CN109617675A - Both sides' identification authentication method and system between a kind of charge-discharge facility and user terminal - Google Patents
Both sides' identification authentication method and system between a kind of charge-discharge facility and user terminal Download PDFInfo
- Publication number
- CN109617675A CN109617675A CN201811355944.5A CN201811355944A CN109617675A CN 109617675 A CN109617675 A CN 109617675A CN 201811355944 A CN201811355944 A CN 201811355944A CN 109617675 A CN109617675 A CN 109617675A
- Authority
- CN
- China
- Prior art keywords
- charge
- user terminal
- discharge facility
- identity
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 53
- 230000005540 biological transmission Effects 0.000 claims abstract description 10
- 238000004891 communication Methods 0.000 claims description 28
- 238000004422 calculation algorithm Methods 0.000 claims description 27
- 230000004044 response Effects 0.000 claims description 21
- 230000008569 process Effects 0.000 claims description 18
- 230000009466 transformation Effects 0.000 claims description 18
- 238000012795 verification Methods 0.000 claims description 17
- 238000004519 manufacturing process Methods 0.000 claims description 7
- 238000004590 computer program Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 7
- 238000012545 processing Methods 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 3
- 241001672018 Cercomela melanura Species 0.000 description 2
- 238000009825 accumulation Methods 0.000 description 2
- 230000008901 benefit Effects 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 239000013589 supplement Substances 0.000 description 2
- 102100038591 Endothelial cell-selective adhesion molecule Human genes 0.000 description 1
- 101000882622 Homo sapiens Endothelial cell-selective adhesion molecule Proteins 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000002457 bidirectional effect Effects 0.000 description 1
- 230000001680 brushing effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000007599 discharging Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000000047 product Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
- 230000002123 temporal effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Abstract
The present invention relates to the both sides' identification authentication methods and system between a kind of charge-discharge facility and user terminal, the described method includes: being encoded according to the identity that the identity of charge-discharge facility and user terminal generates charge-discharge facility and user terminal, then the public key and private key for generating charge-discharge facility and user terminal are encoded according to the identity, and then the two-way authentication between charge-discharge facility and user terminal is carried out using the public key and private key, based on the above-mentioned technical proposal, its unique public key and private key are determined using the identity of certification entity, establish authentication in the technical foundation of mark encryption, data transmission security in effective guarantee authentication procedures, the offline crypto identity certification being suitable between charge-discharge facility and user or terminal device simultaneously, improve versatility.
Description
Technical field
The present invention relates to new-energy automobile safety certification fields, and in particular to double between a kind of charge-discharge facility and user terminal
Square identification authentication method and system.
Background technique
The technology of new-energy automobile is gradually to the development of intelligent and pure electric drive, in the car networking service built based on power grid
The quantity of the registration user accessed on platform is constantly significantly increased, in order to meet the demand of growing user, on platform
Have more and more charge-discharge facility accesses;Therefore to the identity identifying technology realized between charge-discharge facility and user terminal
It is required that also higher and higher.
Existing new-energy automobile certification mainly uses following methods: by brushing specific recharged card in charge-discharge facility
Authentication is carried out to authenticate user identity and scan the two dimensional code in charge-discharge facility by mobile phone app;Wherein, recharged card side
Although formula supports the charging of charge-discharge facility off-line trading, cannot be mutual between the recharged card and charge-discharge facility of different manufacturers
Certification, causes user inconvenient for use, and be only capable of being authenticated between charge-discharge facility and recharged card, can not achieve charge and discharge and set
The certification between electric car is applied, in addition, the authentication password algorithm of recharged card mode is symmetric key algorithm, key management is multiple
It is miscellaneous, need to install additional card-reading apparatus and PSAM card in charge-discharge facility, it is at high cost;Mobile phone app mode supplements the backstage clothes of service with money
Business system must assure that online, could pass through mobile phone app Certificate Authority, and charging authorization, and this can not be carried out under offline environment
Kind authentication mode must be by two dimensional code in scanning charge-discharge facility, and extracts the charge-discharge facility label information among two dimensional code,
Then background service system is sent jointly to the user name of oneself, password and carry out authenticating identity, protect without effective communication security
Shield ensures that, in addition, needing to install additional display screen in charge-discharge facility, high failure rate is at high cost;Current new-energy automobile certification
Mechanics of communication using the control chip in charging pile equipment by GPIO interface and ESAM chip communication, and by UART interface with
The method that the metering and billing terminal of charging pile equipment is communicated, but this method only can guarantee inside charging pile and billing terminal it
Between realize complete communication, cannot achieve the authentication between charging pile and vehicle/user, and cannot ensure verification process
The safety of middle communication.
Summary of the invention
The present invention provides both sides' identification authentication method and system between a kind of charge-discharge facility and user terminal, and the purpose is to benefits
The public key and private key that authentication entity is generated with mark encryption technology, public key and private key transmission of authentication information based on generation are real
The bidirectional identity authentication between entity is now authenticated in many ways, and the safety of authentication information transmission has been effectively ensured, has been suitable for new energy
A variety of authentication entities of automotive field, and reduce authentication operation complexity and cost.
The purpose of the present invention is adopt the following technical solutions realization:
Both sides' identification authentication method between a kind of charge-discharge facility and user terminal, it is improved in that the method packet
It includes:
The identity of charge-discharge facility and user terminal is generated according to the identity of charge-discharge facility and user terminal respectively
Coding;
Public key and the private for generating charge-discharge facility and user terminal are encoded according to the identity of charge-discharge facility and user terminal
Key;
The two-way authentication between charge-discharge facility and user terminal is carried out using the public key and private key of charge-discharge facility and user terminal.
Preferably, the user terminal includes: electric car, mobile terminal and application platform.
Further, the identity of the charge-discharge facility is charge-discharge facility device number, the identity mark of electric car
Knowing is VIN identification code, and the identity of mobile terminal is IMEI coding, and the identity of application platform is platform names identification
Code.
Further, the identity of charge-discharge facility and user terminal is generated according to the identity of charge-discharge facility and user terminal
Identification code, comprising:
(1) the transcoding result of version number is determined as the following formula:
(m+2)*16+n
Wherein, m is the major version number of the version number of identity coding, and n is the sub- version of the version number of identity coding
This number;
The transcoding result of version number is subjected to ASCII transcoding inverse transformation and obtains version sign character;
(2) if the type of certification entity is charge-discharge facility, it is determined that its corresponding type character is " I ", if certification is real
The type of body is electric car, it is determined that its corresponding type character is " V ", if the type of certification entity is mobile terminal,
Determine that its corresponding type character is " U ", if the type of certification entity is application platform, it is determined that its corresponding type character is
"P";
(3) according to coding mode be ASCII encode, it is determined that coding mode character be " A ", according to coding staff
Formula is BCD coding, it is determined that coding mode character is " B ";
(4) if the total length of identity coding is less than or equal to 36, the transcoding result of code length is determined as the following formula:
L/4+0x30
If the total length of identity coding is greater than 36, the transcoding result of code length is determined as the following formula:
L/4+0x37
Wherein, L is the total length of identity coding;
The transcoding result of code length is subjected to ASCII transcoding inverse transformation and obtains length character;
(5) the 1st bytecode of validity period is determined as the following formula:
(Y-1970)/32
The 2nd bytecode of validity period is determined as the following formula:
(Y-1970) %32
The 3rd bytecode of validity period is the month of the validity period of identity coding;The 4th bytecode of validity period be
The number of days of the validity period of identity coding;
Determine the transcoding result of above-mentioned 4 bytecodes respectively as the following formula:
(z>9)*0x07+z+0x30
In formula, Y is the time of the validity period of identity coding, and z is each bytecode, otherwise it is 0 that the value of z > 9, which is 1,;
The transcoding result of 4 bytecodes is subjected to ASCII transcoding inverse transformation respectively and obtains validity period character;
(6) the identity character for encoding the identity of each certification entity as its identity;
(7) root key that the label that root key generation is center is encoded as identity is generated into center reference characters;
(8) all characters that step (1) to (7) obtains are subjected to CRC12 coding and carry out CODE64 transcoding to obtain identity
Identification code is checked character;
(9) output identity coding are as follows: version number's character+type character+coding mode character+length character+effectively
Phase character+identity character+root key generates center character+is checked character;
Preferably, described encoded according to the identity of charge-discharge facility and user terminal generates charge-discharge facility and user terminal
Public key and private key, comprising:
Using the identity coding of charge-discharge facility as the public key of charge-discharge facility, and according to the public key of charge-discharge facility
The private key of charge-discharge facility is determined using SM9 id password algorithm;
The public key as itself is encoded using the identity of user terminal, and SM9 id password is used according to the public key of itself
Algorithm determines the private key of each user terminal.
Preferably, described to be carried out between charge-discharge facility and user terminal using the public key and private key of charge-discharge facility and user terminal
Two-way authentication, comprising:
Charge-discharge facility generates facility random number, and charge-discharge facility data are sent to user terminal, the charge-discharge facility
Data include the public key and current time information of facility random number, charge-discharge facility;
After user terminal receives the charge-discharge facility data that charge-discharge facility sends over, it is random to generate user terminal
Number, and the charge-discharge facility data are digitally signed, by signature value, the public key of user terminal, user terminal random number, facility
Random number and current time information are passed back to charge-discharge facility as user terminal response message;
After charge-discharge facility receives the user terminal response message of user terminal loopback, received using the public key verifications of user terminal
The signature value of the user terminal arrived, and verify the validity of user terminal response message;If verifying successfully, it was demonstrated that user terminal identity is closed
Method and the public key for recording the user terminal;Otherwise, verification process and connection are interrupted;
Key seed is randomly generated in charge-discharge facility, is encrypted to obtain to the key seed using the public key of user terminal close
Key seed ciphertext, and do the second number using the facility random number of itself, the public key of charge-discharge facility and current time information and sign
Name, and charge-discharge facility data are sent to user terminal, the charge-discharge facility data include the second digital signature value, key kind
The public key and current time information of sub- ciphertext, facility random number, charge-discharge facility;
After user terminal receives the charge-discharge facility data of charge-discharge facility transmission, the charge-discharge facility number is verified
According to validity, if being verified, use the certification private key decruption key seed ciphertext of itself, obtain plaintext state key kind
Son, charge-discharge facility and user terminal carry out cipher key derivative according to the key seed of plaintext state and obtain encrypted communication session key,
Data communication is protected using symmetry algorithm according to the encrypted communication session key, otherwise, interrupts verification process and connection.
Both sides' ID authentication system between a kind of charge-discharge facility and user terminal, it is improved in that the system packet
It includes:
Coding module, for generating charge-discharge facility and user according to the identity of charge-discharge facility and user terminal respectively
The identity at end encodes;
Key production module, for according to the identity of charge-discharge facility and user terminal encode generate charge-discharge facility and
The public key and private key of user terminal;
Authentication module, for the public key and private key progress charge-discharge facility and user terminal using charge-discharge facility and user terminal
Between two-way authentication.
Preferably, the user terminal includes: electric car, mobile terminal and application platform.
Further, the identity of the charge-discharge facility is charge-discharge facility device number, the identity mark of electric car
Knowing is VIN identification code, and the identity of mobile terminal is IMEI coding, and the identity of application platform is platform names identification
Code.
Preferably, the coding module, is used for:
(1) the transcoding result of version number is determined as the following formula:
(m+2)*16+n
Wherein, m is the major version number of the version number of identity coding, and n is the sub- version of the version number of identity coding
This number;
The transcoding result of version number is subjected to ASCII transcoding inverse transformation and obtains version sign character;
(2) if the type of certification entity is charge-discharge facility, it is determined that its corresponding type character is " I ", if certification is real
The type of body is electric car, it is determined that its corresponding type character is " V ", if the type of certification entity is mobile terminal,
Determine that its corresponding type character is " U ", if the type of certification entity is application platform, it is determined that its corresponding type character is
"P";
(3) according to coding mode be ASCII encode, it is determined that coding mode character be " A ", according to coding staff
Formula is BCD coding, it is determined that coding mode character is " B ";
(4) if the total length of identity coding is less than or equal to 36, the transcoding result of code length is determined as the following formula:
L/4+0x30
If the total length of identity coding is greater than 36, the transcoding result of code length is determined as the following formula:
L/4+0x37
Wherein, L is the total length of identity coding;
The transcoding result of code length is subjected to ASCII transcoding inverse transformation and obtains length character;
(5) the 1st bytecode of validity period is determined as the following formula:
(Y-1970)/32
The 2nd bytecode of validity period is determined as the following formula:
(Y-1970) %32
The 3rd bytecode of validity period is the month of the validity period of identity coding;The 4th bytecode of validity period be
The number of days of the validity period of identity coding;
Determine the transcoding result of above-mentioned 4 bytecodes respectively as the following formula:
(z>9)*0x07+z+0x30
In formula, Y is the time of the validity period of identity coding, and z is each bytecode, otherwise it is 0 that the value of z > 9, which is 1,;
The transcoding result of 4 bytecodes is subjected to ASCII transcoding inverse transformation respectively and obtains validity period character;
(6) the identity character for encoding the identity of each certification entity as its identity;
(7) root key that the label that root key generation is center is encoded as identity is generated into center reference characters;
(8) all characters that step (1) to (7) obtains are subjected to CRC12 coding and carry out CODE64 transcoding to obtain identity
Identification code is checked character;
(9) output identity coding are as follows: version number's character+type character+coding mode character+length character+effectively
Phase character+identity character+root key generates center character+is checked character.
Preferably, the key production module, is used for:
Using the identity coding of charge-discharge facility as the public key of charge-discharge facility, and according to the public key of charge-discharge facility
The private key of charge-discharge facility is determined using SM9 id password algorithm;
The public key as itself is encoded using the identity of user terminal, and SM9 id password is used according to the public key of itself
Algorithm determines the private key of each user terminal.
Preferably, the authentication module, comprising: charge-discharge facility authentication unit and user terminal authentication unit;
Charge-discharge facility authentication unit generates charge-discharge facility random number, and charge-discharge facility data are sent to user terminal,
The charge-discharge facility data include the public key and current time information of facility random number, charge-discharge facility;
After user terminal authentication unit receives the data that charge-discharge facility authentication unit is sent, user terminal random number is generated, and
The charge-discharge facility data are digitally signed, signature value, the public key of user terminal, user terminal random number, facility is random
Several and current time information is passed back to charge-discharge facility authentication unit as user terminal response message;
After charge-discharge facility authentication unit receives the response message of user terminal authentication unit loopback, the public key of user terminal is used
The signature value of the user terminal received is verified, and verifies the validity of user terminal response message;If verifying successfully, it was demonstrated that user
End identity is legal and records the public key of the user terminal;Otherwise, verification process and connection are interrupted;
Key seed is randomly generated in charge-discharge facility authentication unit, is added using the public key of user terminal to the key seed
It is close to obtain key seed ciphertext, and is done using the facility random number of itself, the public key of charge-discharge facility and current time information
Two digital signature, and charge-discharge facility data are sent to user terminal, the charge-discharge facility data include the second digital signature
It is single that value, key seed ciphertext, facility random number, the public key of charge-discharge facility and current time information are sent to user terminal certification
Member;
After user terminal authentication unit receives the data that charge-discharge facility authentication unit is sent, the charge-discharge facility number is verified
According to validity, if being verified, use the certification private key decruption key seed ciphertext of itself, obtain plaintext state key kind
Son, charge-discharge facility and user terminal carry out cipher key derivative according to the key seed of plaintext state and obtain encrypted communication session key,
Data communication is protected using symmetry algorithm according to the encrypted communication session key, otherwise, interrupts verification process and connection.
Compared with the immediate prior art, the present invention is also had the following beneficial effects:
Using technical solution of the present invention, according to the identity of charge-discharge facility and user terminal generate charge-discharge facility and
The identity of user terminal encodes, and public key and the private for generating charge-discharge facility and user terminal are then encoded according to the identity
Key is generated the public key and private key for being used for authentication by the method for tagged keys system, ensure that in authentication procedures
The safety and reliability of authentication data transmission;And it is carried out using the public key and private key double between charge-discharge facility and user terminal
To certification, overcome in conventional authentication method it is complicated for operation, at high cost, offline environment is infeasible and be only limitted to charge-discharge facility and
The problem of metering and billing terminal, the two-way authentication being able to achieve between a variety of certification entities in new-energy automobile field effectively increase and recognize
Demonstrate,prove versatility and authentication efficiency.
Detailed description of the invention
Fig. 1 is the flow chart of both sides' identification authentication method between charge-discharge facility of the embodiment of the present invention and user terminal;
Fig. 2 is the operation detailed map of both sides' identification authentication method between charge-discharge facility of the embodiment of the present invention and user terminal;
Fig. 3 is the certification network structure of both sides' identification authentication method between charge-discharge facility of the embodiment of the present invention and user terminal
Figure;
Fig. 4 is the structural schematic diagram of both sides' ID authentication system between charge-discharge facility of the embodiment of the present invention and user terminal.
Specific embodiment
It elaborates with reference to the accompanying drawing to a specific embodiment of the invention.
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is
A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art
All other embodiment obtained without making creative work, shall fall within the protection scope of the present invention.
Technical solution of the present invention realizes that one kind identifies in many ways using the id password algorithm based on the close SM9 algorithm of state
Authentication password system, at the same can reach based on certification negotiation mechanism offline scenario under charge-discharge facility and electric car and
The target of two-way authentication, key management and encrypted transmission between mobile terminal.Based on above-mentioned technical goal, technical side of the invention
Case combine " administrative center, using the thinking for removing " center ", it then follows the close SM9 algorithm standard rules of state construct a multi-party mark and manage
Reason and authentication model;By the unifying identifier coding rule of setting, solve the problems, such as the Semantic of client public key in SM9 algorithm,
And then realize the authentication for being suitable for various certification entities and application environment.
The present invention provides a kind of accumulation energy type photovoltaic plants for supporting power grid"black-start" to start method and system, carries out below
Explanation.
Embodiment one:
Fig. 1 shows the process that the accumulation energy type photovoltaic plant starting method of power grid"black-start" is supported in the embodiment of the present invention
Figure, as shown in Figure 1, the method may include:
101. the identity of charge-discharge facility and user terminal is generated according to the identity of charge-discharge facility and user terminal respectively
Identification code;
102. encoding the public key for generating charge-discharge facility and user terminal according to the identity of charge-discharge facility and user terminal
And private key;
103. being carried out using the public key and private key of charge-discharge facility and user terminal two-way between charge-discharge facility and user terminal
Certification.
Wherein, the user terminal may include: electric car, mobile terminal and application platform.
The identity of the charge-discharge facility is charge-discharge facility device number (serial number, 6 bit digitals), electric car
Identity is VIN identification code (license plate number, totally 24 characters), and the identity of mobile terminal is IMEI coding (or other hands
Machine intrinsic information), the identity of application platform is platform names identification code.
The present invention is unified by the mark rule of charge-discharge facility, electric car, user, convenient for the classification of mark, classification, divides
Domain management;
Unifying identifier coding rule is adapted to the coding rule of various main bodys in system, provides unique identification for user, and
A kind of method for providing Code64 transcoding carries out transcoding to unique identification, changes into printable character;
Specifically, the identity mark of charge-discharge facility and user terminal is generated according to the identity of charge-discharge facility and user terminal
Know coding, may include:
(1) the transcoding result of version number is determined as the following formula:
(m+2)*16+n
Wherein, m is the major version number of the version number of identity coding, and n is the sub- version of the version number of identity coding
This number;
The transcoding result of version number is subjected to ASCII transcoding inverse transformation and obtains version sign character;
(2) if the type of certification entity is charge-discharge facility, it is determined that its corresponding type character is " I ", if certification is real
The type of body is electric car, it is determined that its corresponding type character is " V ", if the type of certification entity is mobile terminal,
Determine that its corresponding type character is " U ", if the type of certification entity is application platform, it is determined that its corresponding type character is
"P";
(3) according to coding mode be ASCII encode, it is determined that coding mode character be " A ", according to coding staff
Formula is BCD coding, it is determined that coding mode character is " B ";
(4) if the total length of identity coding is less than or equal to 36, the transcoding result of code length is determined as the following formula:
L/4+0x30
If the total length of identity coding is greater than 36, the transcoding result of code length is determined as the following formula:
L/4+0x37
Wherein, L is the total length of identity coding;
The transcoding result of code length is subjected to ASCII transcoding inverse transformation and obtains length character;
(5) the 1st bytecode of validity period is determined as the following formula:
(Y-1970)/32
The 2nd bytecode of validity period is determined as the following formula:
(Y-1970) %32
The 3rd bytecode of validity period is the month of the validity period of identity coding;The 4th bytecode of validity period be
The number of days of the validity period of identity coding;
Determine the transcoding result of above-mentioned 4 bytecodes respectively as the following formula:
(z>9)*0x07+z+0x30
In formula, Y is the time of the validity period of identity coding, and z is each bytecode, otherwise it is 0 that the value of z > 9, which is 1,;
The transcoding result of 4 bytecodes is subjected to ASCII transcoding inverse transformation respectively and obtains validity period character;
(6) the identity character for encoding the identity of each certification entity as its identity;
(7) root key that the label that root key generation is center is encoded as identity is generated into center reference characters;
(8) all characters that step (1) to (7) obtains are subjected to CRC12 coding and carry out CODE64 transcoding to obtain identity
Identification code is checked character;
(9) output identity coding are as follows: version number's character+type character+coding mode character+length character+effectively
Phase character+identity character+root key generates center character+is checked character;
Wherein, before the length character for obtaining identity coding, may include:
The total length of current identity coding is obtained, if length is not 4 multiple, insufficient section is filled out using '='
It fills, otherwise, without supplement, directly acquires the length character of identity coding;Identity coding rule is as shown in table 1:
1. identity code character of table sets rule list
Wherein, code64 transcoding rule such as table 2 shows:
Table 2.code64 transcoding rule list
Hex | Transcoding | Hex | Transcoding | Hex | Transcoding | Hex | Transcoding |
00 | @ | 10 | G | 20 | W | 30 | m |
01 | 1 | 11 | H | 21 | X | 31 | n |
02 | 2 | 12 | I | 22 | Y | 32 | o |
03 | 3 | 13 | J | 23 | Z | 33 | p |
04 | 4 | 14 | K | 24 | a | 34 | q |
05 | 5 | 15 | L | 25 | b | 35 | r |
06 | 6 | 16 | M | 26 | c | 36 | s |
07 | 7 | 17 | N | 27 | d | 37 | t |
08 | 8 | 18 | O | 28 | e | 38 | u |
09 | 9 | 19 | P | 29 | f | 39 | v |
0A | A | 1A | Q | 2A | g | 3A | w |
0B | B | 1B | R | 2B | h | 3B | x |
0C | C | 1C | S | 2C | i | 3C | y |
0D | D | 1D | T | 2D | j | 3D | z |
0E | E | 1E | U | 2E | k | 3E | * |
0F | F | 1F | V | 2F | l | 3F | + |
Wherein, specific transcoding mode is as follows:
#define Code64_switch61 (x) (x > 61)? (' * '+(x) -62): (' a '+(x) -36)
#define Code64_switch35 (x) (x > 35)? (Code64_switch61 (x)): (' A '+(x) -10)
#define Code64_switch9 (x) (x > 9)? (Code64_switch35 (x)): (' 0 '+(x))
#define Code64 (x) (x)? (Code64_switch9 (x)): ('@')
Fill character and be set as '='.
If the pincode of charge-discharge facility i are as follows: 4205100000000001 11s1 of 1VA7 43CV;Then wherein
A character and the corresponding relationship of charge and discharge setting i information are as follows:
Version sign character is 1: current version V1.1;
Type character is V: charge-discharge facility;
Coding mode character is A:Ascii coding;
Length character is 7: 28 bytes of total length;
Validity period character is 43CV: validity period 2099-12-31;
Identity character is 4205100000000001: the device numbering of charge-discharge facility i is
4205100000000001;
It is 11 that root key, which generates center reference characters: root key generates center marked as 11;
It checks character and is encoded to 0xD981, preceding 6bit for the CRC12 of s1:1VA7 43CV 4,205,100,000,000,001 11
It is 0x01 for 0x36, rear 6bit, is s1 through CODE64 transcoding;
Wherein, charge-discharge facility identity coding belongs to a kind of device identification, in addition to coding rule necessity field, may be used also
To contain following field:
A) geography information (administrative regional division of the People's Republic of China's code (GB/T 2260-2007), 6 bit digitals);
Fig. 2 shows the operating processes of both sides' identification authentication method between charge-discharge facility of the embodiment of the present invention and user terminal
Detailed map, as shown in Fig. 2, being based on hierarchical public key trust mechanism proposed by the present invention, building multistage divides the key management mould in domain
Formula is realized the flattening of cipher key authority, and is supported across the authentication between security domain.
Establish hierarchical tagged keys management system;According to application scenarios demand, key management hierarchical structure is designed;Base
In the hierarchical public key trust mechanism proposed by the present invention based on SM9 algorithm, build root key generate center (KGC) and it is each under
Grade key generation centre, and establish trusting relationship.
It is the corresponding key generation centre of total power grid that the root key, which generates center, and junior's key generation centre includes
Charge-discharge facility operator key generates center, charge and discharge platform operator key generates center, electric car manufacturer key is raw
At center etc., after each key generation centre receives the mark application of corresponding certification entity, according to charge-discharge facility and user
The identity coding at end generates the public key of certification entity, and distributes to corresponding certification entity, and then raw according to the public key
At corresponding private key;
Specifically, described encoded according to the identity of charge-discharge facility and user terminal generates charge-discharge facility and user terminal
Public key and private key, may include:
Using the identity coding of charge-discharge facility as the public key of charge-discharge facility, and according to the public key of charge-discharge facility
The private key of charge-discharge facility is determined using SM9 id password algorithm;
The public key as itself is encoded using the identity of user terminal, and SM9 id password is used according to the public key of itself
Algorithm determines the private key of each user terminal.
Fig. 3 shows the certification network of both sides' identification authentication method between charge-discharge facility of the embodiment of the present invention and user terminal
Structure chart, as shown in figure 3, charge-discharge facility and electric car containing SE safety chip pass through PLC, CAN bus or Ethernet
It interconnects;The charge-discharge facility and mobile terminal are interconnected by bluetooth or NFC;
The two-way authentication between charge-discharge facility and user terminal is carried out using the public key and private key of charge-discharge facility and user terminal
Before, may include: that following initialization step is carried out to charge-discharge facility, electric car and mobile terminal:
Identity coding PointID (SM9 public key) is issued to charge-discharge facility in the center charge-discharge facility operator KGC,
With SM9 encryption and decryption private key, signature private key, and it is stored in SE safety chip.
Identification information UserID1 (SM9 public key) and SM9 encryption and decryption are issued to electric car in the center electric car manufacturer KGC
Private key, signature private key, and be stored in SE safety chip.
Mark identity is issued to mobile terminal and knows coding UserID2 (SM9 public key) and SM9 encryption and decryption in the center application platform KGC
Private key, signature private key, and be stored in mobile terminal safely.
Specifically, described to be carried out between charge-discharge facility and user terminal using the public key and private key of charge-discharge facility and user terminal
Two-way authentication, may include:
Charge-discharge facility generates facility random number, and facility random number, the public key of charge-discharge facility and current time are believed
Breath is sent to user terminal;
After user terminal receives the data that charge-discharge facility sends over, user terminal random number is generated, and set to charge and discharge
The data applied are digitally signed, by signature value, the public key of user terminal, user terminal random number, facility random number and current time
Information in response information back to charge-discharge facility;
After charge-discharge facility receives the response message of user terminal loopback, the use that is received using the public key verifications of user terminal
The signature value at family end, and the validity of authentication response information;If verifying successfully, it was demonstrated that user terminal identity is legal and records the use
The public key at family end;Otherwise, verification process and connection are interrupted;
Key seed is randomly generated in charge-discharge facility, is encrypted to obtain to the key seed using the public key of user terminal close
Key seed ciphertext, and do the second number using the facility random number of itself, the public key of charge-discharge facility and current time information and sign
Name, and by the public key and current time information of the second digital signature value, key seed ciphertext, facility random number, charge-discharge facility
It is sent to user terminal;
After user terminal receives the data of charge-discharge facility transmission, the validity of verify data, if being verified, using certainly
The certification private key decruption key seed ciphertext of body obtains the key seed of plaintext state, and charge-discharge facility and user terminal are according to bright
The key seed of literary state carries out cipher key derivative and obtains encrypted communication session key, is used according to the encrypted communication session key
Symmetry algorithm protects data communication, otherwise, interrupts verification process and connection.
Embodiment two:
Fig. 4 shows the structural representation of both sides' ID authentication system between charge-discharge facility of the embodiment of the present invention and user terminal
Figure, as shown in figure 4, the system may include:
Coding module, for generating charge-discharge facility and user according to the identity of charge-discharge facility and user terminal respectively
The identity at end encodes;
Key production module, for according to the identity of charge-discharge facility and user terminal encode generate charge-discharge facility and
The public key and private key of user terminal;
Authentication module, for the public key and private key progress charge-discharge facility and user terminal using charge-discharge facility and user terminal
Between two-way authentication.
Wherein, the user terminal may include: electric car, mobile terminal and application platform.
The identity of the charge-discharge facility is charge-discharge facility device number, and the identity of electric car is VIN knowledge
Other code, the identity of mobile terminal are IMEI coding, and the identity of application platform is platform names identification code.
Specifically, the coding module, is used for: (1) as the following formula determine the transcoding result of version number:
(m+2)*16+n
Wherein, m is the major version number of the version number of identity coding, and n is the sub- version of the version number of identity coding
This number;
The transcoding result of version number is subjected to ASCII transcoding inverse transformation and obtains version sign character;
(2) if the type of certification entity is charge-discharge facility, it is determined that its corresponding type character is " I ", if certification is real
The type of body is electric car, it is determined that its corresponding type character is " V ", if the type of certification entity is mobile terminal,
Determine that its corresponding type character is " U ", if the type of certification entity is application platform, it is determined that its corresponding type character is
"P";
(3) according to coding mode be ASCII encode, it is determined that coding mode character be " A ", according to coding staff
Formula is BCD coding, it is determined that coding mode character is " B ";
(4) if the total length of identity coding is less than or equal to 36, the transcoding result of code length is determined as the following formula:
L/4+0x30
If the total length of identity coding is greater than 36, the transcoding result of code length is determined as the following formula:
L/4+0x37
Wherein, L is the total length of identity coding;
The transcoding result of code length is subjected to ASCII transcoding inverse transformation and obtains length character;
(5) the 1st bytecode of validity period is determined as the following formula:
(Y-1970)/32
The 2nd bytecode of validity period is determined as the following formula:
(Y-1970) %32
The 3rd bytecode of validity period is the month of the validity period of identity coding;The 4th bytecode of validity period be
The number of days of the validity period of identity coding;
Determine the transcoding result of above-mentioned 4 bytecodes respectively as the following formula:
(z>9)*0x07+z+0x30
In formula, Y is the time of the validity period of identity coding, and z is each bytecode, otherwise it is 0 that the value of z > 9, which is 1,;
The transcoding result of 4 bytecodes is subjected to ASCII transcoding inverse transformation respectively and obtains validity period character;
(6) the identity character for encoding the identity of each certification entity as its identity;
(7) root key that the label that root key generation is center is encoded as identity is generated into center reference characters;
(8) all characters that step (1) to (7) obtains are subjected to CRC12 coding and carry out CODE64 transcoding to obtain identity
Identification code is checked character;
(9) output identity coding are as follows: version number's character+type character+coding mode character+length character+effectively
Phase character+identity character+root key generates center character+is checked character.
Wherein, the key production module, is used for:
Using the identity coding of charge-discharge facility as the public key of charge-discharge facility, and according to the public key of charge-discharge facility
The private key of charge-discharge facility is determined using SM9 id password algorithm;
The public key as itself is encoded using the identity of user terminal, and SM9 id password is used according to the public key of itself
Algorithm determines the private key of each user terminal.
Wherein, the authentication module, comprising: charge-discharge facility authentication unit and user terminal authentication unit;
Charge-discharge facility authentication unit generates charge-discharge facility random number, and charge-discharge facility random number, charge and discharge are set
The public key and current time information applied are sent to user terminal authentication unit;
After user terminal authentication unit receives the data that charge-discharge facility authentication unit is sent, user terminal random number is generated, and
The data of charge-discharge facility authentication unit are digitally signed, by signature value, the public key of user terminal, user terminal random number, are filled
Information back gives charge-discharge facility authentication unit in response for facility random number of discharging and current time information;
After charge-discharge facility authentication unit receives the response message of user terminal authentication unit loopback, the public key of user terminal is used
Verify the signature value of the user terminal received, and the validity of authentication response information;If verifying successfully, it was demonstrated that user terminal identity
Public key that is legal and recording the user terminal;Otherwise, verification process and connection are interrupted;
Key seed is randomly generated in charge-discharge facility authentication unit, is added using the public key of user terminal to the key seed
It is close to obtain key seed ciphertext, and believed using the charge-discharge facility random number of itself, the public key of charge-discharge facility and current time
Breath does the second digital signature, and by the second digital signature value, key seed ciphertext, charge-discharge facility random number, charge-discharge facility
Public key and current time information be sent to user terminal authentication unit;
After user terminal authentication unit receives the data that charge-discharge facility authentication unit is sent, verifying charge-discharge facility certification is single
The validity of the data of member, using the certification private key decruption key seed ciphertext of itself, obtains plaintext state if being verified
Key seed, charge-discharge facility authentication unit and user terminal authentication unit carry out cipher key derivative according to the key seed of plaintext state
Encrypted communication session key is obtained, data communication is protected using symmetry algorithm according to the encrypted communication session key, otherwise, in
Disconnected verification process and connection.
Embodiment three:
Charge-discharge facility and electric car and mobile authentication process are as follows:
Carrying out between charge-discharge facility and electric car and mobile terminal will be to charge-discharge facility, electronic before agreement transmission
Automobile and mobile terminal carry out following initialization step:
Identity coding PointID (SM9 public key) is issued to charge-discharge facility in the center charge-discharge facility operator KGC,
With SM9 encryption and decryption private key, signature private key, and it is stored in SE safety chip.
Identification information UserID1 (SM9 public key) and SM9 encryption and decryption are issued to electric car in the center electric car manufacturer KGC
Private key, signature private key, and be stored in SE safety chip.
Mark identity is issued to mobile terminal and knows coding UserID2 (SM9 public key) and SM9 encryption and decryption in the center application platform KGC
Private key, signature private key, and be stored in mobile terminal safely;
Then charge-discharge facility and electric car and mobile terminal protocol transmission flow are as follows:
1) respective communication protocols are used between mobile terminal and electric car (hereinafter referred to as " user terminal ") and charge-discharge facility
View establishes communication connection, and certification is requested to access;
2) charge-discharge facility generates random number R 1 by embedded SE safety chip, and by random number R 1, charge-discharge facility
SM9 public key identification information PointID and other information (such as temporal information) be packaged into random challenge data together, send
To user terminal;
3) after user terminal receives random challenge, generate random number R 2, and with the SM9 signature private key of user terminal to R2,
R1, PointID, UserID etc. } information does digital signature, obtain result S1;By random number R 2, random number R 1, PointID,
UserID and signature value S1 are packaged into challenge responses data, are sent to charge-discharge facility;
4) after charge-discharge facility receives challenge responses, the timeliness (1 time+timeliness can only be matched) of R1 is verified;Verifying
Whether charge-discharge facility mark PointID is consistent with itself;Use the validity of user terminal mark UserID verifying signature value S1;
If being proved to be successful, authorised user end identity is legal and records user terminal mark;If verifying unsuccessful, then it is assumed that user terminal
Identity is illegal, and middle connection breaking;
5) after, charge-discharge facility as need with user terminal coded communication, can be randomly generated by charge-discharge facility one it is close
Key seed KeySeed carries out SM9 encryption using user terminal UserID, obtains the CryptKey of ciphertext state;Charge-discharge facility
Digital signature is done to { R1, R2, UserID, CryptKey etc. } information using the SM9 signature private key of itself, obtains result S2;It will
R1, R2, UserID, CryptKey and signature value send jointly to user terminal;
6) user terminal receives in response to determining that after message, verifies the timeliness of R1, R2;Verifying user terminal identifies UserID
It is no to be consistent with itself;With the validity of PointID verifying S2 signature value;If being verified, user terminal approves charge-discharge facility body
Part is legal;Otherwise it is assumed that charge-discharge facility identity is illegal, connection breaking in user terminal.
7) user terminal decrypts CryptKey using the SM9 decrypted private key of itself, obtains the KeySeed of plaintext state.
If 8) above-mentioned steps are completed, the two-way authentication between charge-discharge facility and user terminal is completed, and one synchronous
Key seed KeySeed.
9) on the basis of key seed, coded communication is if desired carried out, then can carry out cipher key derivative and obtain coded communication
Session key SessionKey.Deriving mode is as follows:
10) SessionKey=Hash (KeySeed | | R1 | | R2 | | PointID | | UserID).
11) symmetry algorithm encryption can be used in cipher mode, and algorithm operating mode configures on demand.
It should be understood by those skilled in the art that, embodiments herein can provide as method, system or computer program
Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the application
Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the application, which can be used in one or more,
The computer program implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) produces
The form of product.
The application is referring to method, the process of equipment (system) and computer program product according to the embodiment of the present application
Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions
The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs
Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce
A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real
The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates,
Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or
The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting
Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or
The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one
The step of function of being specified in a box or multiple boxes.
Finally it should be noted that: the above embodiments are merely illustrative of the technical scheme of the present invention and are not intended to be limiting thereof, to the greatest extent
Invention is explained in detail referring to above-described embodiment for pipe, it should be understood by those ordinary skilled in the art that: still
It can be with modifications or equivalent substitutions are made to specific embodiments of the invention, and without departing from any of spirit and scope of the invention
Modification or equivalent replacement, should all cover within the scope of the claims of the present invention.
Claims (12)
1. both sides' identification authentication method between a kind of charge-discharge facility and user terminal, which is characterized in that the described method includes:
It is encoded respectively according to the identity that the identity of charge-discharge facility and user terminal generates charge-discharge facility and user terminal;
The public key and private key for generating charge-discharge facility and user terminal are encoded according to the identity of charge-discharge facility and user terminal;
The two-way authentication between charge-discharge facility and user terminal is carried out using the public key and private key of charge-discharge facility and user terminal.
2. the method as described in claim 1, which is characterized in that the user terminal includes: electric car, mobile terminal and application
Platform.
3. method according to claim 2, which is characterized in that the identity of the charge-discharge facility sets for charge-discharge facility
Standby number, the identity of electric car is VIN identification code, and the identity of mobile terminal is IMEI coding, the body of application platform
Part is identified as platform names identification code.
4. method as claimed in claim 3, which is characterized in that filled according to the identity of charge-discharge facility and user terminal generation
The identity coding of electric discharge facility and user terminal, comprising:
(1) the transcoding result of version number is determined as the following formula:
(m+2)*16+n
Wherein, m is the major version number of the version number of identity coding, and n is the sub-version number of the version number of identity coding;
The transcoding result of version number is subjected to ASCII transcoding inverse transformation and obtains version sign character;
(2) if the type of certification entity is charge-discharge facility, it is determined that its corresponding type character is " I ", if certification entity
Type is electric car, it is determined that its corresponding type character is " V ", if the type of certification entity is mobile terminal, it is determined that
Its corresponding type character is " U ", if the type of certification entity is application platform, it is determined that its corresponding type character is " P ";
(3) according to coding mode be ASCII encode, it is determined that coding mode character be " A ", according to coding mode be
BCD coding, it is determined that coding mode character is " B ";
(4) if the total length of identity coding is less than or equal to 36, the transcoding result of code length is determined as the following formula:
L/4+0x30
If the total length of identity coding is greater than 36, the transcoding result of code length is determined as the following formula:
L/4+0x37
Wherein, L is the total length of identity coding;
The transcoding result of code length is subjected to ASCII transcoding inverse transformation and obtains length character;
(5) the 1st bytecode of validity period is determined as the following formula:
(Y-1970)/32
The 2nd bytecode of validity period is determined as the following formula:
(Y-1970) %32
The 3rd bytecode of validity period is the month of the validity period of identity coding;The 4th bytecode of validity period is identity
The number of days of the validity period of identification code;
Determine the transcoding result of above-mentioned 4 bytecodes respectively as the following formula:
(z>9)*0x07+z+0x30
In formula, Y is the time of the validity period of identity coding, and z is each bytecode, otherwise it is 0 that the value of z > 9, which is 1,;
The transcoding result of 4 bytecodes is subjected to ASCII transcoding inverse transformation respectively and obtains validity period character;
(6) the identity character for encoding the identity of each certification entity as its identity;
(7) root key that the label that root key generation is center is encoded as identity is generated into center reference characters;
(8) all characters that step (1) to (7) obtains are subjected to CRC12 coding and carry out CODE64 transcoding to obtain identity
Coding is checked character;
(9) output identity coding are as follows: version number's character+type character+coding mode character+length character+validity period word
Symbol+identity character+root key generates center character+is checked character.
5. the method as described in claim 1, which is characterized in that described to be compiled according to the identity of charge-discharge facility and user terminal
Code generates the public key and private key of charge-discharge facility and user terminal, comprising:
Using the identity coding of charge-discharge facility as the public key of charge-discharge facility, and used according to the public key of charge-discharge facility
SM9 id password algorithm determines the private key of charge-discharge facility;
The public key as itself is encoded using the identity of user terminal, and SM9 id password algorithm is used according to the public key of itself
Determine the private key of each user terminal.
6. the method as described in claim 1, which is characterized in that the public key and private key using charge-discharge facility and user terminal
Carry out the two-way authentication between charge-discharge facility and user terminal, comprising:
Charge-discharge facility generates facility random number, and charge-discharge facility data are sent to user terminal, the charge-discharge facility data
Public key and current time information including facility random number, charge-discharge facility;
After user terminal receives the charge-discharge facility data that charge-discharge facility sends over, user terminal random number is generated, and
The charge-discharge facility data are digitally signed, signature value, the public key of user terminal, user terminal random number, facility is random
Several and current time information is passed back to charge-discharge facility as user terminal response message;
After charge-discharge facility receives the user terminal response message of user terminal loopback, received using the public key verifications of user terminal
The signature value of user terminal, and verify the validity of user terminal response message;If verifying successfully, it was demonstrated that user terminal identity is legal simultaneously
Record the public key of the user terminal;Otherwise, verification process and connection are interrupted;
Key seed is randomly generated in charge-discharge facility, is encrypted to obtain key kind to the key seed using the public key of user terminal
Sub- ciphertext, and the second digital signature is done using the facility random number of itself, the public key of charge-discharge facility and current time information, and
Charge-discharge facility data are sent to user terminal, the charge-discharge facility data are close including the second digital signature value, key seed
The public key and current time information of text, facility random number, charge-discharge facility;
After user terminal receives the charge-discharge facility data of charge-discharge facility transmission, the charge-discharge facility data are verified
Validity, using the certification private key decruption key seed ciphertext of itself, obtains the key seed of plaintext state if being verified,
Charge-discharge facility and user terminal carry out cipher key derivative according to the key seed of plaintext state and obtain encrypted communication session key, according to
The encrypted communication session key protects data communication using symmetry algorithm, otherwise, interrupts verification process and connection.
7. both sides' ID authentication system between a kind of charge-discharge facility and user terminal, which is characterized in that the system comprises:
Coding module, for generating charge-discharge facility and user terminal according to the identity of charge-discharge facility and user terminal respectively
Identity coding;
Key production module generates charge-discharge facility and user for encoding according to the identity of charge-discharge facility and user terminal
The public key and private key at end;
Authentication module carries out between charge-discharge facility and user terminal for the public key using charge-discharge facility and user terminal and private key
Two-way authentication.
8. system as claimed in claim 7, which is characterized in that the user terminal includes: electric car, mobile terminal and application
Platform.
9. system as claimed in claim 8, which is characterized in that the identity of the charge-discharge facility sets for charge-discharge facility
Standby number, the identity of electric car is VIN identification code, and the identity of mobile terminal is IMEI coding, the body of application platform
Part is identified as platform names identification code.
10. system as claimed in claim 7, which is characterized in that the coding module is used for:
(1) the transcoding result of version number is determined as the following formula:
(m+2)*16+n
Wherein, m is the major version number of the version number of identity coding, and n is the sub-version number of the version number of identity coding;
The transcoding result of version number is subjected to ASCII transcoding inverse transformation and obtains version sign character;
(2) if the type of certification entity is charge-discharge facility, it is determined that its corresponding type character is " I ", if certification entity
Type is electric car, it is determined that its corresponding type character is " V ", if the type of certification entity is mobile terminal, it is determined that
Its corresponding type character is " U ", if the type of certification entity is application platform, it is determined that its corresponding type character is " P ";
(3) according to coding mode be ASCII encode, it is determined that coding mode character be " A ", according to coding mode be
BCD coding, it is determined that coding mode character is " B ";
(4) if the total length of identity coding is less than or equal to 36, the transcoding result of code length is determined as the following formula:
L/4+0x30
If the total length of identity coding is greater than 36, the transcoding result of code length is determined as the following formula:
L/4+0x37
Wherein, L is the total length of identity coding;
The transcoding result of code length is subjected to ASCII transcoding inverse transformation and obtains length character;
(5) the 1st bytecode of validity period is determined as the following formula:
(Y-1970)/32
The 2nd bytecode of validity period is determined as the following formula:
(Y-1970) %32
The 3rd bytecode of validity period is the month of the validity period of identity coding;The 4th bytecode of validity period is identity
The number of days of the validity period of identification code;
Determine the transcoding result of above-mentioned 4 bytecodes respectively as the following formula:
(z>9)*0x07+z+0x30
In formula, Y is the time of the validity period of identity coding, and z is each bytecode, otherwise it is 0 that the value of z > 9, which is 1,;
The transcoding result of 4 bytecodes is subjected to ASCII transcoding inverse transformation respectively and obtains validity period character;
(6) the identity character for encoding the identity of each certification entity as its identity;
(7) root key that the label that root key generation is center is encoded as identity is generated into center reference characters;
(8) all characters that step (1) to (7) obtains are subjected to CRC12 coding and carry out CODE64 transcoding to obtain identity
Coding is checked character;
(9) output identity coding are as follows: version number's character+type character+coding mode character+length character+validity period word
Symbol+identity character+root key generates center character+is checked character.
11. system as claimed in claim 7, which is characterized in that the key production module is used for:
Using the identity coding of charge-discharge facility as the public key of charge-discharge facility, and used according to the public key of charge-discharge facility
SM9 id password algorithm determines the private key of charge-discharge facility;
The public key as itself is encoded using the identity of user terminal, and SM9 id password algorithm is used according to the public key of itself
Determine the private key of each user terminal.
12. system as claimed in claim 7, which is characterized in that the authentication module, comprising: charge-discharge facility authentication unit
With user terminal authentication unit;
Charge-discharge facility authentication unit generates charge-discharge facility random number, and charge-discharge facility data are sent to user terminal, described
Charge-discharge facility data include the public key and current time information of facility random number, charge-discharge facility;
After user terminal authentication unit receives the data that charge-discharge facility authentication unit is sent, user terminal random number is generated, and to institute
Charge-discharge facility data are stated to be digitally signed, by signature value, the public key of user terminal, user terminal random number, facility random number and
Current time information is passed back to charge-discharge facility authentication unit as user terminal response message;
After charge-discharge facility authentication unit receives the response message of user terminal authentication unit loopback, the public key verifications of user terminal are used
The signature value of the user terminal received, and verify the validity of user terminal response message;If verifying successfully, it was demonstrated that user terminal body
Part public key that is legal and recording the user terminal;Otherwise, verification process and connection are interrupted;
Key seed is randomly generated in charge-discharge facility authentication unit, encrypt to the key seed using the public key of user terminal
The second number is done to key seed ciphertext, and using the facility random number of itself, the public key of charge-discharge facility and current time information
Word signature, and charge-discharge facility data are sent to user terminal, the charge-discharge facility data include the second digital signature value, close
Key seed ciphertext, facility random number, the public key of charge-discharge facility and current time information are sent to user terminal authentication unit;
After user terminal authentication unit receives the data that charge-discharge facility authentication unit is sent, the charge-discharge facility data are verified
Validity, using the certification private key decruption key seed ciphertext of itself, obtains the key seed of plaintext state if being verified,
Charge-discharge facility and user terminal carry out cipher key derivative according to the key seed of plaintext state and obtain encrypted communication session key, according to
The encrypted communication session key protects data communication using symmetry algorithm, otherwise, interrupts verification process and connection.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811355944.5A CN109617675B (en) | 2018-11-15 | 2018-11-15 | Method and system for authenticating identifiers of both sides between charge and discharge facility and user terminal |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811355944.5A CN109617675B (en) | 2018-11-15 | 2018-11-15 | Method and system for authenticating identifiers of both sides between charge and discharge facility and user terminal |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109617675A true CN109617675A (en) | 2019-04-12 |
CN109617675B CN109617675B (en) | 2024-02-06 |
Family
ID=66004446
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811355944.5A Active CN109617675B (en) | 2018-11-15 | 2018-11-15 | Method and system for authenticating identifiers of both sides between charge and discharge facility and user terminal |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109617675B (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110198214A (en) * | 2019-06-02 | 2019-09-03 | 四川虹微技术有限公司 | Identity generation method, verification method and device |
CN112039918A (en) * | 2020-09-10 | 2020-12-04 | 四川长虹电器股份有限公司 | Internet of things credible authentication method based on identification cryptographic algorithm |
CN112218294A (en) * | 2020-09-08 | 2021-01-12 | 深圳市燃气集团股份有限公司 | 5G-based access method and system for Internet of things equipment and storage medium |
CN113849866A (en) * | 2021-09-17 | 2021-12-28 | 重庆思骑科技有限公司 | Method, device, storage medium and equipment for self-decryption of one-wire telephone |
CN113963487A (en) * | 2021-11-24 | 2022-01-21 | 北京联行网络科技有限公司 | Charging pile offline charging method and system |
CN114394026A (en) * | 2021-12-21 | 2022-04-26 | 中汽创智科技有限公司 | Electric vehicle charging method, system and device, charging pile and storage medium |
CN115314227A (en) * | 2022-10-10 | 2022-11-08 | 广东电网有限责任公司江门供电局 | Charging pile access authentication method, system and equipment |
Citations (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020078346A1 (en) * | 2000-12-19 | 2002-06-20 | Ravi Sandhu | Secure communications network with user control of authenticated personal information provided to network entities |
US20070136800A1 (en) * | 2005-12-13 | 2007-06-14 | Microsoft Corporation | Two-way authentication using a combined code |
US7953391B2 (en) * | 2005-06-03 | 2011-05-31 | Samsung Electronics Co., Ltd | Method for inclusive authentication and management of service provider, terminal and user identity module, and system and terminal device using the method |
CN103049809A (en) * | 2012-08-23 | 2013-04-17 | 国电大渡河瀑布沟发电有限公司 | Equipment coding method |
CN104022549A (en) * | 2014-06-08 | 2014-09-03 | 山东天海科技股份有限公司 | Intelligent charging access system for electric automobile |
US20140325225A1 (en) * | 2013-04-27 | 2014-10-30 | Quantron Inc. | Self-authenticated method with timestamp |
CN105450623A (en) * | 2014-11-26 | 2016-03-30 | 国家电网公司 | Access authentication method of electric automobile |
CN105939343A (en) * | 2016-04-14 | 2016-09-14 | 江苏马上游科技股份有限公司 | Client and server bidirectional authentication method based on information secondary coding |
CN105978906A (en) * | 2016-07-01 | 2016-09-28 | 中国人民解放军国防科学技术大学 | Identity based communication handshake protocol |
CN106330444A (en) * | 2015-06-19 | 2017-01-11 | 中兴新能源汽车有限责任公司 | Electric vehicle authentication method and device |
WO2017016318A1 (en) * | 2014-11-05 | 2017-02-02 | 祝国龙 | Credible label generation and verification method and system based on asymmetric cryptographic algorithm |
CN106452767A (en) * | 2016-12-20 | 2017-02-22 | 广东南方信息安全产业基地有限公司 | Identity authentication public key management system based access authentication method |
CN106713236A (en) * | 2015-11-17 | 2017-05-24 | 成都腾甲数据服务有限公司 | End-to-end identity authentication and encryption method based on CPK identifier authentication |
WO2017177435A1 (en) * | 2016-04-15 | 2017-10-19 | 深圳前海达闼云端智能科技有限公司 | Identity authentication method, terminal and server |
CN107566127A (en) * | 2017-09-30 | 2018-01-09 | 北京迪曼森科技有限公司 | A kind of generation method and application method of IKI Trusted Digitals mark |
US9887975B1 (en) * | 2016-08-03 | 2018-02-06 | KryptCo, Inc. | Systems and methods for delegated cryptography |
CN107947913A (en) * | 2017-11-15 | 2018-04-20 | 武汉大学 | The anonymous authentication method and system of a kind of identity-based |
WO2018095050A1 (en) * | 2016-11-24 | 2018-05-31 | 华为技术有限公司 | Identity authentication method, device, and system |
CN108544933A (en) * | 2018-03-09 | 2018-09-18 | 宁德时代新能源科技股份有限公司 | Charging authentication method and system, authentication chip and storage medium |
-
2018
- 2018-11-15 CN CN201811355944.5A patent/CN109617675B/en active Active
Patent Citations (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020078346A1 (en) * | 2000-12-19 | 2002-06-20 | Ravi Sandhu | Secure communications network with user control of authenticated personal information provided to network entities |
US7953391B2 (en) * | 2005-06-03 | 2011-05-31 | Samsung Electronics Co., Ltd | Method for inclusive authentication and management of service provider, terminal and user identity module, and system and terminal device using the method |
US20070136800A1 (en) * | 2005-12-13 | 2007-06-14 | Microsoft Corporation | Two-way authentication using a combined code |
CN103049809A (en) * | 2012-08-23 | 2013-04-17 | 国电大渡河瀑布沟发电有限公司 | Equipment coding method |
US20140325225A1 (en) * | 2013-04-27 | 2014-10-30 | Quantron Inc. | Self-authenticated method with timestamp |
CN104022549A (en) * | 2014-06-08 | 2014-09-03 | 山东天海科技股份有限公司 | Intelligent charging access system for electric automobile |
WO2017016318A1 (en) * | 2014-11-05 | 2017-02-02 | 祝国龙 | Credible label generation and verification method and system based on asymmetric cryptographic algorithm |
CN105450623A (en) * | 2014-11-26 | 2016-03-30 | 国家电网公司 | Access authentication method of electric automobile |
CN106330444A (en) * | 2015-06-19 | 2017-01-11 | 中兴新能源汽车有限责任公司 | Electric vehicle authentication method and device |
CN106713236A (en) * | 2015-11-17 | 2017-05-24 | 成都腾甲数据服务有限公司 | End-to-end identity authentication and encryption method based on CPK identifier authentication |
CN105939343A (en) * | 2016-04-14 | 2016-09-14 | 江苏马上游科技股份有限公司 | Client and server bidirectional authentication method based on information secondary coding |
WO2017177435A1 (en) * | 2016-04-15 | 2017-10-19 | 深圳前海达闼云端智能科技有限公司 | Identity authentication method, terminal and server |
CN105978906A (en) * | 2016-07-01 | 2016-09-28 | 中国人民解放军国防科学技术大学 | Identity based communication handshake protocol |
US9887975B1 (en) * | 2016-08-03 | 2018-02-06 | KryptCo, Inc. | Systems and methods for delegated cryptography |
WO2018095050A1 (en) * | 2016-11-24 | 2018-05-31 | 华为技术有限公司 | Identity authentication method, device, and system |
CN106452767A (en) * | 2016-12-20 | 2017-02-22 | 广东南方信息安全产业基地有限公司 | Identity authentication public key management system based access authentication method |
CN107566127A (en) * | 2017-09-30 | 2018-01-09 | 北京迪曼森科技有限公司 | A kind of generation method and application method of IKI Trusted Digitals mark |
CN107947913A (en) * | 2017-11-15 | 2018-04-20 | 武汉大学 | The anonymous authentication method and system of a kind of identity-based |
CN108544933A (en) * | 2018-03-09 | 2018-09-18 | 宁德时代新能源科技股份有限公司 | Charging authentication method and system, authentication chip and storage medium |
Non-Patent Citations (5)
Title |
---|
周楝淞;卿昱;谭平嶂;杨洁;庞飞;: "一种改进的基于标识的认证系统的实现", 信息安全与通信保密, no. 02 * |
袁峰;程朝辉;: "SM9标识密码算法综述", 信息安全研究, no. 11 * |
谢艳容;马文平;罗维;: "一种新的信息服务实体跨域认证模型", 计算机科学, no. 09 * |
谢颖莹;: "基于PKI的身份认证系统的研究与设计", 中国电力教育, no. 3 * |
黄会宝;江德军;吴双利;: "面向全流域的监测设施编码体系研究", 水利信息化, no. 06 * |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110198214A (en) * | 2019-06-02 | 2019-09-03 | 四川虹微技术有限公司 | Identity generation method, verification method and device |
CN110198214B (en) * | 2019-06-02 | 2022-02-22 | 四川虹微技术有限公司 | Identity generation method, identity verification method and identity verification device |
CN112218294A (en) * | 2020-09-08 | 2021-01-12 | 深圳市燃气集团股份有限公司 | 5G-based access method and system for Internet of things equipment and storage medium |
WO2022052493A1 (en) * | 2020-09-08 | 2022-03-17 | 深圳市燃气集团股份有限公司 | 5g-based internet of things device access method and system, and storage medium |
US11743726B2 (en) | 2020-09-08 | 2023-08-29 | Shenzhen Gas Corporation Ltd. | Access method and system of internet of things equipment based on 5G, and storage medium |
CN112039918A (en) * | 2020-09-10 | 2020-12-04 | 四川长虹电器股份有限公司 | Internet of things credible authentication method based on identification cryptographic algorithm |
CN112039918B (en) * | 2020-09-10 | 2021-08-06 | 四川长虹电器股份有限公司 | Internet of things credible authentication method based on identification cryptographic algorithm |
CN113849866A (en) * | 2021-09-17 | 2021-12-28 | 重庆思骑科技有限公司 | Method, device, storage medium and equipment for self-decryption of one-wire telephone |
CN113963487A (en) * | 2021-11-24 | 2022-01-21 | 北京联行网络科技有限公司 | Charging pile offline charging method and system |
CN114394026A (en) * | 2021-12-21 | 2022-04-26 | 中汽创智科技有限公司 | Electric vehicle charging method, system and device, charging pile and storage medium |
CN115314227A (en) * | 2022-10-10 | 2022-11-08 | 广东电网有限责任公司江门供电局 | Charging pile access authentication method, system and equipment |
CN115314227B (en) * | 2022-10-10 | 2023-01-20 | 广东电网有限责任公司江门供电局 | Charging pile access authentication method, system and equipment |
Also Published As
Publication number | Publication date |
---|---|
CN109617675B (en) | 2024-02-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109617675A (en) | Both sides' identification authentication method and system between a kind of charge-discharge facility and user terminal | |
CN108270571B (en) | Internet of Things identity authorization system and its method based on block chain | |
CN106375287B (en) | Charging method of new energy automobile | |
CN102170357B (en) | Combined secret key dynamic security management system | |
CN102111265B (en) | Method for encrypting secure chip of power system acquisition terminal | |
CN103597520B (en) | The ticketing service method and system of identity-based | |
CN101300808B (en) | Method and arrangement for secure autentication | |
CN101409619B (en) | Flash memory card and method for implementing virtual special network key exchange | |
CN108964892B (en) | Generation method, application method, management system and the application system of trusted application mark | |
CN101860525B (en) | Realizing method of electronic authorization warrant, intelligent terminal, authorization system and verification terminal | |
CN110753344B (en) | NB-IoT-based smart meter secure access system | |
CN103685323A (en) | Method for realizing intelligent home security networking based on intelligent cloud television gateway | |
CN101103358A (en) | Security code production method and methods of using the same, and programmable device therefor | |
CN113704780B (en) | Power distribution network user side information self-adaptive encryption method based on model driving | |
CN105897784A (en) | Internet of things terminal equipment encryption communication method and device | |
CN109257328A (en) | A kind of safety interacting method and device of scene operation/maintenance data | |
CN109474419A (en) | A kind of living body portrait photo encryption and decryption method and encrypting and deciphering system | |
CN105847005A (en) | Encryption device and method | |
CN111435390A (en) | Safety protection method for operation and maintenance tool of power distribution terminal | |
CN108650096A (en) | A kind of industrial field bus control system | |
CN104579659A (en) | Device for safety information interaction | |
CN113595725B (en) | Communication system and communication method based on quantum key card arrangement | |
CN114238878A (en) | Traceable data authorization transfer control method and system | |
CN111435389A (en) | Power distribution terminal operation and maintenance tool safety protection system | |
CN107104792B (en) | Portable mobile password management system and management method thereof |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |