CN109040285A - Method, apparatus, storage medium and the vehicle of In-vehicle networking safety certification - Google Patents
Method, apparatus, storage medium and the vehicle of In-vehicle networking safety certification Download PDFInfo
- Publication number
- CN109040285A CN109040285A CN201810973749.2A CN201810973749A CN109040285A CN 109040285 A CN109040285 A CN 109040285A CN 201810973749 A CN201810973749 A CN 201810973749A CN 109040285 A CN109040285 A CN 109040285A
- Authority
- CN
- China
- Prior art keywords
- communication unit
- vehicular communication
- certificate
- vehicle
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
Landscapes
- Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
This disclosure relates to a kind of method, apparatus, storage medium and the vehicle of In-vehicle networking safety certification, when the first vehicular communication unit sends communication request to the second vehicular communication unit, the second authentication information that the first authentication information and second vehicular communication unit for receiving first vehicular communication unit transmission are sent;It authenticates whether first vehicular communication unit is authorization device according to default certification policy according to first authentication information, and certification policy is preset according to this according to second authentication information and authenticates whether second vehicular communication unit is authorization device;When first vehicular communication unit and second vehicular communication unit are all the authorization device, authentication pass information is sent to first vehicular communication unit and second vehicular communication unit respectively, so that first vehicular communication unit is communicated with second vehicular communication unit.
Description
Technical field
This disclosure relates to network safety filed, and in particular, to a kind of method, apparatus of In-vehicle networking safety certification is deposited
Storage media and vehicle.
Background technique
With the popularization and application of vehicle-mounted Ethernet bus inside the vehicle, have the tendency that gradually replacing other buses greatly.Vehicle
Ethernet is carried while offering convenience, many security risks is also introduced into, needs that corresponding scheme is taken to be protected, it is existing
In technical solution, the certification in vehicle T-BOX module and cloud is only realized, is not implemented and the safety of interior each controller is recognized
Card, when ((Advanced Driver Assistance Systems, advanced auxiliary drive system to such as ADAS to vehicular communication unit
System), IVI (In-Vehicle Infotainment, vehicle-mounted information and entertainment system), OBD (On-Board Diagnostic, vehicle
Carry diagnostic system) etc. devices) access In-vehicle networking when, vehicle can not identify whether the vehicular communication unit is that depot issues or awards
The device of power is unfavorable for the communication security of In-vehicle networking.
Summary of the invention
To solve problems of the prior art, the disclosure provide a kind of In-vehicle networking safety certification method, apparatus,
Storage medium and vehicle.
According to the first aspect of the embodiments of the present disclosure, a kind of method of In-vehicle networking safety certification is provided, is applied to vehicle-mounted
Authentication center, the method includes receiving when the first vehicular communication unit sends communication request to the second vehicular communication unit
The second certification that the first authentication information and second vehicular communication unit that first vehicular communication unit is sent are sent
Information;Authenticate whether first vehicular communication unit is authorization dress according to default certification policy according to first authentication information
It sets, and authenticates whether second vehicular communication unit is to award according to the default certification policy according to second authentication information
Weigh device;When first vehicular communication unit and second vehicular communication unit are all the authorization device, respectively
Authentication pass information is sent to first vehicular communication unit and second vehicular communication unit, so as to first vehicle
Carried communication device is communicated with second vehicular communication unit.
Optionally, whether the default certification policy comprises determining that the corresponding digital certificate of authentication information by described vehicle-mounted
Authentication center signs and issues;When determining that the digital certificate is signed and issued by the vehicle-mounted authentication center, determine that the digital certificate is corresponding
Vehicular communication unit be the authorization device.
Optionally, in first authentication information and described second for receiving first vehicular communication unit and sending
Before the second authentication information that vehicular communication unit is sent, the method also includes: determine whether to receive certificate issuance request;
When determining that receiving the certificate issuance requests, requested according to default certificate issuing policy according to the certificate issuance to transmission
The vehicular communication unit of the certificate issuance request signs and issues the digital certificate.
Optionally, the certificate issuance request includes the identification information of the vehicular communication unit, the default certificate label
Hair strategy includes: that the identification information in certificate issuance request is sent to certificate server, so as to certification clothes
Whether business device verifies the identification information effective;When the certificate server verifying identification information is effective, described in reception
The certificate issuance instruction that certificate server is sent;According to certificate issuance instruction to the vehicle-mounted of transmission certificate issuance request
Communication device signs and issues the digital certificate.
According to the second aspect of an embodiment of the present disclosure, a kind of device of In-vehicle networking safety certification is provided, is applied to vehicle-mounted
Authentication center, described device include: receiving module, are led to for sending in the first vehicular communication unit to the second vehicular communication unit
When letter request, the first authentication information and second vehicular communication unit that first vehicular communication unit is sent are received
The second authentication information sent;Authentication module, described in being authenticated according to first authentication information according to default certification policy
Whether the first vehicular communication unit is authorization device, and is authenticated according to second authentication information according to the default certification policy
Whether second vehicular communication unit is authorization device;Sending module, in first vehicular communication unit and institute
When to state the second vehicular communication unit all be the authorization device, respectively to first vehicular communication unit and second vehicle
Carried communication device sends authentication pass information, so that first vehicular communication unit and second vehicular communication unit carry out
Communication.
Optionally, whether the default certification policy comprises determining that the corresponding digital certificate of authentication information by described vehicle-mounted
Authentication center signs and issues;When determining that the digital certificate is signed and issued by the vehicle-mounted authentication center, determine that the digital certificate is corresponding
Vehicular communication unit be the authorization device.
Optionally, described device further include: determining module is used to determine whether to receive certificate issuance request;Certificate label
Module is sent out, for being requested according to default certificate label according to the certificate issuance when determining that receiving the certificate issuance requests
Hair strategy signs and issues the digital certificate to the vehicular communication unit for sending the certificate issuance request.
Optionally, the certificate issuance request includes the identification information of the vehicular communication unit, the default certificate label
Hair strategy includes: that the identification information in certificate issuance request is sent to certificate server, so as to certification clothes
Whether business device verifies the identification information effective;When the certificate server verifying identification information is effective, described in reception
The certificate issuance instruction that certificate server is sent;According to certificate issuance instruction to the vehicle-mounted of transmission certificate issuance request
Communication device signs and issues the digital certificate.
According to the third aspect of an embodiment of the present disclosure, a kind of computer readable storage medium is provided, calculating is stored thereon with
Machine program, when which is executed by processor the step of realization disclosure first aspect the method.
According to a fourth aspect of embodiments of the present disclosure, a kind of vehicle is provided, including vehicle-mounted described in disclosure second aspect
The device of network security certification.
Through the above technical solutions, when the first vehicular communication unit sends communication request to the second vehicular communication unit,
The second certification that the first authentication information and second vehicular communication unit for receiving first vehicular communication unit transmission are sent
Information;Authenticate whether first vehicular communication unit is authorization device according to default certification policy according to first authentication information,
And certification policy is preset according to this according to second authentication information and authenticates whether second vehicular communication unit is authorization device;?
When first vehicular communication unit and second vehicular communication unit are all the authorization device, respectively to first vehicle-carrying communication
Device and second vehicular communication unit send authentication pass information, so that first vehicular communication unit is second vehicle-mounted with this
Communication device is communicated, in this way, can be identified by the vehicle-mounted authentication center when vehicular communication unit accesses In-vehicle networking
Whether the vehicular communication unit is the device authorized, so that it is vehicle-mounted effectively to contain that uncommitted illegal communication device accesses this
Network improves the communication security of In-vehicle networking.
Other feature and advantage of the disclosure will the following detailed description will be given in the detailed implementation section.
Detailed description of the invention
Attached drawing is and to constitute part of specification for providing further understanding of the disclosure, with following tool
Body embodiment is used to explain the disclosure together, but does not constitute the limitation to the disclosure.In the accompanying drawings:
Fig. 1 is a kind of structural block diagram of In-vehicle networking security certification system shown according to an exemplary embodiment;
Fig. 2 is the flow chart of the first In-vehicle networking safety certifying method shown according to an exemplary embodiment;
Fig. 3 is the flow chart of second of In-vehicle networking safety certifying method shown according to an exemplary embodiment;
Fig. 4 is the block diagram of the first In-vehicle networking safety certification device shown according to an exemplary embodiment;
Fig. 5 is the block diagram of second of In-vehicle networking safety certification device shown according to an exemplary embodiment.
Specific embodiment
It is described in detail below in conjunction with specific embodiment of the attached drawing to the disclosure.It should be understood that this place is retouched
The specific embodiment stated is only used for describing and explaining the disclosure, is not limited to the disclosure.
To solve problems of the prior art, the disclosure provide a kind of In-vehicle networking safety certification method, apparatus,
Storage medium and vehicle, the disclosure can be applied in a kind of In-vehicle networking security certification system.
The In-vehicle networking security certification system is illustrated first, as shown in Figure 1, the system includes vehicle-mounted authentication center
101, the first vehicular communication unit 102 and the second vehicular communication unit 103 being connect respectively with the vehicle-mounted authentication center 101,
First vehicular communication unit 102 is connected with second vehicular communication unit 103, wherein the vehicle-mounted authentication center 101 is for recognizing
Demonstrate,prove whether first vehicular communication unit 102 and second vehicular communication unit 103 are authorization device, and authenticate this
When one vehicular communication unit 102 and second vehicular communication unit 103 are the authorization device, to first vehicular communication unit
102 and second vehicular communication unit 103 send certification by message, so as to first vehicular communication unit 102 and this
Two vehicular communication units 103 are communicated, which may include the device for initiating communication request, should
Second vehicular communication unit 103 may include the device for responding the communication request.
Further, which may include information exchange component 1011 (such as Ethernet switching chip)
And the vehicle-mounted certified component 1012 connecting with the information exchange component 1011, the vehicle-mounted certified component 1012 include MCU
(Micro Controller Unit, micro-control unit) 10121 and the HSM (Hardware being connect with the MCU10121
Security Modules, hardware security module) 10122;First vehicular communication unit 102 include MCU1021 and with this
The HSM1022 of MCU1021 connection;Second vehicular communication unit 103 includes MCU1031 and connect with the MCU1031
HSM1032。
Wherein, the HSM in the In-vehicle networking security certification system can safely manage, handle and save communication key,
Protection is provided to execute important code safely.
The method for the In-vehicle networking safety certification that the disclosure provides is applied in above-mentioned In-vehicle networking security certification system
Vehicle-mounted authentication center 101 in, specifically, the first vehicular communication unit 102 to the second vehicular communication unit 103 send communicate
When request, the vehicle-mounted authentication center 101 receive the first authentication information that first vehicular communication unit 102 is sent and this second
The second authentication information that vehicular communication unit 103 is sent, according to first authentication information according to default certification policy authenticate this
Whether one vehicular communication unit 102 is authorization device, and presetting certification policy certification according to this according to second authentication information should
Whether the second vehicular communication unit 103 is authorization device;It is filled in first vehicular communication unit 102 and second vehicle-carrying communication
Set 103 all for the authorization device when, sent out respectively to first vehicular communication unit 102 and second vehicular communication unit 103
Authentication pass information is sent, so that first vehicular communication unit 102 is communicated with second vehicular communication unit 103, in this way,
When vehicular communication unit accesses In-vehicle networking, whether which can be identified by the vehicle-mounted authentication center 101
It is the device authorized, to effectively contain that uncommitted illegal communication device accesses the In-vehicle networking, improves In-vehicle networking
Communication security.
The specific embodiment of the disclosure is described in detail with reference to the accompanying drawing.
Fig. 2 is a kind of flow chart of the method for In-vehicle networking safety certification shown according to an exemplary embodiment, the party
Method is applied to vehicle-mounted authentication center, as shown in Fig. 2, method includes the following steps:
In step 201, when the first vehicular communication unit sends communication request to the second vehicular communication unit, receiving should
The second authentication information that the first authentication information and second vehicular communication unit that first vehicular communication unit is sent are sent.
Wherein, which may include
It is any one in the car-mounted devices such as advanced DAS (Driver Assistant System) ADAS, vehicle-mounted information and entertainment system IVI, onboard diagnostic system OBD
A device, first vehicular communication unit may include the device for initiating communication request, which can wrap
The device for responding the communication request is included, for example, first vehicular communication unit is when ADAS sends communication request to IVI
ADAS, which is IVI, which can
With include the vehicular communication unit digital certificate certificate information, which can be the mark of the vehicular communication unit
Information, public key information etc..
Since digital certificate is the network security certification mode for ensureing that one kind of communication security is more common, in one kind
In preferred embodiment, the legitimacy of the vehicular communication unit is verified by verifying the digital certificate of vehicular communication unit,
That is, the vehicular communication unit will be oneself one digital certificate of application before being communicated, in the disclosure,
The digital certificate is generated and is signed and issued to by the vehicle-mounted authentication center when the vehicular communication unit accesses the In-vehicle networking for the first time
The vehicular communication unit.
Receiving the first authentication information and second vehicular communication unit transmission that first vehicular communication unit is sent
The second authentication information before, this method further include: determine whether to receive certificate issuance request;The certificate is received in determination
When signing and issuing request, led to according to default certificate issuing policy to the vehicle-mounted of certificate issuance request is sent according to certificate issuance request
T unit signs and issues the digital certificate.
Wherein, certificate issuance request may include identification information (such as vehicular communication unit of the vehicular communication unit
MAC code, the information such as VIN code), which may include: by the mark letter in certificate issuance request
Breath is sent to certificate server, so that whether verify the identification information effective for the certificate server;It is verified in the certificate server
When the identification information is effective, the certificate issuance instruction of certificate server transmission is received;It is instructed according to the certificate issuance to transmission
The vehicular communication unit of certificate issuance request signs and issues the digital certificate.
In step 202, which is authenticated according to default certification policy according to first authentication information
Whether it is authorization device, and certification policy according to this preset according to second authentication information authenticates second vehicular communication unit and be
No is authorization device.
Wherein, which may include: whether the corresponding digital certificate of determining authentication information vehicle-mounted is recognized by this
It signs and issues at card center;When determining that the digital certificate is signed and issued by the vehicle-mounted authentication center, determine that the digital certificate is corresponding vehicle-mounted logical
T unit is authorization device.
It in step 203, is all the authorization device in first vehicular communication unit and second vehicular communication unit
When, send authentication pass information to first vehicular communication unit and second vehicular communication unit respectively, so as to this first
Vehicular communication unit is communicated with second vehicular communication unit.
It should be noted that the vehicle-mounted authentication center can also realize that the function of In-vehicle networking firewall specifically works as vehicle
It, can the level-one digital certificate (level-one number based on the vehicle-mounted authentication center before the visiting from outside In-vehicle networking
Certificate can be signed and issued by cloud authentication center) realize two-way authentication between cloud server, and safety chain is established, thus
The security isolation of vehicle outer net and in-vehicle network is realized, has further ensured the communication security of In-vehicle networking.
It can identify that the vehicular communication unit is when the vehicular communication unit accesses In-vehicle networking using the above method
No is the device authorized, to effectively contain uncommitted illegality equipment access In-vehicle networking, improves the logical of In-vehicle networking
Letter safety.
Fig. 3 is a kind of flow chart of the method for In-vehicle networking safety certification shown according to an exemplary embodiment, the party
Method is applied to vehicle-mounted authentication center, as shown in figure 3, method includes the following steps:
In step 301, it is determined whether receive the certificate issuance request of vehicular communication unit transmission, which asks
Seek the identification information including the vehicular communication unit.
Wherein, which includes the first vehicular communication unit and/or the second vehicular communication unit, specifically,
First vehicular communication unit or second vehicular communication unit may include advanced DAS (Driver Assistant System) ADAS, on-vehicle information
Any one device in the car-mounted devices such as entertainment systems IVI, onboard diagnostic system OBD, first vehicular communication unit can be with
Device including initiating communication request, which may include the device for responding the communication request, for example, working as
When ADAS sends communication request to IVI, which is ADAS, which is IVI,
The identification information may include the information such as the MAC code of the vehicular communication unit, VIN code.
Since digital certificate is the network security certification mode for ensureing that one kind of communication security is more common, in one kind
In preferred embodiment, the legitimacy of the vehicular communication unit is verified by verifying the digital certificate of vehicular communication unit,
That is, the vehicular communication unit will be oneself one digital certificate of application before being communicated, in the disclosure,
The digital certificate is generated and is signed and issued to by the vehicle-mounted authentication center when the vehicular communication unit accesses the In-vehicle networking for the first time
The vehicular communication unit.
In addition, the vehicular communication unit is when receiving the digital certificate that the vehicle-mounted authentication center signs and issues, it can be by the number
Certificate is written in the safety chip of the vehicular communication unit, therefore, when the vehicular communication unit determines the vehicular communication unit
When the digital certificate not being written in safety chip, it can determine that the vehicular communication unit is not applied to the vehicle-mounted authentication center also
The digital certificate, at this point, the vehicle-mounted authentication center receives the certificate issuance request of vehicular communication unit transmission.
When determining that receiving the certificate issuance requests, step 302 is executed to 306;
When being not received by certificate issuance request, step 305 is executed to 306.
In step 302, the identification information in certificate issuance request is sent to certificate server, so as to the certification
Whether the server authentication identification information is effective.
Illustratively, it is illustrated so that the identification information is the VIN code of the vehicular communication unit as an example, the vehicle-mounted authentication center
The VIN code of the vehicular communication unit received is sent to certificate server, is previously stored in the certificate server
The mark that the vehicular communication unit passed through is authenticated on the certificate server, when the certificate server finds this in the database
When VIN code, the VIN code can be determined effectively, above-mentioned example is merely illustrative, and the disclosure is not construed as limiting this.
In step 303, the certificate server verify the identification information it is effective when, receive the certificate server transmission
Certificate issuance instruction.
In step 304, it is instructed according to the certificate issuance and the vehicular communication unit for sending certificate issuance request is signed and issued
The digital certificate.
Illustratively, it is illustrated so that first vehicular communication unit applies for digital certificate to the vehicle-mounted authentication center as an example,
First vehicular communication unit sends certificate issuance request to the vehicle-mounted authentication center, certificate issuance request may include this
The identification information of one vehicular communication unit and the public key information generated by first vehicular communication unit, the vehicle-mounted authentication center
The identification information in certificate issuance request is sent to certificate server, which is receiving certification clothes
When business device is instructed according to the certificate issuance that the identification information is sent, to first vehicular communication unit in certificate issuance request
Public key information sign, to generate certificate, and the certificate of generation is sent to first vehicular communication unit, to complete
To the certificate issuance of first vehicular communication unit, above-mentioned example is merely illustrative, and the disclosure is not construed as limiting this.
In step 305, it receives the first authentication information of first vehicular communication unit transmission and this is second vehicle-mounted logical
The second authentication information that T unit is sent.
Wherein, which may include vehicle-carrying communication dress
The certificate information for the digital certificate set, the certificate information can be the identification information of the vehicular communication unit, public key information etc..
Within step 306, which is authenticated according to default certification policy according to first authentication information
Whether it is authorization device, and certification policy according to this preset according to second authentication information authenticates second vehicular communication unit and be
No is authorization device.
Wherein, which may include applying in the vehicle-mounted authentication center and being signed and issued the dress of digital certificate
It sets.
Due to including the information such as certificate holder, certificate issuance mechanism, public key, signature algorithm in digital certificate,
In a kind of preferred embodiment, which may include: can be true according to the certificate information in the digital certificate
Determine whether the corresponding digital certificate of authentication information is signed and issued by the vehicle-mounted authentication center;Determining the digital certificate by the vehicle-mounted certification
When center is signed and issued, determine that the corresponding vehicular communication unit of the digital certificate is authorization device.
When first vehicular communication unit and second vehicular communication unit are all the authorization device, step is executed
307;
When in first vehicular communication unit and second vehicular communication unit, at least one is not the authorization device,
Execute step 308.
In step 307, certification is sent to first vehicular communication unit and second vehicular communication unit respectively to lead to
Cross information.
After executing this step, first vehicular communication unit and the second vehicular communication unit mutual authentication pass through,
At this point it is possible to establish safety chain, securely communicate, specific secure communication process belongs to the prior art, and the disclosure is to this
It does not repeat them here.
In step 308, certification is sent to vehicular communication unit do not pass through message.
It illustratively, in the digital certificate that the vehicle-mounted authentication center authenticates first vehicular communication unit vehicle-mounted is recognized by this
When card center is signed and issued, it can determine that first vehicular communication unit is the unauthorized device of the In-vehicle networking, at this point, in order to ensure
It is unsanctioned can to send first vehicular communication unit certification to second vehicular communication unit for the communication security of In-vehicle networking
Notification information, so that second vehicular communication unit can disconnect the communication connection with first vehicular communication unit, to protect
The communication security of In-vehicle networking is hindered.
It should be noted that the vehicle-mounted authentication center can also realize that the function of In-vehicle networking firewall specifically works as vehicle
It, can the level-one digital certificate (level-one number based on the vehicle-mounted authentication center before the visiting from outside In-vehicle networking
Certificate can be signed and issued by cloud authentication center) realize two-way authentication between cloud server, and safety chain is established, thus
The security isolation of vehicle outer net and in-vehicle network is realized, has further ensured the communication security of In-vehicle networking.
It can identify that the vehicular communication unit is when the vehicular communication unit accesses In-vehicle networking using the above method
No is the device authorized, to effectively contain uncommitted illegality equipment access In-vehicle networking, improves the logical of In-vehicle networking
Letter safety.
Fig. 4 is a kind of block diagram of In-vehicle networking safety certification device shown according to an exemplary embodiment, is applied to vehicle
Authentication center is carried, as shown in figure 4, the device includes:
Receiving module 401, for connecing when the first vehicular communication unit sends communication request to the second vehicular communication unit
The second certification letter that the first authentication information and second vehicular communication unit for receiving first vehicular communication unit transmission are sent
Breath;
Authentication module 402, for authenticating first vehicle-carrying communication according to default certification policy according to first authentication information
Whether device is authorization device, and presets certification policy according to this according to second authentication information and authenticate second vehicle-carrying communication dress
Whether set is authorization device;
Sending module 403, for being all the authorization in first vehicular communication unit and second vehicular communication unit
When device, authentication pass information is sent to first vehicular communication unit and second vehicular communication unit respectively, so as to this
First vehicular communication unit is communicated with second vehicular communication unit.
Optionally, which may include: whether the corresponding digital certificate of determining authentication information is vehicle-mounted by this
Authentication center signs and issues;When determining that the digital certificate is signed and issued by the vehicle-mounted authentication center, determine that the digital certificate is corresponding vehicle-mounted
Communication device is authorization device.
Optionally, Fig. 5 is the block diagram for implementing a kind of In-vehicle networking safety certification device exemplified according to Fig.4, should
Device further include:
Determining module 404 is used to determine whether to receive certificate issuance request;
Certificate issuance module 405, for being pressed according to certificate issuance request when determining that receiving the certificate issuance requests
The digital certificate is signed and issued to the vehicular communication unit for sending certificate issuance request according to default certificate issuing policy.
Optionally, certificate issuance request includes the identification information of the vehicular communication unit, the default certificate issuing policy
It include: that the identification information in certificate issuance request is sent to certificate server, so that the certificate server verifies the mark
Whether effective know information;The certificate server verify the identification information it is effective when, receive the certificate server transmission certificate
Sign and issue instruction;The digital certificate is signed and issued to the vehicular communication unit for sending certificate issuance request according to certificate issuance instruction.
About the device in above-described embodiment, wherein modules execute the concrete mode of operation in related this method
Embodiment in be described in detail, no detailed explanation will be given here.
It can identify that the vehicular communication unit is when the vehicular communication unit accesses In-vehicle networking using above-mentioned apparatus
No is the device authorized, to effectively contain uncommitted illegality equipment access In-vehicle networking, improves the logical of In-vehicle networking
Letter safety.
The disclosure also provides a kind of computer readable storage medium, is stored thereon with computer program, and the program is processed
Step in the In-vehicle networking safety certifying method of disclosure offer is provided when device executes.
The disclosure also provides a kind of vehicle, including above-mentioned In-vehicle networking safety certification device.
The preferred embodiment of the disclosure is described in detail in conjunction with attached drawing above, still, the disclosure is not limited to above-mentioned reality
The detail in mode is applied, in the range of the technology design of the disclosure, a variety of letters can be carried out to the technical solution of the disclosure
Monotropic type, these simple variants belong to the protection scope of the disclosure.
It is further to note that specific technical features described in the above specific embodiments, in not lance
In the case where shield, can be combined in any appropriate way, in order to avoid unnecessary repetition, the disclosure to it is various can
No further explanation will be given for the combination of energy.
In addition, any combination can also be carried out between a variety of different embodiments of the disclosure, as long as it is without prejudice to originally
Disclosed thought equally should be considered as disclosure disclosure of that.
Claims (10)
1. a kind of method of In-vehicle networking safety certification, which is characterized in that be applied to vehicle-mounted authentication center, which comprises
When the first vehicular communication unit sends communication request to the second vehicular communication unit, the first vehicle-carrying communication dress is received
The second authentication information that the first authentication information and second vehicular communication unit for setting transmission are sent;
Authenticate whether first vehicular communication unit is authorization dress according to default certification policy according to first authentication information
It sets, and authenticates whether second vehicular communication unit is to award according to the default certification policy according to second authentication information
Weigh device;
When first vehicular communication unit and second vehicular communication unit are all the authorization device, respectively to institute
It states the first vehicular communication unit and second vehicular communication unit and sends authentication pass information, so as to described first vehicle-mounted logical
T unit is communicated with second vehicular communication unit.
2. the method according to claim 1, wherein the default certification policy includes:
Determine whether the corresponding digital certificate of authentication information is signed and issued by the vehicle-mounted authentication center;
When determining that the digital certificate is signed and issued by the vehicle-mounted authentication center, the corresponding vehicle-carrying communication of the digital certificate is determined
Device is the authorization device.
3. according to the method described in claim 2, it is characterized in that, receiving what first vehicular communication unit was sent described
Before the second authentication information that first authentication information and second vehicular communication unit are sent, the method also includes:
Determine whether to receive certificate issuance request;
When determining that receiving the certificate issuance requests, requested according to the certificate issuance according to default certificate issuing policy pair
The vehicular communication unit for sending the certificate issuance request signs and issues the digital certificate.
4. according to the method described in claim 3, it is characterized in that, certificate issuance request includes the vehicular communication unit
Identification information, the default certificate issuing policy includes:
The identification information in certificate issuance request is sent to certificate server, so as to certificate server verifying
Whether the identification information is effective;
When the certificate server verifying identification information is effective, receives the certificate issuance that the certificate server is sent and refer to
It enables;
The digital certificate is signed and issued to the vehicular communication unit for sending the certificate issuance request according to certificate issuance instruction.
5. a kind of device of In-vehicle networking safety certification, which is characterized in that be applied to vehicle-mounted authentication center, described device includes:
Receiving module is used for when the first vehicular communication unit sends communication request to the second vehicular communication unit, described in reception
The second certification letter that the first authentication information and second vehicular communication unit that first vehicular communication unit is sent are sent
Breath;
Authentication module, for authenticating first vehicular communication unit according to default certification policy according to first authentication information
Whether it is authorization device, and second vehicle-carrying communication is authenticated according to the default certification policy according to second authentication information
Whether device is authorization device;
Sending module, for being all the authorization dress in first vehicular communication unit and second vehicular communication unit
When setting, authentication pass information is sent to first vehicular communication unit and second vehicular communication unit respectively, so as to
First vehicular communication unit is communicated with second vehicular communication unit.
6. device according to claim 5, which is characterized in that the default certification policy includes:
Determine whether the corresponding digital certificate of authentication information is signed and issued by the vehicle-mounted authentication center;
When determining that the digital certificate is signed and issued by the vehicle-mounted authentication center, the corresponding vehicle-carrying communication of the digital certificate is determined
Device is the authorization device.
7. device according to claim 6, which is characterized in that described device further include:
Determining module is used to determine whether to receive certificate issuance request;
Certificate issuance module, for determine receive the certificate issuance request when, according to the certificate issuance request according to
Default certificate issuing policy signs and issues the digital certificate to the vehicular communication unit for sending the certificate issuance request.
8. device according to claim 7, which is characterized in that the certificate issuance request includes the vehicular communication unit
Identification information, the default certificate issuing policy includes:
The identification information in certificate issuance request is sent to certificate server, so as to certificate server verifying
Whether the identification information is effective;
When the certificate server verifying identification information is effective, receives the certificate issuance that the certificate server is sent and refer to
It enables;
The digital certificate is signed and issued to the vehicular communication unit for sending the certificate issuance request according to certificate issuance instruction.
9. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the program is held by processor
The step of any one of claim 1-4 the method is realized when row.
10. a kind of vehicle, which is characterized in that the dress including In-vehicle networking safety certification described in any one of claim 5 to 8
It sets.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810973749.2A CN109040285B (en) | 2018-08-24 | 2018-08-24 | Method and device for safety authentication of vehicle-mounted network, storage medium and vehicle |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810973749.2A CN109040285B (en) | 2018-08-24 | 2018-08-24 | Method and device for safety authentication of vehicle-mounted network, storage medium and vehicle |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109040285A true CN109040285A (en) | 2018-12-18 |
CN109040285B CN109040285B (en) | 2023-06-20 |
Family
ID=64628366
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810973749.2A Active CN109040285B (en) | 2018-08-24 | 2018-08-24 | Method and device for safety authentication of vehicle-mounted network, storage medium and vehicle |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109040285B (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109743334A (en) * | 2019-02-28 | 2019-05-10 | 浙江众泰汽车制造有限公司 | A kind of T-BOX encryption system and method |
CN110366176A (en) * | 2019-06-20 | 2019-10-22 | 北京邮电大学 | A kind of cryptographic key negotiation method of vehicular ad hoc network |
CN111917685A (en) * | 2019-05-07 | 2020-11-10 | 华为技术有限公司 | Method for applying for digital certificate |
CN112398810A (en) * | 2020-10-16 | 2021-02-23 | 郑州信大捷安信息技术股份有限公司 | Identity authentication system and method of OBD (on-Board diagnostics) equipment |
CN113093560A (en) * | 2021-02-23 | 2021-07-09 | 美的集团股份有限公司 | Man-machine interaction method and device for household appliance |
CN113271543A (en) * | 2021-05-14 | 2021-08-17 | 阿波罗智联(北京)科技有限公司 | Vehicle communication method and device and electronic equipment |
WO2021179894A1 (en) * | 2020-03-12 | 2021-09-16 | 华为技术有限公司 | Certificate switching method and apparatus |
CN113727297A (en) * | 2020-05-11 | 2021-11-30 | 上汽通用汽车有限公司 | Vehicle-connected secure access method and system |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040003229A1 (en) * | 2002-06-28 | 2004-01-01 | Jurgen Reinold | Method and system for vehicle authentication of another vehicle |
JP2009086965A (en) * | 2007-09-28 | 2009-04-23 | Denso Corp | On-vehicle device and mobile terminal |
CN102118248A (en) * | 2009-12-31 | 2011-07-06 | 厦门雅迅网络股份有限公司 | Method for implementing device identification based on communication authentication |
WO2011148744A1 (en) * | 2010-05-24 | 2011-12-01 | ルネサスエレクトロニクス株式会社 | Communication system, vehicle-mounted terminal, roadside device |
DE102012204842A1 (en) * | 2011-04-01 | 2012-10-04 | Ford Global Technologies, Llc | Methods and systems for authenticating one or more users of a vehicle communication and information system |
CN105763558A (en) * | 2016-01-20 | 2016-07-13 | 华东师范大学 | Distributed aggregation authentication method having privacy protection function for vehicle-mounted self-organizing network |
WO2016198241A1 (en) * | 2015-06-11 | 2016-12-15 | Siemens Aktiengesellschaft | Authorization apparatus and method for an authorized issuing of an authentication token for a device |
CN106789061A (en) * | 2016-11-18 | 2017-05-31 | 中车株洲电力机车有限公司 | The floating engineering detecting car data transmission method of magnetic, device and the floating engineering detecting car of magnetic |
CN106953796A (en) * | 2017-04-13 | 2017-07-14 | 北京汽车集团有限公司 | Security gateway, data processing method, device, vehicle network topology and vehicle |
-
2018
- 2018-08-24 CN CN201810973749.2A patent/CN109040285B/en active Active
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040003229A1 (en) * | 2002-06-28 | 2004-01-01 | Jurgen Reinold | Method and system for vehicle authentication of another vehicle |
JP2009086965A (en) * | 2007-09-28 | 2009-04-23 | Denso Corp | On-vehicle device and mobile terminal |
CN102118248A (en) * | 2009-12-31 | 2011-07-06 | 厦门雅迅网络股份有限公司 | Method for implementing device identification based on communication authentication |
WO2011148744A1 (en) * | 2010-05-24 | 2011-12-01 | ルネサスエレクトロニクス株式会社 | Communication system, vehicle-mounted terminal, roadside device |
DE102012204842A1 (en) * | 2011-04-01 | 2012-10-04 | Ford Global Technologies, Llc | Methods and systems for authenticating one or more users of a vehicle communication and information system |
WO2016198241A1 (en) * | 2015-06-11 | 2016-12-15 | Siemens Aktiengesellschaft | Authorization apparatus and method for an authorized issuing of an authentication token for a device |
CN105763558A (en) * | 2016-01-20 | 2016-07-13 | 华东师范大学 | Distributed aggregation authentication method having privacy protection function for vehicle-mounted self-organizing network |
CN106789061A (en) * | 2016-11-18 | 2017-05-31 | 中车株洲电力机车有限公司 | The floating engineering detecting car data transmission method of magnetic, device and the floating engineering detecting car of magnetic |
CN106953796A (en) * | 2017-04-13 | 2017-07-14 | 北京汽车集团有限公司 | Security gateway, data processing method, device, vehicle network topology and vehicle |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109743334A (en) * | 2019-02-28 | 2019-05-10 | 浙江众泰汽车制造有限公司 | A kind of T-BOX encryption system and method |
CN111917685A (en) * | 2019-05-07 | 2020-11-10 | 华为技术有限公司 | Method for applying for digital certificate |
CN111917685B (en) * | 2019-05-07 | 2022-05-31 | 华为云计算技术有限公司 | Method for applying for digital certificate |
US11888993B2 (en) | 2019-05-07 | 2024-01-30 | Huawei Cloud Computing Technologies Co., Ltd. | Digital certificate application method |
CN110366176A (en) * | 2019-06-20 | 2019-10-22 | 北京邮电大学 | A kind of cryptographic key negotiation method of vehicular ad hoc network |
WO2021179894A1 (en) * | 2020-03-12 | 2021-09-16 | 华为技术有限公司 | Certificate switching method and apparatus |
CN113727297A (en) * | 2020-05-11 | 2021-11-30 | 上汽通用汽车有限公司 | Vehicle-connected secure access method and system |
CN112398810A (en) * | 2020-10-16 | 2021-02-23 | 郑州信大捷安信息技术股份有限公司 | Identity authentication system and method of OBD (on-Board diagnostics) equipment |
CN112398810B (en) * | 2020-10-16 | 2022-03-25 | 郑州信大捷安信息技术股份有限公司 | Identity authentication system and method of OBD (on-Board diagnostics) equipment |
CN113093560A (en) * | 2021-02-23 | 2021-07-09 | 美的集团股份有限公司 | Man-machine interaction method and device for household appliance |
CN113271543A (en) * | 2021-05-14 | 2021-08-17 | 阿波罗智联(北京)科技有限公司 | Vehicle communication method and device and electronic equipment |
CN113271543B (en) * | 2021-05-14 | 2023-04-07 | 阿波罗智联(北京)科技有限公司 | Vehicle communication method and device and electronic equipment |
Also Published As
Publication number | Publication date |
---|---|
CN109040285B (en) | 2023-06-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109040285A (en) | Method, apparatus, storage medium and the vehicle of In-vehicle networking safety certification | |
CN106101111B (en) | Vehicle electronics safe communication system and communication means | |
US8499154B2 (en) | System and method for establishing a secure connection with a mobile device | |
US9800413B2 (en) | System and method for performing an asymmetric key exchange between a vehicle and a remote device | |
CN109005538B (en) | Message authentication method between unmanned vehicle and multi-mobile-edge computing server | |
CN105792201A (en) | Method and system for issuing CSR certificate for vehicle-to-anything communication | |
US9077542B2 (en) | System and method for confirming that a user of an electronic device is an authorized user of a vehicle | |
WO2014121708A2 (en) | Message certification application method, device, and system | |
CN105635147A (en) | Vehicle-mounted-special-equipment-system-based secure data transmission method and system | |
CN107040379B (en) | Method for authentication by a controller of a vehicle | |
CN104765357A (en) | Authorization system and method for vehicle remote diagnosis | |
CN110289967A (en) | Communication authentication method, device and vehicle | |
CN109379403B (en) | Control method and device of Internet of things equipment, server and terminal equipment | |
CN109314645A (en) | Data providing system, data protecting device, data offering method and computer program | |
WO2018108293A1 (en) | Methods, devices and vehicles for authenticating a vehicle during a cooperative maneuver | |
CN111968256A (en) | Electronic tag anti-dismounting method and device, vehicle and storage medium | |
US20180034806A1 (en) | Method for providing an authenticated connection between at least two communication partners | |
Škorput et al. | Cyber security in cooperative intelligent transportation systems | |
CN208956085U (en) | In-vehicle networking security certification system and vehicle | |
CN113268046B (en) | Diagnosis networking safety unlocking implementation system under AUTOSAR framework | |
CN112398810B (en) | Identity authentication system and method of OBD (on-Board diagnostics) equipment | |
CN110417798A (en) | The communication means and device of terminal device and vehicle device | |
CN108718309B (en) | Vehicle identity authentication method and device | |
CN105656884A (en) | Automobile bus security control device based on security elements and control method thereof | |
CN109743283A (en) | A kind of information transferring method and equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |