CN110753345B - TBox communication method and TBox device - Google Patents
TBox communication method and TBox device Download PDFInfo
- Publication number
- CN110753345B CN110753345B CN201910951174.9A CN201910951174A CN110753345B CN 110753345 B CN110753345 B CN 110753345B CN 201910951174 A CN201910951174 A CN 201910951174A CN 110753345 B CN110753345 B CN 110753345B
- Authority
- CN
- China
- Prior art keywords
- tbox
- app
- key
- terminal
- hash
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/041—Key generation or derivation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M1/00—Substation equipment, e.g. for use by subscribers
- H04M1/72—Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
- H04M1/724—User interfaces specially adapted for cordless or mobile telephones
- H04M1/72403—User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality
- H04M1/72409—User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality by interfacing with external accessories
- H04M1/72412—User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality by interfacing with external accessories using two-way short-range wireless interfaces
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0431—Key distribution or pre-distribution; Key agreement
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/80—Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W76/00—Connection management
- H04W76/10—Connection setup
- H04W76/14—Direct-mode setup
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Human Computer Interaction (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention provides a TBox communication method and a TBox device, wherein the method comprises the following steps: after the APP terminal initiates wireless connection, the TBox terminal forwards a connection request, the cloud verifies the legality of the user identity of the APP terminal according to the connection request, if the user identity is legal, the private problem is sent again, if the private problem of the APP terminal is verified to pass, the cloud server sends the answer to the Hash-encrypted private problem to the TBox terminal, the TBox terminal generates a random number and sends the random number to the APP terminal, the TBox terminal exchanges respective public keys with the APP terminal, an ECDH transformation value is calculated according to the self private key and the exchanged public key, a corresponding key is calculated based on the respective ECDH transformation value, the random number and the answer to the Hash-encrypted private problem, when the keys of the APP terminal and the TBox terminal are consistent, the key is used as a current session key for encrypted communication. By the scheme, the problem of low security of the traditional near field communication is solved, the security of data communication can be improved, and the risk of external attack is avoided.
Description
Technical Field
The invention relates to the technical field of communication, in particular to a TBox communication method and a TBox device.
Background
The T-Box (namely a Telematics Box) automobile Box Can read automobile Can bus data and a private protocol, and generally comprises a host, a T-Box, a mobile phone APP and a background system in an Internet of vehicles system, wherein the host is used for displaying vehicle information, and the T-Box is used for communicating with the mobile phone APP and the background system to realize control over a vehicle, such as vehicle starting, air conditioner starting, vehicle information query and the like. In order to prevent sensitive information from being leaked in the communication process of the mobile phone APP and the T-Box and avoid potential safety hazards existing in the process of close-range connection, it is necessary to ensure the safety of the safe key negotiation process in a close-range scene.
At present, common secure key negotiation methods mainly include: one is that the same key is preset in the T-BOX and the APP terminal in advance before the communication process is initiated through a pre-sharing (PSK) mode, and sensitive communication information is encrypted by the key in the communication process. The mode ensures the communication safety to a certain extent, but as the key presetting is unchanged, once the preset key is obtained by an attacker, the safety of the whole system cannot be ensured; the other is to use a dedicated encryption protection mechanism provided by a physical pipeline to implement a key agreement process between two communication parties, such as a WPA/WPA2/WPA3 Security mechanism in a WIFI environment and an SMP (Security Manager Protocol) in a bluetooth environment. The key agreement process can be protected by using the security support provided by the WIFI module or the Bluetooth module directly without additional development cost, but vulnerabilities exist based on a physical pipeline protection mode, and if the vulnerabilities which possibly exist cannot be avoided by updating firmware for some reasons, the protection also does not play any role. Therefore, the existing communication mode in the close-range connection scene has low safety, and has great potential safety hazard to a certain extent.
Disclosure of Invention
In view of this, embodiments of the present invention provide a TBox communication method to solve the problem of low security of the existing short-range connection communication.
In a first aspect of the embodiments of the present invention, a TBox communication method is provided, including:
establishing wireless connection between a TBox end and an APP end, and forwarding a connection request sent by the APP end to a cloud server by the TBox end;
the cloud server verifies the validity of the user identity of the APP terminal according to the connection request, and if the user identity is legal, a privacy problem is sent to the APP terminal;
if the private question of the APP terminal passes verification, the cloud server sends the private question answer encrypted by the Hash to the TBox terminal;
based on the connection between the TBox end and the APP end, the TBox end generates a random number and sends the random number and a public key of the TBox end to the APP end;
the APP side performs ECDH transformation by using a private key of the APP side and a public key of the TBox side to obtain a first transformation value;
sending the public key of the APP end to the TBox end, and enabling the TBox end to perform ECDH transformation by using a private key of the TBox end and the public key of the APP end to obtain a second transformation value;
the APP terminal and the TBox terminal respectively calculate corresponding keys according to respective ECDH conversion values, random numbers and private question answers of Hash encryption;
and when the keys of the APP terminal and the TBox terminal are consistent, the key is used as the current session key to carry out encrypted communication.
In a second aspect of embodiments of the present invention, there is provided an apparatus, comprising:
the forwarding module is used for forwarding a connection request sent by the APP terminal to the cloud server after wireless connection with the APP terminal is established;
the receiving module is used for receiving the private question answer of the Hash encryption sent by the cloud server after the cloud server verifies the identity of the APP user and the private question;
the sending module is used for generating a random number and sending the random number and the public key to the APP terminal;
the transformation module is used for performing ECDH transformation according to the public key of the APP end and the private key of the APP end to obtain a second transformation value;
the calculation module is used for calculating a corresponding key according to the second conversion value, the random number and the private question answer encrypted by the Hash;
and the verification module is used for judging whether the own key is consistent with the key obtained by calculation of the APP terminal, and when the keys of the APP terminal and the TBox terminal are consistent, the key is used as the current session key for encrypted communication.
In a third aspect of the embodiments of the present invention, there is provided an electronic device, including a memory, a processor, and a computer program stored in the memory and executable by the processor, where the processor executes the computer program to implement the functions of the apparatus according to the second aspect of the embodiments of the present invention.
In the embodiment of the invention, the connection request of the APP terminal is forwarded through the TBox terminal, after the user identity and the privacy problem are verified by the cloud terminal, the random number is generated by the TBox terminal, mutual public keys are exchanged between the TBox terminal and the APP terminal, the TBox terminal and the APP terminal respectively carry out ECDH transformation according to respective private keys and the exchanged public keys, then respective keys of the TBox terminal and the APP terminal are calculated according to ECDH transformation results, the random numbers and the key problems, and when the keys are the same, encryption communication is carried out, so that the problem of low security of TBox near-distance communication is solved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings required for the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings described below are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a timing diagram of a TBox communication method according to an embodiment of the present invention;
fig. 2 is a schematic flowchart of a TBox communication method according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a TBox apparatus according to an embodiment of the present invention.
Detailed Description
In order to make the objects, features and advantages of the present invention more obvious and understandable, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The terms "comprises" and "comprising," when used in this specification and claims, and in the accompanying drawings and figures, are intended to cover non-exclusive inclusions, such that a process, method or system, or apparatus that comprises a list of steps or elements is not limited to the listed steps or elements. In addition, "first" and "second" are used to distinguish different objects, and are not used to describe a specific order.
Referring to fig. 1, fig. 1 is a timing diagram of a TBox communication method according to an embodiment of the present invention, and in fig. 1, the TBox communication method includes an APP end 110, a TBox end, and a cloud end.
The APP end, i.e. the application end, may generally refer to a user end or a client, such as a mobile phone APP client. And the TBox end is used for communicating with the APP end or the background server end in the vehicle networking system. The cloud, namely a cloud server corresponding to the TBox end, is generally used for storing and managing background data.
The APP terminal 110 sends a connection request to the TBox terminal 120, the TBox terminal 120 forwards the connection request to the cloud 130, and the cloud 130 requests user information from the APP terminal 110 according to the connection request of the APP terminal, so as to perform user identity verification, where the user information may include a user name, a password, and a digital certificate. The APP terminal 110 feeds back user information to the cloud terminal, and in the cloud terminal 130, the user identity is verified according to the user information stored in the cloud terminal and the user information returned by the current APP terminal.
If the user identity verification is successful, the private question is sent to the APP end 110, the APP end 110 returns a private question answer to the cloud end 130, and the cloud end 130 verifies whether the private question answer is correct.
When the private question passes verification, the private question answers are subjected to Hash encryption, the encrypted private question answers are sent to the TBox end 120, the TBox end 120 generates random numbers, the TBox end 120 sends the random numbers and the public key thereof to the APP end 110, the APP end 110 performs ECDH transformation according to the public key of the TBox end and the private key thereof, and the result is marked as ECDH1.
The APP terminal 110 sends the public key to the TBox terminal 120, the TBox terminal 120 performs ECDH transformation according to the private key and the public key of the APP terminal, and the result is recorded as ECDH2.
The APP terminal 110 and the TBox terminal 120 perform key calculation respectively, and when the keys are consistent, the keys are used as keys of the current session to perform encrypted communication.
And the key agreement is consistent at the TBox end 120, so that the session can be carried out, the potential safety hazard existing in the preset key is avoided, and the safety of communication with the APP end can be ensured.
Referring to fig. 2, a flow chart of a TBox communication method according to an embodiment of the present invention includes:
s201, establishing wireless connection between a TBox end and an APP end, wherein the TBox end forwards a connection request sent by the APP end to a cloud server;
the wireless connection is that the nodes are not connected through a conductor, and the wireless connection is generally applicable to short-distance communication, such as WiFi, bluetooth and the like, the APP end initiates a wireless connection request, the TBox end receives the request and then forwards a request data packet to a cloud service, and the cloud server is a background server corresponding to the vehicle end TBox generally.
S202, the cloud server verifies the validity of the user identity of the APP terminal according to the connection request, and if the user identity of the user is legal, a privacy problem is sent to the APP terminal;
the cloud server receives the connection request, asks for user identity information from the APP terminal, verifies whether the user identity is legal or not through the user identity information returned by the APP terminal and the user information stored in the cloud terminal, sends information to the TBox terminal when the user identity is verified to be illegal, rejects the connection request of the APP terminal, and sends a privacy problem to the APP terminal when the user identity is verified to be illegal, so that the user identity is further verified.
The identity information of the user at the APP verification end at least comprises a digital certificate, a digital signature, a user name and a user password.
The privacy problem generally refers to the privacy problem preset at the APP end, and after the APP completes registration at the cloud server, the corresponding privacy problem and answer can be input, so that whether the APP end is a legal connection request or not can be verified.
S203, if the private question of the APP terminal passes verification, the cloud server sends the private question answer encrypted by the hash to the TBox terminal;
hash encryption generally performs hash calculation on certain data through a hash algorithm to obtain a corresponding hash value, and specifically can convert target data into reversible ciphertexts with different lengths. The hash calculation is carried out on the private question answers, and then the encrypted private question answers can be obtained, so that the data security is guaranteed, and the subsequent secret key calculation is convenient.
S204, based on the connection between the TBox end and the APP end, the TBox end generates a random number and sends the random number and a public key of the TBox end to the APP end;
the random number is generated randomly by a TBox end and can be any natural number generally.
S205, the APP terminal utilizes a private key of the APP terminal and a public key of the TBox terminal to perform ECDH transformation to obtain a first transformation value;
the ECDH transformation, namely an ECDH key negotiation algorithm, respectively generates a key pair of a public key and a private key by an APP terminal and a TBox terminal, and the public keys of the APP terminal and the TBox terminal are exchanged to calculate a consistent key. In the conventional ECDH key negotiation algorithm, the public key may be tampered or replaced by an attacker during exchange, and the privacy problem of adding the random number and the hash encryption in the embodiment can further avoid the risk of data attack and ensure the data communication security.
S206, sending the public key of the APP end to the TBox end, and enabling the TBox end to perform ECDH transformation by using the private key of the TBox end and the public key of the APP end to obtain a second transformation value;
s207, the APP terminal and the TBox terminal respectively calculate corresponding keys according to the ECDH conversion value, the random number and the Hash encrypted private question answer;
specifically, the APP terminal calculates a secret key according to the ECDH conversion value, the random number and the Hash encrypted private question answer; and the TBox end calculates a secret key according to the ECDH conversion value, the random number and the Hash encrypted private question answer. The random number and the hash-encrypted private question answer at the APP end are generally the same as those at the TBox end.
Optionally, the APP end calculates the first key according to the first transform value, the random number, and the hash-encrypted question answer, where the APP end calculation formula is:
Secret1=HASH(RANDOM||HASH(answers)||ECDH1);
secret1 denotes a first key, HASH denotes HASH encryption, RANDOM denotes a RANDOM number, answers denotes a Secret question answer, and ECDH1 denotes a first transform value.
Optionally, the TBox end calculates the second key according to the second transform value, the random number, and the hash-encrypted question answer, where the TBox end has a calculation formula:
Secret2=HASH(RANDOM||HASH(answers)||ECDH2);
secret2 denotes a first key, HASH denotes HASH encryption, RANDOM denotes a RANDOM number, answers denotes a Secret question answer, and ECDH2 denotes a first transform value.
And S208, when the keys of the APP terminal and the TBox terminal are consistent, carrying out encryption communication by taking the keys as current session keys.
When the key calculated by the APP terminal is the same as the key calculated by the TBox terminal, it indicates that no data occurs between the APP terminal and the TBox terminal, and the key can be used as the key of the current session for data transmission.
Compared with the traditional preset key or a protection mode using a physical pipeline, the method provided by the embodiment is based on the verification of the user identity and the problem of privacy in advance, and is combined with the ECDH transformation and key negotiation mode, so that the data leak is effectively prevented, and the communication safety is guaranteed.
It should be understood that, the sequence numbers of the steps in the foregoing embodiments do not imply an execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, but should not constitute any limitation to the implementation process of the embodiments of the present invention,
fig. 3 is a schematic structural diagram of a TBox apparatus according to a third embodiment of the present invention, where the apparatus includes:
the forwarding module 310 is configured to forward a connection request sent by the APP end to the cloud server after establishing a wireless connection with the APP end;
the receiving module 320 is configured to receive a private question answer of hash encryption sent by the cloud server after the cloud server verifies that the APP end user identity and the private question pass;
after the identity of the APP user is verified by the cloud server, the privacy problem is sent to the APP, and the identity of the APP is further verified. After the verification is passed, the receiving module can obtain the private question answer of the hash encryption.
Optionally, the verifying the APP user identity at the cloud server includes:
and verifying the digital certificate, the digital signature, the user name and the user password of the APP terminal user.
A sending module 330, configured to generate a random number, and send the random number and the public key to the APP end;
the transformation module 340 is configured to perform ECDH transformation according to the public key of the APP end and the private key of the APP end to obtain a second transformation value;
a calculating module 350, configured to calculate a corresponding key according to the second transform value, the random number, and the hashed private question answer;
it should be noted that, when the calculation module 350 calculates the key, the APP performs key calculation according to the ECDH transform value, the random number, and the hash-encrypted secret question answer. And when the two keys are consistent, the APP terminal takes the key calculation result as a negotiation key.
Optionally, the calculating a corresponding key according to the second transform value, the random number, and the hash-encrypted private question answer specifically includes:
and the TBox end calculates a second key according to the second conversion value, the random number and the Hash encrypted question answer, wherein the TBox end has a calculation formula as follows:
Secret2=HASH(RANDOM||HASH(answers)||ECDH2);
secret2 denotes a first key, HASH denotes HASH encryption, RANDOM denotes a RANDOM number, answers denotes a Secret question answer, and ECDH2 denotes a first transform value.
And the verification module 360 is used for judging whether the own key is consistent with the key calculated by the APP terminal, and when the keys of the APP terminal and the TBox terminal are consistent, the key is used as the current session key for encrypted communication.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and reference may be made to the related descriptions of other embodiments for parts that are not described or illustrated in a certain embodiment.
Those skilled in the art will appreciate that all or part of the steps in the method for implementing the above embodiments may be implemented by a program to instruct associated hardware, where the program may be stored in a computer-readable storage medium, and when executed, the program includes steps S201 to S208, where the storage medium includes, for example: ROM/RAM, magnetic disk, optical disk, etc.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (5)
1. A TBox communication method is characterized by comprising the following steps:
establishing wireless connection between a TBox end and an APP end, and forwarding a connection request sent by the APP end to a cloud server by the TBox end;
the cloud server verifies the validity of the user identity of the APP terminal according to the connection request, and if the user identity is legal, a privacy problem is sent to the APP terminal;
if the private question of the APP terminal passes verification, the cloud server sends the private question answer encrypted by the hash to the TBox terminal;
based on the connection between the TBox end and the APP end, the TBox end generates a random number and sends the random number and a public key of the TBox end to the APP end;
the APP terminal utilizes a private key of the APP terminal and a public key of the TBox terminal to carry out ECDH transformation to obtain a first transformation value;
sending the public key of the APP end to the TBox end, and enabling the TBox end to perform ECDH transformation by using a private key of the TBox end and the public key of the APP end to obtain a second transformation value;
the APP terminal and the TBox terminal respectively calculate corresponding keys according to respective ECDH conversion values, random numbers and private question answers of Hash encryption;
and the TBox end calculates a second key according to the second conversion value, the random number and the Hash encrypted question answer, wherein the calculation formula of the TBox end is as follows:
Secret2=HASH(RANDOM||HASH(answers)||ECDH2);
secret2 represents a first key, HASH represents HASH encryption, RANDOM represents a RANDOM number, answers represents a Secret question answer, and ECDH2 represents a first transformation value;
and when the keys of the APP terminal and the TBox terminal are consistent, performing encryption communication by taking the key as the current session key.
2. The method of claim 1, wherein the cloud server verifying the validity of the APP user identity according to the connection request comprises:
and verifying the digital certificate, the digital signature, the user name and the user password of the APP terminal user.
3. The method according to claim 1, wherein the calculating of the corresponding secret key by the APP end and the TBox end according to the ECDH transform value, the random number, and the hash-encrypted answer to the secret question is specifically:
the APP terminal calculates a first secret key according to the first conversion value, the random number and the Hash encryption question answer, wherein the APP terminal calculation formula is as follows:
Secret1=HASH(RANDOM||HASH(answers)||ECDH1);
secret1 denotes a first key, HASH denotes HASH encryption, RANDOM denotes a RANDOM number, answers denotes a Secret question answer, and ECDH1 denotes a first transform value.
4. A TBox communication device, comprising:
the forwarding module is used for forwarding a connection request sent by the APP terminal to the cloud server after wireless connection with the APP terminal is established;
the receiving module is used for receiving the private question answer of the Hash encryption sent by the cloud server after the cloud server verifies the identity of the APP user and the private question;
the sending module is used for generating a random number and sending the random number and the public key to the APP terminal;
the conversion module is used for performing ECDH conversion according to the public key of the APP end and the private key of the APP end to obtain a second conversion value;
the calculation module is used for calculating a corresponding key according to the second conversion value, the random number and the private question answer encrypted by the Hash;
and the TBox end calculates a second key according to the second conversion value, the random number and the Hash encrypted question answer, wherein the TBox end has a calculation formula as follows:
Secret2=HASH(RANDOM||HASH(answers)||ECDH2);
secret2 represents a first key, HASH represents HASH encryption, RANDOM represents a RANDOM number, answers represents a private question answer, and ECDH2 represents a first transformation value;
and the verification module is used for judging whether the own key is consistent with the key obtained by calculation of the APP terminal, and when the keys of the APP terminal and the TBox terminal are consistent, the key is used as the current session key for encrypted communication.
5. The apparatus of claim 4, wherein the verifying the APP end user identity at the cloud server comprises:
and verifying the digital certificate, the digital signature, the user name and the user password of the APP terminal user.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910951174.9A CN110753345B (en) | 2019-10-08 | 2019-10-08 | TBox communication method and TBox device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910951174.9A CN110753345B (en) | 2019-10-08 | 2019-10-08 | TBox communication method and TBox device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110753345A CN110753345A (en) | 2020-02-04 |
CN110753345B true CN110753345B (en) | 2022-11-25 |
Family
ID=69277747
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910951174.9A Active CN110753345B (en) | 2019-10-08 | 2019-10-08 | TBox communication method and TBox device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110753345B (en) |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111586637A (en) * | 2020-04-21 | 2020-08-25 | 汉腾汽车有限公司 | Automobile and mobile phone network connection method based on dynamic password |
CN112468294B (en) * | 2020-11-23 | 2023-07-18 | 北京经纬恒润科技股份有限公司 | Access method and authentication equipment of vehicle-mounted TBOX |
CN112769912A (en) * | 2020-12-30 | 2021-05-07 | 厦门市美亚柏科信息股份有限公司 | Data synchronization method of Internet of things equipment and computer readable storage medium |
CN114254342A (en) * | 2021-12-10 | 2022-03-29 | 青岛海尔科技有限公司 | Communication connection method, system, device, storage medium and processor |
CN116366369B (en) * | 2023-05-15 | 2023-07-25 | 成都工业职业技术学院 | Data communication method, communication device and communication terminal in rail transit |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101521881A (en) * | 2009-03-24 | 2009-09-02 | 刘建 | Method and system for assessing wireless local area network |
US9641328B1 (en) * | 2014-03-10 | 2017-05-02 | Ionu Security, Inc. | Generation of public-private key pairs |
CN108141444A (en) * | 2015-09-29 | 2018-06-08 | 标致雪铁龙汽车股份有限公司 | Improved authentication method and authentication device |
CN110177354A (en) * | 2019-06-21 | 2019-08-27 | 湖北亿咖通科技有限公司 | A kind of wireless control method and system of vehicle |
CN110191415A (en) * | 2019-05-29 | 2019-08-30 | 深圳市元征科技股份有限公司 | A kind of encryption method of information of vehicles, mobile unit and server |
-
2019
- 2019-10-08 CN CN201910951174.9A patent/CN110753345B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101521881A (en) * | 2009-03-24 | 2009-09-02 | 刘建 | Method and system for assessing wireless local area network |
US9641328B1 (en) * | 2014-03-10 | 2017-05-02 | Ionu Security, Inc. | Generation of public-private key pairs |
CN108141444A (en) * | 2015-09-29 | 2018-06-08 | 标致雪铁龙汽车股份有限公司 | Improved authentication method and authentication device |
CN110191415A (en) * | 2019-05-29 | 2019-08-30 | 深圳市元征科技股份有限公司 | A kind of encryption method of information of vehicles, mobile unit and server |
CN110177354A (en) * | 2019-06-21 | 2019-08-27 | 湖北亿咖通科技有限公司 | A kind of wireless control method and system of vehicle |
Also Published As
Publication number | Publication date |
---|---|
CN110753345A (en) | 2020-02-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110753345B (en) | TBox communication method and TBox device | |
KR101904177B1 (en) | Data processing method and apparatus | |
WO2018050081A1 (en) | Device identity authentication method and apparatus, electric device, and storage medium | |
EP2272271B1 (en) | Method and system for mutual authentication of nodes in a wireless communication network | |
US8452954B2 (en) | Methods and systems to bind a device to a computer system | |
CA2956590C (en) | Apparatus and method for sharing a hardware security module interface in a collaborative network | |
US20150172064A1 (en) | Method and relay device for cryptographic communication | |
US10680835B2 (en) | Secure authentication of remote equipment | |
CN110635901B (en) | Local Bluetooth dynamic authentication method and system for Internet of things equipment | |
WO2019051776A1 (en) | Key transmission method and device | |
US20180069836A1 (en) | Tiered attestation for resource-limited devices | |
JP7497438B2 (en) | Certificate application method and device | |
CN109831311A (en) | A kind of server validation method, system, user terminal and readable storage medium storing program for executing | |
CN113615220B (en) | Secure communication method and device | |
CN102082665A (en) | Identity authentication method, system and equipment in EAP (Extensible Authentication Protocol) authentication | |
US20210392004A1 (en) | Apparatus and method for authenticating device based on certificate using physical unclonable function | |
CN111654481B (en) | Identity authentication method, identity authentication device and storage medium | |
CN113207322B (en) | Communication method and communication device | |
CN104243452A (en) | Method and system for cloud computing access control | |
WO2023279283A1 (en) | Method for establishing secure vehicle communication, and vehicle, terminal and system | |
CN111277583A (en) | Identity authentication method for monitoring system of mobile cloud computing | |
CN109995723B (en) | Method, device and system for DNS information interaction of domain name resolution system | |
WO2017020530A1 (en) | Enhanced wlan certificate authentication method, device and system | |
CN113630244A (en) | End-to-end safety guarantee method facing communication sensor network and edge server | |
CN117439740A (en) | In-vehicle network identity authentication and key negotiation method, system and terminal |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |