Disclosure of Invention
In order to solve the technical problems, the invention provides an electric vehicle charging service method capable of protecting privacy, which adopts the technical scheme that:
an electric vehicle charging service method capable of protecting privacy comprises the following steps:
s1: an EV (Electric Vehicle) verifies the correctness of a certificate broadcasted by an RSU (Road Side Unit) after receiving the certificate, and extracts a public key PK of the RSU from the certificate after the certificate passes the verificationRSUAnd according to the public key PKRSUCalculating a temporary session key K of the EV and the RSUEV,RSU(ii) a The local database of the EV is prestored with a set PID (proportion integration differentiation) formed by n pseudo identities which are distributed by a trusted center TA and correspond to the real identity of the EV, and a set (PPK, PSK) formed by a key pair which is distributed by a charging service provider CSP for each pseudo identity in the pseudo identity set PID and used for authenticating the charging service, wherein each key pair comprises a component PPKjAnd component PSKj,PPKjRepresenting key components independent of pseudo-identity, PSKjRepresenting a key component associated with a pseudo-identity, PID ═ PID1,PID2,…PIDn},(PPK,PSK)={(PPK1,PSK1),(PPK2,PSK2),…(PPKn,PSKn)},j={1,2…n};
S2: EV selects a pseudo-identity PID from the pseudo-identity set and the key pair set respectivelyiAnd a corresponding key pair (PPK)i,PSKi) To calculate a temporary token TOK for RSU authentication identityi,i={1,2…n}
S3: the EV sends a charging request to the RSU, wherein the charging request comprises a temporary token TOKiAnd by a temporary session key KEV,RSUEncrypted pseudo-identity information and key pair information;
s4: the RSU calculates a temporary session key K between the RSU and the EV after receiving the charging requestEV,RSUThe charging request is decrypted by the pseudo identity information and the key pair information;
s5: RSU based on received TOKiJudging whether the EV is a legal authorized user or not by the decrypted pseudo-identity information and the decrypted key pair information, if so, turning to S7, and otherwise, turning to S6;
s6: the RSU refuses the charging service;
s7, RSU calculates seed key α of temporary session key between EV and CP (Charging pad), binds calculated seed key α with false identity information of EV and passes KRSU,CPSending the encrypted seed key to the CP, binding the calculated seed key with the pseudo identity information of the EV and passing through the KEV,RSUEncrypted and sent to the corresponding EV, wherein KRSU,CPRepresenting a temporary session symmetric key negotiated in advance between the RSU and the CP;
s8: EV passage KEV,RSUDecrypting the message yields a seed key α from which a one-time session key α is generatediAnd use one-time session key αiGenerating an authentication code and transmitting the authentication code to the CP;
s9: CP through KRSU,CPDecrypting the message yields a seed key α from which a one-time session key α is generatediVerifying the authentication code sent by the EV based on the one-time session key, and providing charging service to the EV after the verification is passed;
s10: CP totaling as PIDiThe marked EV provides the total electric energy, and sends corresponding total electric energy information to the RSU;
s11: the RSU generates PID according to the received total electric energy informationiBilling the identified EV and sending the bill to the corresponding EV;
s12: the RSU, upon receiving the EV's payment message, checks the bill and returns an acknowledgement message.
Further, before step S1, the method further includes the step of initializing the system, where the initializing the system includes the following sub-steps:
s011: the TA (Trusted Authority) generates the public parameters of the system and the public key PK of the TA according to the preset security parametersTAAnd a private key SKTA;
S012: CSP (Charging Service Provider) sends its own ID to TACSPRequesting registration;
s013: TA generates CSP public key PK after confirming CSP sent identity information is legal
CSPAnd a private key SK
CSPAnd generates the CSP public key certificate Cert by using the TA private key
CSPAnd the system public parameter, PK, is connected through a secure channel
CSP、SK
CSPAnd Cert
CSPIs sent to the CSP and then sent to the CSP,
representation through SK
TAFor ID
CSPAnd PK
CSPA signature generated after encryption;
s014: CSP generates corresponding ID for each CP in its management rangeCPThen using the private key SK of CSPCSPFor IDCPGenerating a signature SignSKCSP(IDCP) And sending the signature to a corresponding CP through a secure channel;
s015: RSU directionTA sends its own identity information IDRSURequesting registration;
s016: the TA generates a public key PK of the RSU after confirming that the identity information sent by the RSU is legal
RSUPrivate key SK
RSUAnd public key certificate Cert of RSU
RSUAnd the system public parameter, PK, is connected through a secure channel
RSU、SK
RSUAnd Cert
RSUIs sent to the RSU and then sent to the RSU,
representation through SK
TAFor ID
RSUAnd PK
RSUA signature generated after encryption;
s017: the RSU negotiates a temporary session symmetric key for ensuring safe communication with the CP in the communication range of the RSU, and stores the negotiated temporary session symmetric key locally for subsequent safe communication;
s018: EV needing charging service sends its own real identity information RID to TAEVRequesting registration;
s019: the TA generates a public key PK of the EV after confirming that the real identity information of the EV is legal
EVPrivate key SK
EVAnd the public key certificate Cert of the EV
EVAnd generates a set PID consisting of n pseudo-identities for the EV according to the real identity of the EV,
representation through SK
TAFor RID
EVAnd PK
EVA signature generated after encryption;
s020: TA uses its private key SK
TATrue identity RID for EV
EVSigning with corresponding pseudo identity PID to obtain
S021: TA sends the system public parameter, PK through the secure channel
EV、SK
EV、Cert
EVPID and
sending the information to the EV;
s022: and the EV stores a pseudo identity set PID corresponding to the real identity of the EV in a local tamper-proof equipment unit.
Further, the system public parameters comprise a generator P of the system cycle group and a one-way hash function of the system;
PID
j=(PID
j,1,PID
j,2),PID
j,1and PID
j,2PID representing a pseudo-identity
jIs calculated by the formula PID in step S019
j,1=d
jP compute meta-component PID
j,1By the formula
Compute meta-component PID
j,2,d
jRandom number indicating TA selection, H
1A first one-way hash function representing a system;
further, after the system initialization step and before step S1, the method further includes:
s031: EV sends a request M for subscribing charging service to CSP
1Wherein
t1 denotes EV Generation subscription charging service request M
1The time stamp generated at the time of the clock,
s032: the charging service provider CSP receives a request M for subscribing the charging service sent by the EV when registering
1Then, use private key SK
CSPDecrypt the message, if not, abort the session, otherwise check the timestamp t1 and use the public key PK of the TA
TAChecking signatures
If not, stopping the session, otherwise, recording the charging service registration information of the EV in a database and executing the step S033;
s033: the CSP generates n pairs of key pairs for authenticating the charging service for the EV, and generates a message M of the key pairs for authenticating the charging service using the set of key pairs
2And M is
2Is sent to the EV, wherein
t2 denotes a message M that the CSP generates a key pair for authenticating the charging service
2A time stamp generated;
s034: EV uses its private key SK
EVTo the received message M
2Decrypting, if not, terminating the session, otherwise, checking the timestamp t2 and using the CSP's public key PK
CSPChecking signatures
If not, aborting the session, otherwise storing a set of key pairs (PPK, PSK) for the authentication service on the tamper resistant device unit of the vehicle.
Further, step S033 includes:
CSP by formula PPKj=rjP calculates the key components independent of the pseudo-identity and passes the formula PSKj=rj+H2(PIDj,PPKj)·SKCSPmod q computes a key component, r, associated with the pseudo-identityjRandom number representing CSP selection, H2A second one-way hash function representing the system.
Further, the step of the RSU negotiating the temporary session symmetric key with the CP includes:
s041: the CP verifies the correctness of the certificate broadcasted by the RSU after receiving the certificate, and extracts the public key PK of the RSU from the certificate after the verification is passedRSUAnd selecting a random number mu to calculate KCPAnd KRSU,CP,KCP=μ·P,KRSU,CP=μ·PKRSU;
S042: CP sending message
Giving RSU, wherein nonces represent random numbers selected by CP;
s043: RSU passes through CSP public key PK after receiving message sent by CP
CSPVerifying if the signature in the received message was signed by the CSP, e.g., by obtaining K
CPAnd formula K
RSU,CP=SK
RSU·K
CPCalculate K
RSU,CPAnd using the calculated K
RSU,CPDecrypting the message to obtain a nonce and sending the message
Feeding the CP;
s044: CP uses KRSU,CPAnd decrypting the received message, and judging whether the decrypted message is equal to nonce +1, if so, successfully negotiating the temporary session symmetric key between the RSU and the CP, otherwise, failing to negotiate the temporary session symmetric key between the RSU and the CP.
Further, the RSU and CP periodically update the temporary session symmetric key between the two.
Further, step S1 includes: EV according to formula KEV,RSU=x·PKRSUCalculating a temporary session key K for secure communication with an RSUEV,RSUX represents a random number for EV selection;
temporary token TOKiComprises TOKi,1And TOKi,2Step S2 includes: EV passing formula TOKi,1Calculating TOK as x.Pi,1And by the formula TOKi,2=PSKi+H3(PIDi,PPKi,TOKi,1Request, t 3). x mod q to calculate TOKi,2,H3A third one-way hash function representing the system, request representing charging parameter information, and t3 representing EV calculation TOKiA time stamp generated;
step S3 includes: EV sends charging request M to RSU
3,
Step S4 includes: RSU by formula KEV,RSU=SKRSU·TOKi,1Calculate a temporary session key K between it and the EVEV,RSUAnd decrypts the received M using the temporary session key3Get { PIDi,PPKi,t3};
Step S5 includes: the RSU checks the timestamp t3 based on the received TOKi,1、TOKi,2And decrypted to obtain { PIDi,PPKiJudging whether the equation for verifying the identity validity is established, if so, going to S7, otherwise, going to S6, wherein the equation for verifying the identity validity is as follows:
TOKi,2·P=PPKi+H2(PIDi,PPKi)·PKCSP+H3(PIDi,PPKi,TOKi,1,request,t3)·TOKi,1。
further, step S7 includes:
s71, the RSU selects a random number α as a seed key for calculating the temporary session key between the EV and the CP, and calculates
RES
2=HMACK
EV,RSU(PID
iα, t4), t4 denotes the time stamp of RSU generation when calculating RES1 and RES2, RES
1Indicates the use of K
EV,RSUTo PID
iα and t4, RES
2Representation to PID
iThe hashed message authentication codes generated by α and t 4;
s72: RSU sends message M
4To EV and send message M
5For each CP controlled by the RSU, where M
4={RES
1,RES
2,t4},
t5 denotes the RSU generation message M
5Time stamps generated.
Further, the method further comprises:
if the RSU does not receive the payment message of the EV within the preset time period, the pseudo identity information of the EV which does not pay the charging service fee successfully is recorded and sent to the TA, and the TA calculates the real identity corresponding to the pseudo identity information after receiving the pseudo identity information of the EV sent by the RSU and publishes the real identity of the EV.
According to the electric vehicle charging service method capable of protecting privacy, the electric vehicle generates the temporary token by using the key pair distributed by the charging service provider and the pseudo identity distributed by the credible center, the temporary token is used for authenticating the roadside unit, after the authentication is passed, the roadside unit sends the seed key required by the authentication of the electric vehicle and the charging panel, the challenge response is carried out by using the one-time session key generated by the seed key to finish the authentication, and after the authentication is passed, the charging panel provides service for the electric vehicle to start charging.
Detailed Description
In order to make the technical problems, technical solutions and advantages of the present invention more apparent, the following detailed description is given with reference to the accompanying drawings and specific embodiments, it being understood that the specific embodiments described herein are merely illustrative of the present invention and are not intended to limit the present invention.
The present embodiment provides an electric vehicle charging service method capable of protecting privacy, which is applied to an electric vehicle charging service system, and the system structure is shown in fig. 1, and includes TA, CSP, RSU, CP and EV. The TA is responsible for system initialization and distribution of public and private key pairs of each entity in the system, the CSP is responsible for registration and authorization of the EV, the RSUs are independent of each other, the RSU is responsible for authenticating the EV and distributing a one-time session key used for authenticating a CP controlled by the EV, and the CP is responsible for providing charging service for the authenticated and authorized EV.
Specifically, the flow of the electric vehicle charging service method capable of protecting privacy provided by this embodiment may be shown in fig. 2, and includes the following steps:
s1: the electric vehicle EV verifies the correctness of the certificate after receiving the certificate broadcasted by the roadside unit RSU, and extracts the public key PK of the RSU from the certificate after the verification is passedRSUAnd according to the public key PKRSUCalculating a temporary session key K of the EV and the RSUEV,RSU(ii) a The local database of the EV is prestored with a set PID (proportion integration differentiation) formed by n pseudo identities which are distributed by a trusted center TA and correspond to the real identity of the EV, and a set (PPK, PSK) formed by a key pair which is distributed by a charging service provider CSP for each pseudo identity in the pseudo identity set PID and used for authenticating the charging service, wherein each key pair comprises a component PPKjAnd component PSKj,PPKjRepresenting key components independent of pseudo-identity, PSKjRepresenting a key component associated with a pseudo-identity, PID ═ PID1,PID2,…PIDn},(PPK,PSK)={(PPK1,PSK1),(PPK2,PSK2),…(PPKn,PSKn)},j={1,2…n};
S2: EV selects a pseudo-identity PID from the pseudo-identity set and the key pair set respectivelyiAnd a corresponding key pair (PPK)i,PSKi) To calculate a temporary token TOK for RSU authentication identityi,i={1,2…n}
S3: the EV sends a charging request to the RSU, wherein the charging request comprises a temporary token TOKiAnd by a temporary session key KEV,RSUEncrypted pseudo-identity information and key pair information;
s4: the RSU calculates a temporary session key K between the RSU and the EV after receiving the charging requestEV,RSUAnd using it to decrypt the charging request to obtain pseudo-identity information and key pair information;
S5: RSU based on received TOKiJudging whether the EV is a legal authorized user or not by the decrypted pseudo-identity information and the decrypted key pair information, if so, turning to S7, and otherwise, turning to S6;
s6: the RSU refuses the charging service;
s7, the RSU calculates a seed key α of the temporary session key between the EV and the charging pad CP, binds the calculated seed key α with the pseudo-identity information of the EV and passes through the KRSU,CPSending the encrypted seed key to the CP, binding the calculated seed key with the pseudo identity information of the EV and passing through the KEV,RSUEncrypted and sent to the corresponding EV, wherein KRSU,CPRepresenting a temporary session symmetric key negotiated in advance between the RSU and the CP;
s8: EV passage KEV,RSUDecrypting the message yields a seed key α from which a one-time session key α is generatediAnd use one-time session key αiGenerating an authentication code and transmitting the authentication code to the CP;
s9: CP through KRSU,CPDecrypting the message yields a seed key α from which a one-time session key α is generatediVerifying the authentication code sent by the EV based on the one-time session key, and providing charging service to the EV after the verification is passed;
s10: CP totaling as PIDiThe marked EV provides the total electric energy, and sends corresponding total electric energy information to the RSU;
s11: the RSU generates PID according to the received total electric energy informationiBilling the identified EV and sending the bill to the corresponding EV;
s12: the RSU, upon receiving the EV's payment message, checks the bill and returns an acknowledgement message.
It should be noted that, before step S1, a step of initializing the system may be further included, and a specific process may be shown in fig. 3, where initializing the system includes the following sub-steps:
s011: the trusted center TA generates a system public parameter and a public key PK of the TA according to a preset safety parameterTAAnd a private key SKTA。
Through step S011, the TA completes initialization. The system common parameters in this embodiment include two large prime numbers p and q, and an elliptic curve E: y is2=x3+ ax + b mod P, a cyclic group G of order q, a generator P of the cyclic group G, and a one-way hash function of the system. The relationship PK between the public key and the private key of the TA is satisfied in the embodimentTA=SKTA·P。
S012: the CSP sends its own ID information to TACSPRegistration is requested.
S013: TA generates CSP public key PK after confirming CSP sent identity information is legal
CSPAnd a private key SK
CSPAnd generates the CSP public key certificate Cert by using the TA private key
CSPAnd the system public parameter, PK, is connected through a secure channel
CSP、SK
CSPAnd Cert
CSPIs sent to the CSP and then sent to the CSP,
representation through SK
TAFor ID
CSPAnd PK
CSPAnd (4) encrypting the generated signature.
Public key certificate Cert
CSPIncluding identity information ID of CSP
CSPCSP public key PK
CSPAnd signatures
It should be noted that TA may select a random number s
CSPPrivate key SK as CSP
CSPWherein
Means that positive integers are modulo-q operated and according to the formula PK
CSP=s
CSPP calculates the public key PK of CSP
CSP。
S014: CSP generates corresponding ID for each CP in its management range
CPThen using the private key SK of CSP
CSPFor ID
CPGenerating signatures
And make the labelThe name is sent to the corresponding CP over the secure channel.
The initialization of the CSP is completed through steps S012 to S104, and it should be noted that in this embodiment, the CSP is initialized
S015: RSU sends self identity information ID to TARSURegistration is requested.
S016: the TA generates a public key PK of the RSU after confirming that the identity information sent by the RSU is legal
RSUPrivate key SK
RSUAnd public key certificate Cert of RSU
RSUAnd the system public parameter, PK, is connected through a secure channel
RSU、SK
RSUAnd Cert
RSUIs sent to the RSU and then sent to the RSU,
representation through SK
TAFor ID
RSUAnd PK
RSUAnd (4) encrypting the generated signature.
Specifically, the TA may select a random number s after confirming that the identity information of the RSU is legal
RSUSK as private key of RSU
RSUWherein
And according to formula PK
RSU=s
RSUP calculates the public key PK of the RSU
RSU。
S017: the RSU negotiates temporary session symmetric keys for ensuring secure communication with the CPs within the communication range of the RSU, and stores the negotiated temporary session symmetric keys locally for subsequent secure communication respectively.
Through steps S015 to S017, the RSU completes initialization.
S018: EV needing charging service sends its own real identity information RID to TAEVRegistration is requested.
S019: the TA generates a public key PK of the EV after confirming that the real identity information of the EV is legal
EVPrivate key SK
EVAnd the public key certificate Cert of the EV
EVAnd generates a set PID consisting of n pseudo-identities for the EV according to the real identity of the EV,
representation through SK
TAFor RID
EVAnd PK
EVAnd (4) encrypting the generated signature.
Specifically, the TA may select a random number s after confirming that the identity information of the EV is valid
EVPrivate key SK as EV
EVWherein
And according to formula PK
EV=s
EVP calculates the EV's public key PK
EV。
Jth pseudo identity PID of EV in this embodimentjUsing a pseudo-identity tuple (PID)j,1,PIDj,2) And (4) showing.
I.e. PID
j=(PID
j,1,PID
j,2),PID
j,1And PID
j,2PID representing a pseudo-identity
jCan be calculated by formula PID in step S019
j,1=d
jP compute meta-component PID
j,1By the formula
Compute meta-component PID
j,2,d
jRandom number representing TA selection, H1 representing the first one-way hash function of the system, H
1(d
j·PK
TA) Representing d by a first one-way hash function
j·PK
TAAnd performing conversion processing.
S020: TA uses its private key SK
TATrue identity RID for EV
EVSigning with corresponding pseudo identity PID to obtain
S021: TA sends the system public parameter, PK through the secure channel
EV、SK
EV、Cert
EVPID and
and sending the information to the EV.
S022: and the EV stores a pseudo identity set PID corresponding to the real identity of the EV in a local tamper-proof equipment unit.
The EV completes initialization in step S018 to step S022.
Each EV requiring charging service registration needs to be performed with the CSP, and a specific registration process can be shown in fig. 4. generally, an EV sends a registration request to the CSP before first use, where the registration request is also referred to as a request for subscribing to charging service.
That is, in the present embodiment, after the system initialization step and before step S1, the method further includes the following steps:
s031: EV sends a request M for subscribing charging service to CSP
1Wherein
t1 denotes EV Generation subscription charging service request M
1Time stamps generated.
It should be noted that, in order to ensure that the pseudo identity of the EV is issued by the TA and the association between the real identity and the pseudo identity is between the real identity and the pseudo identity, the subscription charging service request further includes a signature sent by the TA to the EV using its private key to the real identity and the pseudo identity of the EV when the EV registers with the TA.
S032: CSP receives a request M for subscribing charging service sent by EV during registration
1Then, use private key SK
CSPDecrypt the message, if not, abort the session, otherwise check the timestamp t1 and use the public key PK of the TA
TAChecking signatures
If not, the session is aborted, otherwise the charging service registration information of the EV is recorded in the database and step S033 is performed.
S033: the CSP generates n pairs of key pairs for authenticating the charging service for the EV, and generates a message M of the key pairs for authenticating the charging service using the set of key pairs
2And M is
2Is sent to the EV, wherein
t2 denotes a time stamp generated when the CSP generates the message M2 for authenticating the key pair of the charging service,
private key SK representing use of CSP
CSPThe generated signature is encrypted with a set of generated key components not related to the pseudo-identity PPK, a set of generated key components related to the pseudo-identity PSK and a time stamp t 2.
Public key pair PPK, PSK, t2 and representing the use of EV
And (4) encrypting.
A flow chart of EV access to charging service can be seen in fig. 5, and it should be noted that, in step S033, the CSP can use the formula PPK
jCalculating key components independent of false identity (Rp), and performing PSK (phase Shift keying) by using formula
j=r+H
2(PID
j,PPK
j)·SK
CSPmod q computes a key component, r, associated with the pseudo-identity
jThe random number representing the CSP's choice is,
H
2a second one-way hash function, H, representing the system
2(PID
j,PPK
j) Representing PID pairs using a second one-way hash function
jAnd PPK
jFor the conversion process, it should be noted that mod represents a modulo operation.
S034: EV uses its private key SK
EVTo the received message M
2Decrypting, if not, terminating the session, otherwise, checking the timestamp t2 and using the CSP's public key PK
CSPChecking signatures
If not, aborting the session, otherwise using the key for authenticating the serviceThe set of pairs (PPK, PSK) is stored on a tamper-proof device unit of the vehicle.
It should be noted that in this embodiment, the RSU broadcasts its certificate, which can be received by both the EV and the CP within its communication range. Certificate broadcast by RSU
Indicating the use of SK
TAFor ID
RSUAnd PPK
RSUEncrypted signature, RSU broadcast certificate including ID
RSU、PPK
RSUAnd
EV receives certificate CertRSUPublic key PK of TA can be used laterTAThe certificate is verified for correctness. If the certificate is incorrect, the session is aborted, otherwise, the EV obtains the public key PK of the RSU from the certificateRSU。
The step of the RSU negotiating the temporary session symmetric key with the CP includes:
s041: the CP verifies the correctness of the certificate broadcasted by the RSU after receiving the certificate, and extracts the public key PK of the RSU from the certificate after the verification is passed
RSUAnd selecting a random number mu to calculate K
CPAnd K
RSU,CP,K
CP=μ·P,K
RSU,CP=μ·PK
RSUWherein
S042: CP sending message
To the RSU, where nonce denotes the random number selected by the CP.
Wherein,
indicates the use of K
RSU,CPEncrypting the nonceAnd (4) information.
S043: RSU passes through CSP public key PK after receiving message sent by CP
CSPVerifying if the signature in the received message was signed by the CSP, e.g., by obtaining K
CPAnd formula K
RSU,CP=SK
RSU·K
CPCalculate K
RSU,CPAnd using the calculated K
RSU,CPDecrypting the message to obtain a nonce and sending the message
Feeding the CP;
s044: CP uses KRSU,CPAnd decrypting the received message, and judging whether the decrypted message is equal to nonce +1, if so, successfully negotiating the temporary session symmetric key between the RSU and the CP, otherwise, failing to negotiate the temporary session symmetric key between the RSU and the CP.
In order to ensure the communication security, the RSU and the CP may periodically update the temporary session symmetric key between the RSU and the CP.
It should be noted that the EV obtains the public key PK of the RSU from the certificate broadcast by the RSU
RSUCan then be based on formula K
EV,RSU=x·PK
RSUCalculating a temporary session key K for secure communication with an RSU
EV,RSUX represents a random number for EV selection,
temporary token TOK in this embodimentiComprises TOKi,1And TOKi,2Step S2 includes: EV passing formula TOKi,1Calculating TOK as x.Pi,1And by the formula TOKi,2=PSKi+H3(PIDi,PPKi,TOKi,1Request, t 3). x mod q to calculate TOKi,2,H3A third one-way hash function representing the system, request representing charging parameter information, such as battery and coil type information and charging rate information of the EV, and t3 representing the TOK calculated by the EViTime stamps generated.
Step S3 includes: EV sends charging request M to RSU
3,
Step S4 includes: RSU by formula KEV,RSU=SKRSU·TOKi,1Calculate a temporary session key K between it and the EVEV,RSUAnd decrypts the received M using the temporary session key3Get { PIDi,PPKi,t3}。
Step S5 includes: the RSU checks the timestamp t3 based on the received TOKi,1、TOKi,2And decrypted to obtain { PIDi,PPKiJudging whether the equation for verifying the identity validity is established, if so, going to S7, otherwise, going to S6, wherein the equation for verifying the identity validity is as follows:
TOKi,2·P=PPKi+H2(PIDi,PPKi)·PKCSP+H3(PIDi,PPKi,TOKi,1,request,t3)·TOKi,1。
it should be noted that step S7 in the present embodiment may include the following steps:
s71, the RSU selects a random number α as a seed key for computing the temporary session key between the EV and the CP, wherein,
and calculate
t4 denotes that RSU is calculating RES
1And RES
2Time-generated time stamps, RES
1Indicates the use of K
EV,RSUTo PID
iα and t4, RES
2Representation to PID
iα, and t 4.
S72: RSU sends message M
4To EV and send message M
5For each CP controlled by the RSU, where M
4={RES
1,RES
2,t4},
t5 denotes the RSU generation message M
5Time stamps generated.
Wherein,
representing the use of the private Key SK
RSUTo PID
iα and t5 are encrypted,
indicates the use of K
EV,RSUTo PID
iα, t5 and
and (4) encrypting the obtained message.
RSU sends message M4Sends to EV and sends message M5After sending to the CP, the EV and CP are based on message M4And message M5An authentication process is implemented. Specifically, the authentication between the EV and the CP includes the following procedures:
EV receives message M from RSU4Check the timestamp t4 and use the temporary session key KEV,RSUDecrypting message RES1To obtain (PID)iα, t4) and is derived from the decryption (PID)iα, t4) calculating RES'2=HMACKEV,RSU(PIDiα, t4) and RES'2The EV aborts the session if they are not equal to the received RES2, otherwise, the EV gets a seed key α for computing the one-time session key for EV and CP authentication;
each CP receives the message from RSU, decrypts the message by using symmetric key pre-distributed by TA, if not, stops the session, otherwise, checks whether the signature is correct, if not, stops the session, otherwise, calculates its one-time session key α by using the fourth one-way hash function of the systemi。
Specifically, when the electric vehicle passes through the ith charging pad CP, an AuthCode having a random number r is transmitted to prove that the electric vehicle passes the verification of the RSU, where AuthCode is H5(αiR), CP verificationAfter passing, the authentication is carried out by sending an acknowledgement code ConfCode, wherein ConfCode is H5(αi,r,1),H5A fifth one-way hash function representing the system, once authentication is complete, the CP will open to charge the EV.
Preferably, the method provided by this embodiment further includes the following steps:
if the RSU does not receive the payment message of the EV within the preset time period, the pseudo identity information of the EV which does not pay the charging service fee successfully is recorded and sent to the TA, the TA calculates the real identity corresponding to the pseudo identity information after receiving the pseudo identity information of the EV sent by the RSU, and publishes the real identity of the EV, and the tracing of the identity of the illegal action is realized based on privacy protection.
It should be noted that, with the solution provided in this embodiment, after the EV is successfully registered on the CSP, the EV does not need to perform information interaction with the CSP, that is, the EV does not need to pass the authentication of the CSP every time the EV subsequently initiates a charging service request, so that the data throughput of the CSP is reduced, and even if the CSP goes wrong or goes offline, the EV can obtain the charging service.
After the EV charging of the electric vehicle is finished, each charging plate CP changes the EV charging into a charging state according to PIDiThe electric energy provided by the identified EV is sent to a roadside unit RSU, and after the RSU receives the information of the charging panel, the total number of the electric energy is counted as PIDiGenerating a corresponding bill by the electric energy provided by the identified EV and sending the bill to the EV; the EV completes payment immediately after receiving the bill, and the specific flow can be seen in fig. 6.
Specifically, each CP can combine messages
Sent to the RSU, where PIDi is the pseudo-identity of the EV,
and
PID respectively representing the ith charging plate as a pseudo identity
iStart time and end time of EV charging,E
piPID for indicating the ith charging plate as a false identity
iT6 represents the timestamp generated by the CP at the current time.
RSU receives message M sent by charging panel
6Using a pre-distributed symmetric key K
RSU,CPIs decrypted to obtain
Will be calculated
Is compared with the received value of
Comparing, if not, stopping conversation, otherwise, RSU counting to obtain N charging plates as false ID PID
iElectric energy supplied by the EV
The RSU calculates the pseudo-identity PID according to the current electricity price
iThe EV to be paid charges account, generates a bill message
Sent to the EV, t7 represents the timestamp generated by the RSU at the current time.
EV received message M
7Thereafter, the key K is used
RSU,CPDecrypting messages and verifying results of calculations
Is compared with the received value of
If not, discarding the message; otherwise, the EV returns a payment message
To the RSU, where coin represents the proof of payment, t8 represents the timestamp that the EV generated at the current time.
RSU receives EV payment message M
7Thereafter, the key K is used
RSU,CPDecrypt messages and determine
And
whether the value is correct. If the payment is correct, the RSU returns a payment confirmation message representing that the EV payment is successful
Wherein succ represents payment success; otherwise, the EV is not paid successfully, it is recorded by the RSU, and t9 represents the timestamp generated when the RSU returns the payment confirmation message.
And when the charging of the electric vehicle EV is finished, the payment is not finished, and the RSU records the false identity of the electric vehicle which is not paid successfully. At intervals (e.g., one week), the recorded list is sent to the trust center TA, which reveals and publishes the true identity of the EV.
Specifically, the RSU may list the pseudo-identities of EVs that have not successfully paid for charging services
Sending to TA, receiving RSU message M by trusted center
10Check the timestamp t10, and calculate
Revealing the true identity of the EV to penalize the EV with improper behavior, t10 representing the timestamp generated when the RSU sends the list of pseudo-identities, the flow of identity tracing can be seen in fig. 7.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal (such as a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
While the present invention has been described with reference to the embodiments shown in the drawings, the present invention is not limited to the embodiments, which are illustrative and not restrictive, and it will be apparent to those skilled in the art that various changes and modifications can be made therein without departing from the spirit and scope of the invention as defined in the appended claims.