CN110768938A - Vehicle safety communication method and device - Google Patents

Vehicle safety communication method and device Download PDF

Info

Publication number
CN110768938A
CN110768938A CN201810846365.4A CN201810846365A CN110768938A CN 110768938 A CN110768938 A CN 110768938A CN 201810846365 A CN201810846365 A CN 201810846365A CN 110768938 A CN110768938 A CN 110768938A
Authority
CN
China
Prior art keywords
key
session key
ciphertext
asymmetric
algorithm
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810846365.4A
Other languages
Chinese (zh)
Inventor
费枭
吴平友
周鑫强
李秋实
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
SAIC Motor Corp Ltd
Original Assignee
SAIC Motor Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by SAIC Motor Corp Ltd filed Critical SAIC Motor Corp Ltd
Priority to CN201810846365.4A priority Critical patent/CN110768938A/en
Publication of CN110768938A publication Critical patent/CN110768938A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Abstract

The embodiment of the application discloses a vehicle safety communication method, wherein a remote communication module of a vehicle and a server of a remote service platform can generate an asymmetric key pair, a public key in the asymmetric key pair is transmitted to encrypt or decrypt a first session key, so that the first session key is ensured to be transmitted in a ciphertext form, even if an illegal molecule acquires the ciphertext, the first session key cannot be decrypted due to the lack of a corresponding private key, when the remote communication module communicates with the server of the remote service platform, communication data is encrypted or decrypted by using the first session key, and the communication data is transmitted in the ciphertext form, so that the safety of communication between the vehicle and the remote service platform is ensured, hackers or illegal molecules simulating communication information to control the work of a vehicle system are avoided, and the driving safety is ensured. The embodiment of the application also discloses a vehicle safety communication device.

Description

Vehicle safety communication method and device
Technical Field
The present application relates to the field of communications, and in particular, to a method and an apparatus for vehicle security communication.
Background
With the development of science and technology, vehicles have become more extensive vehicles and transportation means. In order to meet the requirements of people on various aspects such as entertainment, leisure and the like, the networked vehicles are born at the same time. Taking an automobile as an example, the intelligent networked automobile is a necessary trend for the development of the next generation of automobiles.
However, when the car networking is used for realizing car intellectualization, due to the openness of the network, the traditional safety problems appearing in the fields of internet and the like also start to threaten the car, the traffic trip safety and the personal information safety of people are directly affected, and the development of the traditional car to the intelligent networking direction is objectively and seriously hindered. The remote service platform is connected with the automobile, the vehicle-mounted equipment manufacturer, the network operator and the content provider, and is a main interface for the automobile to externally obtain remote service and internet functions. Once the wireless communication between the remote service platform and the vehicle is maliciously cracked or attacked, the information safety of the vehicle owner, the vehicle function and even the driving safety are seriously influenced.
Therefore, a method for secure communication between a vehicle and a remote service platform is provided, which avoids the communication data between the remote service platform and the vehicle from being stolen or tampered, thereby affecting information security and driving security, and is a problem to be solved urgently.
Disclosure of Invention
In view of this, the present application provides a vehicle secure communication method and apparatus, so that a vehicle and a remote service platform can communicate securely, the risk of stealing or tampering communication data is reduced, and vehicle owner information security and driving security are guaranteed.
The application provides a vehicle safety communication method, which is applied to a remote communication module of a vehicle, and comprises the following steps:
generating a first asymmetric key pair in response to a user-triggered activation request; the first asymmetric key pair comprises a first public key and a first private key;
sending the first public key to a server so that the server calls an algorithm library generation interface to be connected with a built-in cipher machine to generate a first session key; receiving a first session key ciphertext returned by the server and obtained by encrypting the first session key by using the first public key, and decrypting the first session key ciphertext by using the first private key to obtain the first session key;
encrypting communication data by using the first session key to obtain a communication data ciphertext, so that the server decrypts the communication data ciphertext by using the first session key to obtain the communication data; or the first session key is used for decrypting the received communication data cipher text to obtain communication data, so that vehicle safety communication is realized;
wherein the first asymmetric key pair corresponds to a first asymmetric cryptographic algorithm; the first session key corresponds to a first symmetric encryption algorithm.
Optionally, the method further includes:
encrypting the first public key by using a default key of a first symmetric encryption algorithm and the first symmetric encryption algorithm to obtain a first public key ciphertext;
sending the first public key to a server so that the server calls an algorithm library generation interface to connect with a built-in cryptographic machine, and generating a first session key comprises:
and sending the first public key ciphertext to a server so that the server decrypts the first public key ciphertext by using the default key to obtain the first public key, and calling an algorithm library generation interface to connect with a built-in cipher machine to generate a first session key.
Optionally, the method further includes:
receiving a default key transmitted by the server through a secure way; the default key is generated in advance by the server by using the cipher machine.
Optionally, the method further includes:
receiving a second public key transmitted by the server through a secure way; the second public key is a public key in a second asymmetric key pair generated in advance by the cipher machine; the second asymmetric key pair comprises a second public key and a second private key; the second asymmetric key pair corresponds to the first asymmetric cryptographic algorithm;
if the server further returns a signature value obtained by signing the first session key ciphertext by using the second private key and a signature algorithm, the method further comprises:
verifying the signature value by using the second public key;
decrypting the first session key ciphertext with the first private key to obtain the first session key comprises:
and if the signature value passes the verification, decrypting the first session key ciphertext by using the first private key to obtain the first session key.
Optionally, the first symmetric encryption algorithm is an SM4 algorithm, the first asymmetric encryption algorithm is an SM2 algorithm, and the signing algorithm is an algorithm that calculates a hash value by using an SM3 algorithm and signs the hash value by using an SM2 algorithm.
Optionally, the method further includes:
updating the first session key in response to an update request for the first session key initiated by the server.
The second aspect of the present application provides an apparatus for a remote communication module for a vehicle, the apparatus comprising:
a generation module for generating a first asymmetric key pair in response to a user-triggered activation request; the first asymmetric key pair comprises a first public key and a first private key;
the sending module is used for sending the first public key to a server so that the server calls an algorithm library to generate an interface to be connected with a built-in cipher machine and generate a first session key; a receiving module, configured to receive a first session key ciphertext obtained by encrypting the first session key with the first public key, where the first session key ciphertext is returned by the server;
the encryption and decryption module is used for decrypting the first session key ciphertext by using the first private key to obtain the first session key;
the encryption and decryption module is further configured to encrypt communication data by using the first session key to obtain a communication data ciphertext, so that the server decrypts the communication data ciphertext by using the first session key to obtain the communication data; or the first session key is used for decrypting the received communication data cipher text to obtain communication data, so that vehicle safety communication is realized;
wherein the first asymmetric key pair corresponds to a first asymmetric cryptographic algorithm; the first session key corresponds to a first symmetric encryption algorithm.
Optionally, the encryption and decryption module is further configured to:
encrypting the first public key by using a default key of a first symmetric encryption algorithm and the first symmetric encryption algorithm to obtain a first public key ciphertext;
the sending module is configured to:
and sending the first public key ciphertext to a server so that the server decrypts the first public key ciphertext by using the default key to obtain the first public key, and calling an algorithm library generation interface to connect with a built-in cipher machine to generate a first session key.
Optionally, the receiving module is further configured to:
receiving a default key transmitted by the server through a secure way; the default key is generated in advance by the server by using the cipher machine.
Optionally, the apparatus further comprises a verification module,
the receiving module is further configured to:
receiving a second public key transmitted by the server through a secure way; the second public key is a public key in a second asymmetric key pair generated in advance by the cipher machine; the second asymmetric key pair comprises a second public key and a second private key; the second asymmetric key pair corresponds to the first asymmetric cryptographic algorithm;
the verification module is to:
if the server also returns a signature value obtained by signing the first session key ciphertext by using the second private key and a signature algorithm, verifying the signature value by using the second public key;
the encryption and decryption module is further configured to:
and if the signature value passes the verification, decrypting the first session key ciphertext by using the first private key and the first asymmetric encryption algorithm to obtain the first session key.
Optionally, the first symmetric encryption algorithm is an SM4 algorithm, the first asymmetric encryption algorithm is an SM2 algorithm, and the signing algorithm is an algorithm that calculates a hash value by using an SM3 algorithm and signs the hash value by using an SM2 algorithm.
Optionally, the apparatus further includes an update module, configured to:
updating the first session key in response to an update request for the first session key initiated by the server.
The third aspect of the present application provides a vehicle secure communication method, applied to a server, the method including:
receiving a first public key sent by a remote communication module of a vehicle; the first public key is a public key in a first asymmetric key pair generated by the remote communication module in response to a user-triggered activation request; the first asymmetric key pair comprises the first public key and a first private key;
calling an algorithm library generation interface to connect with a built-in cipher machine to generate a first session key; encrypting the first session key by using the first public key to obtain a first session key ciphertext, sending the first session key ciphertext to the remote communication module so that the remote communication module decrypts the first session key ciphertext to obtain a first session key, and encrypting or decrypting by using the first session key;
decrypting the communication data ciphertext sent by the remote communication module by using the first session key to obtain communication data; or encrypting communication data by using the first session key to obtain a communication data ciphertext, and sending the communication data ciphertext to the remote communication module to realize vehicle safety communication;
wherein the first asymmetric key pair corresponds to a first asymmetric cryptographic algorithm; the first session key corresponds to a first symmetric encryption algorithm.
Optionally, the method further includes:
signing the first session key ciphertext by using a second private key and a signature algorithm to obtain a signature value of the first session key ciphertext; the second private key is a private key in a second asymmetric key pair generated in advance by the cipher machine, the second asymmetric key pair corresponds to the first asymmetric encryption algorithm, and the second asymmetric key pair comprises a second public key and the second private key;
sending the first session key ciphertext to the remote communication module comprises:
and sending the first session key ciphertext and the signature value to a vehicle remote communication module.
A fourth aspect of the present application provides a vehicle security communication apparatus applied to a server, the apparatus including:
the receiving module is used for receiving a first public key sent by a remote communication module of the vehicle; the first public key is a public key in a first asymmetric key pair generated by the remote communication module in response to a user-triggered activation request; the first asymmetric key pair comprises the first public key and a first private key;
the generating module is used for calling an algorithm library generating interface to be connected with a built-in cipher machine and generating a first session key; the encryption and decryption module is used for encrypting the first session key by using the first public key to obtain a first session key ciphertext;
the sending module is used for sending the first session key ciphertext to the remote communication module so that the remote communication module can decrypt the first session key ciphertext to obtain a first session key and encrypt or decrypt the first session key;
the encryption and decryption module is further configured to decrypt the communication data ciphertext sent by the remote communication module by using the first session key to obtain communication data; or encrypting communication data by using the first session key to obtain a communication data ciphertext, and sending the communication data ciphertext to the remote communication module to realize vehicle safety communication;
wherein the first asymmetric key pair corresponds to a first asymmetric cryptographic algorithm; the first session key corresponds to a first symmetric encryption algorithm.
Optionally, the apparatus further comprises:
the signature module is used for signing the first session key ciphertext by using a second private key and a signature algorithm to obtain a signature value of the first session key ciphertext; the second private key is a private key in a second asymmetric key pair generated in advance by the cipher machine, the second asymmetric key pair corresponds to the first asymmetric encryption algorithm, and the second asymmetric key pair comprises a second public key and the second private key;
the sending module is specifically configured to:
and sending the first session key ciphertext and the signature value to a vehicle remote communication module.
According to the technical scheme, the embodiment of the application has the following advantages:
in the embodiment of the application, the remote communication module of the vehicle and the server of the remote service platform can generate an asymmetric key pair, the first session key can be encrypted or decrypted by transmitting a public key in the asymmetric key pair, the first session key is guaranteed to be transmitted in a ciphertext form, even if an illegal party obtains the ciphertext, the first session key cannot be decrypted due to the lack of a corresponding private key, when the remote communication module communicates with the server of the remote service platform, the first session key is used for encrypting or decrypting communication data, the communication data is transmitted in the ciphertext form, and the safety of communication between the vehicle and the remote service platform is guaranteed. Therefore, the method and the device can prevent the secret key from being illegally acquired through a set of complete secret key management scheme, on one hand, the communication safety of the vehicle and the remote service platform is improved, on the other hand, hackers or illegal molecular simulation communication information are prevented from controlling the vehicle system to work, and the driving safety is guaranteed.
Drawings
FIG. 1 is a flow chart of a method for secure communication of a vehicle according to an embodiment of the present application;
FIG. 2 is a schematic diagram of encrypting communication data according to an embodiment of the present application;
FIG. 3 is a flow chart of a method for secure communication of a vehicle according to an embodiment of the present application;
FIG. 4 is a signaling diagram of a vehicle in secure communication with a remote service platform in an embodiment of the present application;
FIG. 5 is an interaction flow diagram of session key negotiation in an embodiment of the present application;
FIG. 6 is a flowchart illustrating an interaction of session key update in an embodiment of the present application;
fig. 7 is a schematic structural view of a vehicle safety communication device in an embodiment of the present application;
fig. 8 is a schematic structural diagram of a vehicle safety communication device in an embodiment of the present application.
Detailed Description
In order to make the technical solutions of the present application better understood, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The terms "first," "second," "third," "fourth," and the like in the description and in the claims of the present application and in the drawings described above, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the application described herein are, for example, capable of operation in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Aiming at the problems of information potential safety hazard and driving potential safety hazard existing in a communication method between a vehicle and a remote service platform in the prior art, the application provides a vehicle safety communication method, a remote communication module of the vehicle responds to an activation request triggered by a user to generate a first asymmetric key pair and sends a first public key in the first asymmetric key pair to a server, the server calls an algorithm library to generate an interface to be connected with a built-in cipher machine to generate a first session key, the first public key is used for encrypting the first session key to obtain a first session key ciphertext and sending the first session key ciphertext to the remote communication module, the remote communication module can use the first private key to decrypt the first session key ciphertext to obtain the first session key, so that the transmission safety of the first session key is ensured, and illegal molecules are prevented from stealing the first session key, when the remote communication module and the server need to communicate, the communication data can be encrypted by using the first session key, or the communication data ciphertext can be decrypted by using the first session key.
By the method, the communication data can be encrypted and decrypted by the first session key between the vehicle and the remote server platform, and the communication data is transmitted in a ciphertext mode, so that the communication data is prevented from being stolen or tampered in the transmission process, the information safety of a vehicle owner is guaranteed, and the driving safety hidden danger caused by tampering of the instruction information is avoided.
In order to make the technical solutions of the embodiments of the present application clearer, the following describes a vehicle safety communication method provided by the embodiments of the present application with reference to the accompanying drawings.
The vehicle safety communication method provided by the application is described from the perspective of a vehicle. Fig. 1 is a flowchart of a vehicle safety communication method provided in an embodiment of the present application, applied to a remote communication module of a vehicle, and referring to fig. 1, the method includes:
s101: generating a first asymmetric key pair in response to a user-triggered activation request; the first asymmetric key pair includes a first public key and a first private key.
In this embodiment, the vehicle has a remote communication module for interacting with a server of a remote service platform to obtain a corresponding service. To enable secure communications between the vehicle and the remote service platform, the vehicle and the remote service platform may negotiate to generate an encryption key with which to encrypt the communications data.
Based on this, the user may trigger an activation request for activating the generation of the encryption key. The remote communication module may generate a first asymmetric key pair in response to the activation request, wherein the first asymmetric key pair includes a first public key and a first private key.
It should be noted that the first asymmetric key pair corresponds to a first asymmetric encryption algorithm. When the first asymmetric encryption algorithm is used for encryption, the public key can be used for encryption, and the private key can be used for decryption. When the public key is transmitted to the opposite terminal, when the opposite terminal transmits data encrypted by the public key, the encrypted data can be decrypted by the private key of the opposite terminal. In this embodiment, the remote communication module sends the first public key to a server of the remote service platform, and the server may perform further processing by using the received first public key.
In some possible implementations, the first asymmetric encryption algorithm may be an SM2 elliptic curve public key cryptographic algorithm. The vehicle telematics module is integrated with a security chip that can generate a first asymmetric key pair, such as an asymmetric key pair corresponding to the SM2 algorithm. In some cases, the first asymmetric encryption algorithm may also be another type of asymmetric encryption algorithm, such as Elliptic Curve Cryptography (ECC).
S102: sending the first public key to a server so that the server calls an algorithm library generation interface to be connected with a built-in cipher machine to generate a first session key; the second public key is a public key in a second asymmetric key pair generated in advance by the cipher machine; the second asymmetric key pair includes a second public key and a second private key.
In this embodiment, the remote communication module may send the first public key to the server to trigger the server to generate a first session key for encrypting communication data in the session. Specifically, the server may call an algorithm library generation interface to connect with a built-in cryptographic engine to generate the first session key.
The cipher machine is a hardware device deployed in the server, is responsible for random generation and safe storage of a service link key, and provides various cipher algorithm interfaces. The cipher machine adopts a relatively perfect security system no matter in hardware, software, application interfaces or management means, and ensures the self security of the cipher machine and the security of an upper-layer service interface.
When the server receives the first public key sent by the remote communication module, the server can call an algorithm library generation interface to connect with a built-in cipher machine to generate a new encryption key, wherein the encryption key is the first session key.
Wherein the first session key corresponds to a first symmetric encryption algorithm, which may be used for data encryption or decryption. In this embodiment, the first session key is a key for encrypting or decrypting communication data between the remote communication module and the server. The first symmetric Encryption algorithm may be an SM4 block cipher algorithm, and in some cases, the first symmetric Encryption algorithm may also be an Advanced Encryption Standard (AES) algorithm.
It should be noted that, during the pre-installation phase of the vehicle, the server may also generate a default key of the first symmetric encryption algorithm by using the cryptographic engine, and transmit the default key to the remote communication module of the vehicle through a secure transmission path. The secure transmission path may be an offline transmission path, and the default key may be transmitted offline by a specific person, so as to avoid being acquired or tampered by a third party.
In order to improve the communication safety between the vehicle and the wireless service platform, the remote communication module of the vehicle can encrypt the first public key by using a pre-obtained default secret key and combining a first symmetric encryption algorithm to obtain a first public key ciphertext, and the first public key ciphertext replaces the first public key to be sent to the server, so that the server can decrypt the first public key ciphertext by using the default secret key to obtain the first public key, and then, an algorithm library generation interface is called to connect with a built-in cipher machine to generate a first session secret key. Because the first public key is transmitted in a ciphertext form, even if a third party acquires the ciphertext of the first public key, the third party cannot decrypt the ciphertext to acquire the first public key due to the lack of the default key for encrypting the ciphertext, and the information safety is guaranteed.
S103: and receiving a first session key ciphertext returned by the server and obtained by encrypting the first session key by using the first public key, and decrypting the first session key ciphertext by using the first private key to obtain the first session key.
The embodiment realizes the safe communication between the vehicle and the remote service platform by encrypting the communication data through a symmetric encryption algorithm. Therefore, after receiving the first session key ciphertext returned by the server, the remote communication module may decrypt the first session key ciphertext to obtain the first session key, so as to encrypt the communication data by using the first session key, or decrypt the received ciphertext by using the first session key.
The remote communication module sends the first public key to the server, the server encrypts the first session key by using the first public key, and the remote communication module decrypts the first session key ciphertext by using the first private key to obtain the first session key.
The first session key is transmitted between the remote communication module and the server of the remote service platform in a ciphertext mode, so that the security of the first session key in the transmission process is guaranteed, and the information security of a user is further guaranteed.
In the preassembly stage of the vehicle, the server of the remote service platform can call the cipher machine to generate a second asymmetric key in advance, and the second asymmetric key corresponds to the first asymmetric encryption algorithm. The second asymmetric key pair includes a second public key and a second private key.
In order to further avoid the first session key from being tampered, the server can also utilize a second private key to sign the first session ciphertext, and the remote communication module verifies the signature value of the first session ciphertext through a second public key received in advance, so that whether the first session key ciphertext is tampered or not is determined, and the transmission security is ensured.
In some possible implementations, if the server also returns a signature value of the first session key ciphertext, the remote communication module may also perform signature verification on the first session key ciphertext. Specifically, if the server returns a signed value obtained by signing the first session key using the second private key and the signing algorithm, the vehicle's telematics module can verify the signed value using the second public key. Wherein the second public key is transmitted to the remote communication module by the server through a secure transmission path. The server may transmit the second public key to the remote communication module together with the default key.
Wherein, the first symmetric encryption algorithm may be an SM4 algorithm, the first asymmetric encryption algorithm may be an SM2 algorithm, and the signing algorithm may be an algorithm that calculates a hash value by using a hash algorithm SM3 algorithm and signs the hash value by using an SM2 algorithm. Specifically, the server may calculate a hash value of the SM3 algorithm for the first session key ciphertext, sign the SM3 algorithm hash value of the first session key ciphertext with the SM2 algorithm and the second private key to obtain a signature value, and send the signature value and the first session key ciphertext to the remote communication module of the vehicle. In this manner, the remote communication module can verify the signature value upon receipt of the signature value. If the verification is passed, the first session key or the first session key ciphertext is complete, has no transmission error, and is not intentionally tampered, the first session key can be decrypted to obtain the first session key, and the first session key is used for encrypting or decrypting data.
S104: encrypting communication data by using the first session key to obtain a communication data ciphertext, so that the server decrypts the communication data ciphertext by using the first session key to obtain the communication data; or the first session key is used for decrypting the received communication data cipher text to obtain communication data, and vehicle safety communication is realized.
When the remote communication module and the server both obtain the first session key, the first session key can be utilized to encrypt or decrypt communication data, so that secure communication between the remote communication module and the server, namely between the vehicle and the remote service platform, is realized.
Specifically, the remote communication module may encrypt the communication data using the first session key to obtain a communication data ciphertext, and thus, the server may decrypt the communication data ciphertext using the first session key to obtain the communication data when receiving the communication data ciphertext. The remote communication module can also decrypt the received communication data cipher text by using the first session key to obtain communication data, thereby realizing vehicle safety communication.
It should be noted that the communication Data between the vehicle remote communication module and the remote service platform includes two parts, namely Header file and Application Data. As shown in fig. 2, the header mainly includes the relevant information such as the identification of the vehicle remote communication module and the Data length, and the Application Data mainly includes the relevant information such as the vehicle operation Data and the vehicle control request. When encrypting communication Data by using a first symmetric encryption algorithm, such as the SM4 algorithm, since the first session key of each telecommunication module can be different, the respective telecommunication module can be identified by the Header, and the algorithm and key used for encryption or decryption can be distinguished, so that only the Application Data part Data can be encrypted without encrypting the Header part of the communication Data. Moreover, only the Data corresponding to the Application Data portion is encrypted, so that the calculation amount can be reduced.
In practical applications, the steps of sending the first public key, generating the first session key, and sending the first session key, that is, S101 to S103, may be executed once, and after the remote communication module and the server obtain the first session key, the first session key may be repeatedly used to perform data encryption or decryption, that is, S104 may be executed multiple times.
In order to ensure information security, valid time can be set for the key, including valid time of the first asymmetric key pair, the first symmetric key, and the first session key, and when the key expires, the corresponding key can be regenerated. The setting of the effective time may be set according to a requirement, which is not limited in this embodiment.
In order to prevent the first session key from being acquired or cracked during subsequent use, the first session key may be updated periodically or aperiodically. The remote communication module may update the first session key in response to a server-initiated update request for the first session key.
Therefore, the vehicle secure communication method is provided in the embodiments of the present application, the vehicle remote communication module and the server of the remote service platform may generate an asymmetric key pair, and the first session key may be encrypted or decrypted by transmitting a public key in the asymmetric key pair, so as to ensure that the first session key is transmitted in a form of a ciphertext, even if an illegal party obtains the ciphertext, the first session key cannot be decrypted due to lack of a corresponding private key, and when the remote communication module communicates with the server of the remote service platform, the first session key is used to encrypt or decrypt communication data, which is transmitted in a form of the ciphertext, so as to ensure security of communication between the vehicle and the remote service platform. Therefore, the method and the device can prevent the secret key from being illegally acquired through a set of complete secret key management scheme, on one hand, the communication safety of the vehicle and the remote service platform is improved, on the other hand, hackers or illegal molecular simulation communication information are prevented from controlling the vehicle system to work, and the driving safety is guaranteed.
In the following, the vehicle security communication method provided by the embodiment of the present invention is described from the perspective of the server of the remote service platform.
Fig. 3 is a flowchart of a vehicle secure communication method provided in an embodiment of the present application, applied to a server, and referring to fig. 3, the method includes:
s301: receiving a first public key sent by a remote communication module of a vehicle; the first public key is a public key in a first asymmetric key pair generated by the remote communication module in response to a user-triggered activation request; the first asymmetric key pair includes the first public key and a first private key.
After the key pre-installation phase, the user may initiate an activation request via the tool, and the vehicle telematics module may generate a first asymmetric key pair in response to the activation request and send a first public key of the first asymmetric key pair to the server. The related contents of the first asymmetric key pair and the first public key may be referred to the above description, and are not described herein again.
S302: calling an algorithm library generation interface to connect with a built-in cipher machine to generate a first session key; after receiving the first public key sent by the remote communication module, the server may call an algorithm library generation interface to connect with a built-in cryptographic machine, and generate a first session key. S303: and encrypting the first session key by using the first public key to obtain a first session key ciphertext, sending the first session key ciphertext to the remote communication module so that the remote communication module decrypts the first session key ciphertext to obtain the first session key, and encrypting or decrypting by using the first session key.
After the first session key is generated, the first public key is used for encrypting the first session key to obtain a first session key ciphertext, the first session key ciphertext is sent to the remote communication module, the remote communication module can use the first private key to decrypt the first session key ciphertext to obtain the first session key, and thus the server and the remote communication module both have the first session key which can be used for encrypting or decrypting data between the server and the remote communication module.
It should be noted that, before sending the first session key ciphertext, the server may further sign the first session key ciphertext, so that the remote communication module verifies the signature value, and if the verification is passed, decrypts the first session key ciphertext, thereby preventing the first session key from being stolen or tampered, and even if the first session key is tampered, the first session key may be discovered in time.
In some possible implementation manners, the server may encrypt the first session key by using a first public key and a first asymmetric encryption algorithm to obtain a first session key ciphertext, then sign the first session key by using a second private key and a signature algorithm to obtain a signature value of the first session key, and send the first session key ciphertext and the signature value to the vehicle remote communication module.
Wherein, the signature algorithm can be referred to the above related description. The server transmits the second public key to the remote communication module in advance, and the remote communication module receives a signature value obtained by signing the first session key ciphertext by using the second private key, and can verify the signature value by using the second public key. If the verification is passed, the first session key ciphertext is indicated to be not tampered, the first private key can be used for decryption to obtain the first session key, and the first session key is used for encryption or decryption of communication data.
S304: decrypting the communication data ciphertext sent by the remote communication module by using the first session key to obtain communication data; or encrypting communication data by using the first session key to obtain a communication data ciphertext, and sending the communication data ciphertext to the remote communication module to realize vehicle safety communication.
The server sends the first session key to the remote communication module, and the remote communication module and the server are both provided with the first session key and can encrypt or decrypt by using the first session key so as to realize the safe communication between the remote service platform and the vehicle.
Therefore, the vehicle secure communication method is provided in the embodiments of the present application, the vehicle remote communication module and the server of the remote service platform may generate an asymmetric key pair, and the first session key may be encrypted or decrypted by transmitting a public key in the asymmetric key pair, so as to ensure that the first session key is transmitted in a form of a ciphertext, even if an illegal party obtains the ciphertext, the first session key cannot be decrypted due to lack of a corresponding private key, and when the remote communication module communicates with the server of the remote service platform, the first session key is used to encrypt or decrypt communication data, which is transmitted in a form of the ciphertext, so as to ensure security of communication between the vehicle and the remote service platform. Therefore, the method and the device can prevent the secret key from being illegally acquired through a set of complete secret key management scheme, on one hand, the communication safety of the vehicle and the remote service platform is improved, on the other hand, hackers or illegal molecular simulation communication information are prevented from controlling the vehicle system to work, and the driving safety is guaranteed.
The vehicle security communication method provided by the embodiment of the present application is described above from the perspective of the vehicle and the remote service platform, respectively, and will be described below from the perspective of the remote communication module of the vehicle and the server interaction.
Fig. 4 is a signaling flow chart of the secure communication between the remote service platform and the vehicle remote communication module, in which the remote service platform has a built-in cryptographic engine and the vehicle is equipped with the remote communication module. In the present embodiment, for convenience of description, the first asymmetric public key pair P generated by the vehicle communication module is usedTBOX、STBOXIs represented by PTBOXIs a first public key, STBOXIs the first private key. Similarly, the remote service platform uses P as a second asymmetric key pair generated in advance by the cryptographic engineTSP、STSPIs represented by PTSPIs the second public key, STSPIs the second private key. The first asymmetric key pair and the second asymmetric key pair correspond to the SM2 algorithm. K for default key of SM4 algorithm generated by cipher machine in advance0K for the first session key representing the SM4 algorithm negotiated by the server of the remote service platform and the vehicle telematics module1And (4) showing.
In the pre-installation stage of the factory secret key, the remote service platform calls a cipher machine to generate an asymmetric secret key pair (P) of the remote service platformTSP、STSP) And SM4 Algorithm Default Key K0Then, the remote service platform sends the public key PTSPAnd SM4 Algorithm default Key K0Export, by secure means, PTSPAnd K0To the vehicle telematics module provider. Public key P is about to be public in part production phase by vehicle remote communication module controllerTSPAnd SM4 Algorithm default Key K0Stored in the local security chip.
In the session key agreement phase, as shown in FIG. 5, the vehicle telematics module generates a telematics module asymmetric key pair (P) by initiating an activation request by the tool by the operatorTBOX、STBOX) And the public key P is combinedTBOXUsing a default key K0And sending the encrypted data to a remote service platform. Remote service platform uses default key K0Decrypting the request data to obtain the public key PTBOXTemporarily stored locally. The remote service platform calls an algorithm library generation interface to be connected with the cipher machine to generate a first session key K of a new SM4 algorithm1. Then, for the first session key K1The hash value of the SM3 algorithm is calculated. Using the vehicle telematics module public key PTBOXFor the first session key K1Encrypting and using the remote service platform private key STSPFor the first session key K1SM3 algorithm hash value of (a). And the signature value and the key ciphertext are sent to the vehicle remote communication module.
The vehicle remote communication module receives the first session key ciphertext and the signature value, and uses the remote service platform public key PTSPVerifying the validity of the signature using the vehicle telematics module private key STBOXDecrypting the ciphertext to obtain a first session key K of the session1. The vehicle telematics module sends the new first session key K1Replacement of default session key K0And feeding back the key updating result to the remote service platform.
In the data security transmission phase, the vehicle remote communication module uses the first session key K of the session1Data encryption and decryption transmission is carried out, and the remote service platform uses the first session key K of the session1And carrying out data encryption and decryption transmission. When the first session key needs to be updated, the remote service platform may also initiate a key update procedure, as shown in fig. 6, the remote service platform may initiate a key update request and use K1Encryption, the vehicle telematics module can utilize K upon receiving the request1Decrypting, generating new negations in response to the requestSymmetric key pair (P)TBOX’,STBOX') and then using K1Encrypted public key PTBOX' and sent to the server of the remote service platform, from which the server can generate a new first session key K2The remote service platform can use the new secret key K2Using PTBOX' encryption, using STSPSignature, passing to vehicle telematics module, which then uses telematics platform public key PTSPDetecting signature information using a vehicle telematics module STBOX' decryption results in a new first session key K2. In this manner, the vehicle telematics module and the remote service platform can use the first session key K for this session2And data encryption and decryption transmission is carried out, and safe communication is realized.
The above is a specific implementation manner of the vehicle safety communication method provided in the embodiment of the present application, and does not limit the technical scheme of the present application. Based on the specific implementation manner of the vehicle safety communication method, the application also provides a vehicle safety communication device.
Next, a vehicle safety communication device provided in an embodiment of the present application will be described with reference to the drawings from the viewpoint of functional modularization.
Fig. 7 is a schematic structural diagram of a vehicle safety communication device provided in an embodiment of the present application, applied to a remote communication module of a vehicle, and referring to fig. 7, the device 700 includes:
a generating module 710 for generating a first asymmetric key pair in response to a user-triggered activation request; the first asymmetric key pair comprises a first public key and a first private key;
a sending module 720, configured to send the first public key to a server, so that the server invokes an algorithm library to generate an interface to connect to a built-in cryptographic engine, and generates a first session key; a receiving module 730, configured to receive a first session key ciphertext obtained by encrypting the first session key with the first public key, where the first session key ciphertext is returned by the server;
the encryption and decryption module 740 is configured to decrypt the first session key ciphertext with the first private key to obtain the first session key;
the encryption and decryption module 740 is further configured to encrypt the communication data by using the first session key to obtain a communication data ciphertext, so that the server decrypts the communication data ciphertext by using the first session key to obtain the communication data; or the first session key is used for decrypting the received communication data cipher text to obtain communication data, so that vehicle safety communication is realized;
wherein the first asymmetric key pair corresponds to a first asymmetric cryptographic algorithm; the first session key corresponds to a first symmetric encryption algorithm.
Optionally, the encryption and decryption module 740 is further configured to:
encrypting the first public key by using a default key of a first symmetric encryption algorithm and the first symmetric encryption algorithm to obtain a first public key ciphertext;
the sending module 720 is configured to:
and sending the first public key ciphertext to a server so that the server decrypts the first public key ciphertext by using the default key to obtain the first public key, and calling an algorithm library generation interface to connect with a built-in cipher machine to generate a first session key.
Optionally, the receiving module 730 is further configured to:
receiving a default key transmitted by the server through a secure way; the default key is generated in advance by the server by using the cipher machine.
Optionally, the apparatus further comprises a verification module,
the receiving module 730 is further configured to;
receiving a second public key transmitted by the server through a secure way; the second public key is a public key in a second asymmetric key pair generated in advance by the cipher machine; the second asymmetric key pair comprises a second public key and a second private key; the second asymmetric key pair corresponds to the first asymmetric cryptographic algorithm;
the verification module is to:
if the server also returns a signature value obtained by signing the first session key ciphertext by using the second private key and a signature algorithm, verifying the signature value by using the second public key;
the encryption and decryption module 740 is further configured to:
and if the signature value passes the verification, decrypting the first session key ciphertext by using the first private key and the first asymmetric encryption algorithm to obtain the first session key.
Optionally, the first symmetric encryption algorithm is an SM4 algorithm, the first asymmetric encryption algorithm is an SM2 algorithm, and the signing algorithm is an algorithm that calculates a hash value by using an SM3 algorithm and signs the hash value by using an SM2 algorithm.
Optionally, the apparatus further includes an update module, configured to:
updating the first session key in response to an update request for the first session key initiated by the server.
Fig. 8 is a schematic structural diagram of a vehicle safety communication device provided in an embodiment of the present application, applied to a server, and referring to fig. 8, the device 800 includes:
a receiving module 810, configured to receive a first public key sent by a remote communication module of a vehicle; the first public key is a public key in a first asymmetric key pair generated by the remote communication module in response to a user-triggered activation request; the first asymmetric key pair comprises the first public key and a first private key;
a generating module 820, configured to invoke an algorithm library to generate an interface to connect to a built-in cryptographic engine, and generate a first session key; an encryption and decryption module 830, configured to encrypt the first session key with the first public key to obtain a first session key ciphertext;
a sending module 840, configured to send the first session key ciphertext to the remote communication module, so that the remote communication module decrypts the first session key ciphertext to obtain a first session key, and encrypts or decrypts the first session key;
the encryption and decryption module 830 is further configured to decrypt the communication data ciphertext sent by the remote communication module by using the first session key to obtain communication data; or encrypting communication data by using the first session key to obtain a communication data ciphertext, and sending the communication data ciphertext to the remote communication module to realize vehicle safety communication;
wherein the first asymmetric key pair corresponds to a first asymmetric cryptographic algorithm; the first session key corresponds to a first symmetric encryption algorithm.
Optionally, the apparatus further comprises:
the signature module is used for signing the first session key ciphertext by using a second private key and a signature algorithm to obtain a signature value of the first session key ciphertext; the second private key is a private key in a second asymmetric key pair generated in advance by the cipher machine, the second asymmetric key pair corresponds to the first asymmetric encryption algorithm, and the second asymmetric key pair comprises a second public key and the second private key;
the sending module 840 is specifically configured to:
and sending the first session key ciphertext and the signature value to a vehicle remote communication module.
In the embodiment of the application, the remote communication module of the vehicle and the server of the remote service platform can generate an asymmetric key pair, the first session key can be encrypted or decrypted by transmitting a public key in the asymmetric key pair, the first session key is guaranteed to be transmitted in a ciphertext form, even if an illegal party obtains the ciphertext, the first session key cannot be decrypted due to the lack of a corresponding private key, when the remote communication module communicates with the server of the remote service platform, the first session key is used for encrypting or decrypting communication data, the communication data is transmitted in the ciphertext form, and the safety of communication between the vehicle and the remote service platform is guaranteed. Therefore, the method and the device can prevent the secret key from being illegally acquired through a set of complete secret key management scheme, on one hand, the communication safety of the vehicle and the remote service platform is improved, on the other hand, hackers or illegal molecular simulation communication information are prevented from controlling the vehicle system to work, and the driving safety is guaranteed.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be substantially implemented or contributed to by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions in the embodiments of the present application.
It should be understood that in the present application, "at least one" means one or more, "a plurality" means two or more. "and/or" for describing an association relationship of associated objects, indicating that there may be three relationships, e.g., "a and/or B" may indicate: only A, only B and both A and B are present, wherein A and B may be singular or plural. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. "at least one of the following" or similar expressions refer to any combination of these items, including any combination of single item(s) or plural items. For example, at least one (one) of a, b, or c, may represent: a, b, c, "a and b", "a and c", "b and c", or "a and b and c", wherein a, b, c may be single or plural.

Claims (10)

1. A vehicle security communication method, applied to a remote communication module of a vehicle, the method comprising:
generating a first asymmetric key pair in response to a user-triggered activation request; the first asymmetric key pair comprises a first public key and a first private key;
sending the first public key to a server so that the server calls an algorithm library generation interface to be connected with a built-in cipher machine to generate a first session key;
receiving a first session key ciphertext returned by the server and obtained by encrypting the first session key by using the first public key, and decrypting the first session key ciphertext by using the first private key to obtain the first session key; encrypting communication data by using the first session key to obtain a communication data ciphertext, so that the server decrypts the communication data ciphertext by using the first session key to obtain the communication data; or the first session key is used for decrypting the received communication data cipher text to obtain communication data, so that vehicle safety communication is realized;
wherein the first asymmetric key pair corresponds to a first asymmetric cryptographic algorithm; the first session key corresponds to a first symmetric encryption algorithm.
2. The method of claim 1, further comprising:
encrypting the first public key by using a default key of a first symmetric encryption algorithm and the first symmetric encryption algorithm to obtain a first public key ciphertext;
sending the first public key to a server so that the server calls an algorithm library generation interface to connect with a built-in cryptographic machine, and generating a first session key comprises:
and sending the first public key ciphertext to a server so that the server decrypts the first public key ciphertext by using the default key to obtain the first public key, and calling an algorithm library generation interface to connect with a built-in cipher machine to generate a first session key.
3. The method of claim 2, further comprising:
receiving a default key transmitted by the server through a secure way; the default key is generated in advance by the server by using the cipher machine.
4. The method of claim 1, further comprising:
receiving a second public key transmitted by the server through a secure way; the second public key is a public key in a second asymmetric key pair generated in advance by the cipher machine; the second asymmetric key pair comprises a second public key and a second private key; the second asymmetric key pair corresponds to the first asymmetric cryptographic algorithm;
if the server further returns a signature value obtained by signing the first session key ciphertext by using the second private key and a signature algorithm, the method further comprises:
verifying the signature value by using the second public key;
decrypting the first session key ciphertext with the first private key to obtain the first session key comprises:
and if the signature value passes the verification, decrypting the first session key ciphertext by using the first private key to obtain the first session key.
5. The method of claim 4, wherein the first symmetric encryption algorithm is the SM4 algorithm, wherein the first asymmetric encryption algorithm is the SM2 algorithm, and wherein the signing algorithm is an algorithm that computes a hash value using the SM3 algorithm and then signs the hash value using the SM2 algorithm.
6. The method of any one of claims 1 to 4, further comprising:
updating the first session key in response to an update request for the first session key initiated by the server.
7. A vehicle safety communication method is applied to a server and comprises the following steps:
receiving a first public key sent by a remote communication module of a vehicle; the first public key is a public key in a first asymmetric key pair generated by the remote communication module in response to a user-triggered activation request; the first asymmetric key pair comprises the first public key and a first private key;
calling an algorithm library generation interface to connect with a built-in cipher machine to generate a first session key; encrypting the first session key by using the first public key to obtain a first session key ciphertext, sending the first session key ciphertext to the remote communication module so that the remote communication module decrypts the first session key ciphertext to obtain a first session key, and encrypting or decrypting by using the first session key;
decrypting the communication data ciphertext sent by the remote communication module by using the first session key to obtain communication data; or encrypting communication data by using the first session key to obtain a communication data ciphertext, and sending the communication data ciphertext to the remote communication module to realize vehicle safety communication;
wherein the first asymmetric key pair corresponds to a first asymmetric cryptographic algorithm; the first session key corresponds to a first symmetric encryption algorithm.
8. The method of claim 7, further comprising:
signing the first session key ciphertext by using a second private key and a signature algorithm to obtain a signature value of the first session key ciphertext; the second private key is a private key in a second asymmetric key pair generated in advance by the cipher machine, the second asymmetric key pair corresponds to the first asymmetric encryption algorithm, and the second asymmetric key pair comprises a second public key and the second private key;
sending the first session key ciphertext to the remote communication module comprises:
and sending the first session key ciphertext and the signature value to a vehicle remote communication module.
9. A vehicle safety communication device, applied to a remote communication module of a vehicle, the device comprising:
the generation module is used for responding to an activation request triggered by a user and generating a first asymmetric key pair; the first asymmetric key pair comprises a first public key and a first private key;
the sending module is used for sending the first public key to a server so that the server calls an algorithm library to generate an interface to be connected with a built-in cipher machine and generate a first session key;
a receiving module, configured to receive a first session key ciphertext obtained by encrypting the first session key with the first public key, where the first session key ciphertext is returned by the server;
the encryption and decryption module is used for decrypting the first session key ciphertext by using the first private key to obtain the first session key;
the encryption and decryption module is further configured to encrypt communication data by using the first session key to obtain a communication data ciphertext, so that the server decrypts the communication data ciphertext by using the first session key to obtain the communication data; or the first session key is used for decrypting the received communication data cipher text to obtain communication data, so that vehicle safety communication is realized;
wherein the first asymmetric key pair corresponds to a first asymmetric cryptographic algorithm; the first session key corresponds to a first symmetric encryption algorithm.
10. A vehicle security communication apparatus, applied to a server, the apparatus comprising:
the receiving module is used for receiving a first public key sent by a remote communication module of the vehicle; the first public key is a public key in a first asymmetric key pair generated by the remote communication module in response to a user-triggered activation request; the first asymmetric key pair comprises the first public key and a first private key;
the generating module is used for calling an algorithm library generating interface to be connected with a built-in cipher machine and generating a first session key;
the encryption and decryption module is used for encrypting the first session key by using the first public key to obtain a first session key ciphertext;
the sending module is used for sending the first session key ciphertext to the remote communication module so that the remote communication module can decrypt the first session key ciphertext to obtain a first session key and encrypt or decrypt the first session key;
the encryption and decryption module is further configured to decrypt the communication data ciphertext sent by the remote communication module by using the first session key to obtain communication data; or encrypting communication data by using the first session key to obtain a communication data ciphertext, and sending the communication data ciphertext to the remote communication module to realize vehicle safety communication;
wherein the first asymmetric key pair corresponds to a first asymmetric cryptographic algorithm; the first session key corresponds to a first symmetric encryption algorithm.
CN201810846365.4A 2018-07-27 2018-07-27 Vehicle safety communication method and device Pending CN110768938A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810846365.4A CN110768938A (en) 2018-07-27 2018-07-27 Vehicle safety communication method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810846365.4A CN110768938A (en) 2018-07-27 2018-07-27 Vehicle safety communication method and device

Publications (1)

Publication Number Publication Date
CN110768938A true CN110768938A (en) 2020-02-07

Family

ID=69327943

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810846365.4A Pending CN110768938A (en) 2018-07-27 2018-07-27 Vehicle safety communication method and device

Country Status (1)

Country Link
CN (1) CN110768938A (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111464554A (en) * 2020-04-13 2020-07-28 浙江吉利新能源商用车集团有限公司 Vehicle information safety control method and system
CN111722831A (en) * 2020-05-07 2020-09-29 中山大学 Encryption system and implementation method thereof
CN112217640A (en) * 2020-10-15 2021-01-12 云南电网有限责任公司迪庆供电局 Method and system for safely transmitting data of metering operation and maintenance system
CN112865965A (en) * 2021-02-02 2021-05-28 安徽量安通信息科技有限公司 Train service data processing method and system based on quantum key
CN113194139A (en) * 2021-04-28 2021-07-30 支付宝(杭州)信息技术有限公司 Vehicle remote control method, device and system, electronic equipment and storage medium
CN113507495A (en) * 2021-05-31 2021-10-15 暨南大学 Vehicle-mounted Ethernet secure communication method and system based on block chain
CN114338197A (en) * 2021-12-30 2022-04-12 广州小鹏汽车科技有限公司 Vehicle and remote cabin connection authentication method, device and system
CN114598482A (en) * 2020-11-20 2022-06-07 福州数据技术研究院有限公司 Encryption communication method and system for server and intelligent edge gateway
CN114726644A (en) * 2022-04-24 2022-07-08 平安科技(深圳)有限公司 Data transmission method, device and equipment based on secret key encryption and storage medium
CN117021366A (en) * 2023-10-10 2023-11-10 青岛农业大学 Remote control method and system for low-carbon recycled concrete mixing equipment
WO2024012515A1 (en) * 2022-07-14 2024-01-18 蔚来汽车科技(安徽)有限公司 Vehicle monitoring method and device, and storage medium
CN117793705A (en) * 2024-02-26 2024-03-29 中电科网络安全科技股份有限公司 High-precision map data transmission method, device, equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101662360A (en) * 2008-08-29 2010-03-03 公安部第三研究所 Short message service-based certificated symmetric key negotiation method
US20120023336A1 (en) * 2009-12-10 2012-01-26 Vijayarangan Natarajan System and method for designing secure client-server communication protocols based on certificateless public key infrastructure
CN104683291A (en) * 2013-11-27 2015-06-03 北京大唐高鸿数据网络技术有限公司 IMS system based session key negotiating method
CN106027461A (en) * 2016-01-21 2016-10-12 李明 Secret key use method for cloud authentication platform in identity card authentication system
CN108173644A (en) * 2017-12-04 2018-06-15 珠海格力电器股份有限公司 Data transfer encryption method, device, storage medium, equipment and server

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101662360A (en) * 2008-08-29 2010-03-03 公安部第三研究所 Short message service-based certificated symmetric key negotiation method
US20120023336A1 (en) * 2009-12-10 2012-01-26 Vijayarangan Natarajan System and method for designing secure client-server communication protocols based on certificateless public key infrastructure
CN104683291A (en) * 2013-11-27 2015-06-03 北京大唐高鸿数据网络技术有限公司 IMS system based session key negotiating method
CN106027461A (en) * 2016-01-21 2016-10-12 李明 Secret key use method for cloud authentication platform in identity card authentication system
CN108173644A (en) * 2017-12-04 2018-06-15 珠海格力电器股份有限公司 Data transfer encryption method, device, storage medium, equipment and server

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111464554A (en) * 2020-04-13 2020-07-28 浙江吉利新能源商用车集团有限公司 Vehicle information safety control method and system
CN111464554B (en) * 2020-04-13 2022-03-15 浙江吉利新能源商用车集团有限公司 Vehicle information safety control method and system
CN111722831A (en) * 2020-05-07 2020-09-29 中山大学 Encryption system and implementation method thereof
CN111722831B (en) * 2020-05-07 2024-03-19 中山大学 Encryption system and implementation method thereof
CN112217640A (en) * 2020-10-15 2021-01-12 云南电网有限责任公司迪庆供电局 Method and system for safely transmitting data of metering operation and maintenance system
CN112217640B (en) * 2020-10-15 2023-04-18 云南电网有限责任公司迪庆供电局 Method and system for safely transmitting data of metering operation and maintenance system
CN114598482A (en) * 2020-11-20 2022-06-07 福州数据技术研究院有限公司 Encryption communication method and system for server and intelligent edge gateway
CN112865965A (en) * 2021-02-02 2021-05-28 安徽量安通信息科技有限公司 Train service data processing method and system based on quantum key
CN113194139A (en) * 2021-04-28 2021-07-30 支付宝(杭州)信息技术有限公司 Vehicle remote control method, device and system, electronic equipment and storage medium
CN113507495A (en) * 2021-05-31 2021-10-15 暨南大学 Vehicle-mounted Ethernet secure communication method and system based on block chain
CN114338197A (en) * 2021-12-30 2022-04-12 广州小鹏汽车科技有限公司 Vehicle and remote cabin connection authentication method, device and system
CN114338197B (en) * 2021-12-30 2024-01-09 广州小鹏汽车科技有限公司 Vehicle and remote cabin connection authentication method, device, system and readable storage medium
CN114726644A (en) * 2022-04-24 2022-07-08 平安科技(深圳)有限公司 Data transmission method, device and equipment based on secret key encryption and storage medium
CN114726644B (en) * 2022-04-24 2023-07-25 平安科技(深圳)有限公司 Data transmission method, device, equipment and storage medium based on key encryption
WO2024012515A1 (en) * 2022-07-14 2024-01-18 蔚来汽车科技(安徽)有限公司 Vehicle monitoring method and device, and storage medium
CN117021366A (en) * 2023-10-10 2023-11-10 青岛农业大学 Remote control method and system for low-carbon recycled concrete mixing equipment
CN117021366B (en) * 2023-10-10 2024-01-09 青岛农业大学 Remote control method and system for low-carbon recycled concrete mixing equipment
CN117793705A (en) * 2024-02-26 2024-03-29 中电科网络安全科技股份有限公司 High-precision map data transmission method, device, equipment and storage medium

Similar Documents

Publication Publication Date Title
CN110768938A (en) Vehicle safety communication method and device
US11606341B2 (en) Apparatus for use in a can system
CN109076078B (en) Method for establishing and updating a key for secure on-board network communication
CN109728909B (en) Identity authentication method and system based on USBKey
EP3723399A1 (en) Identity verification method and apparatus
CN111028397B (en) Authentication method and device, and vehicle control method and device
CN106357400B (en) Establish the method and system in channel between TBOX terminal and TSP platform
CN107743067B (en) Method, system, terminal and storage medium for issuing digital certificate
CN108632250B (en) Method and equipment for generating command control session master key and transmitting operation command
JP2016139882A (en) Communication device, LSI, program and communication system
CN103118027A (en) Transport layer security (TLS) channel constructing method based on cryptographic algorithm
CN110417808A (en) Tamper resistant method, device, system and terminal
KR20070078341A (en) Apparatus for managing installation of drm and method thereof
CN113572795B (en) Vehicle safety communication method, system and vehicle-mounted terminal
CN113556710A (en) Vehicle Bluetooth key method and device and vehicle
CN110611679A (en) Data transmission method, device, equipment and system
CN104253692B (en) Key management method and device based on SE
CN111225001B (en) Block chain decentralized communication method, electronic equipment and system
CN113115309B (en) Data processing method and device for Internet of vehicles, storage medium and electronic equipment
CN102236753A (en) Rights management method and system
CN101442656A (en) Method and system for safe communication between machine cards
CN113783879A (en) Carrier control method, system, carrier, equipment and medium
CN115776675A (en) Data transmission method and device for vehicle-road cooperation
CN114500150A (en) Communication method and device based on CAN bus and operation machine
CN116248280B (en) Anti-theft method for security module without key issue, security module and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20200207