CN110784466A - Information authentication method, device and equipment - Google Patents
Information authentication method, device and equipment Download PDFInfo
- Publication number
- CN110784466A CN110784466A CN201911035636.9A CN201911035636A CN110784466A CN 110784466 A CN110784466 A CN 110784466A CN 201911035636 A CN201911035636 A CN 201911035636A CN 110784466 A CN110784466 A CN 110784466A
- Authority
- CN
- China
- Prior art keywords
- information
- authentication
- terminal
- server
- identification code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/34—Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters
Abstract
The application provides an information authentication method, device and equipment, and the method comprises the following steps: sending an authentication request to a server, wherein the authentication request carries an identification code of a terminal; receiving feedback information from the server; generating authentication information according to the feedback information and the identification code; sending the authentication information to the server; and receiving authentication result information from the server. The method and the device realize the information authentication process of the terminal and the server so as to facilitate the subsequent information interaction transmission between the terminal and the server and improve the information interaction safety.
Description
Technical Field
The present application relates to the field of information processing technologies, and in particular, to an information authentication method, apparatus and device.
Background
With the development of the internet of vehicles, software becomes the fastest iteration and most easily personalized part in the vehicle. Troubleshooting and updating of vehicle software is particularly important.
Whether the vehicle is subjected to software failure or software update, the existing mode of repairing after being recalled from an offline store cannot meet the increasing demands of users. Updating software through Over the Air Technology (OTA for short) becomes an important means for updating and maintaining vehicle software. However, when the vehicle software is upgraded through the OTA, a plurality of information safety hazards exist.
Disclosure of Invention
An object of the embodiments of the present application is to provide an information authentication method, apparatus and device, so as to send an authentication request to a server according to an identification code of a terminal, generate authentication information according to received feedback information of the server and the identification code, send the authentication information to the server, and receive authentication result information of the server, so as to complete an information authentication process.
A first aspect of an embodiment of the present application provides an information authentication method, including: sending an authentication request to a server, wherein the authentication request carries an identification code of a terminal; receiving feedback information from the server; generating authentication information according to the feedback information and the identification code; sending the authentication information to the server; and receiving authentication result information from the server.
In an embodiment, the generating authentication information according to the feedback information and the identification code includes: acquiring a first secret key preset by the terminal; judging whether the feedback information is legal or not according to the first secret key; if the feedback information is legal, extracting a second secret key and a first random number carried in the feedback information; performing target encryption operation on the identification code and the first random number to obtain first ciphertext data, wherein the first ciphertext data carries information of the target encryption operation; and encrypting and calculating the first ciphertext data and a second random number generated by the terminal by using the second secret key to generate the authentication information.
In an embodiment, the determining whether the feedback information is legal according to the first secret key includes: according to the first secret key, carrying out decryption calculation on the feedback information to obtain a second secret key; judging whether the first secret key and the second secret key are matched with the identification code; if the first secret key and the second secret key are matched with the identification code, determining that the feedback information is legal; otherwise, the server is prompted to be an illegal platform.
In one embodiment, receiving authentication result information from the server includes: receiving a target file encryption package from a server; and carrying out decryption calculation on the target file encryption packet by using the second random number of the terminal to obtain the target file.
A second aspect of the embodiments of the present application provides an information authentication method, including: receiving an authentication request from a terminal, wherein the authentication request carries an identification code of the terminal; generating feedback information according to the identification code; sending feedback information to a terminal; receiving authentication information from a terminal; generating authentication result information according to the authentication information; and sending the authentication result information to the terminal.
In one embodiment, generating the feedback information according to the identification code includes: acquiring a second secret key and a first random number preset by the server according to the identification code; and carrying out encryption calculation on the second secret key and the first random number to generate feedback information.
In one embodiment, generating the authentication result information according to the authentication information includes: carrying out decryption calculation on the authentication information by using a preset third secret key to obtain a second random number and first ciphertext data of the terminal, wherein the first ciphertext data carries information of target encryption operation; performing target encryption operation on the identification code and the first random number according to the information of the target encryption operation to obtain second ciphertext data; judging whether the first ciphertext data is the same as the second ciphertext data; and if the first ciphertext data is the same as the second ciphertext data, determining that the terminal authentication is successful.
In one embodiment, sending the authentication result information to the terminal includes: acquiring a target file matched with the identification code; carrying out encryption calculation on the target file by using the second random number to obtain a target file encryption package; and sending the target file encryption package to the terminal.
A third aspect of the embodiments of the present application provides an information authentication apparatus, including: the first sending module is used for sending an authentication request to the server, wherein the authentication request carries the identification code of the terminal; the first receiving module is used for receiving feedback information from the server; the first generation module is used for generating authentication information according to the feedback information and the identification code; the second sending module is used for sending the authentication information to the server; and the second receiving module is used for receiving the authentication result information from the server.
In one embodiment, the first generating module is configured to: acquiring a first secret key preset by a terminal; judging whether the feedback information is legal or not according to the first secret key; if the feedback information is legal, extracting a second secret key and a first random number carried in the feedback information; performing target encryption operation on the identification code and the first random number to obtain first ciphertext data, wherein the first ciphertext data carries information of the target encryption operation; and encrypting and calculating the first ciphertext data and a second random number generated by the terminal by using the second secret key to generate authentication information.
In an embodiment, the determining whether the feedback information is legal according to the first secret key includes: according to the first secret key, carrying out decryption calculation on the feedback information to obtain a second secret key; judging whether the first secret key and the second secret key are matched with the identification code; if the first secret key and the second secret key are matched with the identification code, determining that the feedback information is legal; otherwise, the server is prompted to be an illegal platform.
In one embodiment, the second receiving module is configured to: receiving a target file encryption package from a server; and carrying out decryption calculation on the target file encryption packet by using the second random number of the terminal to obtain the target file.
A fourth aspect of the embodiments of the present application provides an information authentication apparatus, including: the third receiving module is used for receiving an authentication request from the terminal, wherein the authentication request carries an identification code of the terminal; the second generating module is used for generating feedback information according to the identification code; the third sending module is used for sending the feedback information to the terminal; the fourth receiving module is used for receiving the authentication information from the terminal; the third generation module is used for generating authentication result information according to the authentication information; and the fourth sending module is used for sending the authentication result information to the terminal.
In one embodiment, the second generating module is configured to: acquiring a second secret key and a first random number preset by the server according to the identification code; and carrying out encryption calculation on the second secret key and the first random number to generate feedback information.
In one embodiment, the third generating module is configured to: carrying out decryption calculation on the authentication information by using a preset third secret key to obtain a second random number and first ciphertext data of the terminal, wherein the first ciphertext data carries information of target encryption operation; performing target encryption operation on the identification code and the first random number according to the information of the target encryption operation to obtain second ciphertext data; judging whether the first ciphertext data is the same as the second ciphertext data; and if the first ciphertext data is the same as the second ciphertext data, determining that the terminal authentication is successful.
In an embodiment, the fourth sending module is configured to: acquiring a target file matched with the identification code; carrying out encryption calculation on the target file by using the second random number to obtain a target file encryption package; and sending the target file encryption package to the terminal.
A fifth aspect of an embodiment of the present application provides an electronic device, including: a memory to store a computer program; and the processor is configured to execute the method of the first aspect and any embodiment of the first aspect of the embodiments of the present application, so as to send an authentication request to the server according to the identification code of the terminal, generate authentication information according to the received feedback information and the identification code of the server, send the authentication information to the server, and receive authentication result information of the server, so as to complete an information authentication process.
A sixth aspect of the embodiments of the present application provides an electronic device, including: a memory to store a computer program; and the processor is configured to execute the method of the second aspect of the embodiments of the present application and any embodiment thereof, to generate feedback information according to the authentication request of the terminal, send the feedback information to the terminal, generate authentication result information according to the authentication information of the terminal, and feed the authentication result information back to the terminal, so as to complete information authentication on the terminal.
According to the information authentication method, the device and the equipment, the authentication request is sent to the server according to the identification code of the terminal, the authentication information is generated according to the received feedback information and the identification code of the server, then the authentication information is sent to the server, the authentication result information of the server is received, the information authentication process of the terminal and the server is achieved, the follow-up information interaction transmission between the terminal and the server is facilitated, and the information interaction safety is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and that those skilled in the art can also obtain other related drawings based on the drawings without inventive efforts.
Fig. 1 is a schematic structural diagram of an electronic device according to an embodiment of the present application;
fig. 2 is a schematic interaction diagram of a terminal and a server according to an embodiment of the present application;
fig. 3 is a schematic flowchart of an information authentication method according to an embodiment of the present application;
fig. 4 is a flowchart illustrating an information authentication method according to an embodiment of the present application;
fig. 5 is a flowchart illustrating an information authentication method according to an embodiment of the present application;
fig. 6 is a flowchart illustrating an information authentication method according to an embodiment of the present application;
fig. 7 is a flowchart illustrating an information authentication method according to an embodiment of the present application;
fig. 8 is a schematic structural diagram of an information authentication device according to an embodiment of the present application;
fig. 9 is a schematic structural diagram of an information authentication apparatus according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application. In the description of the present application, the terms "first," "second," and the like are used solely to distinguish one from another and are not to be construed as indicating or implying relative importance.
As shown in fig. 1, the present embodiment provides an electronic apparatus 1 including: at least one processor 11 and a memory 12, one processor being exemplified in fig. 1. The processor 11 and the memory 12 are connected by a bus 10, and the memory 12 stores instructions executable by the processor 11 and the instructions are executed by the processor 11.
In one embodiment, the electronic device 1 may be a terminal 100. The terminal 100 transmits an authentication request to the server 200 according to the identification code of the terminal 100, generates authentication information according to the received feedback information and the identification code of the server 200, then transmits the authentication information to the server 200, and receives authentication result information of the server 200 to complete an information authentication process.
In one embodiment, the electronic device 1 may be a server 200. The server 200 may be implemented by a CDN (Content delivery network). The server 200 generates feedback information according to the authentication request of the terminal 100 and transmits the feedback information to the terminal 100, and then generates authentication result information according to the authentication information of the terminal 100 and feeds it back to the terminal 100 to complete information authentication of the terminal 100.
As shown in fig. 2, which is a schematic scenario of interaction between the terminal 100 and the server 200 in an embodiment of the present application, the terminal 100 may be a vehicle, and the server 200 may be a software update or maintenance server 200. The server 200 stores information that can be used for software update and maintenance by the terminal 100. The software version information may be an img (a format of an image file) file, and a source file thereof may be provided by a third party or may be provided by the server 200 itself. After obtaining the image file, the server 200 may encrypt the image file, and then store the encrypted image file in the version management system. When the vehicle needs to update the software version or maintain the software version, the vehicle first performs bidirectional information authentication with the server 200, and after the information authentication is passed, the terminal 100 can download the corresponding software version or maintenance information from the server 200 to complete the software update and maintenance of the terminal 100. Thereby improving the safety of the vehicle when the software is updated.
Please refer to fig. 3, which is an information authentication method according to an embodiment of the present application, and the method may be executed by the electronic device 1 shown in fig. 1 as the terminal 100, and may be applied in the interaction scenario shown in fig. 2 to implement sending an authentication request to the server 200 according to the identification code of the terminal 100, generating authentication information according to the received feedback information and the identification code of the server 200, then sending the authentication information to the server 200, and receiving the authentication result information of the server 200 to complete an information authentication process.
The method comprises the following steps:
step 301: and sending an authentication request to the server 200, wherein the authentication request carries the identification code of the terminal 100.
In this step, the terminal 100 may be a Vehicle, and before the upgrade program in the Vehicle downloads the new version img file, an authentication request may be sent to a VMS (Vehicle Management system, VMS for short) in the cloud server 200 through a domain controller in the Vehicle. The authentication request carries an identification code of the vehicle, and the identification code is a unique identification code of the vehicle and is used for distinguishing different vehicles. For example, the Vehicle Identification Number (VIN) may be a group of seventeen letters or numerals, and may be used to identify the manufacturer of the Vehicle, the engine, the chassis serial number, and other performance data.
Step 302: feedback information from the server 200 is received.
In this step, the feedback information is generated by the server 200 according to the vehicle identification code, and the server 200 issues the feedback information to the vehicle, and the vehicle receives the feedback information.
Step 303: and generating authentication information according to the feedback information and the identification code.
In this step, the feedback information includes a preliminary authentication result, which is a result of determining by the server 200 according to the identification code, and the preliminary authentication result includes information on whether the vehicle is a legal vehicle. And after receiving the feedback information, the vehicle generates corresponding authentication information according to the feedback information and the self identification code.
Step 304: the authentication information is sent to the server 200.
In this step, the authentication information is used to further apply for an authentication process to the server 200, and therefore the authentication information is sent to the server 200 for the server 200 to generate final authentication result information.
Step 305: authentication result information from the server 200 is received.
In this step, the vehicle may update or maintain the relevant software according to the authentication result information received from the server 200.
According to the information authentication method, before the vehicle downloads the software updating file package, the vehicle sends an authentication request to the server 200 according to the identification code of the vehicle, authentication information is generated according to the received feedback information and the identification code of the server 200, then the vehicle sends the authentication information to the server 200, and the authentication result information of the server 200 is received, so that the information authentication process of the vehicle and the server 200 is realized, the subsequent vehicle can download files from the server 200 conveniently, and the safety of vehicle software updating is improved.
Please refer to fig. 4, which is an information authentication method according to an embodiment of the present application, and the method may be executed by the electronic device 1 shown in fig. 1 as the terminal 100, and may be applied in the interaction scenario shown in fig. 2 to implement sending an authentication request to the server 200 according to the identification code of the terminal 100, generating authentication information according to the received feedback information and the identification code of the server 200, then sending the authentication information to the server 200, and receiving the authentication result information of the server 200 to complete an information authentication process.
The method comprises the following steps:
step 401: and sending an authentication request to the server 200, wherein the authentication request carries the identification code of the terminal 100. See the description of step 301 in the above embodiments for details.
Step 402: feedback information from the server 200 is received. See the description of step 302 in the above embodiments for details.
Step 403: a first key preset by the terminal 100 is obtained.
In this step, the first secret key may be preset by the vehicle, and whether the feedback information is issued by the legal platform may be determined according to the first secret key. The software upgrading module in the vehicle can call the chip interface to obtain a public key Kpub of the non-rewritable RSA (which is an asymmetric encryption algorithm) stored at the vehicle end, where the public key Kpub is a first key. A chip in a vehicle reads data of an OTP/efuse device (One Time Programmable, OTP for short), where the OTP/efuse device has a programming interface controlled by an enable pin interface value outside the chip to obtain Kpub, and returns Kpub to a software upgrade module.
Step 404: and according to the first secret key, carrying out decryption calculation on the feedback information to obtain a second secret key.
In this step, the second secret key is originally stored in the server 200, and the feedback information carries the second secret key. The first secret key can be used for carrying out decryption calculation on the feedback information, and then the second secret key is obtained. For example, the feedback information may include a public key certificate Kcert generated by the server 200, and the feedback information at least includes the public key certificate Kcert. The second secret key Kspub is carried in the public key certificate, the public key certificate Kcert is information subjected to encryption calculation, and the feedback information Kcert is subjected to label release through Kpub, so that the second secret key Kspub carried in the public key certificate Kcert can be obtained.
Step 405: and judging whether the first secret key and the second secret key are matched with the identification code.
In this step, the software upgrade module in the vehicle may verify the obtained second secret key Kspub, and verify whether the second secret key Kspub is the session RSA public key issued by the legal platform (server 200) allowed by the vehicle by determining whether the first secret key Kpub and the second secret key Kspub are matched. If so, step 406 is entered, otherwise step 412 is entered.
Step 406: and extracting a second secret key and a first random number carried in the feedback information.
In this step, if the first secret key and the second secret key are matched with the identification code, which indicates whether the second secret key Kspub is the session RSA public key issued by the legal platform (server 200) allowed by the vehicle, the second secret key Kspub and the first random number carried in the feedback information are extracted, and the first random number is generated by the server 200.
Step 407: and performing target encryption operation on the identification code and the first random number to obtain first ciphertext data, wherein the first ciphertext data carries information of the target encryption operation.
In this step, the target encryption operation may be implemented by using a SHA (Secure Hash Algorithm, SHA for short) Algorithm, that is, SHA is also called a Hash Algorithm or a Hash Algorithm, and a fixed-length string can be calculated from a message with a certain length. The SHA comprises 5 algorithms, wherein the maximum calculation plaintext length of the SHA-384 algorithm is 2^128 bits, the SHA belongs to the grouping algorithm, the grouping length is 1024 bits, and the generated message digest length is 384 bits. The vehicle end may perform the target encryption operation by using the following formula:
H=Hash(VIN+IV+BN) (1)
wherein, H is a value of the hash algorithm, referred to as hash value (H value) for short, and can be used for vehicle validity verification. VIN is the identification code of the vehicle, IV is the first random number, and IV is used as the initial vector of the hash operation. The BN is a unique serial number of the domain controller board in the vehicle, and may be included in the identification code of the vehicle. The calculated H value is then used as the first ciphertext data together with the algorithm contained in equation (1) above.
Step 408: the first ciphertext data and the second random number generated by the terminal 100 are encrypted and calculated by the second key to generate the authentication information.
In this step, the vehicle generates a 256-bit second random number R1, and may perform an encryption operation on the magic word M, H value and the second random number R1 using the session RSA public key Kspub, according to the following formula:
Kspub(M+H+R1) (2)
wherein, M is magic word "BAIC", is used for discerning the plain text after the decipherment. R1 is a 256-bit second random number generated by the vehicle, and is transmitted to the server 200VMS, where it is stored, and when the vehicle requests the software version key VK, the VMS encrypts the version key VK with R1 and issues it to the vehicle. The H value is a hash value in the first ciphertext data. The calculation result of the above formula (2) and the algorithm information contained in the formula (1) carried in the first ciphertext data are the contents of the authentication information.
Step 409: the authentication information is sent to the server 200. See the description of step 304 in the above embodiments for details.
Step 410: a destination file encryption package is received from server 200.
In this step, after the vehicle sends the authentication information to the legitimate server 200, the server 200 returns a corresponding destination file encryption packet, for example, if the vehicle requests software update, the destination file encryption packet may carry software update information.
Step 411: and carrying out decryption calculation on the target file encryption packet by using the second random number of the terminal 100 to obtain the target file.
In this step, the second random number is sent to the server 200 and then used to encrypt the target file requested to be downloaded by the vehicle, so that the second random number can be used to decrypt the encrypted packet of the received target file, thereby obtaining the target file required by the vehicle.
Step 412: if the first key and the second key do not match the identification code, the server 200 is prompted as an illegal platform.
In the step, the illegal platforms are reminded, so that the illegal platforms are conveniently and timely processed, and the safety of information authentication is improved.
Please refer to fig. 5, which is an information authentication method according to an embodiment of the present application, and the method may be executed by the electronic device 1 shown in fig. 1 as the server 200, and may be applied in the interaction scenario shown in fig. 2, so as to generate feedback information according to an authentication request of the terminal 100, send the feedback information to the terminal 100, generate authentication result information according to the authentication information of the terminal 100, and feed the authentication result information back to the terminal 100, so as to complete information authentication of the terminal 100. The method comprises the following steps:
step 501: an authentication request is received from the terminal 100, and the authentication request carries the identification code of the terminal 100.
In this step, the terminal 100 may be a vehicle, and the VMS in the server 200 receives, in real time, an authentication request sent by the vehicle, where the authentication request includes an identification code of the vehicle, and the detailed description of the identification code may refer to the description of step 301 in the above embodiment.
Step 502: and generating feedback information according to the identification code.
In this step, the VMS of the server 200 first authenticates the identification code VIN, verifies whether the identification code VIN exists in the authorized vehicle list, and if so, generates feedback information according to the identification code, otherwise, indicates that the vehicle corresponding to the identification code is not a legal vehicle authorized by the server 200, and may terminate the authentication process.
Step 503: and sends the feedback information to the terminal 100.
In this step, after the identification code authentication is passed, feedback information is sent to the vehicle, where the feedback information may include an authentication key preset by the server 200.
Step 504: authentication information is received from the terminal 100.
In this step, the authentication information at least includes information content of the vehicle applying for further authentication process from the server 200, and the server 200 receives the authentication information in real time.
Step 505: and generating authentication result information according to the authentication information.
In this step, after receiving the authentication information of the vehicle, the corresponding authentication result information is generated according to the specific content of the authentication information, and the authentication result information may include information on whether the vehicle authentication by the server 200 is passed or not, and other information requested by the vehicle.
Step 506: and transmits the authentication result information to the terminal 100.
In this step, the authentication result information needs to be timely sent to the vehicle, so that the vehicle can timely know whether the authentication passes.
According to the information authentication method, when the vehicle needs to be subjected to software refinement or maintenance, before a software update package is sent, the authentication request of the vehicle is received at proper time, the feedback information is generated according to the authentication request of the vehicle and is sent to the vehicle, the authentication result information is generated according to the authentication information of the vehicle and is fed back to the vehicle, so that the information authentication of the vehicle is completed, and the safety of software update is improved.
Please refer to fig. 6, which is an information authentication method according to an embodiment of the present application, and the method may be executed by the electronic device 1 shown in fig. 1 as the server 200, and may be applied in the interaction scenario shown in fig. 2, so as to generate feedback information according to an authentication request of the terminal 100, send the feedback information to the terminal 100, generate authentication result information according to the authentication information of the terminal 100, and feed the authentication result information back to the terminal 100, so as to complete information authentication of the terminal 100. The method comprises the following steps:
step 601: an authentication request is received from the terminal 100, and the authentication request carries the identification code of the terminal 100. See the description of step 501 in the above embodiments for details.
Step 602: and acquiring a second key and a first random number preset by the server 200 according to the identification code.
In step, if the unique code VIN of the vehicle exists in the authorized vehicle list, the VMS of the server 200 obtains a preset session RSA session public key Kspub (second secret key) and the first random number generated by the server 200.
Step 603: and carrying out encryption calculation on the second secret key and the first random number to generate feedback information.
In this step, the hash algorithm may be used to perform encryption calculation on the second secret key Kspub and the first random number to obtain hash (Kspub), and then the RSA private key Kpri is used to sign the hash (Kspub) to obtain EKpri (hash (Kspub)). Wherein the hash algorithm may employ the SHA3-384 algorithm. The algorithm for signature by Kpri may be RSA-2048. The private key Kpri preset by the server 200 and the first private key Kpub of the vehicle are a pair of private keys, and correspond to the vehicle identification code VIN one to one, and are the private keys preset by the vehicle in the server 200.
In an embodiment, the server 200 may generate the session public key certificate Kcert by using the second secret key Kspub and EKpri (hash (Kspub)), where the feedback information at least includes the public key certificate Kcert.
Step 604: and sends the feedback information to the terminal 100.
In this step, the server 200 sends the public key Kcert and the 128-bit first random number R2 generated by the server 200 to the software upgrade module of the vehicle. The Kcert may be used by the domain controller DCU of the vehicle to verify whether the session RSA public key Kspub issued by the legal VMS platform is used. The vehicle may perform the de-signing of the EKpri (hash (kspub)) portion of the public key certificate Kcert with the first key Kpub. After the information authentication is passed, the vehicle may upload data to the server 200 using the session RSA public key Kspub for asymmetric encryption.
Step 605: authentication information is received from the terminal 100.
In this step, the authentication information transmitted from the vehicle is received in real time, and the authentication information includes at least information content that the vehicle has generated for the feedback information and that further authentication is requested.
Step 606: and performing decryption calculation on the authentication information by using a preset third secret key to obtain a second random number and first ciphertext data of the terminal 100, wherein the first ciphertext data carries information of the target encryption operation.
In this step, assuming that the content of the authentication information is Kspub (M + H + R1), the server 200VMS may decrypt the encrypted information Kspub (M + H + R1) by using a preset RSA session private key Kspri (third key) to obtain H + R1 therein, and the calculation method included in formula (2).
Step 607: and performing target encryption operation on the identification code and the first random number according to the information of the target encryption operation to obtain second ciphertext data.
In this step, the server 200 calculates the identification code and the first random number by the same algorithm as the calculation method included in formula (2), and obtains second ciphertext data.
Step 608: and judging whether the first ciphertext data is the same as the second ciphertext data.
In this step, the second ciphertext data may at least include the hash value calculated by the server 200, and by determining whether the hash value calculated by the server 200 is the same as that in the first ciphertext data, the vehicle calculates whether the H values are the same, and if so, step 609 is performed, otherwise, the authentication is not passed, the authentication process may be terminated, and corresponding prompt information is given.
Step 609: and acquiring the target file matched with the identification code.
In this step, if the first ciphertext data is the same as the second ciphertext data, it is determined that the terminal 100 succeeds in authentication, and a target file matched with the identification code, for example, a software update package required by the vehicle, may be acquired according to the requirement of the vehicle in the authentication information.
Step 610: and carrying out encryption calculation on the target file by using the second random number to obtain a target file encryption package.
In this step, the second random number is generated by the vehicle passing the authentication, and the software update package is encrypted and calculated by the second random number to obtain the encrypted package of the target document.
Step 611: and sending the target file encryption package to the terminal 100.
In this step, the encrypted target file encryption package is sent to the vehicle, so that the vehicle can update and maintain the software application according to the target file encryption package.
Please refer to fig. 7, which is an information authentication method according to an embodiment of the present application, and the method can be executed by one electronic device 1 shown in fig. 1 as a server 200 and another electronic device 1 as a terminal 100, and can be applied in the interaction scenario shown in fig. 2 to implement a bidirectional information authentication process between the server 200 and the terminal 100. The terminal 100 may be a vehicle. The method comprises the following steps:
step 1: a VMTA module of a DCU (discrete Control Unit, domain controller, abbreviated as "DCU") in a vehicle reads a VIN in its VMCA (Virtual Machine Certificate, abbreviated as "VMCA").
Step 2: the BSP (Board Support Package, BSP) module of the vehicle reads the VIN of the vehicle from the VMTA module.
And step 3: the BSP module returns the VIN of the vehicle to the VMTA module.
And 4, step 4: the VMTA module sends the VIN of the vehicle to the VMCA module.
And 5: the vehicle's VMCA module sends "hello + VIN" to the VMS of the server 200.
Step 6: the VMS of the server 200 returns "Kcert + R2", R2 being the first random number, to the VMCA module of the vehicle.
And 7: the VMCA module of the vehicle returns "Kcert + R2" to the VMTA module of the vehicle.
And 8: the vehicle's VMTA module returns "RSA Kpub" to the vehicle's BSP module based on "Kcert + R2".
And step 9: the BSP module of the vehicle returns "RSA Kpub" to the VMTA module.
Step 10: the VMTA module verifies the validity of Kpub, and after the verification is valid, the step 11 is carried out.
Step 11: the vehicle generates an initial vector IV from R2.
Step 12: the BSP module of the vehicle calculates the Hash value H ═ Hash (VIN + IV + BN).
Step 13: the BSP module of the vehicle returns the H value to the VMTA module of the vehicle.
Step 14: the vehicle's VMTA module generates Kspub (M + H + R1) and returns it to the vehicle's VMCA module.
Step 15: the vehicle's VMCA module returns Kspub (M + H + R1) to the VMS of server 200.
Step 16: the VMS of the server 200 decrypts Kspub (M + H + R1) with Kspri to obtain H, verifies that H is valid, and saves R1. When H is valid, go to step 17.
And step 17: the server 200 sends an issue session token to the VMCA module of the vehicle.
Step 18: the vehicle's VMCA module requests the VMTA module to save the session token.
Step 19: the vehicle's VMTA module responds to the save request.
Please refer to fig. 8, which is an information authentication apparatus 800 according to an embodiment of the present application, and the apparatus is applicable to the electronic device 1 shown in fig. 1 and is applicable to the interaction scenario shown in fig. 2, so as to implement sending an authentication request to the server 200 according to the identification code of the terminal 100, generating authentication information according to the received feedback information and the identification code of the server 200, then sending the authentication information to the server 200, and receiving the authentication result information of the server 200, so as to complete an information authentication process. The device includes: a first sending module 801, a first receiving module 802, a first generating module 803, a second sending module 804 and a second receiving module 805, wherein the principle relationship of the modules is as follows:
a first sending module 801, configured to send an authentication request to the server 200, where the authentication request carries an identification code of the terminal 100. A first receiving module 802, configured to receive feedback information from the server 200. A first generating module 803, configured to generate the authentication information according to the feedback information and the identification code. A second sending module 804, configured to send the authentication information to the server 200. A second receiving module 805, configured to receive the authentication result information from the server 200.
In an embodiment, the first generating module 803 is configured to: a first key preset by the terminal 100 is obtained. And judging whether the feedback information is legal or not according to the first secret key. And if the feedback information is legal, extracting a second secret key and a first random number carried in the feedback information. And performing target encryption operation on the identification code and the first random number to obtain first ciphertext data, wherein the first ciphertext data carries information of the target encryption operation. The first ciphertext data and the second random number generated by the terminal 100 are encrypted and calculated by the second key to generate the authentication information.
In an embodiment, the determining whether the feedback information is legal according to the first secret key includes: and according to the first secret key, carrying out decryption calculation on the feedback information to obtain a second secret key. And judging whether the first secret key and the second secret key are matched with the identification code. And if the first secret key and the second secret key are matched with the identification code, determining that the feedback information is legal. Otherwise, the server 200 is prompted as an illegal platform.
In one embodiment, the second receiving module 805 is configured to: a destination file encryption package is received from server 200. And carrying out decryption calculation on the target file encryption packet by using the second random number of the terminal 100 to obtain the target file.
For a detailed description of the information authentication apparatus 800, please refer to the description of the related method steps in the above embodiments.
Please refer to fig. 9, which is an information authentication apparatus 900 according to an embodiment of the present application, and the apparatus is applicable to the electronic device 1 shown in fig. 1 and is applicable to the interaction scenario shown in fig. 2, so as to generate feedback information according to an authentication request of the terminal 100, send the feedback information to the terminal 100, generate authentication result information according to the authentication information of the terminal 100, and feed the authentication result information back to the terminal 100, so as to complete information authentication of the terminal 100. The device includes: a third receiving module 901, a second generating module 902, a third sending module 903, a fourth receiving module 904, a third generating module 905 and a fourth sending module 906, wherein the principle relationship of the modules is as follows:
a third receiving module 901, configured to receive an authentication request from the terminal 100, where the authentication request carries an identification code of the terminal 100. A second generating module 902, configured to generate the feedback information according to the identification code. A third sending module 903, configured to send the feedback information to the terminal 100. A fourth receiving module 904, configured to receive the authentication information from the terminal 100. A third generating module 905, configured to generate authentication result information according to the authentication information. A fourth sending module 906, configured to send the authentication result information to the terminal 100.
In an embodiment, the second generating module 902 is configured to: and acquiring a second key and a first random number preset by the server 200 according to the identification code. And carrying out encryption calculation on the second secret key and the first random number to generate feedback information.
In an embodiment, the third generating module 905 is configured to: and performing decryption calculation on the authentication information by using a preset third secret key to obtain a second random number and first ciphertext data of the terminal 100, wherein the first ciphertext data carries information of the target encryption operation. And performing target encryption operation on the identification code and the first random number according to the information of the target encryption operation to obtain second ciphertext data. And judging whether the first ciphertext data is the same as the second ciphertext data. And if the first ciphertext data is the same as the second ciphertext data, determining that the terminal 100 is successfully authenticated.
In an embodiment, the fourth sending module 906 is configured to: and acquiring the target file matched with the identification code. And carrying out encryption calculation on the target file by using the second random number to obtain a target file encryption package. And sending the target file encryption package to the terminal 100.
For a detailed description of the information authentication apparatus 900, please refer to the description of the related method steps in the above embodiments.
An embodiment of the present invention further provides a storage medium readable by an electronic device, including: a program that, when run on an electronic device, causes the electronic device to perform all or part of the procedures of the methods in the above-described embodiments. The storage medium may be a magnetic Disk, an optical Disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a Flash Memory (Flash Memory), a Hard Disk (Hard Disk Drive, abbreviated as HDD), a Solid-State Drive (SSD), or the like. The storage medium may also comprise a combination of memories of the kind described above.
Although the embodiments of the present invention have been described in conjunction with the accompanying drawings, those skilled in the art may make various modifications and variations without departing from the spirit and scope of the invention, and such modifications and variations fall within the scope defined by the appended claims.
Claims (10)
1. An information authentication method, comprising:
sending an authentication request to a server, wherein the authentication request carries an identification code of a terminal;
receiving feedback information from the server;
generating authentication information according to the feedback information and the identification code;
sending the authentication information to the server;
and receiving authentication result information from the server.
2. The method of claim 1, wherein generating authentication information based on the feedback information and the identification code comprises:
acquiring a first secret key preset by the terminal;
judging whether the feedback information is legal or not according to the first secret key;
if the feedback information is legal, extracting a second secret key and a first random number carried in the feedback information;
performing target encryption operation on the identification code and the first random number to obtain first ciphertext data, wherein the first ciphertext data carries information of the target encryption operation;
and encrypting and calculating the first ciphertext data and a second random number generated by the terminal by using the second secret key to generate the authentication information.
3. The method of claim 2, wherein the determining whether the feedback information is legal according to the first key comprises:
according to the first secret key, carrying out decryption calculation on the feedback information to obtain a second secret key;
judging whether the first secret key and the second secret key are matched with the identification code;
if the first secret key and the second secret key are matched with the identification code, determining that the feedback information is legal; otherwise, prompting the server to be an illegal platform; and
the receiving of the authentication result information from the server includes:
receiving a target file encryption package from the server;
and carrying out decryption calculation on the target file encryption packet by using the second random number of the terminal to obtain the target file.
4. An information authentication method, comprising:
receiving an authentication request from a terminal, wherein the authentication request carries an identification code of the terminal;
generating feedback information according to the identification code;
sending the feedback information to the terminal;
receiving authentication information from the terminal;
generating authentication result information according to the authentication information;
and sending the authentication result information to the terminal.
5. The method of claim 4, wherein generating feedback information based on the identification code comprises:
acquiring a second secret key and a first random number preset by the server according to the identification code;
and carrying out encryption calculation on the second secret key and the first random number to generate the feedback information.
6. The method of claim 5, wherein generating authentication result information from the authentication information comprises:
carrying out decryption calculation on the authentication information by using a preset third secret key to obtain a second random number and first ciphertext data of the terminal, wherein the first ciphertext data carries information of target encryption operation;
according to the information of the target encryption operation, the identification code and the first random number are subjected to the target encryption operation to obtain second ciphertext data;
judging whether the first ciphertext data is the same as the second ciphertext data;
if the first ciphertext data is the same as the second ciphertext data, determining that the terminal authentication is successful; and
the sending the authentication result information to the terminal includes:
acquiring a target file matched with the identification code;
carrying out encryption calculation on the target file by using the second random number to obtain a target file encryption package;
and sending the target file encryption package to the terminal.
7. An information authentication apparatus, comprising:
the first sending module is used for sending an authentication request to the server, wherein the authentication request carries an identification code of the terminal;
the first receiving module is used for receiving the feedback information from the server;
the first generating module is used for generating authentication information according to the feedback information and the identification code;
the second sending module is used for sending the authentication information to the server;
and the second receiving module is used for receiving the authentication result information from the server.
8. An information authentication apparatus, comprising:
a third receiving module, configured to receive an authentication request from a terminal, where the authentication request carries an identification code of the terminal;
the second generating module is used for generating feedback information according to the identification code;
a third sending module, configured to send the feedback information to the terminal;
a fourth receiving module, configured to receive authentication information from the terminal;
the third generation module is used for generating authentication result information according to the authentication information;
and the fourth sending module is used for sending the authentication result information to the terminal.
9. An electronic device, comprising:
a memory to store a computer program;
a processor configured to execute the method according to any one of claims 1 to 3, to send an authentication request to a server according to an identification code of a terminal, and to generate authentication information according to the received feedback information of the server and the identification code, and then to send the authentication information to the server, and to receive authentication result information of the server, so as to complete an information authentication process.
10. An electronic device, comprising:
a memory to store a computer program;
a processor configured to execute the method according to any one of claims 4 to 6, so as to generate feedback information according to an authentication request of a terminal and send the feedback information to the terminal, and then generate authentication result information according to the authentication information of the terminal and feed the authentication result information back to the terminal, so as to complete information authentication of the terminal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911035636.9A CN110784466B (en) | 2019-10-29 | 2019-10-29 | Information authentication method, device and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911035636.9A CN110784466B (en) | 2019-10-29 | 2019-10-29 | Information authentication method, device and equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110784466A true CN110784466A (en) | 2020-02-11 |
| CN110784466B CN110784466B (en) | 2022-07-12 |
Family
ID=69387189
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911035636.9A Active CN110784466B (en) | 2019-10-29 | 2019-10-29 | Information authentication method, device and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110784466B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111355787A (en) * | 2020-02-20 | 2020-06-30 | 北京汽车集团有限公司 | Information transmission method and device and electronic equipment |
| CN111460430A (en) * | 2020-04-23 | 2020-07-28 | 珠海格力电器股份有限公司 | Equipment installation and debugging control method and air conditioning system |
| CN111638466A (en) * | 2020-05-25 | 2020-09-08 | 中合动力(北京)新能源科技有限公司 | Method for identifying whether connection between detachable battery pack and finished vehicle is firm after replacement |
| CN112887282A (en) * | 2021-01-13 | 2021-06-01 | 国网新疆电力有限公司电力科学研究院 | Identity authentication method, device and system and electronic equipment |
| CN113285944A (en) * | 2021-05-19 | 2021-08-20 | 广西电网有限责任公司 | Network information security protection method and related equipment |
| CN114765608A (en) * | 2021-01-15 | 2022-07-19 | 广州汽车集团股份有限公司 | Management method and system for requesting to download OTA software package by vehicle machine and storage medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130133035A1 (en) * | 2011-11-21 | 2013-05-23 | Nidec Sankyo Corporation | System and method for mutual authentication |
| US20160112206A1 (en) * | 2014-10-16 | 2016-04-21 | Infineon Technologies North America Corp. | System and Method for Vehicle Messaging Using a Public Key Infrastructure |
| CN105871920A (en) * | 2016-06-08 | 2016-08-17 | 美的集团股份有限公司 | Communication system and method of terminal and cloud server as well as terminal and cloud server |
| US20170118190A1 (en) * | 2015-03-09 | 2017-04-27 | Michigan Health Information Network - Mihin | Method and apparatus for remote identity proofing service issuing trusted identities |
| CN106921640A (en) * | 2015-12-28 | 2017-07-04 | 航天信息股份有限公司 | Identity identifying method, authentication device and Verification System |
| US20190025817A1 (en) * | 2017-07-20 | 2019-01-24 | Walmart Apollo, Llc | Task management of autonomous product delivery vehicles |
| CN109862040A (en) * | 2019-03-27 | 2019-06-07 | 北京经纬恒润科技有限公司 | A kind of safety certifying method and Verification System |
-
2019
- 2019-10-29 CN CN201911035636.9A patent/CN110784466B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130133035A1 (en) * | 2011-11-21 | 2013-05-23 | Nidec Sankyo Corporation | System and method for mutual authentication |
| US20160112206A1 (en) * | 2014-10-16 | 2016-04-21 | Infineon Technologies North America Corp. | System and Method for Vehicle Messaging Using a Public Key Infrastructure |
| US20170118190A1 (en) * | 2015-03-09 | 2017-04-27 | Michigan Health Information Network - Mihin | Method and apparatus for remote identity proofing service issuing trusted identities |
| CN106921640A (en) * | 2015-12-28 | 2017-07-04 | 航天信息股份有限公司 | Identity identifying method, authentication device and Verification System |
| CN105871920A (en) * | 2016-06-08 | 2016-08-17 | 美的集团股份有限公司 | Communication system and method of terminal and cloud server as well as terminal and cloud server |
| US20190025817A1 (en) * | 2017-07-20 | 2019-01-24 | Walmart Apollo, Llc | Task management of autonomous product delivery vehicles |
| CN109862040A (en) * | 2019-03-27 | 2019-06-07 | 北京经纬恒润科技有限公司 | A kind of safety certifying method and Verification System |
Non-Patent Citations (1)
| Title |
|---|
| 石乐义等: "《基于共享秘密的伪随机散列函数 RFID 双向认证协议》", 《电子与信息学报》 * |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111355787A (en) * | 2020-02-20 | 2020-06-30 | 北京汽车集团有限公司 | Information transmission method and device and electronic equipment |
| CN111460430A (en) * | 2020-04-23 | 2020-07-28 | 珠海格力电器股份有限公司 | Equipment installation and debugging control method and air conditioning system |
| CN111638466A (en) * | 2020-05-25 | 2020-09-08 | 中合动力(北京)新能源科技有限公司 | Method for identifying whether connection between detachable battery pack and finished vehicle is firm after replacement |
| CN111638466B (en) * | 2020-05-25 | 2024-03-29 | 中合动力(北京)新能源科技有限公司 | Method for identifying whether detachable battery pack is firmly connected with whole vehicle after replacement |
| CN112887282A (en) * | 2021-01-13 | 2021-06-01 | 国网新疆电力有限公司电力科学研究院 | Identity authentication method, device and system and electronic equipment |
| CN112887282B (en) * | 2021-01-13 | 2023-06-20 | 国网新疆电力有限公司电力科学研究院 | Identity authentication method, device, system and electronic equipment |
| CN114765608A (en) * | 2021-01-15 | 2022-07-19 | 广州汽车集团股份有限公司 | Management method and system for requesting to download OTA software package by vehicle machine and storage medium |
| CN113285944A (en) * | 2021-05-19 | 2021-08-20 | 广西电网有限责任公司 | Network information security protection method and related equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110784466B (en) | 2022-07-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110784466B (en) | Information authentication method, device and equipment | |
| US11463427B2 (en) | Technologies for token-based authentication and authorization of distributed computing resources | |
| US8856536B2 (en) | Method and apparatus for secure firmware download using diagnostic link connector (DLC) and OnStar system | |
| CN110225063B (en) | Upgrading method and system of automobile-mounted system, server and vehicle-mounted terminal | |
| CN110597538B (en) | Software upgrading method and OTA upgrading system based on OTA upgrading system | |
| US10997305B2 (en) | Information processing device, information processing method, and distributed component | |
| CN111131246B (en) | Information upgrading and backup method and system suitable for embedded equipment of power system | |
| US8417954B1 (en) | Installation image including digital signature | |
| EP1712992A1 (en) | Updating of data instructions | |
| WO2015161683A1 (en) | Unified apk signing method and system thereof | |
| CN105227680A (en) | A kind of smart machine file download Validity control method | |
| CN115396121B (en) | Security authentication method for security chip OTA data packet and security chip device | |
| CN112291201B (en) | Service request transmission method and device and electronic equipment | |
| CN114662087B (en) | Multi-terminal verification security chip firmware updating method and device | |
| CN111130798A (en) | Request authentication method and related equipment | |
| CN114327532A (en) | Automobile OTA (over the air) upgrade information security implementation method based on digital signature and encryption | |
| CN114637987A (en) | Security chip firmware downloading method and system based on platform verification | |
| CN111510448A (en) | Communication encryption method, device and system in OTA (over the air) upgrade of automobile | |
| CN109446752B (en) | Copyright file management method, system, device and storage medium | |
| CN112350821A (en) | Method, device and system for acquiring secret key | |
| CN110414269B (en) | Processing method, related device, storage medium and system of application installation package | |
| JP2009199147A (en) | Communication control method and communication control program | |
| CN113221074B (en) | Offline authorization method | |
| CN114500150A (en) | Communication method and device based on CAN bus and operation machine | |
| CN112491879A (en) | Method for remotely updating firmware, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |