certificate revocation list got, the equipment is separately verified
Whether root certificate corresponding to certificate and the certificate to be applied is not revoked before the deadline and;After being verified, generation is corresponding
Certificate request request.
It should be noted that the verification process of root certificate corresponding to device certificate and certificate to be applied, is demonstrate,proved with above-mentioned public key
The verification process of book is similar, and here is omitted.
The third situation, the 3rd solicited message that solicited message is the certificate issued for writing CA, then:
Interface arrangement 10 is specifically used for:The 3rd solicited message that external system is sent is received, according to the 3rd solicited message,
It is determined that the certificate that the security service operation for needing to call is issued for write-in CA, and the 3rd solicited message is sent to application apparatus
20;And the result of application apparatus 20 is returned into external system;
Application apparatus 20 is specifically used for:According to the 3rd solicited message, it is determined that needing the certificate that the CA write is issued;By CA
The private key of key pair that is that the certificate issued generates with itself and being stored in storage device 30 is associated processing, and will association
Certificate after processing is stored in storage device 30.
Preferably, if in the 3rd solicited message request write-in the system certificate, be CA generates according in the case of second
The certificate issued of certificate request request, then:
Application apparatus is specifically used for:The certificate that CA is issued and the private key of the second cipher key pair preserved in storage device 30
Processing is associated, and the certificate after association process is stored in storage device 30.
Further, application apparatus 20 is additionally operable to:
In the certificate it is determined that after the certificate that CA is issued, issued according to CA, the card that the CA issues is obtained from storage device 30
Certificate revocation list corresponding to root certificate corresponding to the certificate that certificate revocation list, the CA corresponding to book are issued and the root certificate,
And from external system obtain for verify certificate that the CA issues and its corresponding root certificate validity needed for outside believe
Breath;According to the external information and corresponding certificate revocation list got, verify the root certificate whether before the deadline and not by
Revocation;After being verified, according to external information, corresponding certificate revocation list and the root certificate got, checking should
The validity for the certificate that CA is issued;After being verified, the certificate that CA is issued is stored in storage device 30.
In force, in order to ensure the validity of certificate revocation list corresponding to each certificate, storage device can be regularly updated
Certificate revocation list corresponding to each certificate of middle storage.
It should be noted that certificate and its verification process of root certificate that CA is issued, authenticated with above-mentioned public key certificate
Journey is similar, and here is omitted.
A kind of preferred implementation side of the system of the security mechanism for realizing car networking equipment of the embodiment of the present invention is described below
Formula, shown in Figure 3, in the present embodiment, interface arrangement 10 is according to the content of the system and external system interactive information, further
Including:Safety applications service interface 110, safety support service interface 120 and certificate and cipher key management services interface 130;
Application apparatus 20 further comprises:Safety applications service unit 210, safety support service unit 220, certificate and close
Key management service unit 230 and safe computing unit 240;
Storage device 30 further comprises:Publicly-owned safe data storage unit 310, private security data memory cell 320
And key and sensitive data memory cell 330.
Preferably, safe computing unit 240 and key and sensitive data memory cell 330 can be deployed in same unit
It is interior, so as to provide believable computing environment for the system.
In force, outside security service application system can be called required by safety applications service interface 110
Safety applications service unit 210 carries out respective handling, for example, the peace such as data encryption, data deciphering, and digital signature and checking
Full service;
Safety supports that the system can be by supporting to take safely by supporting service unit 220 to call safely for service interface 120
Business interface 120 obtains various external datas from external system, for example, the current location information of car networking equipment and current time letter
Breath etc.;
Outside certification or authoring system can pass through certificate and the processing of cipher key management services interface 130 and car networking equipment
The related various operations of various certificates and key, for example, the application and importing of certificate, and the importing and renewal etc. of key;
In force, publicly-owned safe data storage unit 310 stores the public safety data come from outside the system, example
Such as, various CA root certificate(Such as certification root certificate, registration root certificate and mandate root certificate, or the hashed value of those root certificates),
Certificate revocation list corresponding to various CA certificates, and belong to the certificate of other car networking equipment;Preferably, root corresponding to each CA
Certificate and/or the device certificate of other car networking equipment are stored in key and sensitive data memory cell 330 simultaneously, Yi Mianqi
Illegally distorted;
Private security data memory cell 320 stores the device certificate that this car networking equipment is presented to from various CA, example
Such as, the certification certificate of this car networking equipment is presented to by device authentication mechanism, registration body is presented to the note of this car networking equipment
Volume certificate, and certificate of authority of this car networking equipment etc. is presented to by authorized organization;
Key and sensitive data memory cell 330, the key of unit storage are included with being presented to this car networking equipment
The corresponding key pair of public key certificate, and outside write-in the system and that various applications to the system are related is symmetrical close
Key;The sensitive data of unit storage has the parameter information of this car networking equipment(Such as equipment Serial Number, information of vehicles etc.), with
And the hashed value of various critical certificates or these certificates(Such as certification CA root certificate, register CA root certificate and authorize CA
Root certificate etc.), to ensure that these root certificates illegally can not be changed or replaced;Wherein, equipment Serial Number is set in the car networking
This equipment is write during standby production, and can not be changed;The symmetric key and private key of unit storage are can not be by except safe meter
Calculate what other entities outside unit were read.
In force, safe computing unit 240 can be from key and sensitive number in the key needed for progress calculating process
According to being directly obtained in memory cell 130.
Below by taking the system shown in Fig. 3 as an example, for different solicited messages, the processing procedure of the system is carried out in detail
Explanation.
Embodiment one, device certificate application process, i.e. outside device authentication and authoring system initiate a certificate request
Flow, shown in Figure 4, the present embodiment specific implementation process is as follows:
1)Outside device authentication and authoring system passes through certificate and cipher key management services interface requirement the system generation one
Individual certificate request request, i.e., send the application request that Generates Certificate to certificate and cipher key management services unit(I.e. second request letter
Breath);
2)The input paramete information carried in the application request that Generates Certificate of certificate and cipher key management services unit resolves, root
Stored according to the demand for the arithmetic logic corresponding to application request that Generates Certificate from publicly-owned safe data storage unit, private security data
Corresponding data are obtained in unit and/or key and sensitive data memory cell(Such as device certificate, root corresponding to certificate to be applied
Certificate, corresponding certificate revocation list, and equipment Serial Number etc.).
3)Certificate and cipher key management services unit pass through according to the demand of arithmetic logic corresponding to application request that Generates Certificate
Safety is called to support service unit to obtain the data outside the system(Such as current time).
4)Certificate and cipher key management services unit are to all data for getting(Including what is got from itself storage device
Data and the data got from external system)According to Generating Certificate, arithmetic logic corresponding to application request is handled accordingly
(Such as verify whether device certificate and root certificate are not revoked before the deadline and).
5)Certificate and cipher key management services unit send key to generation and public key export request to safe computing unit.
6)Safe computing unit is asked generation and public key export according to the key received, generates key pair, and will be close
Key is to being stored in key and sensitive data memory cell.
7)The public key of cipher key pair is returned to certificate and cipher key management services unit by safe computing unit.
8)Certificate and cipher key management services unit are according to the public key received and the attribute information of certificate to be applied(Such as treat Shen
Please the period of validity information of certificate, right expression information, classification information etc.)Signature operation request is generated, and by the signature operation
Request is sent to safe computing unit.
9)The signature operation request that safe computing unit parsing receives, and obtained from key and sensitive data memory cell
Private key needed for signature operation.
10)The data to be signed that safe computing unit asks to carry to signature operation carry out signature processing, and will processing
As a result certificate and cipher key management services unit are returned to.
11)Certificate and cipher key management services unit according to receive signature result, the attribute information of certificate to be applied and
Public key generates corresponding certificate request request, and the certificate request is asked to return to by certificate and cipher key management services interface
Outside device authentication and authoring system;
Further, the certificate request received request is sent to corresponding CA by outside device authentication and authoring system.
Below by generate certificate of registry application request exemplified by illustrate, the application process of other equipment certificate with it is such
Seemingly, will not enumerate herein, in the present embodiment, the process of generation certificate of registry application request is as follows:
1)Outside software certification and authoring system is sent by certificate and cipher key management services interface to the system
For indicating the service request of the system generation certificate of registry application request;
Wherein, the form of the service request is [AppID, AppPara], and wherein AppID is application identities, for identifying this
Service request needs the security service operation called, and AppPara is the input ginseng needed for the processing procedure of security service operation
Number information;
Specifically, the certificate and cipher key management services interface of the system be after the service request is received, according to the service
The value of application identities AppID in request, it is determined that the certificate of registry application module in certificate and cipher key management services unit is called,
And the input parameter AppPara carried in the service request value is passed into the certificate of registry application module.
2)The input parameter AppPara that the parsing of certificate of registry application module receives, and according to corresponding arithmetic logic
Demand, certification certificate Cert is obtained from private security data memory cell, note is obtained from publicly-owned safe data storage unit
Volume CA root certificates ERootCACert and certificate revocation list corresponding to registration CA root certificates(Certificate
Revocation List, CRL), and device identification EquipmentID is obtained from key and sensitive data memory cell(Such as set
Standby sequence number).
3)Certificate of registry application module calls safety to support the time-obtaining module in service unit to obtain current time
Time。
4)Whether certificate of registry application module is having according to current time Time authentication verifications certificate and registration CA root certificates
In the effect phase, and whether authentication verification certificate and registration CA root certificates are in certificate revocation list;If certification certificate or registration CA roots
Certificate has failed or has been revoked, then terminates the certificate of registry application process;If certification certificate and registration CA root certificates are effective
It is not revoked in phase and, then continues executing with the process of generation certificate of registry application request.
5)Certificate of registry application module sends key to generation and public key export request to safe computing unit.
6)Safe computing unit generates key to [PrivKey, PubKey], and wherein PrivKey is private key, and PubKey is public affairs
Key, and by the key of generation to being stored in key and sensitive data memory cell.
7)The public key PubKey of cipher key pair is returned to certificate of registry application module by safe computing unit.
8)Certificate of registry application module please according to the attribute information generation signature operation of the public key and certificate to be applied that receive
Ask, and signature operation request is sent to safe computing unit, wherein, the content of signature operation request is:[Op,
KeyID, SObject], Op is operation mark, and KeyID is key identification, and SObject is data to be signed.
9)Safe computing unit determines that the operation is signature operation according to Op value, according to KeyID value from key and quick
The private key for signature is obtained in sense data storage cell.
10)Safety, which calculates, is digitally signed processing to data to be signed SObject, and signature result is returned into registration
Certificate request module.
11)Certificate of registry requisition procedure module is according to signature result, the attribute information of certificate to be applied and public key generation card
Book application is asked, and the request is returned to the device authentication of outside and authorized by certificate and cipher key management services interface and is
System.
Further, the certificate request received request is sent to registration CA by the device authentication and authoring system.
Embodiment two, device certificate ablation process, it is assumed that CA issues corresponding certificate according to certificate request request, and will issue
The certificate of hair returns to device authentication and authoring system, then the device authentication and authoring system pass through certificate and cipher key management services
Interface initiates a certificate write-in flow to the system, and shown in Figure 5, the present embodiment specific implementation process is as follows:
1)Device authentication and authoring system are sent for indicating that the system writes CA to certificate and cipher key management services interface
The service request for the certificate issued.
2)The input parameter carried in certificate and the cipher key management services unit resolves service requests, and according to write-in certificate
The demand of corresponding arithmetic logic is respectively from publicly-owned safe data storage unit, private security data memory cell and/or key
And corresponding data are obtained in sensitive data memory cell(Such as register CA root certificates, corresponding certificate revocation list, and equipment
Sequence number etc.).
3)The demand of certificate and cipher key management services the unit arithmetic logic according to corresponding to write-in certificate is by calling safety
Service unit is supported to obtain the data outside the system(Such as current time).
4)Certificate and cipher key management services unit are according to the current time and corresponding certificate revocation list got, checking
Need whether the certificate that writes and its corresponding root ca certificate are not revoked before the deadline and, if so, then performing following handle
Process;If it is not, then terminate presently written process.
5)Whether the certificate that certificate and cipher key management services unit write according to root ca certificate checking needs is effective, if
It is then to perform following processing procedure;If it is not, then terminate presently written process.
6)The certificate for needing to write is stored in private security data memory cell by certificate and cipher key management services unit,
And the certificate is associated with private key being stored in key and sensitive data memory cell and corresponding with the certificate.
7)Implementing result is returned to and set by certificate and cipher key management services interface by certificate and cipher key management services unit
Standby certification and authoring system.
Illustrated below exemplified by writing certificate of registry, the ablation process of other equipment certificate is similar, herein not
Enumerate again, in the present embodiment, CA issues corresponding certificate of registry, and the registration that will be issued according to certificate of registry application request
Certificate ECert returns to device authentication and authoring system, the certificate and key that the device authentication and authoring system pass through the system
Management service interface initiates a certificate ablation process, and the process of the write-in certificate of registry is as follows:
1)Device authentication and authoring system are after the certificate of registry that CA is issued is received, certificate and key pipe to the system
Reason service interface is sent for letter of instruction book write request;
Wherein, the form of the write request is [AppID, AppPara], and AppID is application identities, for identifying the service
Request needs the security service operation called;AppPara is the input parameter letter needed for the processing procedure of security service operation
Breath;
Specifically, the application identities of the certificate and cipher key management services interface of the system in the service request received
AppID value, it is determined that the certificate writing module in certificate and cipher key management services unit is called, and by the service request
The input parameter AppPara of carrying value passes to the certificate writing module, wherein, the input parameter includes the note that CA is issued
Volume certificate ECert.
2)The input parameter that the parsing of certificate writing module receives, extracts certificate of registry, and according to the certificate of registry
Type obtains registration CA root certificates ERootCert and corresponding certificate revocation list CRL from publicly-owned safe data storage unit,
And device identification EquipmentID is obtained from key and sensitive data memory cell(Such as equipment Serial Number).
3)Certificate writing module calls safety to support the time-obtaining module in service unit to obtain current time Time.
4)Certificate writing module judges whether the ECert is to be presented to this car networking to set according to the device identification got
It is standby, and whether before the deadline the ECert and ERootCACert is verified according to the current time got, and checking should
Whether ECert and ERootCACert is in certificate revocation list CRL;
If the ECert and/or ERootCACert have failed or be revoked, the certificate ablation process is terminated;
If the ECert and ERootCACert are not revoked before the deadline and, the write-in of certificate is continued executing with
Journey.
5)Certificate writing module verifies whether ECert to be written is effective according to ERootCert;
If so, then perform the ablation process of certificate;
If it is not, then terminate presently written process.
6)ECert that certificate writing module is written into deposit private security data unit, and by the ECert and key and
Private key corresponding with the ECert associates in sensitive data memory cell.
7)Implementing result is returned to device authentication by certificate and cipher key management services interface and awarded by certificate writing module
Power system.
Embodiment three, ciphertext processing procedure, shown in Figure 6, the present embodiment specific implementation process is as follows:
1)Outside safety applications service system is sent for indicating the system to the safety applications service interface of the system
To specifying message to carry out the service request of ciphertext operation.
2)The service request that receives of safety applications service parsing, and according to corresponding to operating ciphertext arithmetic logic demand,
Respectively from publicly-owned safe data storage unit, private security data memory cell and/or key and sensitive data memory cell
Obtain corresponding data(Such as signing certificate, corresponding certificate revocation list, and device identification etc.).
3)The demand of safety applications service unit arithmetic logic according to corresponding to operating ciphertext, safety is called to support that service is single
Member is to obtain the data outside the system(Such as the current location information and current time information of car networking equipment).
4)Safety applications service unit to all data of acquisition according to ciphertext operate corresponding to arithmetic logic carry out it is corresponding
Processing(Such as whether checking certificate is not revoked before the deadline and).
5)Safety applications service unit sends safety operation request to safe computing unit(Such as information signature request).
6)The safety operation request that safe computing unit parsing receives, and obtained from key and sensitive data memory cell
Corresponding data and key(Such as signature private key).
7)Safe computing unit is carried out corresponding according to the specified message carried in the data got and safety operation request
Ciphertext operation(Such as data signature operation), and result is returned into safety applications service unit.
8)Safety applications service unit generates corresponding security service response according to the result received, and should
Response returns to the security service application system of outside by security service interface.
Below by specify message be digitally signed processing exemplified by illustrate, other ciphertext processing procedures with it is such
Seemingly, will not enumerate herein, in the present embodiment, the process of digital signature processing is as follows:
1)Safety applications service system is sent for indicating the system to specifying message to carry out to safety applications service interface
The service request of digital signature processing;
Wherein, the form of the service request is [AppID, AppPara], and wherein AppID is application identities, for identifying this
Service request needs the security service operation called;AppPara is the input parameter needed for the processing procedure of security service operation
Information;
Specifically, application identities AppID of the safety applications service interface of the system in the service request received
Value, it is determined that calling the information signature module in safety applications service unit, and input parameter AppPara value is passed to this
Information signature module.
2)The input parameter that the parsing of information signature module receives, the need of arithmetic logic according to corresponding to being handled digital signature
Ask, signing certificate Cert is obtained from private security data memory cell, obtained from publicly-owned safe data storage unit corresponding
Certificate revocation list CRL, and obtain device identification from key and sensitive data memory cell(Where such as car networking equipment
The mark VehicleID of vehicle).
3)Information signature module calls safety to support the position acquisition module in service unit to obtain current vehicle position
Location, safety is called to support the time-obtaining module in service unit to obtain current time Time.
4)Before the deadline whether information signature module, and check and be somebody's turn to do according to the current time got, checking Cert
Whether Cert is in certificate revocation list;
If the Cert is not revoked before the deadline and, the information signature process is continued executing with;
If the Cert has failed or has been revoked, the information signature process is terminated.
5)Information signature module sends signature operation request to safe computing unit;
Wherein, the form of signature operation request is [Op, KeyID, SObject], and Op is operation mark, and KeyID is close
Key identifies, and SObject is signature object(Specify message).
6)Safe computing unit determines that the operation is signature operation according to Op value, according to KeyID value from key and quick
The private key for signature is obtained in sense data storage cell.
7)Safe computing unit carries out signature operation to signed data SObject, and will sign according to the private key got
As a result information signature module is returned to.
8)Signature result is returned to outside security service application system by security service interface by information signature module.
Above method handling process can realize that the software program can be stored in storage medium with software program, when
When the software program of storage is called, above method step is performed.
Based on above-described embodiment, the embodiment of the present invention additionally provides a kind of side for the security mechanism for realizing car networking equipment
Method, it is shown in Figure 7, comprise the following steps:
Step 71, receive the solicited message related to the security mechanism of car networking equipment that external system is sent;
The solicited message that step 72, basis receive, it is determined that needing the security service operation and the security service called
Data needed for the processing procedure of operation, and the data determined using security service operation pair are handled accordingly;
Step 73, result returned into the external system.
Further, step 72 includes:
According to the application identities carried in the solicited message received, it is determined that security service corresponding with the application identities is grasped
Make;And
According to the input paramete information carried in the security service of determination operation and the solicited message, the safety clothes are determined
The data being engaged in needed for the processing procedure of operation.
As a kind of implementation, if solicited message is for believing specifying message to carry out the first request of ciphertext operation
Breath, the method for the embodiment of the present invention specifically include:
Receive the first solicited message that external system is sent;
According to first solicited message, determine that this security service operation operates for ciphertext, and needed for ciphertext operation
Public key certificate and need carry out ciphertext processing specified message;And according to the public key certificate, obtain corresponding to the public key certificate
First key pair;
Message is specified to carry out ciphertext processing this according to the private key of the first key centering;
The result of ciphertext processing is returned into external system.
Preferably, it is determined that after public key certificate needed for ciphertext operation, and before ciphertext processing is carried out, in addition to:
Certificate revocation list corresponding to the public key certificate is obtained from the secure data of itself storage, and from external system
Obtain for verifying the external information needed for the validity of the public key certificate;
According to certificate revocation list and external information is got, verify whether the public key certificate is not removed before the deadline and
Pin;And
After being verified, triggering carries out ciphertext processing.
As another implementation, if solicited message is to apply for the second request letter of request for indicating to Generate Certificate
Breath, the method for the embodiment of the present invention specifically include:
Receive the second solicited message that external system is sent;
According to second solicited message, this security service operation is determined as generation certificate request request, and determine to treat Shen
Please certificate attribute information and Generate Certificate application request process needed for device certificate;
Generate the second key pair corresponding to certificate to be applied and preserve, wherein second key is to including public key and private key;
Private key corresponding to the device certificate is obtained, and using private key corresponding to the device certificate to including certificate to be applied
The signing messages of public key carries out signature processing corresponding to attribute information and the certificate to be applied;
According to the signature processing result, certificate to be applied attribute information and the certificate to be applied corresponding to public key,
Generate corresponding certificate request request;And
The certificate request request of generation is returned into external system.
Preferably, it is determined that after the device certificate to Generate Certificate needed for application request process, and in the Shen that Generates Certificate
Before please asking, in addition to:
According to the device certificate of determination and the certificate to be applied, equipment card is obtained from the secure data of itself storage
Certificate revocation list corresponding to book, certificate revocation list corresponding to root certificate corresponding to certificate to be applied and the root certificate, and
Obtained from external system for verifying the outside letter needed for the validity of root certificate corresponding to the device certificate and certificate to be applied
Breath;
According to the external information and corresponding certificate revocation list got, separately verify the device certificate and this treats Shen
Please root certificate corresponding to certificate whether be not revoked before the deadline and;
After being verified, triggering, which Generates Certificate, applies for the process of request.
As another way of realization, if solicited message is the 3rd request of the certificate issued for writing authentication center CA
Information, the method for the embodiment of the present invention specifically include:
Receive the 3rd solicited message that external system is sent;
According to the 3rd solicited message, determine that this security service operation is issued for the write-in CA certificates issued and the CA
Certificate;
The private key of the certificate that the CA is issued cipher key pair corresponding with the certificate issued with the CA that itself is generated is carried out
Association process, and preserve the certificate after association process;And
Result is returned into external system.
Preferably, it is determined that after the certificate that CA is issued, and before the certificate that the CA is issued is preserved, in addition to:
The certificate issued according to the CA, certificate corresponding to the certificate that the CA is issued is obtained from the secure data of itself storage
Certificate revocation list corresponding to root certificate corresponding to the certificate that revocation list, the CA are issued and the root certificate, and be from outside
System obtains the external information needed for the validity for being used to verifying certificate that the CA issues and its corresponding root certificate;
According to get external information, corresponding certificate revocation list, verify corresponding to the certificate that the CA is issued that root is demonstrate,proved
Whether book is not revoked before the deadline and;
After being verified, the card issued according to external information, corresponding certificate revocation list and the CA for getting
Root certificate corresponding to book, verify the validity for the certificate that the CA is issued;
After being verified, triggering preserves the processing procedure for the certificate that the CA is issued.
It should be understood by those skilled in the art that, embodiments of the invention can be provided as method, system or computer program
Product.Therefore, the present invention can use the reality in terms of complete hardware embodiment, complete software embodiment or combination software and hardware
Apply the form of example.Moreover, the present invention can use the computer for wherein including computer usable program code in one or more
Usable storage medium(Including but not limited to magnetic disk storage, CD-ROM, optical memory etc.)The computer program production of upper implementation
The form of product.
The present invention is with reference to method according to embodiments of the present invention, equipment(System)And the flow of computer program product
Figure and/or block diagram describe.It should be understood that can be by every first-class in computer program instructions implementation process figure and/or block diagram
Journey and/or the flow in square frame and flow chart and/or block diagram and/or the combination of square frame.These computer programs can be provided
The processors of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce
A raw machine so that produced by the instruction of computer or the computing device of other programmable data processing devices for real
The device for the function of being specified in present one flow of flow chart or one square frame of multiple flows and/or block diagram or multiple square frames.
These computer program instructions, which may be alternatively stored in, can guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works so that the instruction being stored in the computer-readable memory, which produces, to be included referring to
Make the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one square frame of block diagram or
The function of being specified in multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that counted
Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented processing, so as in computer or
The instruction performed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one
The step of function of being specified in individual square frame or multiple square frames.
Although preferred embodiments of the present invention have been described, but those skilled in the art once know basic creation
Property concept, then can make other change and modification to these embodiments.So appended claims be intended to be construed to include it is excellent
Select embodiment and fall into having altered and changing for the scope of the invention.
Obviously, those skilled in the art can carry out the essence of various changes and modification without departing from the present invention to the present invention
God and scope.So, if these modifications and variations of the present invention belong to the scope of the claims in the present invention and its equivalent technologies
Within, then the present invention is also intended to comprising including these changes and modification.
Claims (15)
- A kind of 1. method for the security mechanism for realizing car networking equipment, it is characterised in that this method includes:Receive the solicited message related to the security mechanism of car networking equipment that external system is sent;According to the application identities carried in the solicited message received, it is determined that the security service for needing to call operates and according to true The input paramete information carried in fixed security service operation and the solicited message, determine the processing of the security service operation Data needed for process, and the data determined using security service operation pair are handled accordingly;Result is returned into the external system.
- 2. the method as described in claim 1, it is characterised in that if the solicited message is for specifying message to carry out ciphertext First solicited message of operation;Receive the first solicited message that external system is sent;According to first solicited message, determine that this security service operation operates for ciphertext, and needed for ciphertext operation Public key certificate and need carry out ciphertext processing specified message;And according to the public key certificate, obtain the public key certificate pair The first key pair answered;Ciphertext processing is carried out to the specified message according to the private key of the first key centering;The result of ciphertext processing is returned into the external system.
- 3. method as claimed in claim 2, it is characterised in that it is determined that the ciphertext operation needed for public key certificate after, And before ciphertext processing is carried out, in addition to:Certificate revocation list corresponding to the public key certificate is obtained from the secure data of itself storage, and is obtained from external system Take the external information needed for the validity in the checking public key certificate;According to certificate revocation list and external information is got, verify whether the public key certificate is not removed before the deadline and Pin;After being verified, triggering carries out ciphertext processing.
- 4. method as claimed in claim 2, it is characterised in that ciphertext processing including at least encryption, decryption processing, And digital signature and verification process.
- 5. the method as described in claim 1, it is characterised in that if the solicited message is to apply asking for indicating to Generate Certificate The second solicited message asked;Receive the second solicited message that external system is sent;According to second solicited message, this security service operation is determined as generation certificate request request, and determine to wait to apply The attribute information of certificate and the device certificate to Generate Certificate needed for application request process;Second key pair corresponding to certificate to be applied described in generation simultaneously preserves, wherein second key is to including public key and private Key;Private key corresponding to the device certificate is obtained, and using private key corresponding to the device certificate to including certificate to be applied The signing messages of public key carries out signature processing corresponding to attribute information and the certificate to be applied;Public key corresponding to result, the attribute information of certificate to be applied and the certificate to be applied handled according to the signature, Generate corresponding certificate request request;The certificate request request of generation is returned into the external system.
- 6. method as claimed in claim 5, it is characterised in that it is determined that the equipment to Generate Certificate needed for application request process After certificate, and before the application request that Generates Certificate, in addition to:According to the device certificate of determination and the certificate to be applied, the device certificate is obtained from the secure data of itself storage Corresponding certificate revocation list, certificate revocation list corresponding to root certificate corresponding to the certificate to be applied and the root certificate, with And obtained from external system for verifying needed for the validity of root certificate corresponding to the device certificate and the certificate to be applied External information;According to the external information and corresponding certificate revocation list got, separately verify the device certificate and described treat Shen Please root certificate corresponding to certificate whether be not revoked before the deadline and;After being verified, triggering, which Generates Certificate, applies for the process of request.
- 7. the method as described in claim 1, it is characterised in that if the solicited message is to be issued for writing authentication center CA Certificate the 3rd solicited message;Receive the 3rd solicited message that external system is sent;According to the 3rd solicited message, determine that this security service operation is issued for the write-in CA certificates issued and the CA Certificate;The private key of the certificate that the CA is issued cipher key pair corresponding with the certificate issued with the CA that itself is generated is carried out Association process, and preserve the certificate after association process;Result is returned into the external system.
- 8. method as claimed in claim 7, it is characterised in that it is determined that after the certificate that the CA is issued, and preserving institute Before stating the certificate that CA is issued, in addition to:The certificate issued according to the CA, certificate corresponding to the certificate that the CA is issued is obtained from the secure data of itself storage Certificate revocation list corresponding to root certificate corresponding to the certificate that revocation list, the CA are issued and the root certificate, and from outside System obtain for verify certificate that the CA issues and its corresponding root certificate validity needed for external information;According to get external information, corresponding certificate revocation list, verify root certificate corresponding to the certificate that the CA is issued Whether it is not revoked before the deadline and;After being verified, the certificate issued according to the external information, corresponding certificate revocation list and the CA that get Corresponding root certificate, verify the validity for the certificate that the CA is issued;After being verified, triggering preserves the processing procedure for the certificate that the CA is issued.
- 9. a kind of system for the security mechanism for realizing car networking equipment, it is characterised in that the system includes:Interface arrangement, the solicited message related to the security mechanism of car networking equipment that external system is sent is received, according to described Security service in the application apparatus that the application identities carried in solicited message determine to need to call operates, and the request is believed Breath is sent to the application apparatus, and the result received is returned into the external system;Application apparatus, for according to the input paramete information carried in the solicited message received, determining the security service behaviour Data needed for the processing procedure of work, and the data determined using security service operation pair are handled accordingly, and Result is returned into the interface arrangement;Storage device, for storing the security information related to the security mechanism of car networking equipment.
- 10. system as claimed in claim 9, it is characterised in that if the solicited message is for close to specifying message to carry out First solicited message of text operation;The interface arrangement is specifically used for:The first solicited message that external system is sent is received, according to first solicited message It is determined that the security service operation for needing to call operates for ciphertext, and first solicited message is sent to the application apparatus; And the ciphertext result of the application apparatus is returned into external system;The application apparatus is specifically used for:According to first solicited message, the public key certificate needed for the ciphertext operation is determined And need to carry out the specified message of ciphertext processing;And according to the public key certificate, the public key is obtained from the storage device First key pair corresponding to certificate;Ciphertext processing is carried out to the specified message according to the private key of the first key centering;With And the result of ciphertext processing is returned into the interface arrangement.
- 11. system as claimed in claim 10, it is characterised in that the application apparatus is additionally operable to:It is determined that after public key certificate needed for ciphertext operation, obtained from the storage device corresponding to the public key certificate Certificate revocation list, and from external system obtain for verify the public key certificate validity needed for external information;Root According to the external information got and the certificate revocation list got, verify the public key certificate whether before the deadline and not It is revoked;After being verified, ciphertext processing is carried out.
- 12. system as claimed in claim 9, it is characterised in that if the solicited message is for indicating the application that Generates Certificate Second solicited message of request;The interface arrangement is specifically used for:The second solicited message that external system is sent is received, according to second solicited message Asked it is determined that the security service for needing to call operates for generation certificate request, and second solicited message is sent to described answer Use device;And the certificate request request that the application apparatus generates is returned into external system;The application apparatus is specifically used for:According to second solicited message, it is determined that the attribute information of certificate to be applied and institute State the device certificate to Generate Certificate needed for application request process;Second key pair corresponding to certificate to be applied described in generation simultaneously will Second key is to being stored in the storage device, wherein second key is to including public key and private key;From the storage Device obtains private key corresponding to the device certificate, and using private key corresponding to the device certificate to including certificate to be applied The signing messages of public key carries out signature processing corresponding to attribute information and the certificate to be applied;And handled according to the signature Result, certificate to be applied attribute information and the certificate to be applied corresponding to public key, generate corresponding certificate request please Ask;And the certificate request request of generation is returned into the interface arrangement.
- 13. system as claimed in claim 12, it is characterised in that the application apparatus is additionally operable to:It is determined that after the device certificate to Generate Certificate needed for application request process, according to the device certificate of determination and described treat Apply for certificate, obtain certificate revocation list corresponding to the device certificate from the storage device, the certificate to be applied is corresponding Root certificate and the root certificate corresponding to certificate revocation list, and from external system obtain for verify the device certificate and External information needed for the validity of the root certificate got;Arranged according to the external information got and corresponding certificate revocation Table, separately verifies whether root certificate corresponding to the device certificate and the certificate to be applied is not revoked before the deadline and; After being verified, corresponding certificate request request is generated.
- 14. system as claimed in claim 9, it is characterised in that if the solicited message is to be issued for writing authentication center CA 3rd solicited message of the certificate of hair;The interface arrangement is specifically used for:The 3rd solicited message that external system is sent is received, according to the 3rd solicited message, It is determined that the certificate that the security service operation that needs call is issued for write-in CA, and the 3rd solicited message is sent to described answer Use device;And the result of the application apparatus is returned into external system;The application apparatus is specifically used for:According to the 3rd solicited message, the certificate that the CA is issued is determined;The CA is issued The private key of key pair that is that the certificate of hair generates with itself and being stored in the storage device is associated processing, and will association Certificate after processing is stored in the storage device.
- 15. system as claimed in claim 14, it is characterised in that the application apparatus is additionally operable to:In the certificate it is determined that after the certificate that the CA is issued, issued according to the CA, obtain the CA from storage device and issue Certificate corresponding to certificate revocation corresponding to root certificate corresponding to the certificate issued of certificate revocation list, the CA and the root certificate List, and obtained from external system needed for the validity for verifying certificate that the CA issues and its corresponding root certificate External information;According to get external information, corresponding certificate revocation list, verify root corresponding to the certificate that the CA is issued Whether certificate is not revoked before the deadline and;After being verified, according to get external information, corresponding certificate revocation Root certificate corresponding to the certificate that list and the CA are issued, verify the validity for the certificate that the CA is issued;It is being verified Afterwards, the CA certificates issued are stored in the storage device.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310077109.0A CN104053149B (en) | 2013-03-12 | 2013-03-12 | A kind of method and system for the security mechanism for realizing car networking equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310077109.0A CN104053149B (en) | 2013-03-12 | 2013-03-12 | A kind of method and system for the security mechanism for realizing car networking equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104053149A CN104053149A (en) | 2014-09-17 |
| CN104053149B true CN104053149B (en) | 2017-11-14 |
Family
ID=51505420
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310077109.0A Active CN104053149B (en) | 2013-03-12 | 2013-03-12 | A kind of method and system for the security mechanism for realizing car networking equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104053149B (en) |
Families Citing this family (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016209197A1 (en) * | 2015-06-24 | 2016-12-29 | Intel Corporation | ENHANCED PROXIMITY SERVICES (ProSe) PROTOCOLS FOR VEHICLE-TO-ANYTHING (V2X) COMMUNICATION |
| US20170295154A1 (en) * | 2016-04-07 | 2017-10-12 | Gogo Llc | Systems and methods for authenticating applications to on-board services |
| JP6756168B2 (en) * | 2016-06-28 | 2020-09-16 | 株式会社オートネットワーク技術研究所 | Communications system |
| CN108243005B (en) * | 2017-10-26 | 2021-07-20 | 招商银行股份有限公司 | Application registration verification method, participant management system, device and medium |
| CN107919955B (en) * | 2017-12-28 | 2021-02-26 | 北京奇虎科技有限公司 | Vehicle network security authentication method, system, vehicle, device and medium |
| CN109039654B (en) * | 2018-08-30 | 2021-08-10 | 深圳市元征科技股份有限公司 | TBOX identity authentication method and terminal equipment |
| CN109495498A (en) * | 2018-12-12 | 2019-03-19 | 北京车联天下信息技术有限公司 | The ca authentication method, apparatus and car networking information management system of vehicle arrangement |
| CN109783122A (en) * | 2019-01-29 | 2019-05-21 | 重庆邮电大学 | A kind of software security upgrade method and system based on V2X roadside device |
| US11088821B2 (en) * | 2019-03-25 | 2021-08-10 | Micron Technology, Inc. | Secure communication in a traffic control network |
| CN112929174B (en) * | 2019-12-06 | 2022-07-22 | 华为技术有限公司 | Certificate revocation list updating method and related equipment |
| CN113821248B (en) * | 2021-09-13 | 2022-10-04 | 阿波罗智联(北京)科技有限公司 | Service method of vehicle-end software, vehicle-end software and related equipment thereof |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1956376A (en) * | 2005-10-25 | 2007-05-02 | 中兴通讯股份有限公司 | Broadband access user authentication method |
| US20090316907A1 (en) * | 2008-06-19 | 2009-12-24 | International Business Machines Corporation | System and method for automated validation and execution of cryptographic key and certificate deployment and distribution |
| CN102571340A (en) * | 2010-12-23 | 2012-07-11 | 普天信息技术研究院有限公司 | Certificate authentication device as well as access method and certificate update method thereof |
| CN102624681A (en) * | 2011-01-30 | 2012-08-01 | 索尼公司 | Method and system for distributing copyrighted digital content in peer-to-peer network |
| CN102906755A (en) * | 2009-12-17 | 2013-01-30 | 桑迪士克科技股份有限公司 | Content control method using certificate revocation lists |
-
2013
- 2013-03-12 CN CN201310077109.0A patent/CN104053149B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1956376A (en) * | 2005-10-25 | 2007-05-02 | 中兴通讯股份有限公司 | Broadband access user authentication method |
| US20090316907A1 (en) * | 2008-06-19 | 2009-12-24 | International Business Machines Corporation | System and method for automated validation and execution of cryptographic key and certificate deployment and distribution |
| CN102906755A (en) * | 2009-12-17 | 2013-01-30 | 桑迪士克科技股份有限公司 | Content control method using certificate revocation lists |
| CN102571340A (en) * | 2010-12-23 | 2012-07-11 | 普天信息技术研究院有限公司 | Certificate authentication device as well as access method and certificate update method thereof |
| CN102624681A (en) * | 2011-01-30 | 2012-08-01 | 索尼公司 | Method and system for distributing copyrighted digital content in peer-to-peer network |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104053149A (en) | 2014-09-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104053149B (en) | A kind of method and system for the security mechanism for realizing car networking equipment | |
| CN104780141B (en) | Message Authentication acquisition methods and equipment in a kind of car networking system | |
| CN103986687B (en) | A kind of method, equipment and system for realizing the management of car networking device authorization | |
| CN103685138B (en) | The authentication method of the Android platform application software that mobile interchange is online and system | |
| CN103973760B (en) | A kind of application method of Message Authentication, equipment and system | |
| CN103905207B (en) | Method and system for unifying APK signature | |
| CN106850699A (en) | A kind of mobile terminal login authentication method and system | |
| CN110109443B (en) | Safe communication method and device for vehicle diagnosis, storage medium and equipment | |
| CN106452772B (en) | Terminal authentication method and device | |
| CN105577613B (en) | A kind of method of sending and receiving of key information, equipment and system | |
| KR101837338B1 (en) | Cloud-Assisted Conditional Privacy Preserving Authentication Method for VANET and System Therefor | |
| CN105246071A (en) | Message generation and authentication methods and equipment in Internet-of-vehicles system | |
| US20200235946A1 (en) | Security management system for vehicle communication, operating method thereof, and message-processing method of vehicle communication service provision system having the same | |
| CN109150535A (en) | A kind of identity identifying method, equipment, computer readable storage medium and device | |
| CN107835176A (en) | A kind of network authentication method and platform based on eID | |
| CN108650220A (en) | Provide, obtain method, the equipment of mobile terminal certificate and automobile end chip certificate | |
| CN106302544A (en) | A kind of safe verification method and system | |
| JP6131994B2 (en) | System and method for providing services using trustpoints | |
| CN109040285A (en) | Method, apparatus, storage medium and the vehicle of In-vehicle networking safety certification | |
| KR101429212B1 (en) | Method and apparatus for authenticating group driving of moving object | |
| Funderburg et al. | Pairing-free signatures with insider-attack resistance for vehicular ad-hoc networks (VANETs) | |
| CN116614814B (en) | X.509 certificate application method, device and medium based on V2X communication | |
| CN106027254A (en) | Secret key use method for identity card reading terminal in identity card authentication system | |
| de Ruiter et al. | A formal security analysis of ERTMS train to trackside protocols | |
| CN113765667A (en) | Anonymous certificate application method, device authentication method, device, apparatus and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |