CN111163439A - Vehicle-mounted unit charging and card punching method based on asymmetric algorithm - Google Patents

Vehicle-mounted unit charging and card punching method based on asymmetric algorithm Download PDF

Info

Publication number
CN111163439A
CN111163439A CN201911365758.4A CN201911365758A CN111163439A CN 111163439 A CN111163439 A CN 111163439A CN 201911365758 A CN201911365758 A CN 201911365758A CN 111163439 A CN111163439 A CN 111163439A
Authority
CN
China
Prior art keywords
vehicle
information
unit
road side
side unit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201911365758.4A
Other languages
Chinese (zh)
Other versions
CN111163439B (en
Inventor
李东声
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tendyron Corp
Original Assignee
Tendyron Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tendyron Corp filed Critical Tendyron Corp
Priority to CN201911365758.4A priority Critical patent/CN111163439B/en
Publication of CN111163439A publication Critical patent/CN111163439A/en
Application granted granted Critical
Publication of CN111163439B publication Critical patent/CN111163439B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/40Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B15/00Arrangements or apparatus for collecting fares, tolls or entrance fees at one or more control points
    • G07B15/06Arrangements for road pricing or congestion charging of vehicles or vehicle users, e.g. automatic toll systems
    • G07B15/063Arrangements for road pricing or congestion charging of vehicles or vehicle users, e.g. automatic toll systems using wireless information transmission between the vehicle and a fixed station
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Business, Economics & Management (AREA)
  • Finance (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Devices For Checking Fares Or Tickets At Control Points (AREA)
  • Traffic Control Systems (AREA)

Abstract

The invention provides a vehicle-mounted unit charging method based on an asymmetric algorithm, which comprises the following steps: the vehicle-mounted unit sends a communication link establishment response to the road side unit, and the communication link establishment response comprises the following steps: the vehicle unit communication parameters, the vehicle unit application parameters and the first random factor RND 1; the road side unit generates a second random factor RND2, acquires the current time RTC1 and entrance information, signs the first information to be signed by using a private key to obtain first signature information SIG1, and sends a fee deduction request to the vehicle-mounted unit; the vehicle-mounted unit acquires the road side unit certificate CERT1, checks the first signature information SIG1, generates recording information after the first signature information SIG1 passes the check, and signs the second information to be signed by using a private key to obtain second signature information SIG 2; sending a transaction credential to a roadside unit, comprising: the in-vehicle unit certificate CERT2 and the second signature information SIG 2; and the road side unit verifies the legality of the vehicle-mounted unit certificate CERT2, verifies the signature of the second signature information SIG2 after the vehicle-mounted unit certificate CERT2 passes, and performs subsequent operations after the vehicle-mounted unit certificate SIG2 passes. The transaction safety of the ETC system is improved.

Description

Vehicle-mounted unit charging and card punching method based on asymmetric algorithm
Technical Field
The invention relates to the technical field of electronics, in particular to a vehicle-mounted unit charging method based on an asymmetric algorithm and a vehicle-mounted unit card punching method based on the asymmetric algorithm.
Background
An ETC (Electronic Toll Collection) system performs wireless communication and information exchange between an on-vehicle device mounted on a vehicle and an antenna mounted on a Toll gate lane. The system mainly comprises an automatic vehicle identification system, a central management system, other auxiliary facilities and the like. The automatic vehicle identification system includes an on-board unit (OBU), also called a Transponder (Transponder) or an electronic Tag (Tag), a roadside unit (RSU), a loop sensor, and the like. The OBU stores identification information of the vehicle and is typically mounted on the windshield in front of the vehicle, the RSU is mounted near the toll station, and the loop sensor is mounted under the ground of the roadway.
The communication between the RSU and the OBU in the existing ETC system is based on a symmetric key system, if one OBU device is illegally cracked, the safety of the whole ETC system is affected, and all the issued OBU devices are subjected to the security threat of stealing money. With the continuous rising of the release amount of the OBU device, the security of the ETC system based on the symmetric key system is more and more challenged, and therefore, a technical scheme for solving the security risk of the ETC system is urgently needed in the field.
Disclosure of Invention
The present invention is directed to solving the above problems.
The invention mainly aims to provide a vehicle-mounted unit charging method based on an asymmetric algorithm, which comprises the following steps: the road side unit sends communication broadcast information to the vehicle-mounted unit, the vehicle-mounted unit receives the communication broadcast information and sends response information to the road side unit; the road side unit receives the response information and sends a communication link establishment instruction to the vehicle-mounted unit, wherein the communication link establishment instruction comprises the following steps: the road side unit communication parameters and the road side unit application parameters; the vehicle-mounted unit receives a communication link establishment instruction and sends a communication link establishment response to the road side unit, wherein the communication link establishment response comprises the following steps: the vehicle unit communication parameters, the vehicle unit application parameters and the first random factor RND 1; the road side unit receives the communication link response, generates a second random factor RND2, and acquires a current time RTC1 and entry information, wherein the entry information comprises an entry identifier ST1 and/or an entry address ADD 1; signing the first information to be signed by using a roadside unit private key to obtain first signature information SIG1, wherein the first information to be signed at least comprises: current time RTC1, first random factor RND1, second random factor RND2, and entry information; the road side unit sends a fee deduction request to the vehicle-mounted unit, wherein the fee deduction request comprises: the RSU-ID, the current time RTC1, the second random factor RND2, the first signature information SIG1, and the entry information; the vehicle-mounted unit receives the deduction request, acquires a road side unit certificate CERT1, checks the first signature information SIG1, generates recording information after the first signature information passes the check, signs the second information to be signed by using a private key of the vehicle-mounted unit, and obtains second signature information SIG2, wherein the second information to be signed at least comprises: the RSU-ID, the current time RTC1, the first random factor RND1, the second random factor RND2 and the entry information; the vehicle-mounted unit sends a transaction certificate to the road side unit, wherein the transaction certificate comprises: the in-vehicle unit certificate CERT2 and the second signature information SIG 2; and the road side unit receives the transaction certificate, verifies the legality of the vehicle-mounted unit certificate CERT2, verifies the legality of the vehicle-mounted unit certificate CERT2, checks the second signature information SIG2, and executes subsequent operation after the second signature information passes the verification.
Another main objective of the present invention is to provide an asymmetric algorithm-based vehicle-mounted unit card punching method, which includes: the road side unit sends communication broadcast information to the vehicle-mounted unit, the vehicle-mounted unit receives the communication broadcast information and sends response information to the road side unit; the road side unit receives the response information and sends a communication link establishment instruction to the vehicle-mounted unit, wherein the communication link establishment instruction comprises the following steps: the road side unit communication parameters and the road side unit application parameters; the vehicle-mounted unit receives a communication link establishment instruction and sends a communication link establishment response to the road side unit, wherein the communication link establishment response comprises the following steps: the vehicle unit communication parameters, the vehicle unit application parameters and the first random factor RND 1; the roadside unit receives the communication link response, generates a second random factor RND2, acquires a current time RTC1 and export information, wherein the export information comprises an export identifier ST1 and/or an export address ADD1, signs first information to be signed by using a roadside unit private key to obtain first signature information SIG1, wherein the first information to be signed at least comprises: current time RTC1, first random factor RND1, second random factor RND2, and exit information; the road side unit sends a card punching request to the vehicle-mounted unit, wherein the card punching request comprises: the RSU-ID, the current time RTC1, the second random factor RND2, the first signature information SIG1, and the egress information; the vehicle-mounted unit receives a card-punching request, acquires a road side unit certificate CERT1, verifies the first signature information SIG1, generates recording information and acquires an entrance address ADD2 and an entry time RTC2 after the first signature information passes the verification, signs the second information to be signed by using a vehicle-mounted unit private key, and acquires second signature information SIG2, wherein the second information to be signed at least comprises: a current time RTC1, an entry address ADD2, an entry time RTC2, a first random factor RND1, a second random factor RND2, and exit information; the vehicle-mounted unit sends a card punching response to the road side unit, wherein the card punching response comprises the following steps: second signature information SIG2, and an entry address ADD2, an entry time RTC2, and a vehicle-mounted unit certificate CERT 2; and the road side unit receives the card punching response and finishes the card punching operation.
Another objective of the present invention is to provide a method for charging a vehicle-mounted unit based on an asymmetric algorithm, which includes: the road side unit sends communication broadcast information to the vehicle-mounted unit, the vehicle-mounted unit receives the communication broadcast information and sends response information to the road side unit; the road side unit receives the response information and sends a communication link establishment instruction to the vehicle-mounted unit, wherein the communication link establishment instruction comprises the following steps: the road side unit communication parameters and the road side unit application parameters; the vehicle-mounted unit receives a communication link establishment instruction and sends a communication link establishment response to the road side unit, wherein the communication link establishment response comprises the following steps: the vehicle unit communication parameters, the vehicle unit application parameters and the first random factor RND 1; the road side unit receives the communication link response, generates a second random factor RND2, acquires a road side unit device number RSU-ID, a current time RTC1 and entrance information, wherein the entrance information comprises an entrance identifier ST1 and/or an entrance address ADD1, and sends a fee deduction request to the vehicle-mounted unit, wherein the fee deduction request at least comprises: the RSU-ID, the current time RTC1, the second random factor RND2 and entry information; the vehicle-mounted unit receives the fee deduction request, signs the first information to be signed by using a private key of the vehicle-mounted unit to obtain first signature information SIG1, and sends a transaction certificate to the road side unit, wherein the transaction certificate comprises the first signature information SIG1 and a vehicle-mounted unit device certificate CERT1, and the first information to be signed at least comprises: the RSU-ID, the current time RTC1, the first random factor RND1, the second random factor RND2 and the entry information; the road side unit receives the transaction certificate, verifies the legality of the vehicle-mounted unit certificate CERT1, and sends the transaction certificate to the background system after verifying that the vehicle-mounted unit certificate CERT1 is legal; the background system receives the transaction certificate, checks the first signature information SIG1, and executes fee deduction after the first signature information is checked.
Another objective of the present invention is to provide a method for charging a vehicle-mounted unit based on an asymmetric algorithm, which includes: the road side unit sends communication broadcast information to the vehicle-mounted unit, the vehicle-mounted unit receives the communication broadcast information and sends response information to the road side unit; the road side unit receives the response information and sends a communication link establishment instruction to the vehicle-mounted unit, wherein the communication link establishment instruction comprises the following steps: the road side unit communication parameters and the road side unit application parameters; the vehicle-mounted unit receives a communication link establishment instruction and sends a communication link establishment response to the road side unit, wherein the communication link establishment response comprises the following steps: the vehicle unit communication parameters, the vehicle unit application parameters and the first random factor RND 1; the road side unit receives the communication link response, generates a second random factor RND2, acquires a road side unit device number RSU-ID, a current time RTC1 and entrance information, wherein the entrance information comprises an identifier ST1 and/or an entrance address ADD1, and sends a fee deduction request to the vehicle-mounted unit, wherein the fee deduction request at least comprises: the RSU-ID, the current time RTC1, the second random factor RND2, the entrance identifier ST1 and the entrance address ADD 1; the vehicle-mounted unit receives the fee deduction request, signs the first information to be signed by using a private key of the vehicle-mounted unit to obtain first signature information SIG1, and sends a transaction certificate to the road side unit, wherein the transaction certificate comprises the first signature information SIG1 and a vehicle-mounted unit equipment identifier OBU-ID, and the first information to be signed at least comprises: the RSU-ID, the current time RTC1, the first random factor RND1, the second random factor RND2 and the entry information; the road side unit receives the transaction certificate and sends the transaction certificate to the background system; and the background system receives the transaction certificate, acquires the vehicle-mounted unit certificate by using the vehicle-mounted unit equipment identification OBU-ID, checks the first signature information SIG1, and executes subsequent operation after the first signature information is checked.
Another objective of the present invention is to provide a method for charging a vehicle-mounted unit based on an asymmetric algorithm, which includes: the road side unit sends communication broadcast information to the vehicle-mounted unit, the vehicle-mounted unit receives the communication broadcast information and sends response information to the road side unit; the road side unit receives the response information and sends a communication link establishment instruction to the vehicle-mounted unit, wherein the communication link establishment instruction comprises the following steps: the road side unit communication parameters and the road side unit application parameters; the vehicle-mounted unit receives a communication link establishment instruction and sends a communication link establishment response to the road side unit, wherein the communication link establishment response comprises the following steps: the vehicle unit communication parameters, the vehicle unit application parameters and the first random factor RND 1; the road side unit receives the communication link response, generates a second random factor RND2, and acquires a road side unit device number RSU-ID, a current time RTC1 and exit information, wherein the exit information comprises an exit identifier ST1 and/or an exit address ADD 1; sending an information acquisition request to the vehicle-mounted unit, wherein the information acquisition request at least comprises: the number RSU-ID of the road side unit equipment, the current time RTC1, a second random factor RND2 and exit information; the vehicle-mounted unit receives the information acquisition request, acquires a vehicle-mounted unit certificate CERT1, an entrance address ADD2 and an entry time RTC2, and sends an information acquisition response to the road side unit, wherein the information acquisition response at least comprises the following steps: the onboard unit certificate CERT1, the entry address ADD2, and the entry time RTC 2; the road side unit receives the information acquisition response, calculates a deduction SUM SUM1 at least according to the entrance address ADD2 and the exit address ADD1 or the exit identifier ST1, and sends a deduction request to the vehicle-mounted unit, wherein the deduction request comprises: a deduction amount SUM 1; the vehicle-mounted unit receives the fee deduction request, signs the first information to be signed by using a private key of the vehicle-mounted unit to obtain first signature information SIG1, and sends a transaction certificate to the road side unit, wherein the transaction certificate comprises: first signature information SIG1, the first information to be signed at least including: the road side unit equipment number RSU-ID, an entrance address ADD2, the current time RTC1, the entry time RTC2, a first random factor RND1, a second random factor RND2, a deduction amount SUM1 and exit information; the road side unit receives the transaction certificate, verifies the legality of the vehicle-mounted unit certificate CERT1, and sends the transaction certificate to the background system after verifying that the vehicle-mounted unit certificate CERT1 is legal; the background system receives the transaction certificate, checks the first signature information SIG1, and executes fee deduction after the first signature information is checked.
Another objective of the present invention is to provide a method for charging a vehicle-mounted unit based on an asymmetric algorithm, which includes: the road side unit sends communication broadcast information to the vehicle-mounted unit, the vehicle-mounted unit receives the communication broadcast information and sends response information to the road side unit; the road side unit receives the response information and sends a communication link establishment instruction to the vehicle-mounted unit, wherein the communication link establishment instruction comprises the following steps: the road side unit communication parameters and the road side unit application parameters; the vehicle-mounted unit receives a communication link establishment instruction and sends a communication link establishment response to the road side unit, wherein the communication link establishment response comprises the following steps: the vehicle unit communication parameters, the vehicle unit application parameters and the first random factor RND 1; the road side unit receives the communication link response, generates a second random factor RND2, and acquires a road side unit device number RSU-ID, a current time RTC1 and exit information, wherein the exit information comprises an exit identifier ST1 and/or an exit address ADD 1; sending an information acquisition request to the vehicle-mounted unit, wherein the information acquisition request at least comprises: the number RSU-ID of the road side unit equipment, the current time RTC1, a second random factor RND2 and exit information; the vehicle-mounted unit receives the information acquisition request, acquires an entrance address ADD2 and an entry time RTC2, and sends an information acquisition response to the road side unit, wherein the information acquisition response at least comprises the following steps: an entry address ADD2 and an entry time RTC 2; the road side unit receives the information acquisition response, calculates a deduction SUM SUM1 at least according to the entrance address ADD2 and the exit address ADD1 or the exit identifier ST1, and sends a deduction request to the vehicle-mounted unit, wherein the deduction request comprises: a deduction amount SUM 1; the vehicle-mounted unit receives the fee deduction request, signs the first information to be signed by using a private key of the vehicle-mounted unit to obtain first signature information SIG1, and sends a transaction certificate to the road side unit, wherein the transaction certificate comprises: first signature information SIG1 and an on-board unit device identification OBU-ID, the first information to be signed including at least: the road side unit equipment number RSU-ID, an entrance address ADD2, the current time RTC1, the entry time RTC2, a first random factor RND1, a second random factor RND2, a deduction amount SUM1 and exit information; the road side unit receives the transaction certificate and sends the transaction certificate to the background system; and the background system receives the transaction certificate, acquires a vehicle-mounted unit certificate CERT1 by using the vehicle-mounted unit equipment identification OBU-ID, checks the first signature information SIG1, and executes fee deduction operation after the first signature information passes the check.
Another main objective of the present invention is to provide an asymmetric algorithm-based vehicle-mounted unit card punching method, which includes: the method comprises the steps that a road side unit receives and generates a first random factor RND1, obtains a road side unit device number RSU-ID, a current time RTC1 and exit information, wherein the exit information comprises an exit identifier ST1 and/or an exit address ADD 1; the road side unit sends a card punching request to the vehicle-mounted unit, wherein the card punching request comprises: the number RSU-ID, the current time RTC1, the first random factor RND1 and the exit information of the road side unit equipment; the vehicle-mounted unit receives the card punching request, generates recording information and a second random factor RND2, and signs first information to be signed by using a private key of the vehicle-mounted unit to obtain first signature information SIG1, wherein the first information to be signed at least comprises: current time RTC1, entry address ADD2, entry time RTC2, first random factor RND1, second random factor RND2, and exit identification ST1, exit address ADD 1; the vehicle-mounted unit sends a card punching response to the road side unit, wherein the card punching response comprises the following steps: first signature information SIG1, and an entry address ADD2, an entry time RTC2, a vehicle-mounted unit certificate CERT1, and a second random number RND 2; and the vehicle-mounted unit receives the card punching response and completes the card punching operation.
According to the technical scheme provided by the invention, the vehicle-mounted unit can complete the signature of the information to be signed by adopting an asymmetric key encryption mode, the roadside unit or the background system can verify the legality of the certificate, and can complete the fee deduction operation or the card punching operation after the signature is verified, so that the safety and the non-repudiation of the transaction or card punching behavior are ensured, and under the condition that a single vehicle-mounted unit is illegally disassembled or even the key is cracked, the safety of other vehicle-mounted units and roadside units in the ETC system is not influenced, the overall safety of the ETC system is further improved, and the fund safety of a vehicle-mounted unit user and the ETC system is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on the drawings without creative efforts.
Fig. 1 is a flowchart of an asymmetric algorithm-based charging method for a vehicle-mounted unit according to embodiment 1 of the present invention;
fig. 2 is a flowchart of a vehicle-mounted unit card punching method based on an asymmetric algorithm according to embodiment 2 of the present invention;
fig. 3 is a flowchart of a charging method for an onboard unit based on an asymmetric algorithm according to embodiment 3 of the present invention;
fig. 4 is a flowchart of an asymmetric algorithm-based charging method for a vehicle-mounted unit according to embodiment 4 of the present invention;
fig. 5 is a flowchart of an asymmetric algorithm-based charging method for a vehicle-mounted unit according to embodiment 5 of the present invention;
fig. 6 is a flowchart of an asymmetric algorithm based charging method for a vehicle-mounted unit according to embodiment 6 of the present invention;
fig. 7 is a flowchart of an asymmetric algorithm-based vehicle-mounted unit card punching method according to embodiment 6 of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention are clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without making any creative effort, shall fall within the protection scope of the present invention.
Embodiments of the present invention will be described in further detail below with reference to the accompanying drawings.
Example 1
As shown in fig. 1, the present embodiment provides an asymmetric algorithm-based on-board unit charging method, which is suitable for a charging mode for charging at an entrance of a highway in an ETC system.
To achieve the above object, the technical solution of the present invention is specifically realized as follows (including step 101 to step 108):
step 101, the road side unit sends communication broadcast information to the vehicle-mounted unit, and the vehicle-mounted unit receives the communication broadcast information and sends response information to the road side unit.
In this embodiment, the road side unit may have a plurality of communication modes to the vehicle-mounted unit, for example, a middle-distance communication mode such as 5.8GHz, 2.4G, bluetooth, 900M, and the like, and may further include a short-distance communication mode such as NFC, and data interaction between the road side unit and the vehicle-mounted unit may be completed through the plurality of communication modes. When the vehicle enters the communication range of the ETC system, the vehicle-mounted unit can receive the communication broadcast information transmitted by the road-side unit, the vehicle-mounted unit transmits response information after receiving the communication broadcast information, and the road-side unit indicates that the vehicle-mounted unit enters the communication range of the road-side unit and can start to establish communication.
102, the road side unit receives the response information and sends a communication link establishment instruction to the vehicle-mounted unit, wherein the communication link establishment instruction comprises: road side unit communication parameters and road side unit application parameters.
In this embodiment, the rsu communication parameters and the rsu application parameters include various communication modes that the rsu may use when establishing a communication connection with the on-board unit, and various data parameters, so that the on-board unit can determine and select the rsu.
103, the vehicle-mounted unit receives the communication link establishment instruction and sends a communication link establishment response to the road side unit, wherein the communication link establishment response comprises: a vehicle unit communication parameter, a vehicle unit application parameter, and a first randomizer RND 1.
In this embodiment, the on-board unit communication parameters and the on-board unit application parameters include various communication modes and various data parameters that can be used by the on-board unit when the on-board unit establishes a communication connection with the roadside unit, so that the roadside unit can make a judgment and a selection. The first randomizer RND1 may be a number, a letter, or a combination of a number and a letter.
104, the road side unit receives the communication link response, and acquires the current time RTC1 and entry information, wherein the entry information includes an identifier ST1 and/or an entry address ADD 1; signing the first information to be signed by using a roadside unit private key to obtain first signature information SIG1, wherein the first information to be signed at least comprises: the current time RTC1, the first random factor RND1, the second random factor RND2, and entry information.
In this embodiment, the second random factor RND2 may be a number, a letter, or a combination of a number and a letter, the entry identifier ST1 and the entry address ADD1 may be information stored inside the roadside unit, and may also be obtained by querying the roadside unit at the background server, the current time RTC1 may be provided by an internal clock of the roadside unit, and may also be obtained by querying the roadside unit at the background server, in this embodiment, only one of the entry identifier ST1 and the entry address ADD1 acquired by the roadside unit may be acquired, or all of the entry identifier ST1 and the entry address ADD1 may be acquired, which is not limited in this embodiment.
In an optional implementation manner of this embodiment, the first information to be signed further includes: the deduction amount SUM1 and the deduction amount SUM1 can be obtained by the road side unit querying the transaction record of the vehicle-mounted unit of the current vehicle in real time in the background server, and can also be set to any value according to the charging mode.
In this embodiment, the roadside unit may have a built-in security chip, the security chip stores a private key generated by an asymmetric key algorithm, the private key has a characteristic that the private key cannot be derived, and uniqueness and security of the private key are ensured. The road side unit and the vehicle-mounted unit adopt an asymmetric key algorithm to sign and verify information, so that the safety and the non-repudiation of the information are guaranteed, the safety risk caused by key leakage when the road side unit or the vehicle-mounted unit is subjected to illegal attack is avoided, and the safety of the ETC system is improved.
Step 105, the road side unit sends a fee deduction request to the vehicle-mounted unit, wherein the fee deduction request comprises: the RSU-ID, the current time RTC1, the second random factor RND2, the first signature information SIG1, and the entry information.
In an optional implementation manner of this embodiment, the deduction request may further include a roadside unit certificate CERT1, and the vehicle-mounted unit may acquire the public key of the roadside unit from the roadside unit certificate CERT1, and complete verification of the first signature information SIG 1.
In an optional implementation manner of this embodiment, when the deduction amount SUM1 is included in the first to-be-signed signature, the deduction request further includes: the deduction amount SUM 1. Facilitating the on-board unit to complete verification of the first signature information SIG 1.
Step 106, the vehicle-mounted unit receives the deduction request, acquires a roadside unit certificate CERT1, verifies the first signature information SIG1, generates recording information after the verification of the first signature information is passed, and signs the second information to be signed by using a private key of the vehicle-mounted unit to obtain second signature information SIG2, wherein the second information to be signed at least comprises: the RSU-ID, the current time RTC1, the first random factor RND1, the second random factor RND2, and the ingress information.
In an optional implementation manner of this embodiment, the second information to be signed further includes: the deduction amount SUM 1. After receiving the fee deduction request, the vehicle-mounted unit can prompt the user of the deduction amount SUM1 in a voice mode, a display screen display mode and the like. The second information to be signed comprises deduction SUM SUM1, and the deduction SUM SUM1 cannot be modified after being hijacked illegally, so that the safety of transaction is improved.
In this embodiment, the second information to be signed includes the first random factor RND1, and the vehicle-mounted unit sends the communication link establishment response to the roadside unit includes the first random factor RND1, so that when the roadside unit performs signature verification operation on the second signature information SIG2, the first random factor RND1 included in the communication link establishment response needs to be acquired to allow the vehicle-mounted unit to pass through the signature verification, which avoids that after the second signature information SIG2 sent by the vehicle-mounted unit to the roadside unit in one transaction is hijacked by an illegal device, the illegal device repeatedly sends hijacked second signature information SIG2 to the roadside unit, and the roadside unit completes signature verification and fee deduction, resulting in the problem that the vehicle-mounted unit is repeatedly charged illegally, and improves the security of the ETC system.
In this embodiment, the vehicle-mounted unit may acquire the roadside unit certificate CERT1 in various ways, for example: in a first mode, a deduction request sent by a roadside unit includes a roadside unit certificate CERT1, the vehicle-mounted unit acquires a roadside unit certificate CERT1 from the deduction request, further, the vehicle-mounted unit can also prestore a public key of an ETC certificate center, the legality of the roadside unit certificate CERT1 can be verified according to the public key, after the roadside unit certificate CERT1 is confirmed to be legal, the first signature information SIG1 is verified by using the roadside unit public key in the roadside unit certificate CERT1, the authenticity of the first signature information SIG1 is judged, the vehicle-mounted unit verifies the legality of the roadside unit certificate CERT1, the roadside unit certificate CERT1 can be confirmed not to be attack information of illegal equipment, and the safety of subsequent verification operation is improved; the vehicle-mounted unit prestores a road side unit public key library, searches a road side unit public key corresponding to a road side unit device identifier RSU-ID in the road side unit public key library according to the road side unit device identifier RSU-ID contained in the deduction request, and after the road side unit public key is found, checks the signature of the first signature information SIG1 by using the road side unit public key, and judges the authenticity of the first signature information SIG 1; thirdly, the original public key of the road side unit is prestored in the vehicle-mounted unit, the vehicle-mounted unit calculates the public key of the road side unit according to the road side unit equipment identifier RSU-ID contained in the deduction request, and after the public key of the road side unit is obtained, the public key of the road side unit is used for checking the first signature information SIG1, so that the authenticity of the first signature information SIG1 is judged; and the vehicle-mounted unit establishes network connection with the background server, the vehicle-mounted unit sends the RSU-ID contained in the deduction request to the background server, the background server searches the RSU-ID according to the RSU-ID and then sends the RSU-ID to the vehicle-mounted unit, and the vehicle-mounted unit uses the RSU-ID to check the first signature information SIG1 and judges the authenticity of the first signature information SIG 1. The vehicle-mounted unit completes subsequent operations after the first signature information SIG1 is signed, so that the vehicle-mounted unit does not sign false information sent by illegal equipment, and user loss is avoided.
In this embodiment, the vehicle-mounted unit may have a built-in security chip, the security chip stores a private key generated by an asymmetric key algorithm, the private key has a characteristic that the private key cannot be derived, and uniqueness and security of the private key are ensured. The road side unit and the vehicle-mounted unit adopt an asymmetric key algorithm to sign and verify information, safety and non-repudiation are achieved, safety risks caused by key leakage when the road side unit or the vehicle-mounted unit is subjected to illegal attacks are avoided, and safety of the ETC system is improved.
Step 107, the vehicle-mounted unit sends a transaction certificate to the road side unit, wherein the transaction certificate comprises: a vehicle-mounted unit certificate CERT2, and second signature information SIG 2.
Specifically, in this embodiment, the transaction certificate sent by the on-board unit to the roadside unit includes an on-board unit certificate CERT2, and the roadside unit can obtain an on-board unit public key from the on-board unit certificate CERT2, and then complete signature verification of the second signature information SIG2 by using the public key, so that it is avoided that an illegal device pretends to be an on-board unit and interferes with a normal transaction flow of the roadside unit, thereby causing user loss.
And step 108, the road side unit receives the transaction certificate, verifies the legality of the vehicle-mounted unit certificate CERT2, verifies the legality of the vehicle-mounted unit certificate CERT2, checks the second signature information SIG2, and executes subsequent operation after the second signature information passes the verification.
Specifically, in this embodiment, the roadside unit may pre-store a public key of the ETC certificate center, may verify the validity of the vehicle-mounted unit certificate CERT2 according to the public key, and after confirming that the vehicle-mounted unit certificate CERT2 is valid, use the vehicle-mounted unit public key in the vehicle-mounted unit certificate CERT2 to check the second signature information SIG2, and determine the authenticity of the second signature information SIG 2. The roadside unit verifies the validity of the second signature information SIG2, and can confirm that the second signature information SIG2 is not attack information forged by illegal equipment, so that the safety of subsequent signature verification operation is improved. The roadside unit executes fee deduction operation after checking the second signature information SIG2, so that the roadside unit does not carry out fee deduction operation on false accounts or other person accounts sent by illegal equipment, and loss of an ETC system is avoided.
As an optional implementation manner of this embodiment, the vehicle-mounted unit certificate CERT2 includes a vehicle-mounted unit device identification OBU-ID; before the road side unit executes the deduction operation, the method further comprises the following steps: and the road side unit verifies whether the vehicle-mounted unit equipment identification OBU-ID is contained in the blacklist or not, and verifies that the vehicle-mounted unit equipment identification OBU-ID is not contained in the blacklist. In the optional embodiment, whether the identification OBU-ID of the vehicle-mounted unit equipment is in the blacklist or not is inquired before the fee deduction operation, so that blacklist vehicles such as multiple violations or multiple owing fees can be prevented from entering the highway, and the passing safety and the ETC system safety can be improved.
According to the technical scheme of the embodiment, the vehicle-mounted unit can complete the signature of the information to be signed in an asymmetric key encryption mode, the roadside unit verifies the legality of the certificate, the fee deduction operation is completed after the signature is verified, the safety and the non-repudiation of the transaction are guaranteed, and under the condition that a single vehicle-mounted unit is illegally disassembled or even the key is cracked, the safety of other vehicle-mounted units and the safety of the roadside unit in the ETC system are not affected, so that the overall safety of the ETC system is improved, and the fund safety of a vehicle-mounted unit user and the ETC system is improved.
Example 2
As shown in fig. 2, the embodiment provides an asymmetric algorithm-based vehicle-mounted unit card punching method, which is suitable for a mode in which the vehicle-mounted unit only punches a card at an exit of an expressway without charging in an ETC system.
To achieve the above object, the technical solution of the present invention is specifically realized as follows (including step 201 to step 208):
step 201, the road side unit sends communication broadcast information to the vehicle-mounted unit, and the vehicle-mounted unit receives the communication broadcast information and sends response information to the road side unit.
Step 202, the road side unit receives the response information and sends a communication link establishment instruction to the vehicle-mounted unit, wherein the communication link establishment instruction comprises: road side unit communication parameters and road side unit application parameters.
Step 203, the vehicle-mounted unit receives the communication link establishment instruction and sends a communication link establishment response to the road side unit, wherein the communication link establishment response comprises: a vehicle unit communication parameter, a vehicle unit application parameter, and a first randomizer RND 1.
Step 204, the roadside unit receives the communication link response, generates a second random factor RND2, acquires a current time RTC1 and export information, where the export information includes an export identifier ST1 and/or an export address ADD1, signs the first information to be signed by using a roadside unit private key, and obtains first signature information SIG1, where the first information to be signed at least includes: the current time RTC1, the first random factor RND1, the second random factor RND2, and the exit information.
In this embodiment, the second random factor RND2 may be a number, a letter, or a combination of a number and a letter, the exit identifier ST1 and the exit address ADD1 may be information stored inside the roadside unit, or may be obtained by the roadside unit querying in a background server, only one of the entry identifier ST1 and the entry address ADD1 acquired by the roadside unit may be acquired, or all of the entry identifier ST1 and the entry address ADD1 may be acquired, which is not limited in this embodiment.
In this embodiment, the roadside unit may have a built-in security chip, the security chip stores a private key generated by an asymmetric key algorithm, the private key has a characteristic that the private key cannot be derived, and uniqueness and security of the private key are ensured. The road side unit and the vehicle-mounted unit adopt an asymmetric key algorithm to sign and verify information, so that the safety and the non-repudiation of the information are guaranteed, the safety risk caused by key leakage when the road side unit or the vehicle-mounted unit is subjected to illegal attack is avoided, and the safety of the ETC system is improved.
Step 205, the roadside unit sends a card punching request to the vehicle-mounted unit, wherein the card punching request comprises: the card punching request comprises the following steps: the RSU-ID, the current time RTC1, the second random factor RND2, the first signature information SIG1, and the egress information.
In an optional implementation manner of this embodiment, the card-punching request may further include a roadside unit certificate CERT1, and the vehicle-mounted unit may acquire the public key of the roadside unit from the roadside unit certificate CERT1, and complete verification of the first signature information SIG 1.
Step 206, the vehicle-mounted unit receives the card-punching request, acquires a roadside unit certificate CERT1, verifies the first signature information SIG1, generates recording information after the verification of the first signature information is passed, acquires an entry address ADD2 and an entry time RTC2, and signs the second information to be signed by using a vehicle-mounted unit private key to obtain second signature information SIG2, wherein the second information to be signed at least comprises: current time RTC1, entry address ADD2, entry time RTC2, first random factor RND1, second random factor RND2, and exit information.
Specifically, in this embodiment, the entry address ADD2 and the entry time RTC2 may be information stored inside the roadside unit, or may be obtained by the roadside unit through querying in a background server.
In this embodiment, the second information to be signed includes the first random factor RND1, and the vehicle-mounted unit sends the communication link establishment response to the roadside unit includes the first random factor RND1, so that when the roadside unit performs signature verification operation on the second signature information SIG2, the first random factor RND1 included in the communication link establishment response needs to be acquired to allow the vehicle-mounted unit to pass through the signature verification, which avoids that after the second signature information SIG2 sent by the vehicle-mounted unit to the roadside unit in one transaction is hijacked by an illegal device, the illegal device repeatedly sends hijacked second signature information SIG2 to the roadside unit, and the roadside unit completes signature verification and fee deduction, resulting in the problem that the vehicle-mounted unit is repeatedly charged illegally, and improves the security of the ETC system.
In this embodiment, the vehicle-mounted unit may acquire the roadside unit certificate CERT1 in various ways, for example: in a first mode, a deduction request sent by a roadside unit includes a roadside unit certificate CERT1, the vehicle-mounted unit acquires a roadside unit certificate CERT1 from the deduction request, further, the vehicle-mounted unit can also prestore a public key of an ETC certificate center, the legality of the roadside unit certificate CERT1 can be verified according to the public key, after the roadside unit certificate CERT1 is confirmed to be legal, the first signature information SIG1 is verified by using the roadside unit public key in the roadside unit certificate CERT1, the authenticity of the first signature information SIG1 is judged, the vehicle-mounted unit verifies the legality of the roadside unit certificate CERT1, the roadside unit certificate CERT1 can be confirmed not to be attack information of illegal equipment, and the safety of subsequent verification operation is improved; the vehicle-mounted unit prestores a road side unit public key library, searches a road side unit public key corresponding to a road side unit device identifier RSU-ID in the road side unit public key library according to the road side unit device identifier RSU-ID contained in the deduction request, and after the road side unit public key is found, checks the signature of the first signature information SIG1 by using the road side unit public key, and judges the authenticity of the first signature information SIG 1; thirdly, the original public key of the road side unit is prestored in the vehicle-mounted unit, the vehicle-mounted unit calculates the public key of the road side unit according to the road side unit equipment identifier RSU-ID contained in the deduction request, and after the public key of the road side unit is obtained, the public key of the road side unit is used for checking the first signature information SIG1, so that the authenticity of the first signature information SIG1 is judged; and the vehicle-mounted unit establishes network connection with the background server, the vehicle-mounted unit sends the RSU-ID contained in the deduction request to the background server, the background server searches the RSU-ID according to the RSU-ID and then sends the RSU-ID to the vehicle-mounted unit, and the vehicle-mounted unit uses the RSU-ID to check the first signature information SIG1 and judges the authenticity of the first signature information SIG 1. The vehicle-mounted unit completes subsequent operations after the first signature information SIG1 is signed, so that the vehicle-mounted unit does not sign false information sent by illegal equipment, and user loss is avoided.
In this embodiment, the vehicle-mounted unit may have a built-in security chip, the security chip stores a private key generated by an asymmetric key algorithm, the private key has a characteristic that the private key cannot be derived, and uniqueness and security of the private key are ensured. The road side unit and the vehicle-mounted unit adopt an asymmetric key algorithm to sign and verify information, safety and non-repudiation are achieved, safety risks caused by key leakage when the road side unit or the vehicle-mounted unit is subjected to illegal attacks are avoided, and safety of the ETC system is improved.
Step 207, the vehicle-mounted unit sends a card punching response to the road side unit, wherein the card punching response comprises: second signature information SIG2, and an entry address ADD2, an entry time RTC2, and a vehicle-mounted unit certificate CERT 2.
Specifically, in this embodiment, the transaction certificate sent by the on-board unit to the roadside unit includes an on-board unit certificate CERT2, and the roadside unit can obtain an on-board unit public key from the on-board unit certificate CERT2, and then complete signature verification of the second signature information SIG2 by using the public key, so that it is avoided that an illegal device pretends to be an on-board unit and interferes with a normal transaction flow of the roadside unit, thereby causing user loss.
And step 208, the road side unit receives the card punching response and finishes the card punching operation.
In this embodiment, after receiving the card punching response, the roadside unit may check the second signature information SIG2, send the result of checking the signature to the background system server to complete the card punching operation, or send the card punching response to the background system server, and complete the operation of checking the signature and punching the card of the second signature information SIG2 by the background system server, which is not specifically limited in this embodiment. After the card punching is completed, the background system server can complete operations such as deduction or travel record on the account corresponding to the vehicle-mounted unit according to the card punching result. Specifically, the roadside unit or the backend system server may pre-store a public key of the ETC certificate center, may verify the validity of the vehicle-mounted unit certificate CERT2 according to the public key, and after confirming that the vehicle-mounted unit certificate CERT2 is valid, use the vehicle-mounted unit public key in the vehicle-mounted unit certificate CERT2 to check the second signature information SIG2, and determine the authenticity of the second signature information SIG 2. The roadside unit or the background system server verifies the validity of the second signature information SIG2, and can confirm that the second signature information SIG2 is not attack information forged by illegal equipment, so that the safety of subsequent signature verification operation is improved. The roadside unit or the background system server executes the card punching operation after the second signature information SIG2 is checked, so that the roadside unit does not perform the card punching operation on the false information sent by the illegal equipment, and the loss of the ETC system is avoided.
As an optional implementation manner of this embodiment, the vehicle-mounted unit certificate CERT2 includes a vehicle-mounted unit device identification OBU-ID; before the roadside unit performs the card punching operation, the method further comprises the following steps: and the road side unit verifies whether the vehicle-mounted unit equipment identification OBU-ID is contained in the blacklist or not, and verifies that the vehicle-mounted unit equipment identification OBU-ID is not contained in the blacklist. In the optional embodiment, whether the identification OBU-ID of the vehicle-mounted unit equipment is in the blacklist or not is inquired before the card punching operation, so that blacklist vehicles such as multiple violations or multiple owing payment can be prevented from entering the highway, and the passing safety and the ETC system safety can be improved.
According to the technical scheme of the embodiment, the vehicle-mounted unit can complete the signature of the information to be signed in an asymmetric key encryption mode, the road side unit can further select the validity of the certificate to be verified, the card punching operation is completed after the signature is verified, the safety and the non-repudiation of transaction and information recording are guaranteed, and under the condition that a single vehicle-mounted unit is illegally disassembled or even the key is cracked, the safety of other vehicle-mounted units and road side units in the ETC system is not affected, so that the overall safety of the ETC system is improved, and the fund safety of a vehicle-mounted unit user and the ETC system and the safety of user information are guaranteed.
Example 3
As shown in fig. 3, the present embodiment provides an on-board unit charging method based on an asymmetric algorithm, and the on-board unit charging method based on the asymmetric algorithm provided in the present embodiment is suitable for a charging mode for charging at an entrance of an expressway in an ETC system.
In order to achieve the above object, the technical solution of the present invention is specifically realized as follows (including step 301 to step 307):
step 301, the road side unit sends communication broadcast information to the vehicle-mounted unit, and the vehicle-mounted unit receives the communication broadcast information and sends response information to the road side unit.
Step 302, the road side unit receives the response information and sends a communication link establishment instruction to the vehicle-mounted unit, wherein the communication link establishment instruction comprises: road side unit communication parameters and road side unit application parameters.
Step 303, the vehicle-mounted unit receives the communication link establishment instruction and sends a communication link establishment response to the road side unit, wherein the communication link establishment response includes: a vehicle unit communication parameter, a vehicle unit application parameter, and a first randomizer RND 1.
Step 304, the road side unit receives the communication link response, generates a second random factor RND2, and acquires a road side unit device number RSU-ID, a current time RTC1 and entry information, wherein the entry information comprises an entry identifier ST1 and/or an entry address ADD 1; sending a fee deduction request to the vehicle-mounted unit, wherein the fee deduction request at least comprises the following steps: RSU-ID, current time RTC1, second random factor RND2 and entry information.
In this embodiment, the second random factor RND2 may be a number, a letter, or a combination of a number and a letter, the entry identifier ST1 and the entry address ADD1 may be information stored inside the roadside unit, and may also be obtained by querying the roadside unit at the background server, the current time RTC1 may be provided by an internal clock of the roadside unit, and may also be obtained by querying the roadside unit at the background server, in this embodiment, only one of the entry identifier ST1 and the entry address ADD1 acquired by the roadside unit may be acquired, or all of the entry identifier ST1 and the entry address ADD1 may be acquired, which is not limited in this embodiment.
In an optional implementation manner of this embodiment, the deduction request further includes: the deduction amount SUM1 and the deduction amount SUM1 can be obtained by the road side unit querying the transaction record of the vehicle-mounted unit of the current vehicle in real time in the background server, and can also be set to any value according to the charging mode.
Step 305, the vehicle-mounted unit receives the fee deduction request, signs the first information to be signed by using a private key of the vehicle-mounted unit to obtain first signature information SIG1, and sends a transaction certificate to the roadside unit, wherein the transaction certificate comprises the first signature information SIG1 and a vehicle-mounted unit device certificate CERT1, and the first information to be signed at least comprises: RSU-ID, current time RTC1, first random factor RND1, second random factor RND2, and entry information.
In an optional implementation manner of this embodiment, the first information to be signed further includes: the deduction amount SUM 1. After receiving the fee deduction request, the vehicle-mounted unit can prompt the user of the deduction amount SUM1 in a voice mode, a display screen display mode and the like. The first information to be signed comprises a deduction amount SUM1, and the deduction amount SUM1 cannot be modified after being hijacked illegally, so that the safety of transaction is improved.
In this embodiment, the first information to be signed includes a first random factor RND1, and the vehicle-mounted unit sends the communication link establishment response including a first random factor RND1 to the roadside unit, so that when the roadside unit performs signature verification operation on the first signature information SIG1, the first random factor RND1 included in the communication link establishment response needs to be acquired to allow the vehicle-mounted unit to pass through signature verification, which avoids that after the first signature information SIG1 sent by the vehicle-mounted unit to the roadside unit in one transaction is hijacked by an illegal device, the illegal device repeatedly sends hijacked first signature information SIG1 to the roadside unit, and the roadside unit completes signature verification and fee deduction, resulting in the problem that the vehicle-mounted unit is repeatedly charged illegally, and improves the security of the ETC system.
In this embodiment, the vehicle-mounted unit may have a built-in security chip, the security chip stores a private key generated by an asymmetric key algorithm, the private key has a characteristic that the private key cannot be derived, and uniqueness and security of the private key are ensured. The road side unit and the vehicle-mounted unit adopt an asymmetric key algorithm to sign and verify information, safety and non-repudiation are achieved, safety risks caused by key leakage when the road side unit or the vehicle-mounted unit is subjected to illegal attacks are avoided, and safety of the ETC system is improved.
And step 306, the road side unit receives the transaction certificate, verifies the legality of the vehicle-mounted unit certificate CERT1, and sends the transaction certificate to the background system after verifying that the vehicle-mounted unit certificate CERT1 is legal.
Specifically, in this embodiment, the roadside unit may pre-store a public key of the ETC certificate center, may verify the validity of the vehicle-mounted unit certificate CERT1 according to the public key, and after confirming that the vehicle-mounted unit certificate CERT1 is valid, sends a transaction certificate to the background system.
And 307, the background system receives the transaction certificate, checks the first signature information SIG1, and executes fee deduction after the first signature information is checked.
Specifically, in the present embodiment, the backend system verifies the first signature information SIG1 using the onboard unit public key in the onboard unit certificate CERT1, and determines the authenticity of the first signature information SIG 1. The background system verifies the validity of the first signature information SIG1, so that the first signature information SIG1 can be confirmed to be not the attack information forged by illegal equipment, and the security of subsequent signature verification operation is improved. The background system executes fee deduction operation after the signature of the first signature information SIG1 is checked, so that the background system does not carry out fee deduction operation on false accounts or other accounts sent by illegal equipment, and loss of the ETC system is avoided.
As an optional implementation manner of this embodiment, the vehicle-mounted unit certificate CERT1 includes a vehicle-mounted unit device identification OBU-ID; before the deduction operation is executed in the background system, the method further comprises the following steps: and the background system verifies whether the on-board unit equipment identification OBU-ID is contained in the blacklist or not, and verifies that the on-board unit equipment identification OBU-ID is not contained in the blacklist. In the optional embodiment, whether the identification OBU-ID of the vehicle-mounted unit equipment is in the blacklist or not is inquired before the fee deduction operation, so that blacklist vehicles such as multiple violations or multiple owing fees can be prevented from entering the highway, and the passing safety and the ETC system safety can be improved.
According to the technical scheme of the embodiment, the vehicle-mounted unit can sign information to be signed in an asymmetric key encryption mode and send the signed information to the road side unit, the background system connected with the road side unit completes fee deduction operation after verifying the signed information, safety and non-repudiation of transaction are guaranteed, under the condition that a single vehicle-mounted unit is illegally disassembled or even a key is cracked, safety of other vehicle-mounted units and the road side unit in the ETC system is not affected, overall safety of the ETC system is improved, and fund safety of a vehicle-mounted unit user and the ETC system is guaranteed.
Example 4
As shown in fig. 4, the present embodiment provides an on-board unit charging method based on an asymmetric algorithm, and the on-board unit charging method based on the asymmetric algorithm provided in the present embodiment is suitable for a charging mode for charging at an entrance of an expressway in an ETC system.
In order to achieve the above object, the technical solution of the present invention is specifically realized as follows (including step 401 to step 407):
step 401, the road side unit sends communication broadcast information to the vehicle-mounted unit, and the vehicle-mounted unit receives the communication broadcast information and sends response information to the road side unit.
Step 402, the road side unit receives the response information and sends a communication link establishment instruction to the vehicle-mounted unit, wherein the communication link establishment instruction comprises: road side unit communication parameters and road side unit application parameters.
Step 403, the vehicle-mounted unit receives the communication link establishment instruction and sends a communication link establishment response to the road side unit, where the communication link establishment response includes: a vehicle unit communication parameter, a vehicle unit application parameter, and a first randomizer RND 1.
Step 404, the road side unit receives the communication link response, generates a second random factor RND2, and acquires a road side unit device number RSU-ID, a current time RTC1 and entry information, wherein the entry information comprises an entry identifier ST1 and/or an entry address ADD 1; sending a fee deduction request to the vehicle-mounted unit, wherein the fee deduction request at least comprises the following steps: RSU-ID, current time RTC1, second random factor RND2 and entry information.
In this embodiment, the second random factor RND2 may be a number, a letter, or a combination of a number and a letter, the entry identifier ST1 and the entry address ADD1 may be information stored inside the roadside unit, and may also be obtained by querying the roadside unit at the background server, the current time RTC1 may be provided by an internal clock of the roadside unit, and may also be obtained by querying the roadside unit at the background server, in this embodiment, only one of the entry identifier ST1 and the entry address ADD1 acquired by the roadside unit may be acquired, or all of the entry identifier ST1 and the entry address ADD1 may be acquired, which is not limited in this embodiment.
In an optional implementation manner of this embodiment, the deduction request further includes: the deduction amount SUM1 and the deduction amount SUM1 can be obtained by the road side unit querying the transaction record of the vehicle-mounted unit of the current vehicle in real time in the background server, and can also be set to any value according to the charging mode.
Step 405, the vehicle-mounted unit receives the fee deduction request, signs the first information to be signed by using a private key of the vehicle-mounted unit to obtain first signature information SIG1, and sends a transaction certificate to the roadside unit, wherein the transaction certificate comprises the first signature information SIG1 and a vehicle-mounted unit device identifier OBU-ID, and the first information to be signed at least comprises: RSU-ID, current time RTC1, first random factor RND1, second random factor RND2, and entry information.
In an optional implementation manner of this embodiment, the first information to be signed further includes: the deduction amount SUM 1. After receiving the fee deduction request, the vehicle-mounted unit can prompt the user of the deduction amount SUM1 in a voice mode, a display screen display mode and the like. The first information to be signed comprises a deduction amount SUM1, and the deduction amount SUM1 cannot be modified after being hijacked illegally, so that the safety of transaction is improved.
In this embodiment, the first information to be signed includes a first random factor RND1, and the vehicle-mounted unit sends the communication link establishment response including a first random factor RND1 to the roadside unit, so that when the roadside unit performs signature verification operation on the first signature information SIG1, the first random factor RND1 included in the communication link establishment response needs to be acquired to allow the vehicle-mounted unit to pass through signature verification, which avoids that after the first signature information SIG1 sent by the vehicle-mounted unit to the roadside unit in one transaction is hijacked by an illegal device, the illegal device repeatedly sends hijacked first signature information SIG1 to the roadside unit, and the roadside unit completes signature verification and fee deduction, resulting in the problem that the vehicle-mounted unit is repeatedly charged illegally, and improves the security of the ETC system.
In this embodiment, the vehicle-mounted unit may have a built-in security chip, the security chip stores a private key generated by an asymmetric key algorithm, the private key has a characteristic that the private key cannot be derived, and uniqueness and security of the private key are ensured. The road side unit and the vehicle-mounted unit adopt an asymmetric key algorithm to sign and verify information, safety and non-repudiation are achieved, safety risks caused by key leakage when the road side unit or the vehicle-mounted unit is subjected to illegal attacks are avoided, and safety of the ETC system is improved.
In step 406, the road side unit receives the transaction certificate and sends the transaction certificate to the background system.
Step 407, the background system receives the transaction certificate, acquires the vehicle-mounted unit certificate CERT1 by using the vehicle-mounted unit device identifier OBU-ID, checks the first signature information SIG1, and executes subsequent operations after the first signature information is checked.
Specifically, in this embodiment, the backend system obtains the vehicle-mounted unit certificate according to the vehicle-mounted unit device identification OBU-ID, verifies the first signature information SIG1 by using the vehicle-mounted unit public key in the vehicle-mounted unit certificate CERT1, and determines the authenticity of the first signature information SIG 1. The background system verifies the validity of the first signature information SIG1, so that the first signature information SIG1 can be confirmed to be not the attack information forged by illegal equipment, and the security of subsequent signature verification operation is improved. The background system executes fee deduction operation after the signature of the first signature information SIG1 is checked, so that the background system does not carry out fee deduction operation on false accounts or other accounts sent by illegal equipment, and loss of the ETC system is avoided.
As an optional implementation manner of this embodiment, before the performing the fee deduction operation in the background system, the method further includes: and the background system verifies whether the on-board unit equipment identification OBU-ID is contained in the blacklist or not, and verifies that the on-board unit equipment identification OBU-ID is not contained in the blacklist. In the optional embodiment, whether the identification OBU-ID of the vehicle-mounted unit equipment is in the blacklist or not is inquired before the fee deduction operation, so that blacklist vehicles such as multiple violations or multiple owing fees can be prevented from entering the highway, and the passing safety and the ETC system safety can be improved.
According to the technical scheme of the embodiment, the vehicle-mounted unit can sign information to be signed in an asymmetric key encryption mode and send the signed information to the road side unit, the background system connected with the road side unit completes fee deduction operation after verifying the signed information, safety and non-repudiation of transaction are guaranteed, under the condition that a single vehicle-mounted unit is illegally disassembled or even a key is cracked, safety of other vehicle-mounted units and the road side unit in the ETC system is not affected, overall safety of the ETC system is improved, and fund safety of a vehicle-mounted unit user and the ETC system is guaranteed.
Example 5
As shown in fig. 5, the present embodiment provides an on-board unit charging method based on an asymmetric algorithm, and the on-board unit charging method based on the asymmetric algorithm provided in the present embodiment is suitable for a charging mode for charging at an exit of an expressway in an ETC system.
In order to achieve the above purpose, the technical solution of the present invention is specifically realized as follows (including step 501 to step 509):
step 501, the road side unit sends communication broadcast information to the vehicle-mounted unit, and the vehicle-mounted unit receives the communication broadcast information and sends response information to the road side unit.
Step 502, the road side unit receives the response information and sends a communication link establishment instruction to the vehicle-mounted unit, wherein the communication link establishment instruction comprises: road side unit communication parameters and road side unit application parameters.
Step 503, the vehicle-mounted unit receives the communication link establishment instruction and sends a communication link establishment response to the road side unit, wherein the communication link establishment response includes: a vehicle unit communication parameter, a vehicle unit application parameter, and a first randomizer RND 1.
Step 504, the road side unit receives the communication link response, generates a second random factor RND2, acquires a road side unit device number RSU-ID, a current time RTC1 and exit information, wherein the exit information includes an identifier ST1 and/or an exit address ADD1, and sends an information acquisition request to the vehicle-mounted unit, wherein the information acquisition request at least includes: the RSU-ID, the current time RTC1, the second random factor RND2, and the exit information.
In this embodiment, the second random factor RND2 may be a number, a letter, or a combination of a number and a letter, the exit identifier ST1 and the exit address ADD1 may be information stored inside the roadside unit, or may be obtained by the roadside unit querying in a background server, only one of the exit identifier ST1 and the exit address ADD1 acquired by the roadside unit may be acquired, or all of the exit identifier ST1 and the exit address ADD1 may be acquired, which is not limited in this embodiment.
Step 505, the vehicle-mounted unit receives the information acquisition request, acquires the vehicle-mounted unit certificate CERT1, the entrance address ADD2 and the entry time RTC2, and sends an information acquisition response to the road side unit, wherein the information acquisition response at least comprises: a vehicle unit certificate CERT1, an entry address ADD2, and an entry time RTC 2.
In this embodiment, the on-board unit may have the on-board unit certificate CERT1 prestored therein, and the entry address ADD2 and the entry time RTC2 may be stored after the on-board unit receives information transmitted from the entry road side unit when the vehicle enters the expressway from the ETC channel.
Step 506, the road side unit receives the information acquisition response, calculates a deduction SUM SUM1 at least according to the entrance address ADD2 and the exit address ADD1 or the exit identifier ST1, and sends a deduction request to the vehicle-mounted unit, wherein the deduction request comprises: the deduction amount SUM 1.
Specifically, in this embodiment, the roadside unit may calculate the deduction amount SUM1 according to a preset deduction amount calculation rule, and may also send the entrance address ADD2 and the exit address ADD1 or the exit identifier ST1 to the background system, and the background system calculates the deduction amount SUM 1.
Step 507, the vehicle-mounted unit receives the fee deduction request, signs the first information to be signed by using a private key of the vehicle-mounted unit to obtain first signature information SIG1, and sends a transaction certificate to the road side unit, wherein the transaction certificate comprises: first signature information SIG1, the first information to be signed at least including: the roadside unit device number RSU-ID, the entrance address ADD2, the current time RTC1, the entry time RTC2, the first random factor RND1, the second random factor RND2, the deduction amount SUM1 and the exit information.
In this embodiment, a security chip may be built in the vehicle-mounted unit, the security chip stores a private key generated by an asymmetric key algorithm, the private key has a characteristic that the private key cannot be derived, uniqueness and security of the private key are guaranteed, the vehicle-mounted unit uses the private key to perform signature operation to generate signature data, the signature data has security and non-repudiation, a public key generated based on the same asymmetric key algorithm may be stored in a certificate of the vehicle-mounted unit, and then the road side unit or the background system may obtain the public key of the vehicle-mounted unit according to the certificate of the vehicle-mounted unit to complete verification of the signature. The road side unit, the vehicle-mounted unit and the background system adopt an asymmetric key algorithm to sign and verify information, so that the safety and the non-repudiation of the information are guaranteed, the safety risk caused by key leakage when the road side unit or the vehicle-mounted unit is subjected to illegal attack is avoided, and the safety of the ETC system is improved.
And step 508, the road side unit receives the transaction certificate, verifies the legality of the vehicle-mounted unit certificate CERT1, and sends the transaction certificate to the background system after verifying that the vehicle-mounted unit certificate CERT1 is legal.
Specifically, in this embodiment, the roadside unit may pre-store a public key of the ETC certificate center, may verify the legitimacy of the vehicle-mounted unit certificate CERT1 according to the public key, and after confirming that the vehicle-mounted unit certificate CERT1 is legal, send a transaction certificate to the background system, thereby avoiding the background system from verifying false information sent by an illegal device, reducing occupation of the background system, and improving transaction efficiency.
In step 509, the background system receives the transaction certificate, checks the first signature information SIG1, and executes a fee deduction operation after the first signature information is checked.
In the present embodiment, the backend system verifies the first signature information SIG1 using the onboard unit public key in the onboard unit certificate CERT1, and determines the authenticity of the first signature information SIG 1. The background system verifies the authenticity of the first signature information SIG1, so that the first signature information SIG1 can be confirmed to be attack information of illegal equipment, and the safety of subsequent signature verification operation is improved. The background system executes fee deduction operation after the signature of the first signature information SIG1 is checked, so that the background system does not carry out fee deduction operation on false accounts or other accounts sent by illegal equipment, and loss of the ETC system is avoided.
According to the technical scheme of the embodiment, the vehicle-mounted unit can complete the signature of the information to be signed in an asymmetric key encryption mode, the background system verifies the certificate, and the fee deduction operation is completed after the signature is verified, so that the safety and the non-repudiation of the transaction are guaranteed, and under the condition that a single vehicle-mounted unit is illegally disassembled or even the key is cracked, the safety of other vehicle-mounted units and roadside units in the ETC system is not influenced, the overall safety of the ETC system is improved, and the fund safety of a vehicle-mounted unit user and the ETC system is improved.
Example 6
As shown in fig. 6, the present embodiment provides an on-board unit charging method based on an asymmetric algorithm, and the on-board unit charging method based on the asymmetric algorithm provided in the present embodiment is suitable for a charging mode for charging at an exit of an expressway in an ETC system.
In order to achieve the above object, the technical solution of the present invention is specifically realized as follows (including step 601 to step 609):
step 601, the road side unit sends communication broadcast information to the vehicle-mounted unit, and the vehicle-mounted unit receives the communication broadcast information and sends response information to the road side unit.
Step 602, the road side unit receives the response information and sends a communication link establishment instruction to the vehicle-mounted unit, wherein the communication link establishment instruction includes: road side unit communication parameters and road side unit application parameters.
Step 603, the vehicle-mounted unit receives the communication link establishment instruction and sends a communication link establishment response to the road side unit, wherein the communication link establishment response comprises: a vehicle unit communication parameter, a vehicle unit application parameter, and a first randomizer RND 1.
Step 604, the road side unit receives the communication link response, generates a second random factor RND2, and acquires a road side unit device number RSU-ID, a current time RTC1 and exit information, wherein the exit information comprises an exit identifier ST1 and/or an exit address ADD 1; sending an information acquisition request to the vehicle-mounted unit, wherein the information acquisition request at least comprises: the RSU-ID, the current time RTC1, the second random factor RND2, and the exit information.
In this embodiment, the second random factor RND2 may be a number, a letter, or a combination of a number and a letter, the exit identifier ST1 and the exit address ADD1 may be information stored inside the roadside unit, or may be obtained by the roadside unit querying in a background server, only one of the exit identifier ST1 and the exit address ADD1 acquired by the roadside unit may be acquired, or all of the exit identifier ST1 and the exit address ADD1 may be acquired, which is not limited in this embodiment.
Step 605, the vehicle-mounted unit receives the information acquisition request, acquires the entry address ADD2 and the entry time RTC2, and sends an information acquisition response to the road side unit, wherein the information acquisition response at least comprises: an entry address ADD2 and an entry time RTC 2.
In this embodiment, the on-board unit may have the on-board unit certificate CERT1 prestored therein, and the entry address ADD2 and the entry time RTC2 may be stored after the on-board unit receives information transmitted from the entry road side unit when the vehicle enters the expressway from the ETC channel.
Step 606, the road side unit receives the information acquisition response, calculates the deduction SUM1 at least according to the entrance address ADD2 and the exit address ADD1 or the exit identifier ST1, and sends a deduction request to the vehicle-mounted unit, wherein the deduction request comprises: the deduction amount SUM 1.
Specifically, in this embodiment, the roadside unit may calculate the deduction amount SUM1 according to a preset deduction amount calculation rule, and may also send the entrance address ADD2 and the exit address ADD1 or the exit identifier ST1 to the background system, and the background system calculates the deduction amount SUM 1.
Step 607, the vehicle-mounted unit receives the fee deduction request, signs the first information to be signed by using the vehicle-mounted unit private key to obtain first signature information SIG1, and sends a transaction certificate to the road side unit, wherein the transaction certificate comprises: first signature information SIG1 and an on-board unit device identification OBU-ID, the first information to be signed including at least: the roadside unit device number RSU-ID, the entrance address ADD2, the current time RTC1, the entry time RTC2, the first random factor RND1, the second random factor RND2, the deduction amount SUM1 and the exit information.
In this embodiment, a security chip may be built in the vehicle-mounted unit, the security chip stores a private key generated by an asymmetric key algorithm, the private key has a characteristic that the private key cannot be derived, uniqueness and security of the private key are guaranteed, the vehicle-mounted unit uses the private key to perform signature operation to generate signature data, the signature data has security and non-repudiation, a public key generated based on the same asymmetric key algorithm may be stored in a certificate of the vehicle-mounted unit, and then the road side unit or the background system may obtain the public key of the vehicle-mounted unit according to the certificate of the vehicle-mounted unit to complete verification of the signature. The road side unit, the vehicle-mounted unit and the background system adopt an asymmetric key algorithm to sign and verify information, so that the safety and the non-repudiation of the information are guaranteed, the safety risk caused by key leakage when the road side unit or the vehicle-mounted unit is subjected to illegal attack is avoided, and the safety of the ETC system is improved.
Step 608, the road side unit receives the transaction voucher and sends the transaction voucher to the background system.
And step 609, the background system receives the transaction certificate, acquires a vehicle-mounted unit certificate CERT1 by using the vehicle-mounted unit equipment identification OBU-ID, checks the first signature information SIG1, and executes fee deduction after the first signature information passes the check.
In this embodiment, the road side unit receives the transaction certificate and then sends the transaction certificate to the background system, the background system performs verification, and the background system completes subsequent operations such as deduction after verification, so that the transaction flow is reduced, and the transaction security is improved.
Specifically, in this embodiment, the backend system may prestore a public key of the ETC certificate center, and may verify the validity of the vehicle-mounted unit certificate according to the public key, and after the vehicle-mounted unit certificate is confirmed to be valid, check the first signature information SIG1 using the vehicle-mounted unit public key in the vehicle-mounted unit certificate, and determine the authenticity of the first signature information SIG 1. The background system verifies the authenticity of the first signature information SIG1, so that the first signature information SIG1 can be confirmed to be attack information of illegal equipment, and the safety of subsequent signature verification operation is improved. The background system executes fee deduction operation after the signature of the first signature information SIG1 is checked, so that the background system does not carry out fee deduction operation on false accounts or other accounts sent by illegal equipment, and loss of the ETC system is avoided.
According to the technical scheme of the embodiment, the vehicle-mounted unit can complete the signature of the information to be signed in an asymmetric key encryption mode, the background system verifies the legality of the certificate, the fee deduction operation is completed after the signature is verified, the safety and the non-repudiation of the transaction are guaranteed, and under the condition that a single vehicle-mounted unit is illegally disassembled or even the key is cracked, the safety of other vehicle-mounted units, the road side unit and the background system in the ETC system is not affected, so that the overall safety of the ETC system is improved, and the fund safety of a user of the vehicle-mounted unit and the ETC system is guaranteed.
Example 7
The embodiment provides a vehicle-mounted unit charging method based on an asymmetric algorithm, and the vehicle-mounted unit charging method based on the asymmetric algorithm is suitable for a mode that a vehicle-mounted unit in an ETC system punches a card at an exit of an expressway.
To achieve the above object, the technical solution of the present invention is specifically realized as follows (including steps 701 to 704):
step 701, the road side unit receives and generates a first random factor RND1, and acquires a road side unit device number RSU-ID, a current time RTC1 and exit information, wherein the exit information comprises an exit identifier ST1 and/or an exit address ADD 1; the road side unit sends a card punching request to the vehicle-mounted unit, wherein the card punching request comprises: RSU-ID, current time RTC1, first random factor RND1 and exit information.
Specifically, in this embodiment, the first random factor RND1 may be a number, a letter, or a combination of a number and a letter, the exit identifier ST1 and the exit address ADD1 may be information stored inside the roadside unit, and may also be obtained by querying the roadside unit at the background server, and the current time RTC1 may be provided by an internal clock of the roadside unit, and may also be obtained by querying the roadside unit at the background server. When the road side unit communicates with the on-board unit, the road side unit may communicate in a medium-distance communication mode such as 5.8GHZ, 2.4G, bluetooth, 900M, and the like, and may also communicate in a near-distance communication mode such as NFC, and this embodiment is not limited specifically.
Step 702, the vehicle-mounted unit receives the card punching request, generates recording information and a second random factor RND2, and signs the first information to be signed by using a private key of the vehicle-mounted unit to obtain first signature information SIG1, where the first information to be signed at least includes: current time RTC1, entry address ADD2, entry time RTC2, first random factor RND1, second random factor RND2, and exit identification ST1, exit address ADD 1.
Specifically, in the present embodiment, the entry address ADD2 and the entry time RTC2 may be information that the roadside unit acquires from the entry roadside unit when entering the expressway through an ETC channel and stores inside the in-vehicle unit, and the in-vehicle unit certificate may be a certificate that exists inside the in-vehicle unit. The second randomizer RND2 may be a number, a letter, or a combination of a number and a letter.
In this embodiment, a security chip may be built in the vehicle-mounted unit, the security chip stores a private key generated by an asymmetric key algorithm, the private key has a characteristic that the private key cannot be derived, uniqueness and security of the private key are guaranteed, the vehicle-mounted unit uses the private key to perform signature operation to generate signature data, the signature data has security and non-repudiation, a public key generated based on the same asymmetric key algorithm may be stored in a certificate of the vehicle-mounted unit, and then the road side unit or the background system may obtain the public key of the vehicle-mounted unit according to the certificate of the vehicle-mounted unit to complete verification of the signature. The road side unit, the vehicle-mounted unit and the background system adopt an asymmetric key algorithm to sign and verify information, so that the safety and the non-repudiation of the information are guaranteed, the safety risk caused by key leakage when the road side unit or the vehicle-mounted unit is subjected to illegal attack is avoided, and the safety of the ETC system is improved.
Step 703, the vehicle-mounted unit sends a card punching response to the road side unit, wherein the card punching response comprises: the first signature information SIG1, and the entry address ADD2, the entry time RTC2, the vehicle-mounted unit certificate CERT1, and the second random number RND 2.
Specifically, in this embodiment, the card-punching response sent by the on-board unit to the roadside unit includes an on-board unit certificate CERT1, and the roadside unit can obtain an on-board unit public key from the on-board unit certificate CERT1, and then complete signature verification of the first signature information SIG1 by using the public key, so that it is avoided that an illegal device pretends to be an on-board unit and interferes with a normal transaction flow of the roadside unit, thereby causing user loss.
And step 704, the vehicle-mounted unit receives the card punching response and finishes the card punching operation.
In this embodiment, after receiving the card punching response, the roadside unit may check the first signature information SIG1, send the result of checking the signature to the background system server, complete the card punching operation, and also send the card punching response to the background system server, where the background system server completes the operation of checking the signature and punching the card of the first signature information SIG1, and this embodiment is not particularly limited. After the card punching is completed, the background system server can complete operations such as deduction or travel record on the account corresponding to the vehicle-mounted unit according to the card punching result. Specifically, the roadside unit or the backend system server may pre-store a public key of the ETC certificate center, may verify the validity of the vehicle-mounted unit certificate CERT1 according to the public key, and after confirming that the vehicle-mounted unit certificate CERT1 is valid, use the vehicle-mounted unit public key in the vehicle-mounted unit certificate CERT1 to check the first signature information SIG1, and determine the authenticity of the first signature information SIG 1. The roadside unit or the background system server verifies the validity of the second signature information SIG2, and can confirm that the first signature information SIG1 is not attack information forged by illegal equipment, so that the safety of subsequent signature verification operation is improved. The roadside unit or the background system server executes the card punching operation after checking the first signature information SIG1, so that the roadside unit does not perform the card punching operation on the false information sent by the illegal equipment, and the loss of the ETC system is avoided.
As an optional implementation manner of this embodiment, the vehicle-mounted unit certificate CERT1 includes a vehicle-mounted unit device identification OBU-ID; before the roadside unit performs the card punching operation, the method further comprises the following steps: and the road side unit verifies whether the vehicle-mounted unit equipment identification OBU-ID is contained in the blacklist or not, and verifies that the vehicle-mounted unit equipment identification OBU-ID is not contained in the blacklist. In the optional embodiment, whether the identification OBU-ID of the vehicle-mounted unit equipment is in the blacklist or not is inquired before the card punching operation, so that blacklist vehicles such as multiple violations or multiple owing payment can be prevented from entering the highway, and the passing safety and the ETC system safety can be improved.
According to the technical scheme of the embodiment, the vehicle-mounted unit can complete the signature of the information to be signed in an asymmetric key encryption mode, the roadside unit can select the validity of the certificate after receiving the signature, the card punching operation is completed after the signature is verified, the safety and the non-repudiation of transaction and information recording are guaranteed, and under the condition that a single vehicle-mounted unit is illegally disassembled or even cracked, the safety of other vehicle-mounted units and roadside units in the ETC system is not affected, so that the overall safety of the ETC system is improved, and the fund safety of a vehicle-mounted unit user and the ETC system and the safety of user information are guaranteed.

Claims (10)

1. An asymmetric algorithm-based vehicle-mounted unit charging method is characterized by comprising the following steps:
the method comprises the steps that a road side unit sends communication broadcast information to an on-board unit, and the on-board unit receives the communication broadcast information and sends response information to the road side unit;
the road side unit receives the response information and sends a communication link establishment instruction to the vehicle-mounted unit, wherein the communication link establishment instruction comprises: the road side unit communication parameters and the road side unit application parameters;
the vehicle-mounted unit receives the communication link establishment instruction and sends a communication link establishment response to the road side unit, wherein the communication link establishment response comprises: the vehicle unit communication parameters, the vehicle unit application parameters and the first random factor RND 1;
the road side unit receives the communication link response, generates a second random factor RND2, and acquires a current time RTC1 and entry information, wherein the entry information comprises an entry identifier ST1 and/or an entry address ADD 1; signing first information to be signed by using a roadside unit private key to obtain first signature information SIG1, wherein the first information to be signed at least comprises: the current time RTC1, the first random factor RND1, a second random factor RND2 and the entry information;
the road side unit sends a fee deduction request to the vehicle-mounted unit, wherein the fee deduction request comprises: the RSU-ID, the current time RTC1, the second random factor RND2, the first signature information SIG1, and the entry information;
the vehicle-mounted unit receives the deduction request, acquires a roadside unit certificate CERT1, verifies the first signature information SIG1, generates recorded information after the verification of the first signature information is passed, and signs second information to be signed by using a private key of the vehicle-mounted unit to obtain second signature information SIG2, wherein the second information to be signed at least comprises: the RSU-ID, the current time RTC1, the first random factor RND1, the second random factor RND2, and the ingress information;
the vehicle-mounted unit sends a transaction certificate to the road side unit, wherein the transaction certificate comprises: a vehicle-mounted unit certificate CERT2 and the second signature information SIG 2;
and the road side unit receives the transaction certificate, verifies the legality of the vehicle-mounted unit certificate CERT2, verifies the legality of the vehicle-mounted unit certificate CERT2, checks the second signature information SIG2, and executes subsequent operation after the second signature information passes the verification.
2. The method of claim 1,
after the step of receiving the communication link response and before the step of signing the first information to be signed by using the roadside unit private key, the roadside unit further comprises the following steps: determining a deduction amount SUM 1; the first information to be signed further comprises: the deduction amount SUM 1; the request for deduction further comprises: the deduction amount SUM 1; the second information to be signed further includes: the deduction amount SUM 1;
and/or the presence of a gas in the gas,
the onboard unit certificate CERT2 comprises an onboard unit device identification OBU-ID;
before the road side unit performs the deduction operation, the method further comprises the following steps: and the road side unit verifies whether the vehicle-mounted unit equipment identification OBU-ID is contained in a blacklist or not, and verifies that the vehicle-mounted unit equipment identification OBU-ID is not contained in the blacklist.
3. An asymmetric algorithm-based vehicle-mounted unit card punching method is characterized by comprising the following steps:
the method comprises the steps that a road side unit sends communication broadcast information to an on-board unit, and the on-board unit receives the communication broadcast information and sends response information to the road side unit;
the road side unit receives the response information and sends a communication link establishment instruction to the vehicle-mounted unit, wherein the communication link establishment instruction comprises: the road side unit communication parameters and the road side unit application parameters;
the vehicle-mounted unit receives the communication link establishment instruction and sends a communication link establishment response to the road side unit, wherein the communication link establishment response comprises: the vehicle unit communication parameters, the vehicle unit application parameters and the first random factor RND 1;
the road side unit receives the communication link response, generates a second random factor RND2, and acquires a current time RTC1 and exit information, wherein the exit information comprises the exit identifier ST1 and/or an exit address ADD 1; signing first information to be signed by using a roadside unit private key to obtain first signature information SIG1, wherein the first information to be signed at least comprises: the current time RTC1, the first random factor RND1, a second random factor RND2 and the exit information;
the road side unit sends a card punching request to the vehicle-mounted unit, wherein the card punching request comprises: the RSU-ID, the current time RTC1, the second random factor RND2, the first signature information SIG1, and the egress information;
the vehicle-mounted unit receives the card-punching request, acquires a roadside unit certificate CERT1, verifies the first signature information SIG1, generates recording information and acquires an entrance address ADD2 and an entry time RTC2 after the first signature information is verified, signs second information to be signed by using a vehicle-mounted unit private key, and acquires second signature information SIG2, wherein the second information to be signed at least comprises: the current time RTC1, the entry address ADD2, an entry time RTC2, the first random factor RND1, the second random factor RND2 and the exit information;
the vehicle-mounted unit sends a card punching response to the road side unit, wherein the card punching response comprises: the second signature information SIG2, and the entry address ADD2, the entry time RTC2, and a vehicle-mounted unit certificate CERT 2;
and the road side unit receives the card punching response and finishes the card punching operation.
4. An asymmetric algorithm-based vehicle-mounted unit charging method is characterized by comprising the following steps:
the method comprises the steps that a road side unit sends communication broadcast information to an on-board unit, and the on-board unit receives the communication broadcast information and sends response information to the road side unit;
the road side unit receives the response information and sends a communication link establishment instruction to the vehicle-mounted unit, wherein the communication link establishment instruction comprises: the road side unit communication parameters and the road side unit application parameters;
the vehicle-mounted unit receives the communication link establishment instruction and sends a communication link establishment response to the road side unit, wherein the communication link establishment response comprises: the vehicle unit communication parameters, the vehicle unit application parameters and the first random factor RND 1;
the road side unit receives the communication link response, generates a second random factor RND2, and acquires a road side unit device number RSU-ID, a current time RTC1 and entry information, wherein the entry information comprises an entry identifier ST1 and/or an entry address ADD 1; sending a fee deduction request to an on-board unit, wherein the fee deduction request at least comprises: the RSU-ID, the current time RTC1, the second random factor RND2 and the entry information;
the vehicle-mounted unit receives the fee deduction request, signs first information to be signed by using a private key of the vehicle-mounted unit to obtain first signature information SIG1, and sends a transaction certificate to the roadside unit, wherein the transaction certificate comprises the first signature information SIG1 and a vehicle-mounted unit device certificate CERT1, and the first information to be signed at least comprises: the RSU-ID, the current time RTC1, the first random factor RND1, the second random factor RND2, and the entry information;
the road side unit receives the transaction certificate, verifies the legality of the vehicle-mounted unit certificate CERT1, and sends the transaction certificate to a background system after verifying that the vehicle-mounted unit certificate CERT1 is legal;
and the background system receives the transaction voucher, checks the first signature information SIG1, and executes fee deduction after the first signature information is checked.
5. The method of claim 4,
after the step of receiving the communication link response and before the step of sending a deduction request to the vehicle-mounted unit, the road side unit further comprises: determining a deduction amount SUM 1;
the fee deduction request also comprises: the deduction amount SUM 1;
the first information to be signed further comprises: the deduction amount SUM 1.
6. An asymmetric algorithm-based vehicle-mounted unit charging method is characterized by comprising the following steps:
the method comprises the steps that a road side unit sends communication broadcast information to an on-board unit, and the on-board unit receives the communication broadcast information and sends response information to the road side unit;
the road side unit receives the response information and sends a communication link establishment instruction to the vehicle-mounted unit, wherein the communication link establishment instruction comprises: the road side unit communication parameters and the road side unit application parameters;
the vehicle-mounted unit receives the communication link establishment instruction and sends a communication link establishment response to the road side unit, wherein the communication link establishment response comprises: the vehicle unit communication parameters, the vehicle unit application parameters and the first random factor RND 1;
the road side unit receives the communication link response, generates a second random factor RND2, and acquires a road side unit device number RSU-ID, a current time RTC1 and entry information, wherein the entry information comprises an entry identifier ST1 and/or an entry address ADD 1; sending a fee deduction request to an on-board unit, wherein the fee deduction request at least comprises: the RSU-ID, the current time RTC1, the second random factor RND2 and the entry information;
the vehicle-mounted unit receives the fee deduction request, signs first information to be signed by using a private key of the vehicle-mounted unit to obtain first signature information SIG1, and sends a transaction certificate to the roadside unit, wherein the transaction certificate comprises the first signature information SIG1 and a vehicle-mounted unit device identifier OBU-ID, and the first information to be signed at least comprises: the RSU-ID, the current time RTC1, the first random factor RND1, the second random factor RND2, and the entry information;
the road side unit receives the transaction certificate and sends the transaction certificate to a background system;
and the background system receives the transaction voucher, acquires a vehicle-mounted unit certificate by using the vehicle-mounted unit equipment identification OBU-ID, checks the first signature information SIG1, and executes subsequent operation after the first signature information is checked and signed.
7. The method of claim 6,
after the step of receiving the communication link response and before the step of sending a deduction request to the vehicle-mounted unit, the road side unit further comprises: determining a deduction amount SUM 1;
the fee deduction request also comprises: the deduction amount SUM 1;
the first information to be signed further comprises: the deduction amount SUM 1.
8. An asymmetric algorithm-based vehicle-mounted unit charging method is characterized by comprising the following steps:
the method comprises the steps that a road side unit sends communication broadcast information to an on-board unit, and the on-board unit receives the communication broadcast information and sends response information to the road side unit;
the road side unit receives the response information and sends a communication link establishment instruction to the vehicle-mounted unit, wherein the communication link establishment instruction comprises: the road side unit communication parameters and the road side unit application parameters;
the vehicle-mounted unit receives the communication link establishment instruction and sends a communication link establishment response to the road side unit, wherein the communication link establishment response comprises: the vehicle unit communication parameters, the vehicle unit application parameters and the first random factor RND 1;
the road side unit receives the communication link response, generates a second random factor RND2, and acquires a road side unit device number RSU-ID, a current time RTC1 and exit information, wherein the exit information comprises the exit identifier ST1 and/or an exit address ADD 1; sending an information acquisition request to an on-board unit, wherein the information acquisition request at least comprises: the RSU-ID, the current time RTC1, the second random factor RND2 and the exit information;
the vehicle-mounted unit receives the information acquisition request, acquires a vehicle-mounted unit certificate CERT1, an entrance address ADD2 and an entry time RTC2, and sends an information acquisition response to the road side unit, wherein the information acquisition response at least comprises the following steps: the onboard unit certificate CERT1, the entry address ADD2, and the entry time RTC 2;
the road side unit receives the information acquisition response, calculates a deduction amount SUM1 at least according to the entrance address ADD2 and the exit information, and sends a deduction request to the vehicle-mounted unit, wherein the deduction request comprises: a deduction amount SUM 1;
the vehicle-mounted unit receives the fee deduction request, signs the first information to be signed by using a vehicle-mounted unit private key to obtain first signature information SIG1, and sends a transaction certificate to the road side unit, wherein the transaction certificate comprises: the first signature information SIG1 includes at least: the roadside unit device number RSU-ID, the entrance address ADD2, the current time RTC1, the entry time RTC2, the first random factor RND1, the second random factor RND2, the deduction amount SUM1, and the exit information;
the road side unit receives the transaction certificate, verifies the legality of the vehicle-mounted unit certificate CERT1, and sends the transaction certificate to a background system after verifying that the vehicle-mounted unit certificate CERT1 is legal;
and the background system receives the transaction voucher, checks the first signature information SIG1, and executes fee deduction after the first signature information is checked.
9. An asymmetric algorithm-based vehicle-mounted unit charging method is characterized by comprising the following steps:
the method comprises the steps that a road side unit sends communication broadcast information to an on-board unit, and the on-board unit receives the communication broadcast information and sends response information to the road side unit;
the road side unit receives the response information and sends a communication link establishment instruction to the vehicle-mounted unit, wherein the communication link establishment instruction comprises: the road side unit communication parameters and the road side unit application parameters;
the vehicle-mounted unit receives the communication link establishment instruction and sends a communication link establishment response to the road side unit, wherein the communication link establishment response comprises: the vehicle unit communication parameters, the vehicle unit application parameters and the first random factor RND 1;
the road side unit receives the communication link response, generates a second random factor RND2, and acquires a road side unit device number RSU-ID, a current time RTC1 and exit information, wherein the exit information comprises an identifier ST1 and/or an exit address ADD 1; sending an information acquisition request to an on-board unit, wherein the information acquisition request at least comprises: the RSU-ID, the current time RTC1, the second random factor RND2 and the exit information;
the vehicle-mounted unit receives the information acquisition request, acquires an entrance address ADD2 and an entry time RTC2, and sends an information acquisition response to the road side unit, wherein the information acquisition response at least comprises the following steps: the entry address ADD2 and the entry time RTC 2;
the road side unit receives the information acquisition response, calculates a deduction SUM SUM1 at least according to the entrance address ADD2 and the exit information, and sends a deduction request to the vehicle-mounted unit, wherein the deduction request comprises: a deduction amount SUM 1;
the vehicle-mounted unit receives the fee deduction request, signs the first information to be signed by using a vehicle-mounted unit private key to obtain first signature information SIG1, and sends a transaction certificate to the road side unit, wherein the transaction certificate comprises: the first signature information SIG1 and the on-board unit device identification OBU-ID, the first information to be signed at least including: the roadside unit device number RSU-ID, the entrance address ADD2, the current time RTC1, the entry time RTC2, the first random factor RND1, the second random factor RND2, the deduction amount SUM1, and the exit information;
the road side unit receives the transaction certificate and sends the transaction certificate to a background system;
the background system receives the transaction voucher, acquires a vehicle-mounted unit certificate CERT1 by using the vehicle-mounted unit equipment identification OBU-ID, checks the first signature information SIG1, and executes fee deduction operation after the first signature information passes the check.
10. An asymmetric algorithm-based vehicle-mounted unit card punching method is characterized by comprising the following steps:
the method comprises the steps that a road side unit receives and generates a first random factor RND1, acquires a road side unit device number RSU-ID, a current time RTC1 and exit information, wherein the exit information comprises an exit identifier ST1 and/or an exit address ADD 1; the road side unit sends a card punching request to the vehicle-mounted unit, wherein the card punching request comprises: the RSU-ID, the current time RTC1, a first random factor RND1 and the exit information;
the vehicle-mounted unit receives the card punching request, generates recording information and a second random factor RND2, and signs first information to be signed by using a private key of the vehicle-mounted unit to obtain first signature information SIG1, wherein the first information to be signed at least comprises: the current time RTC1, the entry address ADD2, an entry time RTC2, the first random factor RND1, the second random factor RND2 and the exit information;
the vehicle-mounted unit sends a card punching response to the road side unit, wherein the card punching response comprises: the first signature information SIG1, and the entry address ADD2, the entry time RTC2, the onboard unit certificate CERT1, and the second random number RND 2;
and the vehicle-mounted unit receives the card punching response and finishes the card punching operation.
CN201911365758.4A 2019-12-26 2019-12-26 Vehicle-mounted unit charging and card punching method based on asymmetric algorithm Active CN111163439B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911365758.4A CN111163439B (en) 2019-12-26 2019-12-26 Vehicle-mounted unit charging and card punching method based on asymmetric algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911365758.4A CN111163439B (en) 2019-12-26 2019-12-26 Vehicle-mounted unit charging and card punching method based on asymmetric algorithm

Publications (2)

Publication Number Publication Date
CN111163439A true CN111163439A (en) 2020-05-15
CN111163439B CN111163439B (en) 2023-04-18

Family

ID=70558273

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911365758.4A Active CN111163439B (en) 2019-12-26 2019-12-26 Vehicle-mounted unit charging and card punching method based on asymmetric algorithm

Country Status (1)

Country Link
CN (1) CN111163439B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111724494A (en) * 2020-06-27 2020-09-29 北京百度网讯科技有限公司 Traffic information processing method and device, electronic equipment and storage medium
CN111954168A (en) * 2020-08-27 2020-11-17 深圳成谷智能科技有限公司 Method and device for realizing differentiated LTE-V broadcast message
WO2023100238A1 (en) * 2021-11-30 2023-06-08 株式会社Nttドコモ Network node, core network, and communication method

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH1125301A (en) * 1997-07-01 1999-01-29 Nec Corp Automatic charge collecting/receiving system
US20100287038A1 (en) * 2008-01-15 2010-11-11 Nxp B.V. Road toll system
CN104361644A (en) * 2014-11-14 2015-02-18 河南省安视博系统工程有限公司 ETC vehicle-mounted unit multi-scene application method and device based on intelligent TF card
CN104966326A (en) * 2015-07-17 2015-10-07 武汉万集信息技术有限公司 ETC (Electronic Toll Collection) vehicle toll collection method and system
CN110061991A (en) * 2019-04-22 2019-07-26 陈喆 A kind of gateway setting method for realizing expressway tol lcollection private network security access internet
CN110570261A (en) * 2019-08-30 2019-12-13 天地融科技股份有限公司 Method and system for acquiring non-stop toll collection invoice and vehicle-mounted unit

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH1125301A (en) * 1997-07-01 1999-01-29 Nec Corp Automatic charge collecting/receiving system
US20100287038A1 (en) * 2008-01-15 2010-11-11 Nxp B.V. Road toll system
CN104361644A (en) * 2014-11-14 2015-02-18 河南省安视博系统工程有限公司 ETC vehicle-mounted unit multi-scene application method and device based on intelligent TF card
CN104966326A (en) * 2015-07-17 2015-10-07 武汉万集信息技术有限公司 ETC (Electronic Toll Collection) vehicle toll collection method and system
CN110061991A (en) * 2019-04-22 2019-07-26 陈喆 A kind of gateway setting method for realizing expressway tol lcollection private network security access internet
CN110570261A (en) * 2019-08-30 2019-12-13 天地融科技股份有限公司 Method and system for acquiring non-stop toll collection invoice and vehicle-mounted unit

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
JONATHAN PETIT: "Pseudonym Schemes in Vehicular Networks: A Survey" *
燕科: "高速公路ETC系统国密算法迁移研究与验证" *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111724494A (en) * 2020-06-27 2020-09-29 北京百度网讯科技有限公司 Traffic information processing method and device, electronic equipment and storage medium
CN111724494B (en) * 2020-06-27 2022-05-10 阿波罗智联(北京)科技有限公司 Traffic information processing method and device, electronic equipment and storage medium
CN111954168A (en) * 2020-08-27 2020-11-17 深圳成谷智能科技有限公司 Method and device for realizing differentiated LTE-V broadcast message
CN111954168B (en) * 2020-08-27 2023-03-03 深圳成谷智能科技有限公司 Method and device for realizing differentiated LTE-V broadcast message
WO2023100238A1 (en) * 2021-11-30 2023-06-08 株式会社Nttドコモ Network node, core network, and communication method

Also Published As

Publication number Publication date
CN111163439B (en) 2023-04-18

Similar Documents

Publication Publication Date Title
CN111163439B (en) Vehicle-mounted unit charging and card punching method based on asymmetric algorithm
KR101014037B1 (en) Electronic Toll Collection System for car
CN110544138B (en) Method and system for acquiring non-stop toll collection invoice and vehicle-mounted unit
CN111192047B (en) Vehicle-mounted unit charging method based on asymmetric algorithm
CN110599611B (en) ETC lane traffic control method and equipment
CN112785734B (en) Electronic toll collection system and method based on two-way authentication
CN114386962A (en) Vehicle-mounted payment equipment, method and system
CN111724494B (en) Traffic information processing method and device, electronic equipment and storage medium
JP2004139380A (en) On-vehicle equipment setup method and its system, and on-vehicle equipment
CN110570261B (en) Method and system for acquiring non-stop toll collection invoice and vehicle-mounted unit
JP5200978B2 (en) Credit judgment system, in-vehicle device and credit judgment method
KR100785272B1 (en) Device of certifying for electronic toll collection of vehicle and electronic toll collection system using the same
KR100828229B1 (en) Method of ETC accounting with wireless public key infrastructure
KR100802613B1 (en) Automation toll collection method and system using portable terminal equipment
JP2008217305A (en) Personal identification system, charge settlement system and parking lot management system
KR101912302B1 (en) Hi-pass apparatus for printing receipt and receipt printing apparatus for the Hi-pass apparatus and control method thereof
JP4710692B2 (en) Service provision system
US20240144270A1 (en) V2x-based electronic toll collection system and method
KR20240087183A (en) Apparatus for paying toll for vehicle and operating method thereof
CN111192371B (en) Expressway charging method and system based on GNSS equipment
JPH10134214A (en) System and method for toll collection
JP3643695B2 (en) Toll collection system
JP3058128B2 (en) Automatic toll collection system
KR101497679B1 (en) System for nonstop charging in multilane and method for nonstop charging in multilane using the same
CN114449513A (en) Authentication method, device and equipment of road side equipment and computer storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant