CN109040285A - Method, apparatus, storage medium and the vehicle of In-vehicle networking safety certification - Google Patents

Method, apparatus, storage medium and the vehicle of In-vehicle networking safety certification Download PDF

Info

Publication number
CN109040285A
CN109040285A CN201810973749.2A CN201810973749A CN109040285A CN 109040285 A CN109040285 A CN 109040285A CN 201810973749 A CN201810973749 A CN 201810973749A CN 109040285 A CN109040285 A CN 109040285A
Authority
CN
China
Prior art keywords
communication unit
vehicular communication
certificate
vehicle
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810973749.2A
Other languages
Chinese (zh)
Other versions
CN109040285B (en
Inventor
郭丽丽
陈新
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BAIC Motor Co Ltd
Beijing Automotive Research Institute Co Ltd
Original Assignee
BAIC Motor Co Ltd
Beijing Automotive Research Institute Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BAIC Motor Co Ltd, Beijing Automotive Research Institute Co Ltd filed Critical BAIC Motor Co Ltd
Priority to CN201810973749.2A priority Critical patent/CN109040285B/en
Publication of CN109040285A publication Critical patent/CN109040285A/en
Application granted granted Critical
Publication of CN109040285B publication Critical patent/CN109040285B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates

Landscapes

  • Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

This disclosure relates to a kind of method, apparatus, storage medium and the vehicle of In-vehicle networking safety certification, when the first vehicular communication unit sends communication request to the second vehicular communication unit, the second authentication information that the first authentication information and second vehicular communication unit for receiving first vehicular communication unit transmission are sent;It authenticates whether first vehicular communication unit is authorization device according to default certification policy according to first authentication information, and certification policy is preset according to this according to second authentication information and authenticates whether second vehicular communication unit is authorization device;When first vehicular communication unit and second vehicular communication unit are all the authorization device, authentication pass information is sent to first vehicular communication unit and second vehicular communication unit respectively, so that first vehicular communication unit is communicated with second vehicular communication unit.

Description

Method, apparatus, storage medium and the vehicle of In-vehicle networking safety certification
Technical field
This disclosure relates to network safety filed, and in particular, to a kind of method, apparatus of In-vehicle networking safety certification is deposited Storage media and vehicle.
Background technique
With the popularization and application of vehicle-mounted Ethernet bus inside the vehicle, have the tendency that gradually replacing other buses greatly.Vehicle Ethernet is carried while offering convenience, many security risks is also introduced into, needs that corresponding scheme is taken to be protected, it is existing In technical solution, the certification in vehicle T-BOX module and cloud is only realized, is not implemented and the safety of interior each controller is recognized Card, when ((Advanced Driver Assistance Systems, advanced auxiliary drive system to such as ADAS to vehicular communication unit System), IVI (In-Vehicle Infotainment, vehicle-mounted information and entertainment system), OBD (On-Board Diagnostic, vehicle Carry diagnostic system) etc. devices) access In-vehicle networking when, vehicle can not identify whether the vehicular communication unit is that depot issues or awards The device of power is unfavorable for the communication security of In-vehicle networking.
Summary of the invention
To solve problems of the prior art, the disclosure provide a kind of In-vehicle networking safety certification method, apparatus, Storage medium and vehicle.
According to the first aspect of the embodiments of the present disclosure, a kind of method of In-vehicle networking safety certification is provided, is applied to vehicle-mounted Authentication center, the method includes receiving when the first vehicular communication unit sends communication request to the second vehicular communication unit The second certification that the first authentication information and second vehicular communication unit that first vehicular communication unit is sent are sent Information;Authenticate whether first vehicular communication unit is authorization dress according to default certification policy according to first authentication information It sets, and authenticates whether second vehicular communication unit is to award according to the default certification policy according to second authentication information Weigh device;When first vehicular communication unit and second vehicular communication unit are all the authorization device, respectively Authentication pass information is sent to first vehicular communication unit and second vehicular communication unit, so as to first vehicle Carried communication device is communicated with second vehicular communication unit.
Optionally, whether the default certification policy comprises determining that the corresponding digital certificate of authentication information by described vehicle-mounted Authentication center signs and issues;When determining that the digital certificate is signed and issued by the vehicle-mounted authentication center, determine that the digital certificate is corresponding Vehicular communication unit be the authorization device.
Optionally, in first authentication information and described second for receiving first vehicular communication unit and sending Before the second authentication information that vehicular communication unit is sent, the method also includes: determine whether to receive certificate issuance request; When determining that receiving the certificate issuance requests, requested according to default certificate issuing policy according to the certificate issuance to transmission The vehicular communication unit of the certificate issuance request signs and issues the digital certificate.
Optionally, the certificate issuance request includes the identification information of the vehicular communication unit, the default certificate label Hair strategy includes: that the identification information in certificate issuance request is sent to certificate server, so as to certification clothes Whether business device verifies the identification information effective;When the certificate server verifying identification information is effective, described in reception The certificate issuance instruction that certificate server is sent;According to certificate issuance instruction to the vehicle-mounted of transmission certificate issuance request Communication device signs and issues the digital certificate.
According to the second aspect of an embodiment of the present disclosure, a kind of device of In-vehicle networking safety certification is provided, is applied to vehicle-mounted Authentication center, described device include: receiving module, are led to for sending in the first vehicular communication unit to the second vehicular communication unit When letter request, the first authentication information and second vehicular communication unit that first vehicular communication unit is sent are received The second authentication information sent;Authentication module, described in being authenticated according to first authentication information according to default certification policy Whether the first vehicular communication unit is authorization device, and is authenticated according to second authentication information according to the default certification policy Whether second vehicular communication unit is authorization device;Sending module, in first vehicular communication unit and institute When to state the second vehicular communication unit all be the authorization device, respectively to first vehicular communication unit and second vehicle Carried communication device sends authentication pass information, so that first vehicular communication unit and second vehicular communication unit carry out Communication.
Optionally, whether the default certification policy comprises determining that the corresponding digital certificate of authentication information by described vehicle-mounted Authentication center signs and issues;When determining that the digital certificate is signed and issued by the vehicle-mounted authentication center, determine that the digital certificate is corresponding Vehicular communication unit be the authorization device.
Optionally, described device further include: determining module is used to determine whether to receive certificate issuance request;Certificate label Module is sent out, for being requested according to default certificate label according to the certificate issuance when determining that receiving the certificate issuance requests Hair strategy signs and issues the digital certificate to the vehicular communication unit for sending the certificate issuance request.
Optionally, the certificate issuance request includes the identification information of the vehicular communication unit, the default certificate label Hair strategy includes: that the identification information in certificate issuance request is sent to certificate server, so as to certification clothes Whether business device verifies the identification information effective;When the certificate server verifying identification information is effective, described in reception The certificate issuance instruction that certificate server is sent;According to certificate issuance instruction to the vehicle-mounted of transmission certificate issuance request Communication device signs and issues the digital certificate.
According to the third aspect of an embodiment of the present disclosure, a kind of computer readable storage medium is provided, calculating is stored thereon with Machine program, when which is executed by processor the step of realization disclosure first aspect the method.
According to a fourth aspect of embodiments of the present disclosure, a kind of vehicle is provided, including vehicle-mounted described in disclosure second aspect The device of network security certification.
Through the above technical solutions, when the first vehicular communication unit sends communication request to the second vehicular communication unit, The second certification that the first authentication information and second vehicular communication unit for receiving first vehicular communication unit transmission are sent Information;Authenticate whether first vehicular communication unit is authorization device according to default certification policy according to first authentication information, And certification policy is preset according to this according to second authentication information and authenticates whether second vehicular communication unit is authorization device;? When first vehicular communication unit and second vehicular communication unit are all the authorization device, respectively to first vehicle-carrying communication Device and second vehicular communication unit send authentication pass information, so that first vehicular communication unit is second vehicle-mounted with this Communication device is communicated, in this way, can be identified by the vehicle-mounted authentication center when vehicular communication unit accesses In-vehicle networking Whether the vehicular communication unit is the device authorized, so that it is vehicle-mounted effectively to contain that uncommitted illegal communication device accesses this Network improves the communication security of In-vehicle networking.
Other feature and advantage of the disclosure will the following detailed description will be given in the detailed implementation section.
Detailed description of the invention
Attached drawing is and to constitute part of specification for providing further understanding of the disclosure, with following tool Body embodiment is used to explain the disclosure together, but does not constitute the limitation to the disclosure.In the accompanying drawings:
Fig. 1 is a kind of structural block diagram of In-vehicle networking security certification system shown according to an exemplary embodiment;
Fig. 2 is the flow chart of the first In-vehicle networking safety certifying method shown according to an exemplary embodiment;
Fig. 3 is the flow chart of second of In-vehicle networking safety certifying method shown according to an exemplary embodiment;
Fig. 4 is the block diagram of the first In-vehicle networking safety certification device shown according to an exemplary embodiment;
Fig. 5 is the block diagram of second of In-vehicle networking safety certification device shown according to an exemplary embodiment.
Specific embodiment
It is described in detail below in conjunction with specific embodiment of the attached drawing to the disclosure.It should be understood that this place is retouched The specific embodiment stated is only used for describing and explaining the disclosure, is not limited to the disclosure.
To solve problems of the prior art, the disclosure provide a kind of In-vehicle networking safety certification method, apparatus, Storage medium and vehicle, the disclosure can be applied in a kind of In-vehicle networking security certification system.
The In-vehicle networking security certification system is illustrated first, as shown in Figure 1, the system includes vehicle-mounted authentication center 101, the first vehicular communication unit 102 and the second vehicular communication unit 103 being connect respectively with the vehicle-mounted authentication center 101, First vehicular communication unit 102 is connected with second vehicular communication unit 103, wherein the vehicle-mounted authentication center 101 is for recognizing Demonstrate,prove whether first vehicular communication unit 102 and second vehicular communication unit 103 are authorization device, and authenticate this When one vehicular communication unit 102 and second vehicular communication unit 103 are the authorization device, to first vehicular communication unit 102 and second vehicular communication unit 103 send certification by message, so as to first vehicular communication unit 102 and this Two vehicular communication units 103 are communicated, which may include the device for initiating communication request, should Second vehicular communication unit 103 may include the device for responding the communication request.
Further, which may include information exchange component 1011 (such as Ethernet switching chip) And the vehicle-mounted certified component 1012 connecting with the information exchange component 1011, the vehicle-mounted certified component 1012 include MCU (Micro Controller Unit, micro-control unit) 10121 and the HSM (Hardware being connect with the MCU10121 Security Modules, hardware security module) 10122;First vehicular communication unit 102 include MCU1021 and with this The HSM1022 of MCU1021 connection;Second vehicular communication unit 103 includes MCU1031 and connect with the MCU1031 HSM1032。
Wherein, the HSM in the In-vehicle networking security certification system can safely manage, handle and save communication key, Protection is provided to execute important code safely.
The method for the In-vehicle networking safety certification that the disclosure provides is applied in above-mentioned In-vehicle networking security certification system Vehicle-mounted authentication center 101 in, specifically, the first vehicular communication unit 102 to the second vehicular communication unit 103 send communicate When request, the vehicle-mounted authentication center 101 receive the first authentication information that first vehicular communication unit 102 is sent and this second The second authentication information that vehicular communication unit 103 is sent, according to first authentication information according to default certification policy authenticate this Whether one vehicular communication unit 102 is authorization device, and presetting certification policy certification according to this according to second authentication information should Whether the second vehicular communication unit 103 is authorization device;It is filled in first vehicular communication unit 102 and second vehicle-carrying communication Set 103 all for the authorization device when, sent out respectively to first vehicular communication unit 102 and second vehicular communication unit 103 Authentication pass information is sent, so that first vehicular communication unit 102 is communicated with second vehicular communication unit 103, in this way, When vehicular communication unit accesses In-vehicle networking, whether which can be identified by the vehicle-mounted authentication center 101 It is the device authorized, to effectively contain that uncommitted illegal communication device accesses the In-vehicle networking, improves In-vehicle networking Communication security.
The specific embodiment of the disclosure is described in detail with reference to the accompanying drawing.
Fig. 2 is a kind of flow chart of the method for In-vehicle networking safety certification shown according to an exemplary embodiment, the party Method is applied to vehicle-mounted authentication center, as shown in Fig. 2, method includes the following steps:
In step 201, when the first vehicular communication unit sends communication request to the second vehicular communication unit, receiving should The second authentication information that the first authentication information and second vehicular communication unit that first vehicular communication unit is sent are sent.
Wherein, which may include It is any one in the car-mounted devices such as advanced DAS (Driver Assistant System) ADAS, vehicle-mounted information and entertainment system IVI, onboard diagnostic system OBD A device, first vehicular communication unit may include the device for initiating communication request, which can wrap The device for responding the communication request is included, for example, first vehicular communication unit is when ADAS sends communication request to IVI ADAS, which is IVI, which can With include the vehicular communication unit digital certificate certificate information, which can be the mark of the vehicular communication unit Information, public key information etc..
Since digital certificate is the network security certification mode for ensureing that one kind of communication security is more common, in one kind In preferred embodiment, the legitimacy of the vehicular communication unit is verified by verifying the digital certificate of vehicular communication unit, That is, the vehicular communication unit will be oneself one digital certificate of application before being communicated, in the disclosure, The digital certificate is generated and is signed and issued to by the vehicle-mounted authentication center when the vehicular communication unit accesses the In-vehicle networking for the first time The vehicular communication unit.
Receiving the first authentication information and second vehicular communication unit transmission that first vehicular communication unit is sent The second authentication information before, this method further include: determine whether to receive certificate issuance request;The certificate is received in determination When signing and issuing request, led to according to default certificate issuing policy to the vehicle-mounted of certificate issuance request is sent according to certificate issuance request T unit signs and issues the digital certificate.
Wherein, certificate issuance request may include identification information (such as vehicular communication unit of the vehicular communication unit MAC code, the information such as VIN code), which may include: by the mark letter in certificate issuance request Breath is sent to certificate server, so that whether verify the identification information effective for the certificate server;It is verified in the certificate server When the identification information is effective, the certificate issuance instruction of certificate server transmission is received;It is instructed according to the certificate issuance to transmission The vehicular communication unit of certificate issuance request signs and issues the digital certificate.
In step 202, which is authenticated according to default certification policy according to first authentication information Whether it is authorization device, and certification policy according to this preset according to second authentication information authenticates second vehicular communication unit and be No is authorization device.
Wherein, which may include: whether the corresponding digital certificate of determining authentication information vehicle-mounted is recognized by this It signs and issues at card center;When determining that the digital certificate is signed and issued by the vehicle-mounted authentication center, determine that the digital certificate is corresponding vehicle-mounted logical T unit is authorization device.
It in step 203, is all the authorization device in first vehicular communication unit and second vehicular communication unit When, send authentication pass information to first vehicular communication unit and second vehicular communication unit respectively, so as to this first Vehicular communication unit is communicated with second vehicular communication unit.
It should be noted that the vehicle-mounted authentication center can also realize that the function of In-vehicle networking firewall specifically works as vehicle It, can the level-one digital certificate (level-one number based on the vehicle-mounted authentication center before the visiting from outside In-vehicle networking Certificate can be signed and issued by cloud authentication center) realize two-way authentication between cloud server, and safety chain is established, thus The security isolation of vehicle outer net and in-vehicle network is realized, has further ensured the communication security of In-vehicle networking.
It can identify that the vehicular communication unit is when the vehicular communication unit accesses In-vehicle networking using the above method No is the device authorized, to effectively contain uncommitted illegality equipment access In-vehicle networking, improves the logical of In-vehicle networking Letter safety.
Fig. 3 is a kind of flow chart of the method for In-vehicle networking safety certification shown according to an exemplary embodiment, the party Method is applied to vehicle-mounted authentication center, as shown in figure 3, method includes the following steps:
In step 301, it is determined whether receive the certificate issuance request of vehicular communication unit transmission, which asks Seek the identification information including the vehicular communication unit.
Wherein, which includes the first vehicular communication unit and/or the second vehicular communication unit, specifically, First vehicular communication unit or second vehicular communication unit may include advanced DAS (Driver Assistant System) ADAS, on-vehicle information Any one device in the car-mounted devices such as entertainment systems IVI, onboard diagnostic system OBD, first vehicular communication unit can be with Device including initiating communication request, which may include the device for responding the communication request, for example, working as When ADAS sends communication request to IVI, which is ADAS, which is IVI, The identification information may include the information such as the MAC code of the vehicular communication unit, VIN code.
Since digital certificate is the network security certification mode for ensureing that one kind of communication security is more common, in one kind In preferred embodiment, the legitimacy of the vehicular communication unit is verified by verifying the digital certificate of vehicular communication unit, That is, the vehicular communication unit will be oneself one digital certificate of application before being communicated, in the disclosure, The digital certificate is generated and is signed and issued to by the vehicle-mounted authentication center when the vehicular communication unit accesses the In-vehicle networking for the first time The vehicular communication unit.
In addition, the vehicular communication unit is when receiving the digital certificate that the vehicle-mounted authentication center signs and issues, it can be by the number Certificate is written in the safety chip of the vehicular communication unit, therefore, when the vehicular communication unit determines the vehicular communication unit When the digital certificate not being written in safety chip, it can determine that the vehicular communication unit is not applied to the vehicle-mounted authentication center also The digital certificate, at this point, the vehicle-mounted authentication center receives the certificate issuance request of vehicular communication unit transmission.
When determining that receiving the certificate issuance requests, step 302 is executed to 306;
When being not received by certificate issuance request, step 305 is executed to 306.
In step 302, the identification information in certificate issuance request is sent to certificate server, so as to the certification Whether the server authentication identification information is effective.
Illustratively, it is illustrated so that the identification information is the VIN code of the vehicular communication unit as an example, the vehicle-mounted authentication center The VIN code of the vehicular communication unit received is sent to certificate server, is previously stored in the certificate server The mark that the vehicular communication unit passed through is authenticated on the certificate server, when the certificate server finds this in the database When VIN code, the VIN code can be determined effectively, above-mentioned example is merely illustrative, and the disclosure is not construed as limiting this.
In step 303, the certificate server verify the identification information it is effective when, receive the certificate server transmission Certificate issuance instruction.
In step 304, it is instructed according to the certificate issuance and the vehicular communication unit for sending certificate issuance request is signed and issued The digital certificate.
Illustratively, it is illustrated so that first vehicular communication unit applies for digital certificate to the vehicle-mounted authentication center as an example, First vehicular communication unit sends certificate issuance request to the vehicle-mounted authentication center, certificate issuance request may include this The identification information of one vehicular communication unit and the public key information generated by first vehicular communication unit, the vehicle-mounted authentication center The identification information in certificate issuance request is sent to certificate server, which is receiving certification clothes When business device is instructed according to the certificate issuance that the identification information is sent, to first vehicular communication unit in certificate issuance request Public key information sign, to generate certificate, and the certificate of generation is sent to first vehicular communication unit, to complete To the certificate issuance of first vehicular communication unit, above-mentioned example is merely illustrative, and the disclosure is not construed as limiting this.
In step 305, it receives the first authentication information of first vehicular communication unit transmission and this is second vehicle-mounted logical The second authentication information that T unit is sent.
Wherein, which may include vehicle-carrying communication dress The certificate information for the digital certificate set, the certificate information can be the identification information of the vehicular communication unit, public key information etc..
Within step 306, which is authenticated according to default certification policy according to first authentication information Whether it is authorization device, and certification policy according to this preset according to second authentication information authenticates second vehicular communication unit and be No is authorization device.
Wherein, which may include applying in the vehicle-mounted authentication center and being signed and issued the dress of digital certificate It sets.
Due to including the information such as certificate holder, certificate issuance mechanism, public key, signature algorithm in digital certificate, In a kind of preferred embodiment, which may include: can be true according to the certificate information in the digital certificate Determine whether the corresponding digital certificate of authentication information is signed and issued by the vehicle-mounted authentication center;Determining the digital certificate by the vehicle-mounted certification When center is signed and issued, determine that the corresponding vehicular communication unit of the digital certificate is authorization device.
When first vehicular communication unit and second vehicular communication unit are all the authorization device, step is executed 307;
When in first vehicular communication unit and second vehicular communication unit, at least one is not the authorization device, Execute step 308.
In step 307, certification is sent to first vehicular communication unit and second vehicular communication unit respectively to lead to Cross information.
After executing this step, first vehicular communication unit and the second vehicular communication unit mutual authentication pass through, At this point it is possible to establish safety chain, securely communicate, specific secure communication process belongs to the prior art, and the disclosure is to this It does not repeat them here.
In step 308, certification is sent to vehicular communication unit do not pass through message.
It illustratively, in the digital certificate that the vehicle-mounted authentication center authenticates first vehicular communication unit vehicle-mounted is recognized by this When card center is signed and issued, it can determine that first vehicular communication unit is the unauthorized device of the In-vehicle networking, at this point, in order to ensure It is unsanctioned can to send first vehicular communication unit certification to second vehicular communication unit for the communication security of In-vehicle networking Notification information, so that second vehicular communication unit can disconnect the communication connection with first vehicular communication unit, to protect The communication security of In-vehicle networking is hindered.
It should be noted that the vehicle-mounted authentication center can also realize that the function of In-vehicle networking firewall specifically works as vehicle It, can the level-one digital certificate (level-one number based on the vehicle-mounted authentication center before the visiting from outside In-vehicle networking Certificate can be signed and issued by cloud authentication center) realize two-way authentication between cloud server, and safety chain is established, thus The security isolation of vehicle outer net and in-vehicle network is realized, has further ensured the communication security of In-vehicle networking.
It can identify that the vehicular communication unit is when the vehicular communication unit accesses In-vehicle networking using the above method No is the device authorized, to effectively contain uncommitted illegality equipment access In-vehicle networking, improves the logical of In-vehicle networking Letter safety.
Fig. 4 is a kind of block diagram of In-vehicle networking safety certification device shown according to an exemplary embodiment, is applied to vehicle Authentication center is carried, as shown in figure 4, the device includes:
Receiving module 401, for connecing when the first vehicular communication unit sends communication request to the second vehicular communication unit The second certification letter that the first authentication information and second vehicular communication unit for receiving first vehicular communication unit transmission are sent Breath;
Authentication module 402, for authenticating first vehicle-carrying communication according to default certification policy according to first authentication information Whether device is authorization device, and presets certification policy according to this according to second authentication information and authenticate second vehicle-carrying communication dress Whether set is authorization device;
Sending module 403, for being all the authorization in first vehicular communication unit and second vehicular communication unit When device, authentication pass information is sent to first vehicular communication unit and second vehicular communication unit respectively, so as to this First vehicular communication unit is communicated with second vehicular communication unit.
Optionally, which may include: whether the corresponding digital certificate of determining authentication information is vehicle-mounted by this Authentication center signs and issues;When determining that the digital certificate is signed and issued by the vehicle-mounted authentication center, determine that the digital certificate is corresponding vehicle-mounted Communication device is authorization device.
Optionally, Fig. 5 is the block diagram for implementing a kind of In-vehicle networking safety certification device exemplified according to Fig.4, should Device further include:
Determining module 404 is used to determine whether to receive certificate issuance request;
Certificate issuance module 405, for being pressed according to certificate issuance request when determining that receiving the certificate issuance requests The digital certificate is signed and issued to the vehicular communication unit for sending certificate issuance request according to default certificate issuing policy.
Optionally, certificate issuance request includes the identification information of the vehicular communication unit, the default certificate issuing policy It include: that the identification information in certificate issuance request is sent to certificate server, so that the certificate server verifies the mark Whether effective know information;The certificate server verify the identification information it is effective when, receive the certificate server transmission certificate Sign and issue instruction;The digital certificate is signed and issued to the vehicular communication unit for sending certificate issuance request according to certificate issuance instruction.
About the device in above-described embodiment, wherein modules execute the concrete mode of operation in related this method Embodiment in be described in detail, no detailed explanation will be given here.
It can identify that the vehicular communication unit is when the vehicular communication unit accesses In-vehicle networking using above-mentioned apparatus No is the device authorized, to effectively contain uncommitted illegality equipment access In-vehicle networking, improves the logical of In-vehicle networking Letter safety.
The disclosure also provides a kind of computer readable storage medium, is stored thereon with computer program, and the program is processed Step in the In-vehicle networking safety certifying method of disclosure offer is provided when device executes.
The disclosure also provides a kind of vehicle, including above-mentioned In-vehicle networking safety certification device.
The preferred embodiment of the disclosure is described in detail in conjunction with attached drawing above, still, the disclosure is not limited to above-mentioned reality The detail in mode is applied, in the range of the technology design of the disclosure, a variety of letters can be carried out to the technical solution of the disclosure Monotropic type, these simple variants belong to the protection scope of the disclosure.
It is further to note that specific technical features described in the above specific embodiments, in not lance In the case where shield, can be combined in any appropriate way, in order to avoid unnecessary repetition, the disclosure to it is various can No further explanation will be given for the combination of energy.
In addition, any combination can also be carried out between a variety of different embodiments of the disclosure, as long as it is without prejudice to originally Disclosed thought equally should be considered as disclosure disclosure of that.

Claims (10)

1. a kind of method of In-vehicle networking safety certification, which is characterized in that be applied to vehicle-mounted authentication center, which comprises
When the first vehicular communication unit sends communication request to the second vehicular communication unit, the first vehicle-carrying communication dress is received The second authentication information that the first authentication information and second vehicular communication unit for setting transmission are sent;
Authenticate whether first vehicular communication unit is authorization dress according to default certification policy according to first authentication information It sets, and authenticates whether second vehicular communication unit is to award according to the default certification policy according to second authentication information Weigh device;
When first vehicular communication unit and second vehicular communication unit are all the authorization device, respectively to institute It states the first vehicular communication unit and second vehicular communication unit and sends authentication pass information, so as to described first vehicle-mounted logical T unit is communicated with second vehicular communication unit.
2. the method according to claim 1, wherein the default certification policy includes:
Determine whether the corresponding digital certificate of authentication information is signed and issued by the vehicle-mounted authentication center;
When determining that the digital certificate is signed and issued by the vehicle-mounted authentication center, the corresponding vehicle-carrying communication of the digital certificate is determined Device is the authorization device.
3. according to the method described in claim 2, it is characterized in that, receiving what first vehicular communication unit was sent described Before the second authentication information that first authentication information and second vehicular communication unit are sent, the method also includes:
Determine whether to receive certificate issuance request;
When determining that receiving the certificate issuance requests, requested according to the certificate issuance according to default certificate issuing policy pair The vehicular communication unit for sending the certificate issuance request signs and issues the digital certificate.
4. according to the method described in claim 3, it is characterized in that, certificate issuance request includes the vehicular communication unit Identification information, the default certificate issuing policy includes:
The identification information in certificate issuance request is sent to certificate server, so as to certificate server verifying Whether the identification information is effective;
When the certificate server verifying identification information is effective, receives the certificate issuance that the certificate server is sent and refer to It enables;
The digital certificate is signed and issued to the vehicular communication unit for sending the certificate issuance request according to certificate issuance instruction.
5. a kind of device of In-vehicle networking safety certification, which is characterized in that be applied to vehicle-mounted authentication center, described device includes:
Receiving module is used for when the first vehicular communication unit sends communication request to the second vehicular communication unit, described in reception The second certification letter that the first authentication information and second vehicular communication unit that first vehicular communication unit is sent are sent Breath;
Authentication module, for authenticating first vehicular communication unit according to default certification policy according to first authentication information Whether it is authorization device, and second vehicle-carrying communication is authenticated according to the default certification policy according to second authentication information Whether device is authorization device;
Sending module, for being all the authorization dress in first vehicular communication unit and second vehicular communication unit When setting, authentication pass information is sent to first vehicular communication unit and second vehicular communication unit respectively, so as to First vehicular communication unit is communicated with second vehicular communication unit.
6. device according to claim 5, which is characterized in that the default certification policy includes:
Determine whether the corresponding digital certificate of authentication information is signed and issued by the vehicle-mounted authentication center;
When determining that the digital certificate is signed and issued by the vehicle-mounted authentication center, the corresponding vehicle-carrying communication of the digital certificate is determined Device is the authorization device.
7. device according to claim 6, which is characterized in that described device further include:
Determining module is used to determine whether to receive certificate issuance request;
Certificate issuance module, for determine receive the certificate issuance request when, according to the certificate issuance request according to Default certificate issuing policy signs and issues the digital certificate to the vehicular communication unit for sending the certificate issuance request.
8. device according to claim 7, which is characterized in that the certificate issuance request includes the vehicular communication unit Identification information, the default certificate issuing policy includes:
The identification information in certificate issuance request is sent to certificate server, so as to certificate server verifying Whether the identification information is effective;
When the certificate server verifying identification information is effective, receives the certificate issuance that the certificate server is sent and refer to It enables;
The digital certificate is signed and issued to the vehicular communication unit for sending the certificate issuance request according to certificate issuance instruction.
9. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the program is held by processor The step of any one of claim 1-4 the method is realized when row.
10. a kind of vehicle, which is characterized in that the dress including In-vehicle networking safety certification described in any one of claim 5 to 8 It sets.
CN201810973749.2A 2018-08-24 2018-08-24 Method and device for safety authentication of vehicle-mounted network, storage medium and vehicle Active CN109040285B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810973749.2A CN109040285B (en) 2018-08-24 2018-08-24 Method and device for safety authentication of vehicle-mounted network, storage medium and vehicle

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810973749.2A CN109040285B (en) 2018-08-24 2018-08-24 Method and device for safety authentication of vehicle-mounted network, storage medium and vehicle

Publications (2)

Publication Number Publication Date
CN109040285A true CN109040285A (en) 2018-12-18
CN109040285B CN109040285B (en) 2023-06-20

Family

ID=64628366

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810973749.2A Active CN109040285B (en) 2018-08-24 2018-08-24 Method and device for safety authentication of vehicle-mounted network, storage medium and vehicle

Country Status (1)

Country Link
CN (1) CN109040285B (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109743334A (en) * 2019-02-28 2019-05-10 浙江众泰汽车制造有限公司 A kind of T-BOX encryption system and method
CN110366176A (en) * 2019-06-20 2019-10-22 北京邮电大学 A kind of cryptographic key negotiation method of vehicular ad hoc network
CN111917685A (en) * 2019-05-07 2020-11-10 华为技术有限公司 Method for applying for digital certificate
CN112398810A (en) * 2020-10-16 2021-02-23 郑州信大捷安信息技术股份有限公司 Identity authentication system and method of OBD (on-Board diagnostics) equipment
CN113093560A (en) * 2021-02-23 2021-07-09 美的集团股份有限公司 Man-machine interaction method and device for household appliance
CN113271543A (en) * 2021-05-14 2021-08-17 阿波罗智联(北京)科技有限公司 Vehicle communication method and device and electronic equipment
WO2021179894A1 (en) * 2020-03-12 2021-09-16 华为技术有限公司 Certificate switching method and apparatus
CN113727297A (en) * 2020-05-11 2021-11-30 上汽通用汽车有限公司 Vehicle-connected secure access method and system

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040003229A1 (en) * 2002-06-28 2004-01-01 Jurgen Reinold Method and system for vehicle authentication of another vehicle
JP2009086965A (en) * 2007-09-28 2009-04-23 Denso Corp On-vehicle device and mobile terminal
CN102118248A (en) * 2009-12-31 2011-07-06 厦门雅迅网络股份有限公司 Method for implementing device identification based on communication authentication
WO2011148744A1 (en) * 2010-05-24 2011-12-01 ルネサスエレクトロニクス株式会社 Communication system, vehicle-mounted terminal, roadside device
DE102012204842A1 (en) * 2011-04-01 2012-10-04 Ford Global Technologies, Llc Methods and systems for authenticating one or more users of a vehicle communication and information system
CN105763558A (en) * 2016-01-20 2016-07-13 华东师范大学 Distributed aggregation authentication method having privacy protection function for vehicle-mounted self-organizing network
WO2016198241A1 (en) * 2015-06-11 2016-12-15 Siemens Aktiengesellschaft Authorization apparatus and method for an authorized issuing of an authentication token for a device
CN106789061A (en) * 2016-11-18 2017-05-31 中车株洲电力机车有限公司 The floating engineering detecting car data transmission method of magnetic, device and the floating engineering detecting car of magnetic
CN106953796A (en) * 2017-04-13 2017-07-14 北京汽车集团有限公司 Security gateway, data processing method, device, vehicle network topology and vehicle

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040003229A1 (en) * 2002-06-28 2004-01-01 Jurgen Reinold Method and system for vehicle authentication of another vehicle
JP2009086965A (en) * 2007-09-28 2009-04-23 Denso Corp On-vehicle device and mobile terminal
CN102118248A (en) * 2009-12-31 2011-07-06 厦门雅迅网络股份有限公司 Method for implementing device identification based on communication authentication
WO2011148744A1 (en) * 2010-05-24 2011-12-01 ルネサスエレクトロニクス株式会社 Communication system, vehicle-mounted terminal, roadside device
DE102012204842A1 (en) * 2011-04-01 2012-10-04 Ford Global Technologies, Llc Methods and systems for authenticating one or more users of a vehicle communication and information system
WO2016198241A1 (en) * 2015-06-11 2016-12-15 Siemens Aktiengesellschaft Authorization apparatus and method for an authorized issuing of an authentication token for a device
CN105763558A (en) * 2016-01-20 2016-07-13 华东师范大学 Distributed aggregation authentication method having privacy protection function for vehicle-mounted self-organizing network
CN106789061A (en) * 2016-11-18 2017-05-31 中车株洲电力机车有限公司 The floating engineering detecting car data transmission method of magnetic, device and the floating engineering detecting car of magnetic
CN106953796A (en) * 2017-04-13 2017-07-14 北京汽车集团有限公司 Security gateway, data processing method, device, vehicle network topology and vehicle

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109743334A (en) * 2019-02-28 2019-05-10 浙江众泰汽车制造有限公司 A kind of T-BOX encryption system and method
CN111917685A (en) * 2019-05-07 2020-11-10 华为技术有限公司 Method for applying for digital certificate
CN111917685B (en) * 2019-05-07 2022-05-31 华为云计算技术有限公司 Method for applying for digital certificate
US11888993B2 (en) 2019-05-07 2024-01-30 Huawei Cloud Computing Technologies Co., Ltd. Digital certificate application method
CN110366176A (en) * 2019-06-20 2019-10-22 北京邮电大学 A kind of cryptographic key negotiation method of vehicular ad hoc network
WO2021179894A1 (en) * 2020-03-12 2021-09-16 华为技术有限公司 Certificate switching method and apparatus
CN113727297A (en) * 2020-05-11 2021-11-30 上汽通用汽车有限公司 Vehicle-connected secure access method and system
CN112398810A (en) * 2020-10-16 2021-02-23 郑州信大捷安信息技术股份有限公司 Identity authentication system and method of OBD (on-Board diagnostics) equipment
CN112398810B (en) * 2020-10-16 2022-03-25 郑州信大捷安信息技术股份有限公司 Identity authentication system and method of OBD (on-Board diagnostics) equipment
CN113093560A (en) * 2021-02-23 2021-07-09 美的集团股份有限公司 Man-machine interaction method and device for household appliance
CN113271543A (en) * 2021-05-14 2021-08-17 阿波罗智联(北京)科技有限公司 Vehicle communication method and device and electronic equipment
CN113271543B (en) * 2021-05-14 2023-04-07 阿波罗智联(北京)科技有限公司 Vehicle communication method and device and electronic equipment

Also Published As

Publication number Publication date
CN109040285B (en) 2023-06-20

Similar Documents

Publication Publication Date Title
CN109040285A (en) Method, apparatus, storage medium and the vehicle of In-vehicle networking safety certification
CN106101111B (en) Vehicle electronics safe communication system and communication means
US8499154B2 (en) System and method for establishing a secure connection with a mobile device
US9800413B2 (en) System and method for performing an asymmetric key exchange between a vehicle and a remote device
CN109005538B (en) Message authentication method between unmanned vehicle and multi-mobile-edge computing server
CN105792201A (en) Method and system for issuing CSR certificate for vehicle-to-anything communication
US9077542B2 (en) System and method for confirming that a user of an electronic device is an authorized user of a vehicle
WO2014121708A2 (en) Message certification application method, device, and system
CN105635147A (en) Vehicle-mounted-special-equipment-system-based secure data transmission method and system
CN107040379B (en) Method for authentication by a controller of a vehicle
CN104765357A (en) Authorization system and method for vehicle remote diagnosis
CN110289967A (en) Communication authentication method, device and vehicle
CN109379403B (en) Control method and device of Internet of things equipment, server and terminal equipment
CN109314645A (en) Data providing system, data protecting device, data offering method and computer program
WO2018108293A1 (en) Methods, devices and vehicles for authenticating a vehicle during a cooperative maneuver
CN111968256A (en) Electronic tag anti-dismounting method and device, vehicle and storage medium
US20180034806A1 (en) Method for providing an authenticated connection between at least two communication partners
Škorput et al. Cyber security in cooperative intelligent transportation systems
CN208956085U (en) In-vehicle networking security certification system and vehicle
CN113268046B (en) Diagnosis networking safety unlocking implementation system under AUTOSAR framework
CN112398810B (en) Identity authentication system and method of OBD (on-Board diagnostics) equipment
CN110417798A (en) The communication means and device of terminal device and vehicle device
CN108718309B (en) Vehicle identity authentication method and device
CN105656884A (en) Automobile bus security control device based on security elements and control method thereof
CN109743283A (en) A kind of information transferring method and equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant