CN110753345B - TBox communication method and TBox device - Google Patents

TBox communication method and TBox device Download PDF

Info

Publication number
CN110753345B
CN110753345B CN201910951174.9A CN201910951174A CN110753345B CN 110753345 B CN110753345 B CN 110753345B CN 201910951174 A CN201910951174 A CN 201910951174A CN 110753345 B CN110753345 B CN 110753345B
Authority
CN
China
Prior art keywords
tbox
app
key
terminal
hash
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910951174.9A
Other languages
Chinese (zh)
Other versions
CN110753345A (en
Inventor
朱敦尧
郑映
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan Kotei Informatics Co Ltd
Original Assignee
Wuhan Kotei Informatics Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan Kotei Informatics Co Ltd filed Critical Wuhan Kotei Informatics Co Ltd
Priority to CN201910951174.9A priority Critical patent/CN110753345B/en
Publication of CN110753345A publication Critical patent/CN110753345A/en
Application granted granted Critical
Publication of CN110753345B publication Critical patent/CN110753345B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M1/00Substation equipment, e.g. for use by subscribers
    • H04M1/72Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
    • H04M1/724User interfaces specially adapted for cordless or mobile telephones
    • H04M1/72403User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality
    • H04M1/72409User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality by interfacing with external accessories
    • H04M1/72412User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality by interfacing with external accessories using two-way short-range wireless interfaces
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup
    • H04W76/14Direct-mode setup

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Human Computer Interaction (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention provides a TBox communication method and a TBox device, wherein the method comprises the following steps: after the APP terminal initiates wireless connection, the TBox terminal forwards a connection request, the cloud verifies the legality of the user identity of the APP terminal according to the connection request, if the user identity is legal, the private problem is sent again, if the private problem of the APP terminal is verified to pass, the cloud server sends the answer to the Hash-encrypted private problem to the TBox terminal, the TBox terminal generates a random number and sends the random number to the APP terminal, the TBox terminal exchanges respective public keys with the APP terminal, an ECDH transformation value is calculated according to the self private key and the exchanged public key, a corresponding key is calculated based on the respective ECDH transformation value, the random number and the answer to the Hash-encrypted private problem, when the keys of the APP terminal and the TBox terminal are consistent, the key is used as a current session key for encrypted communication. By the scheme, the problem of low security of the traditional near field communication is solved, the security of data communication can be improved, and the risk of external attack is avoided.

Description

TBox communication method and TBox device
Technical Field
The invention relates to the technical field of communication, in particular to a TBox communication method and a TBox device.
Background
The T-Box (namely a Telematics Box) automobile Box Can read automobile Can bus data and a private protocol, and generally comprises a host, a T-Box, a mobile phone APP and a background system in an Internet of vehicles system, wherein the host is used for displaying vehicle information, and the T-Box is used for communicating with the mobile phone APP and the background system to realize control over a vehicle, such as vehicle starting, air conditioner starting, vehicle information query and the like. In order to prevent sensitive information from being leaked in the communication process of the mobile phone APP and the T-Box and avoid potential safety hazards existing in the process of close-range connection, it is necessary to ensure the safety of the safe key negotiation process in a close-range scene.
At present, common secure key negotiation methods mainly include: one is that the same key is preset in the T-BOX and the APP terminal in advance before the communication process is initiated through a pre-sharing (PSK) mode, and sensitive communication information is encrypted by the key in the communication process. The mode ensures the communication safety to a certain extent, but as the key presetting is unchanged, once the preset key is obtained by an attacker, the safety of the whole system cannot be ensured; the other is to use a dedicated encryption protection mechanism provided by a physical pipeline to implement a key agreement process between two communication parties, such as a WPA/WPA2/WPA3 Security mechanism in a WIFI environment and an SMP (Security Manager Protocol) in a bluetooth environment. The key agreement process can be protected by using the security support provided by the WIFI module or the Bluetooth module directly without additional development cost, but vulnerabilities exist based on a physical pipeline protection mode, and if the vulnerabilities which possibly exist cannot be avoided by updating firmware for some reasons, the protection also does not play any role. Therefore, the existing communication mode in the close-range connection scene has low safety, and has great potential safety hazard to a certain extent.
Disclosure of Invention
In view of this, embodiments of the present invention provide a TBox communication method to solve the problem of low security of the existing short-range connection communication.
In a first aspect of the embodiments of the present invention, a TBox communication method is provided, including:
establishing wireless connection between a TBox end and an APP end, and forwarding a connection request sent by the APP end to a cloud server by the TBox end;
the cloud server verifies the validity of the user identity of the APP terminal according to the connection request, and if the user identity is legal, a privacy problem is sent to the APP terminal;
if the private question of the APP terminal passes verification, the cloud server sends the private question answer encrypted by the Hash to the TBox terminal;
based on the connection between the TBox end and the APP end, the TBox end generates a random number and sends the random number and a public key of the TBox end to the APP end;
the APP side performs ECDH transformation by using a private key of the APP side and a public key of the TBox side to obtain a first transformation value;
sending the public key of the APP end to the TBox end, and enabling the TBox end to perform ECDH transformation by using a private key of the TBox end and the public key of the APP end to obtain a second transformation value;
the APP terminal and the TBox terminal respectively calculate corresponding keys according to respective ECDH conversion values, random numbers and private question answers of Hash encryption;
and when the keys of the APP terminal and the TBox terminal are consistent, the key is used as the current session key to carry out encrypted communication.
In a second aspect of embodiments of the present invention, there is provided an apparatus, comprising:
the forwarding module is used for forwarding a connection request sent by the APP terminal to the cloud server after wireless connection with the APP terminal is established;
the receiving module is used for receiving the private question answer of the Hash encryption sent by the cloud server after the cloud server verifies the identity of the APP user and the private question;
the sending module is used for generating a random number and sending the random number and the public key to the APP terminal;
the transformation module is used for performing ECDH transformation according to the public key of the APP end and the private key of the APP end to obtain a second transformation value;
the calculation module is used for calculating a corresponding key according to the second conversion value, the random number and the private question answer encrypted by the Hash;
and the verification module is used for judging whether the own key is consistent with the key obtained by calculation of the APP terminal, and when the keys of the APP terminal and the TBox terminal are consistent, the key is used as the current session key for encrypted communication.
In a third aspect of the embodiments of the present invention, there is provided an electronic device, including a memory, a processor, and a computer program stored in the memory and executable by the processor, where the processor executes the computer program to implement the functions of the apparatus according to the second aspect of the embodiments of the present invention.
In the embodiment of the invention, the connection request of the APP terminal is forwarded through the TBox terminal, after the user identity and the privacy problem are verified by the cloud terminal, the random number is generated by the TBox terminal, mutual public keys are exchanged between the TBox terminal and the APP terminal, the TBox terminal and the APP terminal respectively carry out ECDH transformation according to respective private keys and the exchanged public keys, then respective keys of the TBox terminal and the APP terminal are calculated according to ECDH transformation results, the random numbers and the key problems, and when the keys are the same, encryption communication is carried out, so that the problem of low security of TBox near-distance communication is solved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings required for the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings described below are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a timing diagram of a TBox communication method according to an embodiment of the present invention;
fig. 2 is a schematic flowchart of a TBox communication method according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a TBox apparatus according to an embodiment of the present invention.
Detailed Description
In order to make the objects, features and advantages of the present invention more obvious and understandable, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The terms "comprises" and "comprising," when used in this specification and claims, and in the accompanying drawings and figures, are intended to cover non-exclusive inclusions, such that a process, method or system, or apparatus that comprises a list of steps or elements is not limited to the listed steps or elements. In addition, "first" and "second" are used to distinguish different objects, and are not used to describe a specific order.
Referring to fig. 1, fig. 1 is a timing diagram of a TBox communication method according to an embodiment of the present invention, and in fig. 1, the TBox communication method includes an APP end 110, a TBox end, and a cloud end.
The APP end, i.e. the application end, may generally refer to a user end or a client, such as a mobile phone APP client. And the TBox end is used for communicating with the APP end or the background server end in the vehicle networking system. The cloud, namely a cloud server corresponding to the TBox end, is generally used for storing and managing background data.
The APP terminal 110 sends a connection request to the TBox terminal 120, the TBox terminal 120 forwards the connection request to the cloud 130, and the cloud 130 requests user information from the APP terminal 110 according to the connection request of the APP terminal, so as to perform user identity verification, where the user information may include a user name, a password, and a digital certificate. The APP terminal 110 feeds back user information to the cloud terminal, and in the cloud terminal 130, the user identity is verified according to the user information stored in the cloud terminal and the user information returned by the current APP terminal.
If the user identity verification is successful, the private question is sent to the APP end 110, the APP end 110 returns a private question answer to the cloud end 130, and the cloud end 130 verifies whether the private question answer is correct.
When the private question passes verification, the private question answers are subjected to Hash encryption, the encrypted private question answers are sent to the TBox end 120, the TBox end 120 generates random numbers, the TBox end 120 sends the random numbers and the public key thereof to the APP end 110, the APP end 110 performs ECDH transformation according to the public key of the TBox end and the private key thereof, and the result is marked as ECDH1.
The APP terminal 110 sends the public key to the TBox terminal 120, the TBox terminal 120 performs ECDH transformation according to the private key and the public key of the APP terminal, and the result is recorded as ECDH2.
The APP terminal 110 and the TBox terminal 120 perform key calculation respectively, and when the keys are consistent, the keys are used as keys of the current session to perform encrypted communication.
And the key agreement is consistent at the TBox end 120, so that the session can be carried out, the potential safety hazard existing in the preset key is avoided, and the safety of communication with the APP end can be ensured.
Referring to fig. 2, a flow chart of a TBox communication method according to an embodiment of the present invention includes:
s201, establishing wireless connection between a TBox end and an APP end, wherein the TBox end forwards a connection request sent by the APP end to a cloud server;
the wireless connection is that the nodes are not connected through a conductor, and the wireless connection is generally applicable to short-distance communication, such as WiFi, bluetooth and the like, the APP end initiates a wireless connection request, the TBox end receives the request and then forwards a request data packet to a cloud service, and the cloud server is a background server corresponding to the vehicle end TBox generally.
S202, the cloud server verifies the validity of the user identity of the APP terminal according to the connection request, and if the user identity of the user is legal, a privacy problem is sent to the APP terminal;
the cloud server receives the connection request, asks for user identity information from the APP terminal, verifies whether the user identity is legal or not through the user identity information returned by the APP terminal and the user information stored in the cloud terminal, sends information to the TBox terminal when the user identity is verified to be illegal, rejects the connection request of the APP terminal, and sends a privacy problem to the APP terminal when the user identity is verified to be illegal, so that the user identity is further verified.
The identity information of the user at the APP verification end at least comprises a digital certificate, a digital signature, a user name and a user password.
The privacy problem generally refers to the privacy problem preset at the APP end, and after the APP completes registration at the cloud server, the corresponding privacy problem and answer can be input, so that whether the APP end is a legal connection request or not can be verified.
S203, if the private question of the APP terminal passes verification, the cloud server sends the private question answer encrypted by the hash to the TBox terminal;
hash encryption generally performs hash calculation on certain data through a hash algorithm to obtain a corresponding hash value, and specifically can convert target data into reversible ciphertexts with different lengths. The hash calculation is carried out on the private question answers, and then the encrypted private question answers can be obtained, so that the data security is guaranteed, and the subsequent secret key calculation is convenient.
S204, based on the connection between the TBox end and the APP end, the TBox end generates a random number and sends the random number and a public key of the TBox end to the APP end;
the random number is generated randomly by a TBox end and can be any natural number generally.
S205, the APP terminal utilizes a private key of the APP terminal and a public key of the TBox terminal to perform ECDH transformation to obtain a first transformation value;
the ECDH transformation, namely an ECDH key negotiation algorithm, respectively generates a key pair of a public key and a private key by an APP terminal and a TBox terminal, and the public keys of the APP terminal and the TBox terminal are exchanged to calculate a consistent key. In the conventional ECDH key negotiation algorithm, the public key may be tampered or replaced by an attacker during exchange, and the privacy problem of adding the random number and the hash encryption in the embodiment can further avoid the risk of data attack and ensure the data communication security.
S206, sending the public key of the APP end to the TBox end, and enabling the TBox end to perform ECDH transformation by using the private key of the TBox end and the public key of the APP end to obtain a second transformation value;
s207, the APP terminal and the TBox terminal respectively calculate corresponding keys according to the ECDH conversion value, the random number and the Hash encrypted private question answer;
specifically, the APP terminal calculates a secret key according to the ECDH conversion value, the random number and the Hash encrypted private question answer; and the TBox end calculates a secret key according to the ECDH conversion value, the random number and the Hash encrypted private question answer. The random number and the hash-encrypted private question answer at the APP end are generally the same as those at the TBox end.
Optionally, the APP end calculates the first key according to the first transform value, the random number, and the hash-encrypted question answer, where the APP end calculation formula is:
Secret1=HASH(RANDOM||HASH(answers)||ECDH1);
secret1 denotes a first key, HASH denotes HASH encryption, RANDOM denotes a RANDOM number, answers denotes a Secret question answer, and ECDH1 denotes a first transform value.
Optionally, the TBox end calculates the second key according to the second transform value, the random number, and the hash-encrypted question answer, where the TBox end has a calculation formula:
Secret2=HASH(RANDOM||HASH(answers)||ECDH2);
secret2 denotes a first key, HASH denotes HASH encryption, RANDOM denotes a RANDOM number, answers denotes a Secret question answer, and ECDH2 denotes a first transform value.
And S208, when the keys of the APP terminal and the TBox terminal are consistent, carrying out encryption communication by taking the keys as current session keys.
When the key calculated by the APP terminal is the same as the key calculated by the TBox terminal, it indicates that no data occurs between the APP terminal and the TBox terminal, and the key can be used as the key of the current session for data transmission.
Compared with the traditional preset key or a protection mode using a physical pipeline, the method provided by the embodiment is based on the verification of the user identity and the problem of privacy in advance, and is combined with the ECDH transformation and key negotiation mode, so that the data leak is effectively prevented, and the communication safety is guaranteed.
It should be understood that, the sequence numbers of the steps in the foregoing embodiments do not imply an execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, but should not constitute any limitation to the implementation process of the embodiments of the present invention,
fig. 3 is a schematic structural diagram of a TBox apparatus according to a third embodiment of the present invention, where the apparatus includes:
the forwarding module 310 is configured to forward a connection request sent by the APP end to the cloud server after establishing a wireless connection with the APP end;
the receiving module 320 is configured to receive a private question answer of hash encryption sent by the cloud server after the cloud server verifies that the APP end user identity and the private question pass;
after the identity of the APP user is verified by the cloud server, the privacy problem is sent to the APP, and the identity of the APP is further verified. After the verification is passed, the receiving module can obtain the private question answer of the hash encryption.
Optionally, the verifying the APP user identity at the cloud server includes:
and verifying the digital certificate, the digital signature, the user name and the user password of the APP terminal user.
A sending module 330, configured to generate a random number, and send the random number and the public key to the APP end;
the transformation module 340 is configured to perform ECDH transformation according to the public key of the APP end and the private key of the APP end to obtain a second transformation value;
a calculating module 350, configured to calculate a corresponding key according to the second transform value, the random number, and the hashed private question answer;
it should be noted that, when the calculation module 350 calculates the key, the APP performs key calculation according to the ECDH transform value, the random number, and the hash-encrypted secret question answer. And when the two keys are consistent, the APP terminal takes the key calculation result as a negotiation key.
Optionally, the calculating a corresponding key according to the second transform value, the random number, and the hash-encrypted private question answer specifically includes:
and the TBox end calculates a second key according to the second conversion value, the random number and the Hash encrypted question answer, wherein the TBox end has a calculation formula as follows:
Secret2=HASH(RANDOM||HASH(answers)||ECDH2);
secret2 denotes a first key, HASH denotes HASH encryption, RANDOM denotes a RANDOM number, answers denotes a Secret question answer, and ECDH2 denotes a first transform value.
And the verification module 360 is used for judging whether the own key is consistent with the key calculated by the APP terminal, and when the keys of the APP terminal and the TBox terminal are consistent, the key is used as the current session key for encrypted communication.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and reference may be made to the related descriptions of other embodiments for parts that are not described or illustrated in a certain embodiment.
Those skilled in the art will appreciate that all or part of the steps in the method for implementing the above embodiments may be implemented by a program to instruct associated hardware, where the program may be stored in a computer-readable storage medium, and when executed, the program includes steps S201 to S208, where the storage medium includes, for example: ROM/RAM, magnetic disk, optical disk, etc.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (5)

1. A TBox communication method is characterized by comprising the following steps:
establishing wireless connection between a TBox end and an APP end, and forwarding a connection request sent by the APP end to a cloud server by the TBox end;
the cloud server verifies the validity of the user identity of the APP terminal according to the connection request, and if the user identity is legal, a privacy problem is sent to the APP terminal;
if the private question of the APP terminal passes verification, the cloud server sends the private question answer encrypted by the hash to the TBox terminal;
based on the connection between the TBox end and the APP end, the TBox end generates a random number and sends the random number and a public key of the TBox end to the APP end;
the APP terminal utilizes a private key of the APP terminal and a public key of the TBox terminal to carry out ECDH transformation to obtain a first transformation value;
sending the public key of the APP end to the TBox end, and enabling the TBox end to perform ECDH transformation by using a private key of the TBox end and the public key of the APP end to obtain a second transformation value;
the APP terminal and the TBox terminal respectively calculate corresponding keys according to respective ECDH conversion values, random numbers and private question answers of Hash encryption;
and the TBox end calculates a second key according to the second conversion value, the random number and the Hash encrypted question answer, wherein the calculation formula of the TBox end is as follows:
Secret2=HASH(RANDOM||HASH(answers)||ECDH2);
secret2 represents a first key, HASH represents HASH encryption, RANDOM represents a RANDOM number, answers represents a Secret question answer, and ECDH2 represents a first transformation value;
and when the keys of the APP terminal and the TBox terminal are consistent, performing encryption communication by taking the key as the current session key.
2. The method of claim 1, wherein the cloud server verifying the validity of the APP user identity according to the connection request comprises:
and verifying the digital certificate, the digital signature, the user name and the user password of the APP terminal user.
3. The method according to claim 1, wherein the calculating of the corresponding secret key by the APP end and the TBox end according to the ECDH transform value, the random number, and the hash-encrypted answer to the secret question is specifically:
the APP terminal calculates a first secret key according to the first conversion value, the random number and the Hash encryption question answer, wherein the APP terminal calculation formula is as follows:
Secret1=HASH(RANDOM||HASH(answers)||ECDH1);
secret1 denotes a first key, HASH denotes HASH encryption, RANDOM denotes a RANDOM number, answers denotes a Secret question answer, and ECDH1 denotes a first transform value.
4. A TBox communication device, comprising:
the forwarding module is used for forwarding a connection request sent by the APP terminal to the cloud server after wireless connection with the APP terminal is established;
the receiving module is used for receiving the private question answer of the Hash encryption sent by the cloud server after the cloud server verifies the identity of the APP user and the private question;
the sending module is used for generating a random number and sending the random number and the public key to the APP terminal;
the conversion module is used for performing ECDH conversion according to the public key of the APP end and the private key of the APP end to obtain a second conversion value;
the calculation module is used for calculating a corresponding key according to the second conversion value, the random number and the private question answer encrypted by the Hash;
and the TBox end calculates a second key according to the second conversion value, the random number and the Hash encrypted question answer, wherein the TBox end has a calculation formula as follows:
Secret2=HASH(RANDOM||HASH(answers)||ECDH2);
secret2 represents a first key, HASH represents HASH encryption, RANDOM represents a RANDOM number, answers represents a private question answer, and ECDH2 represents a first transformation value;
and the verification module is used for judging whether the own key is consistent with the key obtained by calculation of the APP terminal, and when the keys of the APP terminal and the TBox terminal are consistent, the key is used as the current session key for encrypted communication.
5. The apparatus of claim 4, wherein the verifying the APP end user identity at the cloud server comprises:
and verifying the digital certificate, the digital signature, the user name and the user password of the APP terminal user.
CN201910951174.9A 2019-10-08 2019-10-08 TBox communication method and TBox device Active CN110753345B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910951174.9A CN110753345B (en) 2019-10-08 2019-10-08 TBox communication method and TBox device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910951174.9A CN110753345B (en) 2019-10-08 2019-10-08 TBox communication method and TBox device

Publications (2)

Publication Number Publication Date
CN110753345A CN110753345A (en) 2020-02-04
CN110753345B true CN110753345B (en) 2022-11-25

Family

ID=69277747

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910951174.9A Active CN110753345B (en) 2019-10-08 2019-10-08 TBox communication method and TBox device

Country Status (1)

Country Link
CN (1) CN110753345B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111586637A (en) * 2020-04-21 2020-08-25 汉腾汽车有限公司 Automobile and mobile phone network connection method based on dynamic password
CN112468294B (en) * 2020-11-23 2023-07-18 北京经纬恒润科技股份有限公司 Access method and authentication equipment of vehicle-mounted TBOX
CN112769912A (en) * 2020-12-30 2021-05-07 厦门市美亚柏科信息股份有限公司 Data synchronization method of Internet of things equipment and computer readable storage medium
CN114254342A (en) * 2021-12-10 2022-03-29 青岛海尔科技有限公司 Communication connection method, system, device, storage medium and processor
CN116366369B (en) * 2023-05-15 2023-07-25 成都工业职业技术学院 Data communication method, communication device and communication terminal in rail transit

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101521881A (en) * 2009-03-24 2009-09-02 刘建 Method and system for assessing wireless local area network
US9641328B1 (en) * 2014-03-10 2017-05-02 Ionu Security, Inc. Generation of public-private key pairs
CN108141444A (en) * 2015-09-29 2018-06-08 标致雪铁龙汽车股份有限公司 Improved authentication method and authentication device
CN110177354A (en) * 2019-06-21 2019-08-27 湖北亿咖通科技有限公司 A kind of wireless control method and system of vehicle
CN110191415A (en) * 2019-05-29 2019-08-30 深圳市元征科技股份有限公司 A kind of encryption method of information of vehicles, mobile unit and server

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101521881A (en) * 2009-03-24 2009-09-02 刘建 Method and system for assessing wireless local area network
US9641328B1 (en) * 2014-03-10 2017-05-02 Ionu Security, Inc. Generation of public-private key pairs
CN108141444A (en) * 2015-09-29 2018-06-08 标致雪铁龙汽车股份有限公司 Improved authentication method and authentication device
CN110191415A (en) * 2019-05-29 2019-08-30 深圳市元征科技股份有限公司 A kind of encryption method of information of vehicles, mobile unit and server
CN110177354A (en) * 2019-06-21 2019-08-27 湖北亿咖通科技有限公司 A kind of wireless control method and system of vehicle

Also Published As

Publication number Publication date
CN110753345A (en) 2020-02-04

Similar Documents

Publication Publication Date Title
CN110753345B (en) TBox communication method and TBox device
KR101904177B1 (en) Data processing method and apparatus
WO2018050081A1 (en) Device identity authentication method and apparatus, electric device, and storage medium
EP2272271B1 (en) Method and system for mutual authentication of nodes in a wireless communication network
US8452954B2 (en) Methods and systems to bind a device to a computer system
CA2956590C (en) Apparatus and method for sharing a hardware security module interface in a collaborative network
US20150172064A1 (en) Method and relay device for cryptographic communication
US10680835B2 (en) Secure authentication of remote equipment
CN110635901B (en) Local Bluetooth dynamic authentication method and system for Internet of things equipment
WO2019051776A1 (en) Key transmission method and device
US20180069836A1 (en) Tiered attestation for resource-limited devices
JP7497438B2 (en) Certificate application method and device
CN109831311A (en) A kind of server validation method, system, user terminal and readable storage medium storing program for executing
CN113615220B (en) Secure communication method and device
CN102082665A (en) Identity authentication method, system and equipment in EAP (Extensible Authentication Protocol) authentication
US20210392004A1 (en) Apparatus and method for authenticating device based on certificate using physical unclonable function
CN111654481B (en) Identity authentication method, identity authentication device and storage medium
CN113207322B (en) Communication method and communication device
CN104243452A (en) Method and system for cloud computing access control
WO2023279283A1 (en) Method for establishing secure vehicle communication, and vehicle, terminal and system
CN111277583A (en) Identity authentication method for monitoring system of mobile cloud computing
CN109995723B (en) Method, device and system for DNS information interaction of domain name resolution system
WO2017020530A1 (en) Enhanced wlan certificate authentication method, device and system
CN113630244A (en) End-to-end safety guarantee method facing communication sensor network and edge server
CN117439740A (en) In-vehicle network identity authentication and key negotiation method, system and terminal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant