CN109617675A - Both sides' identification authentication method and system between a kind of charge-discharge facility and user terminal - Google Patents

Both sides' identification authentication method and system between a kind of charge-discharge facility and user terminal Download PDF

Info

Publication number
CN109617675A
CN109617675A CN201811355944.5A CN201811355944A CN109617675A CN 109617675 A CN109617675 A CN 109617675A CN 201811355944 A CN201811355944 A CN 201811355944A CN 109617675 A CN109617675 A CN 109617675A
Authority
CN
China
Prior art keywords
charge
user terminal
discharge facility
identity
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811355944.5A
Other languages
Chinese (zh)
Other versions
CN109617675B (en
Inventor
严辉
王文
赵宇
李培军
于婷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Electric Vehicle Service Co Ltd
Original Assignee
State Grid Electric Vehicle Service Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Electric Vehicle Service Co Ltd filed Critical State Grid Electric Vehicle Service Co Ltd
Priority to CN201811355944.5A priority Critical patent/CN109617675B/en
Publication of CN109617675A publication Critical patent/CN109617675A/en
Application granted granted Critical
Publication of CN109617675B publication Critical patent/CN109617675B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Abstract

The present invention relates to the both sides' identification authentication methods and system between a kind of charge-discharge facility and user terminal, the described method includes: being encoded according to the identity that the identity of charge-discharge facility and user terminal generates charge-discharge facility and user terminal, then the public key and private key for generating charge-discharge facility and user terminal are encoded according to the identity, and then the two-way authentication between charge-discharge facility and user terminal is carried out using the public key and private key, based on the above-mentioned technical proposal, its unique public key and private key are determined using the identity of certification entity, establish authentication in the technical foundation of mark encryption, data transmission security in effective guarantee authentication procedures, the offline crypto identity certification being suitable between charge-discharge facility and user or terminal device simultaneously, improve versatility.

Description

Both sides' identification authentication method and system between a kind of charge-discharge facility and user terminal
Technical field
The present invention relates to new-energy automobile safety certification fields, and in particular to double between a kind of charge-discharge facility and user terminal Square identification authentication method and system.
Background technique
The technology of new-energy automobile is gradually to the development of intelligent and pure electric drive, in the car networking service built based on power grid The quantity of the registration user accessed on platform is constantly significantly increased, in order to meet the demand of growing user, on platform Have more and more charge-discharge facility accesses;Therefore to the identity identifying technology realized between charge-discharge facility and user terminal It is required that also higher and higher.
Existing new-energy automobile certification mainly uses following methods: by brushing specific recharged card in charge-discharge facility Authentication is carried out to authenticate user identity and scan the two dimensional code in charge-discharge facility by mobile phone app;Wherein, recharged card side Although formula supports the charging of charge-discharge facility off-line trading, cannot be mutual between the recharged card and charge-discharge facility of different manufacturers Certification, causes user inconvenient for use, and be only capable of being authenticated between charge-discharge facility and recharged card, can not achieve charge and discharge and set The certification between electric car is applied, in addition, the authentication password algorithm of recharged card mode is symmetric key algorithm, key management is multiple It is miscellaneous, need to install additional card-reading apparatus and PSAM card in charge-discharge facility, it is at high cost;Mobile phone app mode supplements the backstage clothes of service with money Business system must assure that online, could pass through mobile phone app Certificate Authority, and charging authorization, and this can not be carried out under offline environment Kind authentication mode must be by two dimensional code in scanning charge-discharge facility, and extracts the charge-discharge facility label information among two dimensional code, Then background service system is sent jointly to the user name of oneself, password and carry out authenticating identity, protect without effective communication security Shield ensures that, in addition, needing to install additional display screen in charge-discharge facility, high failure rate is at high cost;Current new-energy automobile certification Mechanics of communication using the control chip in charging pile equipment by GPIO interface and ESAM chip communication, and by UART interface with The method that the metering and billing terminal of charging pile equipment is communicated, but this method only can guarantee inside charging pile and billing terminal it Between realize complete communication, cannot achieve the authentication between charging pile and vehicle/user, and cannot ensure verification process The safety of middle communication.
Summary of the invention
The present invention provides both sides' identification authentication method and system between a kind of charge-discharge facility and user terminal, and the purpose is to benefits The public key and private key that authentication entity is generated with mark encryption technology, public key and private key transmission of authentication information based on generation are real The bidirectional identity authentication between entity is now authenticated in many ways, and the safety of authentication information transmission has been effectively ensured, has been suitable for new energy A variety of authentication entities of automotive field, and reduce authentication operation complexity and cost.
The purpose of the present invention is adopt the following technical solutions realization:
Both sides' identification authentication method between a kind of charge-discharge facility and user terminal, it is improved in that the method packet It includes:
The identity of charge-discharge facility and user terminal is generated according to the identity of charge-discharge facility and user terminal respectively Coding;
Public key and the private for generating charge-discharge facility and user terminal are encoded according to the identity of charge-discharge facility and user terminal Key;
The two-way authentication between charge-discharge facility and user terminal is carried out using the public key and private key of charge-discharge facility and user terminal.
Preferably, the user terminal includes: electric car, mobile terminal and application platform.
Further, the identity of the charge-discharge facility is charge-discharge facility device number, the identity mark of electric car Knowing is VIN identification code, and the identity of mobile terminal is IMEI coding, and the identity of application platform is platform names identification Code.
Further, the identity of charge-discharge facility and user terminal is generated according to the identity of charge-discharge facility and user terminal Identification code, comprising:
(1) the transcoding result of version number is determined as the following formula:
(m+2)*16+n
Wherein, m is the major version number of the version number of identity coding, and n is the sub- version of the version number of identity coding This number;
The transcoding result of version number is subjected to ASCII transcoding inverse transformation and obtains version sign character;
(2) if the type of certification entity is charge-discharge facility, it is determined that its corresponding type character is " I ", if certification is real The type of body is electric car, it is determined that its corresponding type character is " V ", if the type of certification entity is mobile terminal, Determine that its corresponding type character is " U ", if the type of certification entity is application platform, it is determined that its corresponding type character is "P";
(3) according to coding mode be ASCII encode, it is determined that coding mode character be " A ", according to coding staff Formula is BCD coding, it is determined that coding mode character is " B ";
(4) if the total length of identity coding is less than or equal to 36, the transcoding result of code length is determined as the following formula:
L/4+0x30
If the total length of identity coding is greater than 36, the transcoding result of code length is determined as the following formula:
L/4+0x37
Wherein, L is the total length of identity coding;
The transcoding result of code length is subjected to ASCII transcoding inverse transformation and obtains length character;
(5) the 1st bytecode of validity period is determined as the following formula:
(Y-1970)/32
The 2nd bytecode of validity period is determined as the following formula:
(Y-1970) %32
The 3rd bytecode of validity period is the month of the validity period of identity coding;The 4th bytecode of validity period be The number of days of the validity period of identity coding;
Determine the transcoding result of above-mentioned 4 bytecodes respectively as the following formula:
(z>9)*0x07+z+0x30
In formula, Y is the time of the validity period of identity coding, and z is each bytecode, otherwise it is 0 that the value of z > 9, which is 1,;
The transcoding result of 4 bytecodes is subjected to ASCII transcoding inverse transformation respectively and obtains validity period character;
(6) the identity character for encoding the identity of each certification entity as its identity;
(7) root key that the label that root key generation is center is encoded as identity is generated into center reference characters;
(8) all characters that step (1) to (7) obtains are subjected to CRC12 coding and carry out CODE64 transcoding to obtain identity Identification code is checked character;
(9) output identity coding are as follows: version number's character+type character+coding mode character+length character+effectively Phase character+identity character+root key generates center character+is checked character;
Preferably, described encoded according to the identity of charge-discharge facility and user terminal generates charge-discharge facility and user terminal Public key and private key, comprising:
Using the identity coding of charge-discharge facility as the public key of charge-discharge facility, and according to the public key of charge-discharge facility The private key of charge-discharge facility is determined using SM9 id password algorithm;
The public key as itself is encoded using the identity of user terminal, and SM9 id password is used according to the public key of itself Algorithm determines the private key of each user terminal.
Preferably, described to be carried out between charge-discharge facility and user terminal using the public key and private key of charge-discharge facility and user terminal Two-way authentication, comprising:
Charge-discharge facility generates facility random number, and charge-discharge facility data are sent to user terminal, the charge-discharge facility Data include the public key and current time information of facility random number, charge-discharge facility;
After user terminal receives the charge-discharge facility data that charge-discharge facility sends over, it is random to generate user terminal Number, and the charge-discharge facility data are digitally signed, by signature value, the public key of user terminal, user terminal random number, facility Random number and current time information are passed back to charge-discharge facility as user terminal response message;
After charge-discharge facility receives the user terminal response message of user terminal loopback, received using the public key verifications of user terminal The signature value of the user terminal arrived, and verify the validity of user terminal response message;If verifying successfully, it was demonstrated that user terminal identity is closed Method and the public key for recording the user terminal;Otherwise, verification process and connection are interrupted;
Key seed is randomly generated in charge-discharge facility, is encrypted to obtain to the key seed using the public key of user terminal close Key seed ciphertext, and do the second number using the facility random number of itself, the public key of charge-discharge facility and current time information and sign Name, and charge-discharge facility data are sent to user terminal, the charge-discharge facility data include the second digital signature value, key kind The public key and current time information of sub- ciphertext, facility random number, charge-discharge facility;
After user terminal receives the charge-discharge facility data of charge-discharge facility transmission, the charge-discharge facility number is verified According to validity, if being verified, use the certification private key decruption key seed ciphertext of itself, obtain plaintext state key kind Son, charge-discharge facility and user terminal carry out cipher key derivative according to the key seed of plaintext state and obtain encrypted communication session key, Data communication is protected using symmetry algorithm according to the encrypted communication session key, otherwise, interrupts verification process and connection.
Both sides' ID authentication system between a kind of charge-discharge facility and user terminal, it is improved in that the system packet It includes:
Coding module, for generating charge-discharge facility and user according to the identity of charge-discharge facility and user terminal respectively The identity at end encodes;
Key production module, for according to the identity of charge-discharge facility and user terminal encode generate charge-discharge facility and The public key and private key of user terminal;
Authentication module, for the public key and private key progress charge-discharge facility and user terminal using charge-discharge facility and user terminal Between two-way authentication.
Preferably, the user terminal includes: electric car, mobile terminal and application platform.
Further, the identity of the charge-discharge facility is charge-discharge facility device number, the identity mark of electric car Knowing is VIN identification code, and the identity of mobile terminal is IMEI coding, and the identity of application platform is platform names identification Code.
Preferably, the coding module, is used for:
(1) the transcoding result of version number is determined as the following formula:
(m+2)*16+n
Wherein, m is the major version number of the version number of identity coding, and n is the sub- version of the version number of identity coding This number;
The transcoding result of version number is subjected to ASCII transcoding inverse transformation and obtains version sign character;
(2) if the type of certification entity is charge-discharge facility, it is determined that its corresponding type character is " I ", if certification is real The type of body is electric car, it is determined that its corresponding type character is " V ", if the type of certification entity is mobile terminal, Determine that its corresponding type character is " U ", if the type of certification entity is application platform, it is determined that its corresponding type character is "P";
(3) according to coding mode be ASCII encode, it is determined that coding mode character be " A ", according to coding staff Formula is BCD coding, it is determined that coding mode character is " B ";
(4) if the total length of identity coding is less than or equal to 36, the transcoding result of code length is determined as the following formula:
L/4+0x30
If the total length of identity coding is greater than 36, the transcoding result of code length is determined as the following formula:
L/4+0x37
Wherein, L is the total length of identity coding;
The transcoding result of code length is subjected to ASCII transcoding inverse transformation and obtains length character;
(5) the 1st bytecode of validity period is determined as the following formula:
(Y-1970)/32
The 2nd bytecode of validity period is determined as the following formula:
(Y-1970) %32
The 3rd bytecode of validity period is the month of the validity period of identity coding;The 4th bytecode of validity period be The number of days of the validity period of identity coding;
Determine the transcoding result of above-mentioned 4 bytecodes respectively as the following formula:
(z>9)*0x07+z+0x30
In formula, Y is the time of the validity period of identity coding, and z is each bytecode, otherwise it is 0 that the value of z > 9, which is 1,;
The transcoding result of 4 bytecodes is subjected to ASCII transcoding inverse transformation respectively and obtains validity period character;
(6) the identity character for encoding the identity of each certification entity as its identity;
(7) root key that the label that root key generation is center is encoded as identity is generated into center reference characters;
(8) all characters that step (1) to (7) obtains are subjected to CRC12 coding and carry out CODE64 transcoding to obtain identity Identification code is checked character;
(9) output identity coding are as follows: version number's character+type character+coding mode character+length character+effectively Phase character+identity character+root key generates center character+is checked character.
Preferably, the key production module, is used for:
Using the identity coding of charge-discharge facility as the public key of charge-discharge facility, and according to the public key of charge-discharge facility The private key of charge-discharge facility is determined using SM9 id password algorithm;
The public key as itself is encoded using the identity of user terminal, and SM9 id password is used according to the public key of itself Algorithm determines the private key of each user terminal.
Preferably, the authentication module, comprising: charge-discharge facility authentication unit and user terminal authentication unit;
Charge-discharge facility authentication unit generates charge-discharge facility random number, and charge-discharge facility data are sent to user terminal, The charge-discharge facility data include the public key and current time information of facility random number, charge-discharge facility;
After user terminal authentication unit receives the data that charge-discharge facility authentication unit is sent, user terminal random number is generated, and The charge-discharge facility data are digitally signed, signature value, the public key of user terminal, user terminal random number, facility is random Several and current time information is passed back to charge-discharge facility authentication unit as user terminal response message;
After charge-discharge facility authentication unit receives the response message of user terminal authentication unit loopback, the public key of user terminal is used The signature value of the user terminal received is verified, and verifies the validity of user terminal response message;If verifying successfully, it was demonstrated that user End identity is legal and records the public key of the user terminal;Otherwise, verification process and connection are interrupted;
Key seed is randomly generated in charge-discharge facility authentication unit, is added using the public key of user terminal to the key seed It is close to obtain key seed ciphertext, and is done using the facility random number of itself, the public key of charge-discharge facility and current time information Two digital signature, and charge-discharge facility data are sent to user terminal, the charge-discharge facility data include the second digital signature It is single that value, key seed ciphertext, facility random number, the public key of charge-discharge facility and current time information are sent to user terminal certification Member;
After user terminal authentication unit receives the data that charge-discharge facility authentication unit is sent, the charge-discharge facility number is verified According to validity, if being verified, use the certification private key decruption key seed ciphertext of itself, obtain plaintext state key kind Son, charge-discharge facility and user terminal carry out cipher key derivative according to the key seed of plaintext state and obtain encrypted communication session key, Data communication is protected using symmetry algorithm according to the encrypted communication session key, otherwise, interrupts verification process and connection.
Compared with the immediate prior art, the present invention is also had the following beneficial effects:
Using technical solution of the present invention, according to the identity of charge-discharge facility and user terminal generate charge-discharge facility and The identity of user terminal encodes, and public key and the private for generating charge-discharge facility and user terminal are then encoded according to the identity Key is generated the public key and private key for being used for authentication by the method for tagged keys system, ensure that in authentication procedures The safety and reliability of authentication data transmission;And it is carried out using the public key and private key double between charge-discharge facility and user terminal To certification, overcome in conventional authentication method it is complicated for operation, at high cost, offline environment is infeasible and be only limitted to charge-discharge facility and The problem of metering and billing terminal, the two-way authentication being able to achieve between a variety of certification entities in new-energy automobile field effectively increase and recognize Demonstrate,prove versatility and authentication efficiency.
Detailed description of the invention
Fig. 1 is the flow chart of both sides' identification authentication method between charge-discharge facility of the embodiment of the present invention and user terminal;
Fig. 2 is the operation detailed map of both sides' identification authentication method between charge-discharge facility of the embodiment of the present invention and user terminal;
Fig. 3 is the certification network structure of both sides' identification authentication method between charge-discharge facility of the embodiment of the present invention and user terminal Figure;
Fig. 4 is the structural schematic diagram of both sides' ID authentication system between charge-discharge facility of the embodiment of the present invention and user terminal.
Specific embodiment
It elaborates with reference to the accompanying drawing to a specific embodiment of the invention.
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art All other embodiment obtained without making creative work, shall fall within the protection scope of the present invention.
Technical solution of the present invention realizes that one kind identifies in many ways using the id password algorithm based on the close SM9 algorithm of state Authentication password system, at the same can reach based on certification negotiation mechanism offline scenario under charge-discharge facility and electric car and The target of two-way authentication, key management and encrypted transmission between mobile terminal.Based on above-mentioned technical goal, technical side of the invention Case combine " administrative center, using the thinking for removing " center ", it then follows the close SM9 algorithm standard rules of state construct a multi-party mark and manage Reason and authentication model;By the unifying identifier coding rule of setting, solve the problems, such as the Semantic of client public key in SM9 algorithm, And then realize the authentication for being suitable for various certification entities and application environment.
The present invention provides a kind of accumulation energy type photovoltaic plants for supporting power grid"black-start" to start method and system, carries out below Explanation.
Embodiment one:
Fig. 1 shows the process that the accumulation energy type photovoltaic plant starting method of power grid"black-start" is supported in the embodiment of the present invention Figure, as shown in Figure 1, the method may include:
101. the identity of charge-discharge facility and user terminal is generated according to the identity of charge-discharge facility and user terminal respectively Identification code;
102. encoding the public key for generating charge-discharge facility and user terminal according to the identity of charge-discharge facility and user terminal And private key;
103. being carried out using the public key and private key of charge-discharge facility and user terminal two-way between charge-discharge facility and user terminal Certification.
Wherein, the user terminal may include: electric car, mobile terminal and application platform.
The identity of the charge-discharge facility is charge-discharge facility device number (serial number, 6 bit digitals), electric car Identity is VIN identification code (license plate number, totally 24 characters), and the identity of mobile terminal is IMEI coding (or other hands Machine intrinsic information), the identity of application platform is platform names identification code.
The present invention is unified by the mark rule of charge-discharge facility, electric car, user, convenient for the classification of mark, classification, divides Domain management;
Unifying identifier coding rule is adapted to the coding rule of various main bodys in system, provides unique identification for user, and A kind of method for providing Code64 transcoding carries out transcoding to unique identification, changes into printable character;
Specifically, the identity mark of charge-discharge facility and user terminal is generated according to the identity of charge-discharge facility and user terminal Know coding, may include:
(1) the transcoding result of version number is determined as the following formula:
(m+2)*16+n
Wherein, m is the major version number of the version number of identity coding, and n is the sub- version of the version number of identity coding This number;
The transcoding result of version number is subjected to ASCII transcoding inverse transformation and obtains version sign character;
(2) if the type of certification entity is charge-discharge facility, it is determined that its corresponding type character is " I ", if certification is real The type of body is electric car, it is determined that its corresponding type character is " V ", if the type of certification entity is mobile terminal, Determine that its corresponding type character is " U ", if the type of certification entity is application platform, it is determined that its corresponding type character is "P";
(3) according to coding mode be ASCII encode, it is determined that coding mode character be " A ", according to coding staff Formula is BCD coding, it is determined that coding mode character is " B ";
(4) if the total length of identity coding is less than or equal to 36, the transcoding result of code length is determined as the following formula:
L/4+0x30
If the total length of identity coding is greater than 36, the transcoding result of code length is determined as the following formula:
L/4+0x37
Wherein, L is the total length of identity coding;
The transcoding result of code length is subjected to ASCII transcoding inverse transformation and obtains length character;
(5) the 1st bytecode of validity period is determined as the following formula:
(Y-1970)/32
The 2nd bytecode of validity period is determined as the following formula:
(Y-1970) %32
The 3rd bytecode of validity period is the month of the validity period of identity coding;The 4th bytecode of validity period be The number of days of the validity period of identity coding;
Determine the transcoding result of above-mentioned 4 bytecodes respectively as the following formula:
(z>9)*0x07+z+0x30
In formula, Y is the time of the validity period of identity coding, and z is each bytecode, otherwise it is 0 that the value of z > 9, which is 1,;
The transcoding result of 4 bytecodes is subjected to ASCII transcoding inverse transformation respectively and obtains validity period character;
(6) the identity character for encoding the identity of each certification entity as its identity;
(7) root key that the label that root key generation is center is encoded as identity is generated into center reference characters;
(8) all characters that step (1) to (7) obtains are subjected to CRC12 coding and carry out CODE64 transcoding to obtain identity Identification code is checked character;
(9) output identity coding are as follows: version number's character+type character+coding mode character+length character+effectively Phase character+identity character+root key generates center character+is checked character;
Wherein, before the length character for obtaining identity coding, may include:
The total length of current identity coding is obtained, if length is not 4 multiple, insufficient section is filled out using '=' It fills, otherwise, without supplement, directly acquires the length character of identity coding;Identity coding rule is as shown in table 1:
1. identity code character of table sets rule list
Wherein, code64 transcoding rule such as table 2 shows:
Table 2.code64 transcoding rule list
Hex Transcoding Hex Transcoding Hex Transcoding Hex Transcoding
00 @ 10 G 20 W 30 m
01 1 11 H 21 X 31 n
02 2 12 I 22 Y 32 o
03 3 13 J 23 Z 33 p
04 4 14 K 24 a 34 q
05 5 15 L 25 b 35 r
06 6 16 M 26 c 36 s
07 7 17 N 27 d 37 t
08 8 18 O 28 e 38 u
09 9 19 P 29 f 39 v
0A A 1A Q 2A g 3A w
0B B 1B R 2B h 3B x
0C C 1C S 2C i 3C y
0D D 1D T 2D j 3D z
0E E 1E U 2E k 3E *
0F F 1F V 2F l 3F +
Wherein, specific transcoding mode is as follows:
#define Code64_switch61 (x) (x > 61)? (' * '+(x) -62): (' a '+(x) -36)
#define Code64_switch35 (x) (x > 35)? (Code64_switch61 (x)): (' A '+(x) -10)
#define Code64_switch9 (x) (x > 9)? (Code64_switch35 (x)): (' 0 '+(x))
#define Code64 (x) (x)? (Code64_switch9 (x)): ('@')
Fill character and be set as '='.
If the pincode of charge-discharge facility i are as follows: 4205100000000001 11s1 of 1VA7 43CV;Then wherein A character and the corresponding relationship of charge and discharge setting i information are as follows:
Version sign character is 1: current version V1.1;
Type character is V: charge-discharge facility;
Coding mode character is A:Ascii coding;
Length character is 7: 28 bytes of total length;
Validity period character is 43CV: validity period 2099-12-31;
Identity character is 4205100000000001: the device numbering of charge-discharge facility i is 4205100000000001;
It is 11 that root key, which generates center reference characters: root key generates center marked as 11;
It checks character and is encoded to 0xD981, preceding 6bit for the CRC12 of s1:1VA7 43CV 4,205,100,000,000,001 11 It is 0x01 for 0x36, rear 6bit, is s1 through CODE64 transcoding;
Wherein, charge-discharge facility identity coding belongs to a kind of device identification, in addition to coding rule necessity field, may be used also To contain following field:
A) geography information (administrative regional division of the People's Republic of China's code (GB/T 2260-2007), 6 bit digitals);
Fig. 2 shows the operating processes of both sides' identification authentication method between charge-discharge facility of the embodiment of the present invention and user terminal Detailed map, as shown in Fig. 2, being based on hierarchical public key trust mechanism proposed by the present invention, building multistage divides the key management mould in domain Formula is realized the flattening of cipher key authority, and is supported across the authentication between security domain.
Establish hierarchical tagged keys management system;According to application scenarios demand, key management hierarchical structure is designed;Base In the hierarchical public key trust mechanism proposed by the present invention based on SM9 algorithm, build root key generate center (KGC) and it is each under Grade key generation centre, and establish trusting relationship.
It is the corresponding key generation centre of total power grid that the root key, which generates center, and junior's key generation centre includes Charge-discharge facility operator key generates center, charge and discharge platform operator key generates center, electric car manufacturer key is raw At center etc., after each key generation centre receives the mark application of corresponding certification entity, according to charge-discharge facility and user The identity coding at end generates the public key of certification entity, and distributes to corresponding certification entity, and then raw according to the public key At corresponding private key;
Specifically, described encoded according to the identity of charge-discharge facility and user terminal generates charge-discharge facility and user terminal Public key and private key, may include:
Using the identity coding of charge-discharge facility as the public key of charge-discharge facility, and according to the public key of charge-discharge facility The private key of charge-discharge facility is determined using SM9 id password algorithm;
The public key as itself is encoded using the identity of user terminal, and SM9 id password is used according to the public key of itself Algorithm determines the private key of each user terminal.
Fig. 3 shows the certification network of both sides' identification authentication method between charge-discharge facility of the embodiment of the present invention and user terminal Structure chart, as shown in figure 3, charge-discharge facility and electric car containing SE safety chip pass through PLC, CAN bus or Ethernet It interconnects;The charge-discharge facility and mobile terminal are interconnected by bluetooth or NFC;
The two-way authentication between charge-discharge facility and user terminal is carried out using the public key and private key of charge-discharge facility and user terminal Before, may include: that following initialization step is carried out to charge-discharge facility, electric car and mobile terminal:
Identity coding PointID (SM9 public key) is issued to charge-discharge facility in the center charge-discharge facility operator KGC, With SM9 encryption and decryption private key, signature private key, and it is stored in SE safety chip.
Identification information UserID1 (SM9 public key) and SM9 encryption and decryption are issued to electric car in the center electric car manufacturer KGC Private key, signature private key, and be stored in SE safety chip.
Mark identity is issued to mobile terminal and knows coding UserID2 (SM9 public key) and SM9 encryption and decryption in the center application platform KGC Private key, signature private key, and be stored in mobile terminal safely.
Specifically, described to be carried out between charge-discharge facility and user terminal using the public key and private key of charge-discharge facility and user terminal Two-way authentication, may include:
Charge-discharge facility generates facility random number, and facility random number, the public key of charge-discharge facility and current time are believed Breath is sent to user terminal;
After user terminal receives the data that charge-discharge facility sends over, user terminal random number is generated, and set to charge and discharge The data applied are digitally signed, by signature value, the public key of user terminal, user terminal random number, facility random number and current time Information in response information back to charge-discharge facility;
After charge-discharge facility receives the response message of user terminal loopback, the use that is received using the public key verifications of user terminal The signature value at family end, and the validity of authentication response information;If verifying successfully, it was demonstrated that user terminal identity is legal and records the use The public key at family end;Otherwise, verification process and connection are interrupted;
Key seed is randomly generated in charge-discharge facility, is encrypted to obtain to the key seed using the public key of user terminal close Key seed ciphertext, and do the second number using the facility random number of itself, the public key of charge-discharge facility and current time information and sign Name, and by the public key and current time information of the second digital signature value, key seed ciphertext, facility random number, charge-discharge facility It is sent to user terminal;
After user terminal receives the data of charge-discharge facility transmission, the validity of verify data, if being verified, using certainly The certification private key decruption key seed ciphertext of body obtains the key seed of plaintext state, and charge-discharge facility and user terminal are according to bright The key seed of literary state carries out cipher key derivative and obtains encrypted communication session key, is used according to the encrypted communication session key Symmetry algorithm protects data communication, otherwise, interrupts verification process and connection.
Embodiment two:
Fig. 4 shows the structural representation of both sides' ID authentication system between charge-discharge facility of the embodiment of the present invention and user terminal Figure, as shown in figure 4, the system may include:
Coding module, for generating charge-discharge facility and user according to the identity of charge-discharge facility and user terminal respectively The identity at end encodes;
Key production module, for according to the identity of charge-discharge facility and user terminal encode generate charge-discharge facility and The public key and private key of user terminal;
Authentication module, for the public key and private key progress charge-discharge facility and user terminal using charge-discharge facility and user terminal Between two-way authentication.
Wherein, the user terminal may include: electric car, mobile terminal and application platform.
The identity of the charge-discharge facility is charge-discharge facility device number, and the identity of electric car is VIN knowledge Other code, the identity of mobile terminal are IMEI coding, and the identity of application platform is platform names identification code.
Specifically, the coding module, is used for: (1) as the following formula determine the transcoding result of version number:
(m+2)*16+n
Wherein, m is the major version number of the version number of identity coding, and n is the sub- version of the version number of identity coding This number;
The transcoding result of version number is subjected to ASCII transcoding inverse transformation and obtains version sign character;
(2) if the type of certification entity is charge-discharge facility, it is determined that its corresponding type character is " I ", if certification is real The type of body is electric car, it is determined that its corresponding type character is " V ", if the type of certification entity is mobile terminal, Determine that its corresponding type character is " U ", if the type of certification entity is application platform, it is determined that its corresponding type character is "P";
(3) according to coding mode be ASCII encode, it is determined that coding mode character be " A ", according to coding staff Formula is BCD coding, it is determined that coding mode character is " B ";
(4) if the total length of identity coding is less than or equal to 36, the transcoding result of code length is determined as the following formula:
L/4+0x30
If the total length of identity coding is greater than 36, the transcoding result of code length is determined as the following formula:
L/4+0x37
Wherein, L is the total length of identity coding;
The transcoding result of code length is subjected to ASCII transcoding inverse transformation and obtains length character;
(5) the 1st bytecode of validity period is determined as the following formula:
(Y-1970)/32
The 2nd bytecode of validity period is determined as the following formula:
(Y-1970) %32
The 3rd bytecode of validity period is the month of the validity period of identity coding;The 4th bytecode of validity period be The number of days of the validity period of identity coding;
Determine the transcoding result of above-mentioned 4 bytecodes respectively as the following formula:
(z>9)*0x07+z+0x30
In formula, Y is the time of the validity period of identity coding, and z is each bytecode, otherwise it is 0 that the value of z > 9, which is 1,;
The transcoding result of 4 bytecodes is subjected to ASCII transcoding inverse transformation respectively and obtains validity period character;
(6) the identity character for encoding the identity of each certification entity as its identity;
(7) root key that the label that root key generation is center is encoded as identity is generated into center reference characters;
(8) all characters that step (1) to (7) obtains are subjected to CRC12 coding and carry out CODE64 transcoding to obtain identity Identification code is checked character;
(9) output identity coding are as follows: version number's character+type character+coding mode character+length character+effectively Phase character+identity character+root key generates center character+is checked character.
Wherein, the key production module, is used for:
Using the identity coding of charge-discharge facility as the public key of charge-discharge facility, and according to the public key of charge-discharge facility The private key of charge-discharge facility is determined using SM9 id password algorithm;
The public key as itself is encoded using the identity of user terminal, and SM9 id password is used according to the public key of itself Algorithm determines the private key of each user terminal.
Wherein, the authentication module, comprising: charge-discharge facility authentication unit and user terminal authentication unit;
Charge-discharge facility authentication unit generates charge-discharge facility random number, and charge-discharge facility random number, charge and discharge are set The public key and current time information applied are sent to user terminal authentication unit;
After user terminal authentication unit receives the data that charge-discharge facility authentication unit is sent, user terminal random number is generated, and The data of charge-discharge facility authentication unit are digitally signed, by signature value, the public key of user terminal, user terminal random number, are filled Information back gives charge-discharge facility authentication unit in response for facility random number of discharging and current time information;
After charge-discharge facility authentication unit receives the response message of user terminal authentication unit loopback, the public key of user terminal is used Verify the signature value of the user terminal received, and the validity of authentication response information;If verifying successfully, it was demonstrated that user terminal identity Public key that is legal and recording the user terminal;Otherwise, verification process and connection are interrupted;
Key seed is randomly generated in charge-discharge facility authentication unit, is added using the public key of user terminal to the key seed It is close to obtain key seed ciphertext, and believed using the charge-discharge facility random number of itself, the public key of charge-discharge facility and current time Breath does the second digital signature, and by the second digital signature value, key seed ciphertext, charge-discharge facility random number, charge-discharge facility Public key and current time information be sent to user terminal authentication unit;
After user terminal authentication unit receives the data that charge-discharge facility authentication unit is sent, verifying charge-discharge facility certification is single The validity of the data of member, using the certification private key decruption key seed ciphertext of itself, obtains plaintext state if being verified Key seed, charge-discharge facility authentication unit and user terminal authentication unit carry out cipher key derivative according to the key seed of plaintext state Encrypted communication session key is obtained, data communication is protected using symmetry algorithm according to the encrypted communication session key, otherwise, in Disconnected verification process and connection.
Embodiment three:
Charge-discharge facility and electric car and mobile authentication process are as follows:
Carrying out between charge-discharge facility and electric car and mobile terminal will be to charge-discharge facility, electronic before agreement transmission Automobile and mobile terminal carry out following initialization step:
Identity coding PointID (SM9 public key) is issued to charge-discharge facility in the center charge-discharge facility operator KGC, With SM9 encryption and decryption private key, signature private key, and it is stored in SE safety chip.
Identification information UserID1 (SM9 public key) and SM9 encryption and decryption are issued to electric car in the center electric car manufacturer KGC Private key, signature private key, and be stored in SE safety chip.
Mark identity is issued to mobile terminal and knows coding UserID2 (SM9 public key) and SM9 encryption and decryption in the center application platform KGC Private key, signature private key, and be stored in mobile terminal safely;
Then charge-discharge facility and electric car and mobile terminal protocol transmission flow are as follows:
1) respective communication protocols are used between mobile terminal and electric car (hereinafter referred to as " user terminal ") and charge-discharge facility View establishes communication connection, and certification is requested to access;
2) charge-discharge facility generates random number R 1 by embedded SE safety chip, and by random number R 1, charge-discharge facility SM9 public key identification information PointID and other information (such as temporal information) be packaged into random challenge data together, send To user terminal;
3) after user terminal receives random challenge, generate random number R 2, and with the SM9 signature private key of user terminal to R2, R1, PointID, UserID etc. } information does digital signature, obtain result S1;By random number R 2, random number R 1, PointID, UserID and signature value S1 are packaged into challenge responses data, are sent to charge-discharge facility;
4) after charge-discharge facility receives challenge responses, the timeliness (1 time+timeliness can only be matched) of R1 is verified;Verifying Whether charge-discharge facility mark PointID is consistent with itself;Use the validity of user terminal mark UserID verifying signature value S1; If being proved to be successful, authorised user end identity is legal and records user terminal mark;If verifying unsuccessful, then it is assumed that user terminal Identity is illegal, and middle connection breaking;
5) after, charge-discharge facility as need with user terminal coded communication, can be randomly generated by charge-discharge facility one it is close Key seed KeySeed carries out SM9 encryption using user terminal UserID, obtains the CryptKey of ciphertext state;Charge-discharge facility Digital signature is done to { R1, R2, UserID, CryptKey etc. } information using the SM9 signature private key of itself, obtains result S2;It will R1, R2, UserID, CryptKey and signature value send jointly to user terminal;
6) user terminal receives in response to determining that after message, verifies the timeliness of R1, R2;Verifying user terminal identifies UserID It is no to be consistent with itself;With the validity of PointID verifying S2 signature value;If being verified, user terminal approves charge-discharge facility body Part is legal;Otherwise it is assumed that charge-discharge facility identity is illegal, connection breaking in user terminal.
7) user terminal decrypts CryptKey using the SM9 decrypted private key of itself, obtains the KeySeed of plaintext state.
If 8) above-mentioned steps are completed, the two-way authentication between charge-discharge facility and user terminal is completed, and one synchronous Key seed KeySeed.
9) on the basis of key seed, coded communication is if desired carried out, then can carry out cipher key derivative and obtain coded communication Session key SessionKey.Deriving mode is as follows:
10) SessionKey=Hash (KeySeed | | R1 | | R2 | | PointID | | UserID).
11) symmetry algorithm encryption can be used in cipher mode, and algorithm operating mode configures on demand.
It should be understood by those skilled in the art that, embodiments herein can provide as method, system or computer program Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the application Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the application, which can be used in one or more, The computer program implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) produces The form of product.
The application is referring to method, the process of equipment (system) and computer program product according to the embodiment of the present application Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates, Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one The step of function of being specified in a box or multiple boxes.
Finally it should be noted that: the above embodiments are merely illustrative of the technical scheme of the present invention and are not intended to be limiting thereof, to the greatest extent Invention is explained in detail referring to above-described embodiment for pipe, it should be understood by those ordinary skilled in the art that: still It can be with modifications or equivalent substitutions are made to specific embodiments of the invention, and without departing from any of spirit and scope of the invention Modification or equivalent replacement, should all cover within the scope of the claims of the present invention.

Claims (12)

1. both sides' identification authentication method between a kind of charge-discharge facility and user terminal, which is characterized in that the described method includes:
It is encoded respectively according to the identity that the identity of charge-discharge facility and user terminal generates charge-discharge facility and user terminal;
The public key and private key for generating charge-discharge facility and user terminal are encoded according to the identity of charge-discharge facility and user terminal;
The two-way authentication between charge-discharge facility and user terminal is carried out using the public key and private key of charge-discharge facility and user terminal.
2. the method as described in claim 1, which is characterized in that the user terminal includes: electric car, mobile terminal and application Platform.
3. method according to claim 2, which is characterized in that the identity of the charge-discharge facility sets for charge-discharge facility Standby number, the identity of electric car is VIN identification code, and the identity of mobile terminal is IMEI coding, the body of application platform Part is identified as platform names identification code.
4. method as claimed in claim 3, which is characterized in that filled according to the identity of charge-discharge facility and user terminal generation The identity coding of electric discharge facility and user terminal, comprising:
(1) the transcoding result of version number is determined as the following formula:
(m+2)*16+n
Wherein, m is the major version number of the version number of identity coding, and n is the sub-version number of the version number of identity coding;
The transcoding result of version number is subjected to ASCII transcoding inverse transformation and obtains version sign character;
(2) if the type of certification entity is charge-discharge facility, it is determined that its corresponding type character is " I ", if certification entity Type is electric car, it is determined that its corresponding type character is " V ", if the type of certification entity is mobile terminal, it is determined that Its corresponding type character is " U ", if the type of certification entity is application platform, it is determined that its corresponding type character is " P ";
(3) according to coding mode be ASCII encode, it is determined that coding mode character be " A ", according to coding mode be BCD coding, it is determined that coding mode character is " B ";
(4) if the total length of identity coding is less than or equal to 36, the transcoding result of code length is determined as the following formula:
L/4+0x30
If the total length of identity coding is greater than 36, the transcoding result of code length is determined as the following formula:
L/4+0x37
Wherein, L is the total length of identity coding;
The transcoding result of code length is subjected to ASCII transcoding inverse transformation and obtains length character;
(5) the 1st bytecode of validity period is determined as the following formula:
(Y-1970)/32
The 2nd bytecode of validity period is determined as the following formula:
(Y-1970) %32
The 3rd bytecode of validity period is the month of the validity period of identity coding;The 4th bytecode of validity period is identity The number of days of the validity period of identification code;
Determine the transcoding result of above-mentioned 4 bytecodes respectively as the following formula:
(z>9)*0x07+z+0x30
In formula, Y is the time of the validity period of identity coding, and z is each bytecode, otherwise it is 0 that the value of z > 9, which is 1,;
The transcoding result of 4 bytecodes is subjected to ASCII transcoding inverse transformation respectively and obtains validity period character;
(6) the identity character for encoding the identity of each certification entity as its identity;
(7) root key that the label that root key generation is center is encoded as identity is generated into center reference characters;
(8) all characters that step (1) to (7) obtains are subjected to CRC12 coding and carry out CODE64 transcoding to obtain identity Coding is checked character;
(9) output identity coding are as follows: version number's character+type character+coding mode character+length character+validity period word Symbol+identity character+root key generates center character+is checked character.
5. the method as described in claim 1, which is characterized in that described to be compiled according to the identity of charge-discharge facility and user terminal Code generates the public key and private key of charge-discharge facility and user terminal, comprising:
Using the identity coding of charge-discharge facility as the public key of charge-discharge facility, and used according to the public key of charge-discharge facility SM9 id password algorithm determines the private key of charge-discharge facility;
The public key as itself is encoded using the identity of user terminal, and SM9 id password algorithm is used according to the public key of itself Determine the private key of each user terminal.
6. the method as described in claim 1, which is characterized in that the public key and private key using charge-discharge facility and user terminal Carry out the two-way authentication between charge-discharge facility and user terminal, comprising:
Charge-discharge facility generates facility random number, and charge-discharge facility data are sent to user terminal, the charge-discharge facility data Public key and current time information including facility random number, charge-discharge facility;
After user terminal receives the charge-discharge facility data that charge-discharge facility sends over, user terminal random number is generated, and The charge-discharge facility data are digitally signed, signature value, the public key of user terminal, user terminal random number, facility is random Several and current time information is passed back to charge-discharge facility as user terminal response message;
After charge-discharge facility receives the user terminal response message of user terminal loopback, received using the public key verifications of user terminal The signature value of user terminal, and verify the validity of user terminal response message;If verifying successfully, it was demonstrated that user terminal identity is legal simultaneously Record the public key of the user terminal;Otherwise, verification process and connection are interrupted;
Key seed is randomly generated in charge-discharge facility, is encrypted to obtain key kind to the key seed using the public key of user terminal Sub- ciphertext, and the second digital signature is done using the facility random number of itself, the public key of charge-discharge facility and current time information, and Charge-discharge facility data are sent to user terminal, the charge-discharge facility data are close including the second digital signature value, key seed The public key and current time information of text, facility random number, charge-discharge facility;
After user terminal receives the charge-discharge facility data of charge-discharge facility transmission, the charge-discharge facility data are verified Validity, using the certification private key decruption key seed ciphertext of itself, obtains the key seed of plaintext state if being verified, Charge-discharge facility and user terminal carry out cipher key derivative according to the key seed of plaintext state and obtain encrypted communication session key, according to The encrypted communication session key protects data communication using symmetry algorithm, otherwise, interrupts verification process and connection.
7. both sides' ID authentication system between a kind of charge-discharge facility and user terminal, which is characterized in that the system comprises:
Coding module, for generating charge-discharge facility and user terminal according to the identity of charge-discharge facility and user terminal respectively Identity coding;
Key production module generates charge-discharge facility and user for encoding according to the identity of charge-discharge facility and user terminal The public key and private key at end;
Authentication module carries out between charge-discharge facility and user terminal for the public key using charge-discharge facility and user terminal and private key Two-way authentication.
8. system as claimed in claim 7, which is characterized in that the user terminal includes: electric car, mobile terminal and application Platform.
9. system as claimed in claim 8, which is characterized in that the identity of the charge-discharge facility sets for charge-discharge facility Standby number, the identity of electric car is VIN identification code, and the identity of mobile terminal is IMEI coding, the body of application platform Part is identified as platform names identification code.
10. system as claimed in claim 7, which is characterized in that the coding module is used for:
(1) the transcoding result of version number is determined as the following formula:
(m+2)*16+n
Wherein, m is the major version number of the version number of identity coding, and n is the sub-version number of the version number of identity coding;
The transcoding result of version number is subjected to ASCII transcoding inverse transformation and obtains version sign character;
(2) if the type of certification entity is charge-discharge facility, it is determined that its corresponding type character is " I ", if certification entity Type is electric car, it is determined that its corresponding type character is " V ", if the type of certification entity is mobile terminal, it is determined that Its corresponding type character is " U ", if the type of certification entity is application platform, it is determined that its corresponding type character is " P ";
(3) according to coding mode be ASCII encode, it is determined that coding mode character be " A ", according to coding mode be BCD coding, it is determined that coding mode character is " B ";
(4) if the total length of identity coding is less than or equal to 36, the transcoding result of code length is determined as the following formula:
L/4+0x30
If the total length of identity coding is greater than 36, the transcoding result of code length is determined as the following formula:
L/4+0x37
Wherein, L is the total length of identity coding;
The transcoding result of code length is subjected to ASCII transcoding inverse transformation and obtains length character;
(5) the 1st bytecode of validity period is determined as the following formula:
(Y-1970)/32
The 2nd bytecode of validity period is determined as the following formula:
(Y-1970) %32
The 3rd bytecode of validity period is the month of the validity period of identity coding;The 4th bytecode of validity period is identity The number of days of the validity period of identification code;
Determine the transcoding result of above-mentioned 4 bytecodes respectively as the following formula:
(z>9)*0x07+z+0x30
In formula, Y is the time of the validity period of identity coding, and z is each bytecode, otherwise it is 0 that the value of z > 9, which is 1,;
The transcoding result of 4 bytecodes is subjected to ASCII transcoding inverse transformation respectively and obtains validity period character;
(6) the identity character for encoding the identity of each certification entity as its identity;
(7) root key that the label that root key generation is center is encoded as identity is generated into center reference characters;
(8) all characters that step (1) to (7) obtains are subjected to CRC12 coding and carry out CODE64 transcoding to obtain identity Coding is checked character;
(9) output identity coding are as follows: version number's character+type character+coding mode character+length character+validity period word Symbol+identity character+root key generates center character+is checked character.
11. system as claimed in claim 7, which is characterized in that the key production module is used for:
Using the identity coding of charge-discharge facility as the public key of charge-discharge facility, and used according to the public key of charge-discharge facility SM9 id password algorithm determines the private key of charge-discharge facility;
The public key as itself is encoded using the identity of user terminal, and SM9 id password algorithm is used according to the public key of itself Determine the private key of each user terminal.
12. system as claimed in claim 7, which is characterized in that the authentication module, comprising: charge-discharge facility authentication unit With user terminal authentication unit;
Charge-discharge facility authentication unit generates charge-discharge facility random number, and charge-discharge facility data are sent to user terminal, described Charge-discharge facility data include the public key and current time information of facility random number, charge-discharge facility;
After user terminal authentication unit receives the data that charge-discharge facility authentication unit is sent, user terminal random number is generated, and to institute Charge-discharge facility data are stated to be digitally signed, by signature value, the public key of user terminal, user terminal random number, facility random number and Current time information is passed back to charge-discharge facility authentication unit as user terminal response message;
After charge-discharge facility authentication unit receives the response message of user terminal authentication unit loopback, the public key verifications of user terminal are used The signature value of the user terminal received, and verify the validity of user terminal response message;If verifying successfully, it was demonstrated that user terminal body Part public key that is legal and recording the user terminal;Otherwise, verification process and connection are interrupted;
Key seed is randomly generated in charge-discharge facility authentication unit, encrypt to the key seed using the public key of user terminal The second number is done to key seed ciphertext, and using the facility random number of itself, the public key of charge-discharge facility and current time information Word signature, and charge-discharge facility data are sent to user terminal, the charge-discharge facility data include the second digital signature value, close Key seed ciphertext, facility random number, the public key of charge-discharge facility and current time information are sent to user terminal authentication unit;
After user terminal authentication unit receives the data that charge-discharge facility authentication unit is sent, the charge-discharge facility data are verified Validity, using the certification private key decruption key seed ciphertext of itself, obtains the key seed of plaintext state if being verified, Charge-discharge facility and user terminal carry out cipher key derivative according to the key seed of plaintext state and obtain encrypted communication session key, according to The encrypted communication session key protects data communication using symmetry algorithm, otherwise, interrupts verification process and connection.
CN201811355944.5A 2018-11-15 2018-11-15 Method and system for authenticating identifiers of both sides between charge and discharge facility and user terminal Active CN109617675B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811355944.5A CN109617675B (en) 2018-11-15 2018-11-15 Method and system for authenticating identifiers of both sides between charge and discharge facility and user terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811355944.5A CN109617675B (en) 2018-11-15 2018-11-15 Method and system for authenticating identifiers of both sides between charge and discharge facility and user terminal

Publications (2)

Publication Number Publication Date
CN109617675A true CN109617675A (en) 2019-04-12
CN109617675B CN109617675B (en) 2024-02-06

Family

ID=66004446

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811355944.5A Active CN109617675B (en) 2018-11-15 2018-11-15 Method and system for authenticating identifiers of both sides between charge and discharge facility and user terminal

Country Status (1)

Country Link
CN (1) CN109617675B (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110198214A (en) * 2019-06-02 2019-09-03 四川虹微技术有限公司 Identity generation method, verification method and device
CN112039918A (en) * 2020-09-10 2020-12-04 四川长虹电器股份有限公司 Internet of things credible authentication method based on identification cryptographic algorithm
CN112218294A (en) * 2020-09-08 2021-01-12 深圳市燃气集团股份有限公司 5G-based access method and system for Internet of things equipment and storage medium
CN113849866A (en) * 2021-09-17 2021-12-28 重庆思骑科技有限公司 Method, device, storage medium and equipment for self-decryption of one-wire telephone
CN113963487A (en) * 2021-11-24 2022-01-21 北京联行网络科技有限公司 Charging pile offline charging method and system
CN114394026A (en) * 2021-12-21 2022-04-26 中汽创智科技有限公司 Electric vehicle charging method, system and device, charging pile and storage medium
CN115314227A (en) * 2022-10-10 2022-11-08 广东电网有限责任公司江门供电局 Charging pile access authentication method, system and equipment

Citations (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020078346A1 (en) * 2000-12-19 2002-06-20 Ravi Sandhu Secure communications network with user control of authenticated personal information provided to network entities
US20070136800A1 (en) * 2005-12-13 2007-06-14 Microsoft Corporation Two-way authentication using a combined code
US7953391B2 (en) * 2005-06-03 2011-05-31 Samsung Electronics Co., Ltd Method for inclusive authentication and management of service provider, terminal and user identity module, and system and terminal device using the method
CN103049809A (en) * 2012-08-23 2013-04-17 国电大渡河瀑布沟发电有限公司 Equipment coding method
CN104022549A (en) * 2014-06-08 2014-09-03 山东天海科技股份有限公司 Intelligent charging access system for electric automobile
US20140325225A1 (en) * 2013-04-27 2014-10-30 Quantron Inc. Self-authenticated method with timestamp
CN105450623A (en) * 2014-11-26 2016-03-30 国家电网公司 Access authentication method of electric automobile
CN105939343A (en) * 2016-04-14 2016-09-14 江苏马上游科技股份有限公司 Client and server bidirectional authentication method based on information secondary coding
CN105978906A (en) * 2016-07-01 2016-09-28 中国人民解放军国防科学技术大学 Identity based communication handshake protocol
CN106330444A (en) * 2015-06-19 2017-01-11 中兴新能源汽车有限责任公司 Electric vehicle authentication method and device
WO2017016318A1 (en) * 2014-11-05 2017-02-02 祝国龙 Credible label generation and verification method and system based on asymmetric cryptographic algorithm
CN106452767A (en) * 2016-12-20 2017-02-22 广东南方信息安全产业基地有限公司 Identity authentication public key management system based access authentication method
CN106713236A (en) * 2015-11-17 2017-05-24 成都腾甲数据服务有限公司 End-to-end identity authentication and encryption method based on CPK identifier authentication
WO2017177435A1 (en) * 2016-04-15 2017-10-19 深圳前海达闼云端智能科技有限公司 Identity authentication method, terminal and server
CN107566127A (en) * 2017-09-30 2018-01-09 北京迪曼森科技有限公司 A kind of generation method and application method of IKI Trusted Digitals mark
US9887975B1 (en) * 2016-08-03 2018-02-06 KryptCo, Inc. Systems and methods for delegated cryptography
CN107947913A (en) * 2017-11-15 2018-04-20 武汉大学 The anonymous authentication method and system of a kind of identity-based
WO2018095050A1 (en) * 2016-11-24 2018-05-31 华为技术有限公司 Identity authentication method, device, and system
CN108544933A (en) * 2018-03-09 2018-09-18 宁德时代新能源科技股份有限公司 Charging authentication method and system, authentication chip and storage medium

Patent Citations (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020078346A1 (en) * 2000-12-19 2002-06-20 Ravi Sandhu Secure communications network with user control of authenticated personal information provided to network entities
US7953391B2 (en) * 2005-06-03 2011-05-31 Samsung Electronics Co., Ltd Method for inclusive authentication and management of service provider, terminal and user identity module, and system and terminal device using the method
US20070136800A1 (en) * 2005-12-13 2007-06-14 Microsoft Corporation Two-way authentication using a combined code
CN103049809A (en) * 2012-08-23 2013-04-17 国电大渡河瀑布沟发电有限公司 Equipment coding method
US20140325225A1 (en) * 2013-04-27 2014-10-30 Quantron Inc. Self-authenticated method with timestamp
CN104022549A (en) * 2014-06-08 2014-09-03 山东天海科技股份有限公司 Intelligent charging access system for electric automobile
WO2017016318A1 (en) * 2014-11-05 2017-02-02 祝国龙 Credible label generation and verification method and system based on asymmetric cryptographic algorithm
CN105450623A (en) * 2014-11-26 2016-03-30 国家电网公司 Access authentication method of electric automobile
CN106330444A (en) * 2015-06-19 2017-01-11 中兴新能源汽车有限责任公司 Electric vehicle authentication method and device
CN106713236A (en) * 2015-11-17 2017-05-24 成都腾甲数据服务有限公司 End-to-end identity authentication and encryption method based on CPK identifier authentication
CN105939343A (en) * 2016-04-14 2016-09-14 江苏马上游科技股份有限公司 Client and server bidirectional authentication method based on information secondary coding
WO2017177435A1 (en) * 2016-04-15 2017-10-19 深圳前海达闼云端智能科技有限公司 Identity authentication method, terminal and server
CN105978906A (en) * 2016-07-01 2016-09-28 中国人民解放军国防科学技术大学 Identity based communication handshake protocol
US9887975B1 (en) * 2016-08-03 2018-02-06 KryptCo, Inc. Systems and methods for delegated cryptography
WO2018095050A1 (en) * 2016-11-24 2018-05-31 华为技术有限公司 Identity authentication method, device, and system
CN106452767A (en) * 2016-12-20 2017-02-22 广东南方信息安全产业基地有限公司 Identity authentication public key management system based access authentication method
CN107566127A (en) * 2017-09-30 2018-01-09 北京迪曼森科技有限公司 A kind of generation method and application method of IKI Trusted Digitals mark
CN107947913A (en) * 2017-11-15 2018-04-20 武汉大学 The anonymous authentication method and system of a kind of identity-based
CN108544933A (en) * 2018-03-09 2018-09-18 宁德时代新能源科技股份有限公司 Charging authentication method and system, authentication chip and storage medium

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
周楝淞;卿昱;谭平嶂;杨洁;庞飞;: "一种改进的基于标识的认证系统的实现", 信息安全与通信保密, no. 02 *
袁峰;程朝辉;: "SM9标识密码算法综述", 信息安全研究, no. 11 *
谢艳容;马文平;罗维;: "一种新的信息服务实体跨域认证模型", 计算机科学, no. 09 *
谢颖莹;: "基于PKI的身份认证系统的研究与设计", 中国电力教育, no. 3 *
黄会宝;江德军;吴双利;: "面向全流域的监测设施编码体系研究", 水利信息化, no. 06 *

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110198214A (en) * 2019-06-02 2019-09-03 四川虹微技术有限公司 Identity generation method, verification method and device
CN110198214B (en) * 2019-06-02 2022-02-22 四川虹微技术有限公司 Identity generation method, identity verification method and identity verification device
CN112218294A (en) * 2020-09-08 2021-01-12 深圳市燃气集团股份有限公司 5G-based access method and system for Internet of things equipment and storage medium
WO2022052493A1 (en) * 2020-09-08 2022-03-17 深圳市燃气集团股份有限公司 5g-based internet of things device access method and system, and storage medium
US11743726B2 (en) 2020-09-08 2023-08-29 Shenzhen Gas Corporation Ltd. Access method and system of internet of things equipment based on 5G, and storage medium
CN112039918A (en) * 2020-09-10 2020-12-04 四川长虹电器股份有限公司 Internet of things credible authentication method based on identification cryptographic algorithm
CN112039918B (en) * 2020-09-10 2021-08-06 四川长虹电器股份有限公司 Internet of things credible authentication method based on identification cryptographic algorithm
CN113849866A (en) * 2021-09-17 2021-12-28 重庆思骑科技有限公司 Method, device, storage medium and equipment for self-decryption of one-wire telephone
CN113963487A (en) * 2021-11-24 2022-01-21 北京联行网络科技有限公司 Charging pile offline charging method and system
CN114394026A (en) * 2021-12-21 2022-04-26 中汽创智科技有限公司 Electric vehicle charging method, system and device, charging pile and storage medium
CN115314227A (en) * 2022-10-10 2022-11-08 广东电网有限责任公司江门供电局 Charging pile access authentication method, system and equipment
CN115314227B (en) * 2022-10-10 2023-01-20 广东电网有限责任公司江门供电局 Charging pile access authentication method, system and equipment

Also Published As

Publication number Publication date
CN109617675B (en) 2024-02-06

Similar Documents

Publication Publication Date Title
CN109617675A (en) Both sides' identification authentication method and system between a kind of charge-discharge facility and user terminal
CN108270571B (en) Internet of Things identity authorization system and its method based on block chain
CN106375287B (en) Charging method of new energy automobile
CN102170357B (en) Combined secret key dynamic security management system
CN102111265B (en) Method for encrypting secure chip of power system acquisition terminal
CN103597520B (en) The ticketing service method and system of identity-based
CN101300808B (en) Method and arrangement for secure autentication
CN101409619B (en) Flash memory card and method for implementing virtual special network key exchange
CN108964892B (en) Generation method, application method, management system and the application system of trusted application mark
CN101860525B (en) Realizing method of electronic authorization warrant, intelligent terminal, authorization system and verification terminal
CN110753344B (en) NB-IoT-based smart meter secure access system
CN103685323A (en) Method for realizing intelligent home security networking based on intelligent cloud television gateway
CN101103358A (en) Security code production method and methods of using the same, and programmable device therefor
CN113704780B (en) Power distribution network user side information self-adaptive encryption method based on model driving
CN105897784A (en) Internet of things terminal equipment encryption communication method and device
CN109257328A (en) A kind of safety interacting method and device of scene operation/maintenance data
CN109474419A (en) A kind of living body portrait photo encryption and decryption method and encrypting and deciphering system
CN105847005A (en) Encryption device and method
CN111435390A (en) Safety protection method for operation and maintenance tool of power distribution terminal
CN108650096A (en) A kind of industrial field bus control system
CN104579659A (en) Device for safety information interaction
CN113595725B (en) Communication system and communication method based on quantum key card arrangement
CN114238878A (en) Traceable data authorization transfer control method and system
CN111435389A (en) Power distribution terminal operation and maintenance tool safety protection system
CN107104792B (en) Portable mobile password management system and management method thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant