CN109040285B - Method and device for safety authentication of vehicle-mounted network, storage medium and vehicle - Google Patents
Method and device for safety authentication of vehicle-mounted network, storage medium and vehicle Download PDFInfo
- Publication number
- CN109040285B CN109040285B CN201810973749.2A CN201810973749A CN109040285B CN 109040285 B CN109040285 B CN 109040285B CN 201810973749 A CN201810973749 A CN 201810973749A CN 109040285 B CN109040285 B CN 109040285B
- Authority
- CN
- China
- Prior art keywords
- vehicle
- communication device
- authentication
- mounted communication
- certificate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
Landscapes
- Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The present disclosure relates to a method, an apparatus, a storage medium, and a vehicle for vehicle-mounted network security authentication, which receive first authentication information transmitted by a first vehicle-mounted communication apparatus and second authentication information transmitted by a second vehicle-mounted communication apparatus when the first vehicle-mounted communication apparatus transmits a communication request to the second vehicle-mounted communication apparatus; authenticating whether the first vehicle-mounted communication device is an authorized device according to a preset authentication strategy according to the first authentication information, and authenticating whether the second vehicle-mounted communication device is an authorized device according to the preset authentication strategy according to the second authentication information; and when the first vehicle-mounted communication device and the second vehicle-mounted communication device are both the authorization devices, sending authentication passing information to the first vehicle-mounted communication device and the second vehicle-mounted communication device respectively so as to enable the first vehicle-mounted communication device to communicate with the second vehicle-mounted communication device.
Description
Technical Field
The disclosure relates to the field of network security, in particular to a vehicle-mounted network security authentication method, device, storage medium and vehicle.
Background
Along with popularization and application of the vehicle-mounted Ethernet in the bus inside the vehicle, the vehicle-mounted Ethernet has a trend of gradually replacing other buses. The vehicle-mounted Ethernet brings convenience and introduces a plurality of potential safety hazards, and needs to adopt a corresponding scheme for protection, in the prior art scheme, only the authentication of a vehicle T-BOX module and a cloud is realized, and the safety authentication of each controller In the vehicle is not realized.
Disclosure of Invention
In order to solve the problems in the prior art, the present disclosure provides a method, an apparatus, a storage medium and a vehicle for vehicle network security authentication.
According to a first aspect of embodiments of the present disclosure, there is provided a method for vehicle-mounted network security authentication, applied to a vehicle-mounted authentication center, the method including, when a first vehicle-mounted communication device transmits a communication request to a second vehicle-mounted communication device, receiving first authentication information transmitted by the first vehicle-mounted communication device and second authentication information transmitted by the second vehicle-mounted communication device; authenticating whether the first vehicle-mounted communication device is an authorization device according to a preset authentication strategy according to the first authentication information, and authenticating whether the second vehicle-mounted communication device is an authorization device according to the preset authentication strategy according to the second authentication information; and when the first vehicle-mounted communication device and the second vehicle-mounted communication device are both the authorization devices, sending authentication passing information to the first vehicle-mounted communication device and the second vehicle-mounted communication device respectively so that the first vehicle-mounted communication device and the second vehicle-mounted communication device can communicate.
Optionally, the preset authentication policy includes: determining whether a digital certificate corresponding to the authentication information is issued by the vehicle-mounted authentication center; and when the digital certificate is determined to be issued by the vehicle-mounted authentication center, determining that the vehicle-mounted communication device corresponding to the digital certificate is the authorization device.
Optionally, before the receiving the first authentication information sent by the first vehicle-mounted communication device and the second authentication information sent by the second vehicle-mounted communication device, the method further includes: determining whether a certificate issuing request is received; when the certificate issuing request is determined to be received, the digital certificate is issued to the vehicle-mounted communication device which sends the certificate issuing request according to a preset certificate issuing strategy according to the certificate issuing request.
Optionally, the certificate issuing request includes identification information of the vehicle-mounted communication device, and the preset certificate issuing policy includes: transmitting the identification information in the certificate issuing request to an authentication server so that the authentication server verifies whether the identification information is valid or not; when the authentication server verifies that the identification information is valid, a certificate issuing instruction sent by the authentication server is received; and issuing the digital certificate to the vehicle-mounted communication device which sends the certificate issuing request according to the certificate issuing instruction.
According to a second aspect of embodiments of the present disclosure, there is provided an apparatus for vehicle-mounted network security authentication, applied to a vehicle-mounted authentication center, the apparatus including: the receiving module is used for receiving the first authentication information sent by the first vehicle-mounted communication device and the second authentication information sent by the second vehicle-mounted communication device when the first vehicle-mounted communication device sends a communication request to the second vehicle-mounted communication device; the authentication module is used for authenticating whether the first vehicle-mounted communication device is an authorization device according to a preset authentication strategy according to the first authentication information and authenticating whether the second vehicle-mounted communication device is an authorization device according to the preset authentication strategy according to the second authentication information; and the sending module is used for respectively sending authentication passing information to the first vehicle-mounted communication device and the second vehicle-mounted communication device when the first vehicle-mounted communication device and the second vehicle-mounted communication device are both the authorization devices so that the first vehicle-mounted communication device and the second vehicle-mounted communication device can communicate.
Optionally, the preset authentication policy includes: determining whether a digital certificate corresponding to the authentication information is issued by the vehicle-mounted authentication center; and when the digital certificate is determined to be issued by the vehicle-mounted authentication center, determining that the vehicle-mounted communication device corresponding to the digital certificate is the authorization device.
Optionally, the apparatus further comprises: the determining module is used for determining whether a certificate issuing request is received; and the certificate issuing module is used for issuing the digital certificate to the vehicle-mounted communication device which sends the certificate issuing request according to a preset certificate issuing strategy according to the certificate issuing request when the fact that the certificate issuing request is received is determined.
Optionally, the certificate issuing request includes identification information of the vehicle-mounted communication device, and the preset certificate issuing policy includes: transmitting the identification information in the certificate issuing request to an authentication server so that the authentication server verifies whether the identification information is valid or not; when the authentication server verifies that the identification information is valid, a certificate issuing instruction sent by the authentication server is received; and issuing the digital certificate to the vehicle-mounted communication device which sends the certificate issuing request according to the certificate issuing instruction.
According to a third aspect of embodiments of the present disclosure, there is provided a computer readable storage medium having stored thereon a computer program which when executed by a processor implements the steps of the method of the first aspect of the present disclosure.
According to a fourth aspect of the embodiments of the present disclosure, there is provided a vehicle, including the apparatus for vehicle-mounted network security authentication according to the second aspect of the present disclosure.
By the technical scheme, when the first vehicle-mounted communication device sends a communication request to the second vehicle-mounted communication device, the first authentication information sent by the first vehicle-mounted communication device and the second authentication information sent by the second vehicle-mounted communication device are received; authenticating whether the first vehicle-mounted communication device is an authorized device according to a preset authentication strategy according to the first authentication information, and authenticating whether the second vehicle-mounted communication device is an authorized device according to the preset authentication strategy according to the second authentication information; when the first vehicle-mounted communication device and the second vehicle-mounted communication device are both the authorization devices, authentication passing information is sent to the first vehicle-mounted communication device and the second vehicle-mounted communication device respectively so that the first vehicle-mounted communication device and the second vehicle-mounted communication device can communicate, and therefore when the vehicle-mounted communication device is accessed to a vehicle-mounted network, whether the vehicle-mounted communication device is an authorized device can be identified through the vehicle-mounted authentication center, and therefore unauthorized illegal communication devices are effectively prevented from being accessed to the vehicle-mounted network, and communication safety of the vehicle-mounted network is improved.
Additional features and advantages of the present disclosure will be set forth in the detailed description which follows.
Drawings
The accompanying drawings are included to provide a further understanding of the disclosure, and are incorporated in and constitute a part of this specification, illustrate the disclosure and together with the description serve to explain, but do not limit the disclosure. In the drawings:
FIG. 1 is a block diagram illustrating an in-vehicle network security authentication system according to one exemplary embodiment;
FIG. 2 is a flowchart illustrating a first in-vehicle network security authentication method according to an example embodiment;
FIG. 3 is a flow chart illustrating a second in-vehicle network security authentication method according to an example embodiment;
FIG. 4 is a block diagram of a first in-vehicle network security authentication device, shown according to an example embodiment;
fig. 5 is a block diagram of a second in-vehicle network security authentication device according to an exemplary embodiment.
Detailed Description
Specific embodiments of the present disclosure are described in detail below with reference to the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating and illustrating the disclosure, are not intended to limit the disclosure.
In order to solve the problems in the prior art, the disclosure provides a vehicle-mounted network security authentication method, a device, a storage medium and a vehicle, and the disclosure can be applied to a vehicle-mounted network security authentication system.
First, the in-vehicle network security authentication system will be described, as shown in fig. 1, the system includes an in-vehicle authentication center 101, a first in-vehicle communication device 102 and a second in-vehicle communication device 103 respectively connected to the in-vehicle authentication center 101, the first in-vehicle communication device 102 is connected to the second in-vehicle communication device 103, wherein the in-vehicle authentication center 101 is configured to authenticate whether the first in-vehicle communication device 102 and the second in-vehicle communication device 103 are authorized devices, and when the first in-vehicle communication device 102 and the second in-vehicle communication device 103 are authenticated as the authorized devices, an authentication passing message is sent to the first in-vehicle communication device 102 and the second in-vehicle communication device 103 so that the first in-vehicle communication device 102 communicates with the second in-vehicle communication device 103, the first in-vehicle communication device 102 may include a device that initiates a communication request, and the second in-vehicle communication device 103 may include a device that responds to the communication request.
Further, the vehicle authentication center 101 may include an information exchange component 1011 (e.g., an ethernet exchange chip) and a vehicle authentication component 1012 connected to the information exchange component 1011, the vehicle authentication component 1012 including an MCU (Micro Controller Unit, micro control unit) 10121 and an HSM (Hardware Security Modules, hardware security module) 10122 connected to the MCU 10121; the first on-vehicle communication device 102 includes an MCU1021 and an HSM1022 connected to the MCU 1021; the second on-vehicle communication device 103 includes an MCU1031 and an HSM1032 connected to the MCU 1031.
The HSM in the vehicle-mounted network security authentication system can safely manage, process and store the communication key, and provide protection for the safe execution of important codes.
The method for vehicle-mounted network security authentication provided by the present disclosure is applied to the vehicle-mounted authentication center 101 in the vehicle-mounted network security authentication system, specifically, when the first vehicle-mounted communication device 102 sends a communication request to the second vehicle-mounted communication device 103, the vehicle-mounted authentication center 101 receives first authentication information sent by the first vehicle-mounted communication device 102 and second authentication information sent by the second vehicle-mounted communication device 103, authenticates whether the first vehicle-mounted communication device 102 is an authorization device according to a preset authentication policy according to the first authentication information, and authenticates whether the second vehicle-mounted communication device 103 is an authorization device according to the preset authentication policy according to the second authentication information; when the first vehicle-mounted communication device 102 and the second vehicle-mounted communication device 103 are both the authorized devices, authentication passing information is sent to the first vehicle-mounted communication device 102 and the second vehicle-mounted communication device 103 respectively so that the first vehicle-mounted communication device 102 and the second vehicle-mounted communication device 103 can communicate, and therefore when the vehicle-mounted communication device accesses to a vehicle-mounted network, whether the vehicle-mounted communication device is an authorized device can be identified through the vehicle-mounted authentication center 101, unauthorized illegal communication devices can be effectively prevented from accessing to the vehicle-mounted network, and communication safety of the vehicle-mounted network is improved.
The following detailed description of specific embodiments of the present disclosure refers to the accompanying drawings.
Fig. 2 is a flowchart illustrating a method of vehicle-mounted network security authentication, which is applied to a vehicle-mounted authentication center, according to an exemplary embodiment, and includes the steps of:
in step 201, when a first vehicle-mounted communication device transmits a communication request to a second vehicle-mounted communication device, first authentication information transmitted by the first vehicle-mounted communication device and second authentication information transmitted by the second vehicle-mounted communication device are received.
The vehicle-mounted communication device (the first vehicle-mounted communication device or the second vehicle-mounted communication device) may include any one of advanced driving assistance system ADAS, vehicle-mounted information entertainment system IVI, vehicle-mounted diagnostic system OBD and other vehicle-mounted devices, the first vehicle-mounted communication device may include a device for initiating a communication request, the second vehicle-mounted communication device may include a device for responding to the communication request, for example, when the ADAS sends the communication request to the IVI, the first vehicle-mounted communication device is an ADAS, the second vehicle-mounted communication device is an IVI, the authentication message (the first authentication information or the second authentication information) may include certificate information of a digital certificate of the vehicle-mounted communication device, and the certificate information may be identification information, public key information and the like of the vehicle-mounted communication device.
Since the digital certificate is a relatively common network security authentication method for guaranteeing communication security, in a preferred embodiment, the validity of the vehicle-mounted communication device is verified by verifying the digital certificate of the vehicle-mounted communication device, that is, the vehicle-mounted communication device applies a digital certificate for itself before communication, and in the present disclosure, the digital certificate is generated by the vehicle-mounted authentication center and issued to the vehicle-mounted communication device when the vehicle-mounted communication device is first accessed to the vehicle-mounted network.
The method further includes, prior to receiving the first authentication information sent by the first in-vehicle communication device and the second authentication information sent by the second in-vehicle communication device: determining whether a certificate issuing request is received; when the certificate issuing request is determined to be received, the digital certificate is issued to the vehicle-mounted communication device which sends the certificate issuing request according to a preset certificate issuing strategy according to the certificate issuing request.
The certificate issuing request may include identification information of the vehicle-mounted communication device (such as information of MAC code, VIN code, etc. of the vehicle-mounted communication device), and the preset certificate issuing policy may include: transmitting the identification information in the certificate issuing request to an authentication server so that the authentication server verifies whether the identification information is valid; when the authentication server verifies that the identification information is valid, a certificate issuing instruction sent by the authentication server is received; and issuing the digital certificate to the vehicle-mounted communication device which sends the certificate issuing request according to the certificate issuing instruction.
In step 202, whether the first vehicle-mounted communication device is an authorized device is authenticated according to a preset authentication policy according to the first authentication information, and whether the second vehicle-mounted communication device is an authorized device is authenticated according to the preset authentication policy according to the second authentication information.
The preset authentication policy may include: determining whether a digital certificate corresponding to the authentication information is issued by the vehicle-mounted authentication center; and when the digital certificate is determined to be issued by the vehicle-mounted authentication center, determining the vehicle-mounted communication device corresponding to the digital certificate as an authorization device.
In step 203, when the first vehicle-mounted communication device and the second vehicle-mounted communication device are both the authorized devices, authentication passing information is sent to the first vehicle-mounted communication device and the second vehicle-mounted communication device, respectively, so that the first vehicle-mounted communication device and the second vehicle-mounted communication device can communicate.
It should be noted that, the vehicle-mounted authentication center can also realize the function of the vehicle-mounted network firewall, specifically, before the vehicle external network accesses the vehicle-mounted network, the vehicle-mounted authentication center can realize the bidirectional authentication with the cloud server based on the primary digital certificate (the primary digital certificate can be issued by the cloud authentication center) of the vehicle-mounted authentication center, and establish a safety link, thereby realizing the safety isolation between the vehicle-mounted network and the vehicle-mounted network, and further guaranteeing the communication safety of the vehicle-mounted network.
By adopting the method, when the vehicle-mounted communication device is accessed to the vehicle-mounted network, whether the vehicle-mounted communication device is an authorized device can be identified, so that unauthorized illegal equipment access to the vehicle-mounted network is effectively restrained, and the communication safety of the vehicle-mounted network is improved.
Fig. 3 is a flowchart illustrating a method of vehicle-mounted network security authentication, which is applied to a vehicle-mounted authentication center, according to an exemplary embodiment, and includes the steps of:
in step 301, it is determined whether a certificate issue request transmitted by an in-vehicle communication apparatus is received, the certificate issue request including identification information of the in-vehicle communication apparatus.
The vehicle-mounted communication device comprises a first vehicle-mounted communication device and/or a second vehicle-mounted communication device, specifically, the first vehicle-mounted communication device or the second vehicle-mounted communication device can comprise any one device of vehicle-mounted devices such as an advanced driving assistance system ADAS, a vehicle-mounted information entertainment system IVI, an on-board diagnostic system OBD and the like, the first vehicle-mounted communication device can comprise a device for initiating a communication request, the second vehicle-mounted communication device can comprise a device for responding to the communication request, for example, when the ADAS sends the communication request to the IVI, the first vehicle-mounted communication device is an ADAS, the second vehicle-mounted communication device is an IVI, and the identification information can comprise information such as a MAC code, a VIN code and the like of the vehicle-mounted communication device.
Since the digital certificate is a relatively common network security authentication method for guaranteeing communication security, in a preferred embodiment, the validity of the vehicle-mounted communication device is verified by verifying the digital certificate of the vehicle-mounted communication device, that is, the vehicle-mounted communication device applies a digital certificate for itself before communication, and in the present disclosure, the digital certificate is generated by the vehicle-mounted authentication center and issued to the vehicle-mounted communication device when the vehicle-mounted communication device is first accessed to the vehicle-mounted network.
In addition, the vehicle-mounted communication device writes the digital certificate into the security chip of the vehicle-mounted communication device when receiving the digital certificate issued by the vehicle-mounted authentication center, so when the vehicle-mounted communication device determines that the digital certificate is not written in the security chip of the vehicle-mounted communication device, the vehicle-mounted communication device can determine that the vehicle-mounted communication device does not apply the digital certificate to the vehicle-mounted authentication center, and at the moment, the vehicle-mounted authentication center receives a certificate issuing request sent by the vehicle-mounted communication device.
Upon determining that the certificate issuing request is received, steps 302 to 306 are performed;
when the certificate issuing request is not received, steps 305 to 306 are performed.
In step 302, the identification information in the certificate issuing request is sent to an authentication server so that the authentication server verifies whether the identification information is valid.
By way of example, the identification information is taken as an example of the VIN code of the vehicle-mounted communication device, the vehicle-mounted authentication center transmits the received VIN code of the vehicle-mounted communication device to an authentication server, the authentication server stores therein in advance the identification of the vehicle-mounted communication device that has passed authentication on the authentication server, and when the authentication server finds out the VIN code in a database, it can be determined that the VIN code is valid.
In step 303, when the authentication server verifies that the identification information is valid, a certificate issuing instruction sent by the authentication server is received.
In step 304, the digital certificate is issued to the vehicle-mounted communication device that sent the certificate issue request according to the certificate issue instruction.
For example, taking the first vehicle-mounted communication device applying for a digital certificate to the vehicle-mounted authentication center as an example, the first vehicle-mounted communication device sends a certificate issue request to the vehicle-mounted authentication center, where the certificate issue request may include identification information of the first vehicle-mounted communication device and public key information generated by the first vehicle-mounted communication device, the vehicle-mounted authentication center sends the identification information in the certificate issue request to an authentication server, and the vehicle-mounted authentication center signs the public key information of the first vehicle-mounted communication device in the certificate issue request to generate a certificate when receiving a certificate issue instruction sent by the authentication server according to the identification information, and sends the generated certificate to the first vehicle-mounted communication device, thereby completing the certificate issue of the first vehicle-mounted communication device.
In step 305, first authentication information transmitted by the first vehicle-mounted communication device and second authentication information transmitted by the second vehicle-mounted communication device are received.
The authentication information (the first authentication information or the second authentication information) may include certificate information of a digital certificate of the in-vehicle communication device, and the certificate information may be identification information, public key information, or the like of the in-vehicle communication device.
In step 306, whether the first vehicle-mounted communication device is an authorized device is authenticated according to the first authentication information and the second vehicle-mounted communication device is an authorized device according to the preset authentication policy.
The authorization device may include a device that has applied for and issued a digital certificate at the vehicle-mounted authentication center.
Since the digital certificate includes information of the certificate owner, the certificate issuing authority, the public key, the signature algorithm, etc., in a preferred embodiment, the preset authentication policy may include: whether the digital certificate corresponding to the authentication information is issued by the vehicle-mounted authentication center or not can be determined according to the certificate information in the digital certificate; and when the digital certificate is determined to be issued by the vehicle-mounted authentication center, determining the vehicle-mounted communication device corresponding to the digital certificate as an authorization device.
Executing step 307 when the first vehicle-mounted communication device and the second vehicle-mounted communication device are both the authorized devices;
step 308 is performed when at least one of the first vehicle communication device and the second vehicle communication device is not the authorization device.
In step 307, authentication pass information is transmitted to the first vehicle-mounted communication device and the second vehicle-mounted communication device, respectively.
After executing this step, the first vehicle-mounted communication device and the second vehicle-mounted communication device mutually authenticate and pass, at this time, a secure link may be established to perform secure communication, and a specific secure communication process belongs to the prior art, which is not described in detail in this disclosure.
In step 308, an authentication failed message is sent to the in-vehicle communication device.
For example, when the vehicle-mounted authentication center authenticates that the digital certificate of the first vehicle-mounted communication device is not issued by the vehicle-mounted authentication center, it may be determined that the first vehicle-mounted communication device is an unauthorized device of the vehicle-mounted network, and at this time, in order to ensure communication security of the vehicle-mounted network, notification information that the first vehicle-mounted communication device is not authenticated may be sent to the second vehicle-mounted communication device, so that the second vehicle-mounted communication device may disconnect communication connection with the first vehicle-mounted communication device, thereby ensuring communication security of the vehicle-mounted network.
It should be noted that, the vehicle-mounted authentication center can also realize the function of the vehicle-mounted network firewall, specifically, before the vehicle external network accesses the vehicle-mounted network, the vehicle-mounted authentication center can realize the bidirectional authentication with the cloud server based on the primary digital certificate (the primary digital certificate can be issued by the cloud authentication center) of the vehicle-mounted authentication center, and establish a safety link, thereby realizing the safety isolation between the vehicle-mounted network and the vehicle-mounted network, and further guaranteeing the communication safety of the vehicle-mounted network.
By adopting the method, when the vehicle-mounted communication device is accessed to the vehicle-mounted network, whether the vehicle-mounted communication device is an authorized device can be identified, so that unauthorized illegal equipment access to the vehicle-mounted network is effectively restrained, and the communication safety of the vehicle-mounted network is improved.
Fig. 4 is a block diagram of an in-vehicle network security authentication apparatus according to an exemplary embodiment, which is applied to an in-vehicle authentication center, as shown in fig. 4, and includes:
a receiving module 401, configured to receive, when a first vehicle-mounted communication device sends a communication request to a second vehicle-mounted communication device, first authentication information sent by the first vehicle-mounted communication device and second authentication information sent by the second vehicle-mounted communication device;
an authentication module 402, configured to authenticate whether the first vehicle-mounted communication device is an authorized device according to a preset authentication policy according to the first authentication information, and authenticate whether the second vehicle-mounted communication device is an authorized device according to the preset authentication policy according to the second authentication information;
and a transmitting module 403, configured to transmit authentication passing information to the first vehicle-mounted communication device and the second vehicle-mounted communication device, respectively, when the first vehicle-mounted communication device and the second vehicle-mounted communication device are both the authorized devices, so that the first vehicle-mounted communication device and the second vehicle-mounted communication device can communicate.
Optionally, the preset authentication policy may include: determining whether a digital certificate corresponding to the authentication information is issued by the vehicle-mounted authentication center; and when the digital certificate is determined to be issued by the vehicle-mounted authentication center, determining the vehicle-mounted communication device corresponding to the digital certificate as an authorization device.
Optionally, fig. 5 is a block diagram of an in-vehicle network security authentication device according to the embodiment shown in fig. 4, and the device further includes:
a determining module 404, configured to determine whether a certificate issue request is received;
and the certificate issuing module 405 is configured to issue the digital certificate to the vehicle-mounted communication device that sends the certificate issuing request according to a preset certificate issuing policy according to the certificate issuing request when it is determined that the certificate issuing request is received.
Optionally, the certificate issuing request includes identification information of the vehicle-mounted communication device, and the preset certificate issuing policy includes: transmitting the identification information in the certificate issuing request to an authentication server so that the authentication server verifies whether the identification information is valid; when the authentication server verifies that the identification information is valid, a certificate issuing instruction sent by the authentication server is received; and issuing the digital certificate to the vehicle-mounted communication device which sends the certificate issuing request according to the certificate issuing instruction.
The specific manner in which the various modules perform the operations in the apparatus of the above embodiments have been described in detail in connection with the embodiments of the method, and will not be described in detail herein.
By adopting the device, when the vehicle-mounted communication device is accessed to the vehicle-mounted network, whether the vehicle-mounted communication device is an authorized device can be identified, so that unauthorized illegal equipment access to the vehicle-mounted network is effectively restrained, and the communication safety of the vehicle-mounted network is improved.
The present disclosure also provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps in the vehicle network security authentication method provided by the present disclosure.
The disclosure also provides a vehicle, which comprises the vehicle-mounted network security authentication device.
The preferred embodiments of the present disclosure have been described in detail above with reference to the accompanying drawings, but the present disclosure is not limited to the specific details of the above embodiments, and various simple modifications may be made to the technical solutions of the present disclosure within the scope of the technical concept of the present disclosure, and all the simple modifications belong to the protection scope of the present disclosure.
In addition, the specific features described in the foregoing embodiments may be combined in any suitable manner, and in order to avoid unnecessary repetition, the present disclosure does not further describe various possible combinations.
Moreover, any combination between the various embodiments of the present disclosure is possible as long as it does not depart from the spirit of the present disclosure, which should also be construed as the disclosure of the present disclosure.
Claims (10)
1. A method for vehicle-mounted network security authentication, which is applied to a vehicle-mounted authentication center, the method comprising:
receiving first authentication information sent by a first vehicle-mounted communication device and second authentication information sent by a second vehicle-mounted communication device when the first vehicle-mounted communication device sends a communication request to the second vehicle-mounted communication device;
authenticating whether the first vehicle-mounted communication device is an authorization device according to a preset authentication strategy according to the first authentication information, and authenticating whether the second vehicle-mounted communication device is an authorization device according to the preset authentication strategy according to the second authentication information;
and when the first vehicle-mounted communication device and the second vehicle-mounted communication device are both the authorization devices, sending authentication passing information to the first vehicle-mounted communication device and the second vehicle-mounted communication device respectively so that the first vehicle-mounted communication device and the second vehicle-mounted communication device can communicate.
2. The method of claim 1, wherein the preset authentication policy comprises:
determining whether a digital certificate corresponding to the authentication information is issued by the vehicle-mounted authentication center;
and when the digital certificate is determined to be issued by the vehicle-mounted authentication center, determining that the vehicle-mounted communication device corresponding to the digital certificate is the authorization device.
3. The method of claim 2, wherein prior to the receiving the first authentication information sent by the first on-board communication device and the second authentication information sent by the second on-board communication device, the method further comprises:
determining whether a certificate issuing request is received;
when the certificate issuing request is determined to be received, the digital certificate is issued to the vehicle-mounted communication device which sends the certificate issuing request according to a preset certificate issuing strategy according to the certificate issuing request.
4. The method of claim 3, wherein the certificate issue request includes identification information of the in-vehicle communication device, and wherein the preset certificate issue policy includes:
transmitting the identification information in the certificate issuing request to an authentication server so that the authentication server verifies whether the identification information is valid or not;
when the authentication server verifies that the identification information is valid, a certificate issuing instruction sent by the authentication server is received;
and issuing the digital certificate to the vehicle-mounted communication device which sends the certificate issuing request according to the certificate issuing instruction.
5. An apparatus for vehicle-mounted network security authentication, applied to a vehicle-mounted authentication center, comprising:
the receiving module is used for receiving the first authentication information sent by the first vehicle-mounted communication device and the second authentication information sent by the second vehicle-mounted communication device when the first vehicle-mounted communication device sends a communication request to the second vehicle-mounted communication device;
the authentication module is used for authenticating whether the first vehicle-mounted communication device is an authorization device according to a preset authentication strategy according to the first authentication information and authenticating whether the second vehicle-mounted communication device is an authorization device according to the preset authentication strategy according to the second authentication information;
and the sending module is used for respectively sending authentication passing information to the first vehicle-mounted communication device and the second vehicle-mounted communication device when the first vehicle-mounted communication device and the second vehicle-mounted communication device are both the authorization devices so that the first vehicle-mounted communication device and the second vehicle-mounted communication device can communicate.
6. The apparatus of claim 5, wherein the preset authentication policy comprises:
determining whether a digital certificate corresponding to the authentication information is issued by the vehicle-mounted authentication center;
and when the digital certificate is determined to be issued by the vehicle-mounted authentication center, determining that the vehicle-mounted communication device corresponding to the digital certificate is the authorization device.
7. The apparatus of claim 6, wherein the apparatus further comprises:
the determining module is used for determining whether a certificate issuing request is received;
and the certificate issuing module is used for issuing the digital certificate to the vehicle-mounted communication device which sends the certificate issuing request according to a preset certificate issuing strategy according to the certificate issuing request when the fact that the certificate issuing request is received is determined.
8. The apparatus of claim 7, wherein the certificate issue request includes identification information of the in-vehicle communication apparatus, and wherein the preset certificate issue policy includes:
transmitting the identification information in the certificate issuing request to an authentication server so that the authentication server verifies whether the identification information is valid or not;
when the authentication server verifies that the identification information is valid, a certificate issuing instruction sent by the authentication server is received;
and issuing the digital certificate to the vehicle-mounted communication device which sends the certificate issuing request according to the certificate issuing instruction.
9. A computer readable storage medium, on which a computer program is stored, characterized in that the program, when being executed by a processor, implements the steps of the method according to any one of claims 1-4.
10. A vehicle characterized by comprising the apparatus for in-vehicle network security authentication as claimed in any one of claims 5 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810973749.2A CN109040285B (en) | 2018-08-24 | 2018-08-24 | Method and device for safety authentication of vehicle-mounted network, storage medium and vehicle |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810973749.2A CN109040285B (en) | 2018-08-24 | 2018-08-24 | Method and device for safety authentication of vehicle-mounted network, storage medium and vehicle |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109040285A CN109040285A (en) | 2018-12-18 |
| CN109040285B true CN109040285B (en) | 2023-06-20 |
Family
ID=64628366
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810973749.2A Active CN109040285B (en) | 2018-08-24 | 2018-08-24 | Method and device for safety authentication of vehicle-mounted network, storage medium and vehicle |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109040285B (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109743334A (en) * | 2019-02-28 | 2019-05-10 | 浙江众泰汽车制造有限公司 | A kind of T-BOX encryption system and method |
| CN111917685B (en) | 2019-05-07 | 2022-05-31 | 华为云计算技术有限公司 | Method for applying for digital certificate |
| CN110366176B (en) * | 2019-06-20 | 2021-08-06 | 北京邮电大学 | Key negotiation method for vehicle-mounted self-organizing network |
| CN113472541B (en) * | 2020-03-12 | 2022-10-18 | 华为云计算技术有限公司 | Certificate switching method and device |
| CN113727297A (en) * | 2020-05-11 | 2021-11-30 | 上汽通用汽车有限公司 | Vehicle-connected secure access method and system |
| CN112398810B (en) * | 2020-10-16 | 2022-03-25 | 郑州信大捷安信息技术股份有限公司 | Identity authentication system and method of OBD (on-Board diagnostics) equipment |
| CN113093560A (en) * | 2021-02-23 | 2021-07-09 | 美的集团股份有限公司 | Man-machine interaction method and device for household appliance |
| CN113271543B (en) * | 2021-05-14 | 2023-04-07 | 阿波罗智联(北京)科技有限公司 | Vehicle communication method and device and electronic equipment |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2009086965A (en) * | 2007-09-28 | 2009-04-23 | Denso Corp | On-vehicle device and mobile terminal |
| CN102118248A (en) * | 2009-12-31 | 2011-07-06 | 厦门雅迅网络股份有限公司 | Method for implementing device identification based on communication authentication |
| WO2011148744A1 (en) * | 2010-05-24 | 2011-12-01 | ルネサスエレクトロニクス株式会社 | Communication system, vehicle-mounted terminal, roadside device |
| DE102012204842A1 (en) * | 2011-04-01 | 2012-10-04 | Ford Global Technologies, Llc | Methods and systems for authenticating one or more users of a vehicle communication and information system |
| CN105763558A (en) * | 2016-01-20 | 2016-07-13 | 华东师范大学 | Distributed aggregation authentication method having privacy protection function for vehicle-mounted self-organizing network |
| WO2016198241A1 (en) * | 2015-06-11 | 2016-12-15 | Siemens Aktiengesellschaft | Authorization apparatus and method for an authorized issuing of an authentication token for a device |
| CN106789061A (en) * | 2016-11-18 | 2017-05-31 | 中车株洲电力机车有限公司 | The floating engineering detecting car data transmission method of magnetic, device and the floating engineering detecting car of magnetic |
| CN106953796A (en) * | 2017-04-13 | 2017-07-14 | 北京汽车集团有限公司 | Security gateway, data processing method, device, vehicle network topology and vehicle |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7600114B2 (en) * | 2002-06-28 | 2009-10-06 | Temic Automotive Of North America, Inc. | Method and system for vehicle authentication of another vehicle |
-
2018
- 2018-08-24 CN CN201810973749.2A patent/CN109040285B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2009086965A (en) * | 2007-09-28 | 2009-04-23 | Denso Corp | On-vehicle device and mobile terminal |
| CN102118248A (en) * | 2009-12-31 | 2011-07-06 | 厦门雅迅网络股份有限公司 | Method for implementing device identification based on communication authentication |
| WO2011148744A1 (en) * | 2010-05-24 | 2011-12-01 | ルネサスエレクトロニクス株式会社 | Communication system, vehicle-mounted terminal, roadside device |
| DE102012204842A1 (en) * | 2011-04-01 | 2012-10-04 | Ford Global Technologies, Llc | Methods and systems for authenticating one or more users of a vehicle communication and information system |
| WO2016198241A1 (en) * | 2015-06-11 | 2016-12-15 | Siemens Aktiengesellschaft | Authorization apparatus and method for an authorized issuing of an authentication token for a device |
| CN105763558A (en) * | 2016-01-20 | 2016-07-13 | 华东师范大学 | Distributed aggregation authentication method having privacy protection function for vehicle-mounted self-organizing network |
| CN106789061A (en) * | 2016-11-18 | 2017-05-31 | 中车株洲电力机车有限公司 | The floating engineering detecting car data transmission method of magnetic, device and the floating engineering detecting car of magnetic |
| CN106953796A (en) * | 2017-04-13 | 2017-07-14 | 北京汽车集团有限公司 | Security gateway, data processing method, device, vehicle network topology and vehicle |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109040285A (en) | 2018-12-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109040285B (en) | Method and device for safety authentication of vehicle-mounted network, storage medium and vehicle | |
| EP3694179B1 (en) | Proxy for access of a vehicle component | |
| CN107650863B (en) | Vehicle sharing method and system | |
| KR101480605B1 (en) | Accessing system for vehicle network and method of the same | |
| US10602360B2 (en) | Secure mobile device integration with vehicles | |
| CN107682334B (en) | OBD interface data safety protection system and data safety protection method | |
| CN106154903B (en) | The system and method for carrying out information exchange for vehicle network and peripheral hardware | |
| CN105792201A (en) | Method and system for issuing CSR certificate for vehicle-to-anything communication | |
| CN110800249A (en) | Maintenance system and maintenance method | |
| CN109941228B (en) | Device and method for unlocking vehicle component, vehicle and vehicle communication module | |
| WO2018108293A1 (en) | Methods, devices and vehicles for authenticating a vehicle during a cooperative maneuver | |
| CN111083696A (en) | Communication verification method and system, mobile terminal and vehicle terminal | |
| CN109416711B (en) | Method for the safety verification of a control device in a motor vehicle | |
| CN114629636A (en) | Certificate list updating method and device | |
| CN112398810B (en) | Identity authentication system and method of OBD (on-Board diagnostics) equipment | |
| CN208956085U (en) | In-vehicle networking security certification system and vehicle | |
| CN108718309B (en) | Vehicle identity authentication method and device | |
| CN105656884A (en) | Automobile bus security control device based on security elements and control method thereof | |
| CN110557256A (en) | Temporary and customized vehicle access | |
| CN115065522A (en) | Security authentication method, vehicle-mounted controller, remote communication terminal, and storage medium | |
| CN110708192B (en) | Vehicle-mounted management system and method applied to addable equipment | |
| CN114157489A (en) | Communication domain controller safety communication method based on periodic authentication handshake mechanism | |
| CN112738012A (en) | Session unique access token | |
| CN115296813B (en) | Identity authentication method and system for automobile Ethernet controller | |
| CN113766450A (en) | Vehicle virtual key sharing method, mobile terminal, server and vehicle |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |