CN111245619B - Key derivation method, device and system for Internet of vehicles, vehicle end and middle layer - Google Patents
Key derivation method, device and system for Internet of vehicles, vehicle end and middle layer Download PDFInfo
- Publication number
- CN111245619B CN111245619B CN202010230224.7A CN202010230224A CN111245619B CN 111245619 B CN111245619 B CN 111245619B CN 202010230224 A CN202010230224 A CN 202010230224A CN 111245619 B CN111245619 B CN 111245619B
- Authority
- CN
- China
- Prior art keywords
- key
- random number
- certificate
- vehicle end
- random
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Mobile Radio Communication Systems (AREA)
- Lock And Its Accessories (AREA)
Abstract
The invention provides a key derivation method, a device and a system for the Internet of vehicles, a vehicle end and a middle layer, wherein the vehicle end generates a certificate request containing an initial key and a random array and sends the certificate request to the middle layer, the middle layer respectively derives the initial key based on the random number in the random array to obtain corresponding derived keys, an issuing organization signs and issues a certificate based on the derived keys, the middle layer sends the certificate signed and issued by the issuing organization aiming at the random number in the random array to the vehicle end, and the vehicle end recombines a corresponding private key based on the certificate. The method generates a pair of key pairs at the vehicle end, derives a large number of key pairs at the middle layer, only the vehicle end has the private key, and generates random numbers through the vehicle end to replace an encryption function in a butterfly key derivation method, so that the operation pressure of the vehicle end is greatly reduced, and the generation speed of the private key at the vehicle end is improved.
Description
Technical Field
The invention relates to the technical field of communication, in particular to a key derivation method, a key derivation device and a key derivation system for an internet of vehicles, a vehicle end and an intermediate layer.
Background
At present, key derivation in the internet of vehicles mainly depends on a Secp2561 curve of the american standard, and a common method is a butterfly key derivation method.
The vehicle end submits a certificate request to the middle layer, and the middle layer uses a butterfly key derivation method to derive keys and then applies for certificates one by one to a certificate authority. However, the butterfly key derivation method has a large amount of calculation, which results in slow generation of the private key at the vehicle end.
Disclosure of Invention
In view of the above, to solve the above problems, the present invention provides a key derivation method, device and system for an internet of vehicles, a vehicle end and an intermediate layer. The technical scheme is as follows:
a key derivation method of a vehicle networking system is applied to a vehicle terminal, and comprises the following steps:
generating an initial key and a random array, wherein the random array comprises a plurality of random numbers;
sending a certificate request containing the initial key and the random array to a middle layer so that the middle layer respectively derives the initial key based on the random array to obtain corresponding derived keys, wherein the derived keys are the basis or basis for certificate issuance by an issuing authority;
and receiving a certificate which is sent by the intermediate layer and is issued by the issuing organization aiming at the random number in the random number group, and recombining a corresponding private key based on the certificate.
Preferably, the generating process of the random array includes:
generating an initial random number, and taking the initial random number as a reference number;
carrying out Hash operation on the reference number to obtain a new random number;
and taking the new random number as a reference number, and returning to the step of executing the hash operation on the reference number to obtain a new random number until the generation of the random number is finished when a preset finishing condition is met.
A key derivation apparatus for a vehicle networking, the apparatus comprising:
the device comprises a first processing module, a second processing module and a third processing module, wherein the first processing module is used for generating an initial key and a random array, and the random array comprises a plurality of random numbers;
the first communication module is configured to send a certificate request including the initial key and the random number group to an intermediate layer, so that the intermediate layer derives the initial key based on the random numbers in the random number group to obtain corresponding derived keys, where the derived keys are a basis or basis for issuing certificates by an issuing authority; receiving a certificate which is sent by the intermediate layer and is issued by the issuing organization aiming at the random number in the random number group;
the first processing module is further configured to reorganize a corresponding private key based on the certificate.
Preferably, the first processing module for generating a random array is specifically configured to:
generating an initial random number, and taking the initial random number as a reference number; carrying out Hash operation on the reference number to obtain a new random number; and taking the new random number as a reference number, and returning to the step of executing the hash operation on the reference number to obtain a new random number until the generation of the random number is finished when a preset finishing condition is met.
A vehicle end, comprising:
a first memory and a first processor, the first memory having stored thereon computer instructions executable on the first processor, wherein the first processor, when executing the computer instructions, performs any of the steps of the key derivation method for the internet of vehicles.
A key derivation method for internet of vehicles, the method being applied to a middle layer, the method comprising:
receiving a certificate request sent by a vehicle end, wherein the certificate request comprises an initial secret key and a random array generated by the vehicle end, and the random array comprises a plurality of random numbers;
deriving the initial key respectively based on the random numbers in the random number groups to obtain corresponding derived keys, and sending the derived keys to an issuing organization so that the issuing organization takes the derived keys as public keys to perform certificate issuing;
and receiving a certificate which is sent by the issuing organization and issued aiming at the random number in the random number group, and sending the certificate to the vehicle end so that the vehicle end recombines the corresponding private key based on the certificate.
A key derivation apparatus for a vehicle networking, the apparatus comprising:
the second communication module is used for receiving a certificate request sent by a vehicle end, wherein the certificate request comprises an initial key and a random array generated by the vehicle end, and the random array comprises a plurality of random numbers;
the second processing module is used for deriving the initial key respectively based on the random numbers in the random number group to obtain corresponding derived keys;
the second communication module is further configured to send the derived key to an issuing authority, so that the issuing authority issues a certificate by using the derived key as a public key; and receiving a certificate which is sent by the issuing organization and issued aiming at the random numbers in the random number group, and sending the certificate to the vehicle end so that the vehicle end recombines the corresponding private key based on the certificate.
An intermediate layer, the intermediate layer comprising:
a second memory having stored thereon computer instructions executable on the second processor, and a second processor, wherein the steps of the key derivation method for the internet of vehicles are performed by the second processor when executing the computer instructions.
A key derivation system for a vehicle networking, the system comprising:
the car end, the middle layer and the issuing mechanism.
Preferably, the vehicle end and the middle layer communicate through a secure channel.
In the car networking key derivation method, the car networking key derivation device and system, the car end and the intermediate layer, the car end generates a certificate request comprising the initial key and the random array and sends the certificate request to the intermediate layer, the intermediate layer respectively derives the initial key based on the random numbers in the random array to obtain the corresponding derived keys, the issuing authority signs and issues the certificate based on the derived keys, the intermediate layer sends the certificate signed and issued by the issuing authority aiming at the random numbers in the random array to the car end, and the car end recombines the corresponding private key based on the certificate. The method generates a pair of key pairs at the vehicle end, derives a large number of key pairs at the middle layer, only the vehicle end has the private key, and generates random numbers through the vehicle end to replace an encryption function in a butterfly key derivation method, so that the operation pressure of the vehicle end is greatly reduced, and the generation speed of the private key at the vehicle end is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
FIG. 1 is a system architecture diagram of a butterfly key derivation system;
FIG. 2 is another system architecture diagram of a butterfly key derivation system;
FIG. 3 is a flowchart of a key derivation method for Internet of vehicles according to an embodiment of the present invention;
FIG. 4 is a system architecture diagram of a key derivation system for the Internet of vehicles according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a key derivation device in the car networking system according to an embodiment of the present invention;
FIG. 6 is a flowchart of another method for deriving a key of a vehicle networking system according to an embodiment of the present invention;
fig. 7 is another schematic structural diagram of a key derivation device for car networking according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In this application, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising a," "8230," "8230," or "comprising" does not exclude the presence of additional like elements in a process, method, article, or apparatus that comprises the element.
For the convenience of understanding the present invention, the following first introduces a butterfly key derivation method:
see fig. 1 for a system architecture diagram of a butterfly key derivation system. The vehicle end generates an initial key A = a × G and a symmetric key k for a derived key, and sends the initial key A = a × G and the symmetric key k to the middle layer; the intermediate layer derives the initial key to obtain a derived key B i =A+f k (i) G; the intermediate layer will derive the key B i Sending to an issuing organization; the issuing organization sends B i As public key J i Issuing a certificate, and returning the certificate to the middle layer; the middle layer returns the certificate to the vehicle end; vehicle-end recombined private key b i =a+f k (i)。
Wherein G is a parameter of a Secp2561 curve, a is a parameter for an initial key generated by the vehicle end, and f k (i) And the encryption function agreed by the vehicle end and the middle layer is related to the symmetric key k for the derived key, and i is the serial number of the derived key.
See fig. 2 for another system architecture diagram of the butterfly key derivation system. The vehicle end generates a pair of initial keys A = a G, H = H G, a symmetric key k for derived keys and a symmetric key e for encryption, and sends the initial keys A = a G, H = H G, the symmetric key k for derived keys and the symmetric key e for encryption to the middle layer; the intermediate layer respectively derives a pair of initial keys to obtain respective derived keys B i =A+f k (i)*G、D i =H+f e (i) G; the intermediate layer will derive the key B i And D i Sending to an issuing organization; random key generation C of signing mechanism i =c i * G, and mixing J i =B i +C i Issuing certificates as public keys, using D i To c i Encryption, return of certificates to intermediate layer and use of D i After encryption c i (ii) a The middle layer will authenticate and use D i After encryption c i Returning to the vehicle end; vehicle end computing middleParameter b i =a+f k (i) And d i =h+f e (i) And use of d i Decrypting the message returned by the middle layer and finally recombining the private key j i =b i +c i 。
Wherein G is the parameter of the Secp2561 curve, a and h are the parameters for generating the initial key at the vehicle end, f k (i) A common agreed encryption function for the vehicle end and the intermediate layer, a symmetric key k for the derived key, f e (i) An encryption function agreed for the vehicle end and the middle layer is related to an encryption symmetric key e, i is the serial number of the derivative key, c i Parameters for generating keys for issuing authorities.
As can be seen from the above description, the encryption function f in the butterfly key derivation method k (i) The key derivation operation amount is large due to the existence of the key derivation, so that the private key generation at the vehicle end is slow. In addition, an encryption function f e (i) Although the key protection is enhanced, the vehicle end must perform decryption operation, so that the operation pressure of the vehicle end is further increased, and the generation speed of the private key of the vehicle end is slowed down.
In order to solve the above problem, an embodiment of the present invention provides a key derivation method for an internet of vehicles, where the method is applied to a vehicle end, and a flowchart of the method is shown in fig. 3, and includes the following steps:
s101, generating an initial key and a random array, wherein the random array comprises a plurality of random numbers.
In the embodiment of the invention, the vehicle end generates an initial key A = a G and contains a series of random numbers b i A random array of (2). Wherein, a is a parameter for an initial key generated by the vehicle end, and G is a parameter of an SM2 curve of the national standard.
And the random number b of the vehicle end in the generated random array i In the process, unassociated random numbers can be generated randomly by directly operating a correlation algorithm; or randomly generating a random number by an operation correlation algorithm, and continuously performing hash operation to obtain the result b i =hash(b i-1 ),
In the specific implementation process, the process of generating the random array by the vehicle end comprises the following steps:
generating an initial random number, and taking the initial random number as a reference number; carrying out Hash operation on the reference number to obtain a new random number; and taking the new random number as a reference number, returning to the step of executing the Hash operation on the reference number to obtain a new random number, and ending the generation of the random number until a preset ending condition is met.
In the embodiment of the present invention, an ending condition of generating the random array may be preset, for example, a certain number of random arrays are generated, and then, for example, the random arrays are generated within a certain period of time. Continuously taking the current random number as a reference to carry out Hash operation to obtain the next random number, namely b, in the process of generating the random array without meeting the end condition at present i =hash(b i-1 )。
S102, sending a certificate request containing an initial key and a random array to the middle layer so that the middle layer derives the initial key respectively based on the random array to obtain corresponding derived keys, wherein the derived keys are the basis or basis for certificate issuance by an issuing authority.
See fig. 4 for a system architecture diagram of the car networking key derivation system. In the embodiment of the invention, a vehicle end sends a certificate request containing an initial key A and a random array to an intermediate layer; the intermediate layer derives the initial key to obtain a corresponding derived key B i =b i * A, and derive the key B i Sending to an issuing organization; the issuing organization will derive the key B i As public key J i Issuing a certificate, and returning the certificate issued by aiming at the random number in the random number group to the middle layer; the middle layer returns the certificate returned by the issuing organization to the vehicle end.
S103, receiving a certificate which is sent by the intermediate layer and issued by the issuing organization aiming at the random number in the random number group, and recombining the corresponding private key based on the certificate.
With continued reference to the system architecture diagram of the car networking key derivation system shown in fig. 4. In the embodiment of the invention, the vehicle end calculates the private key c based on the received certificate i =a*b i 。
Thus, it can be seen that the method for deriving butterfly keyCompared with the key derivation method of the Internet of vehicles, the key derivation method of the Internet of vehicles can replace the encryption function f in the butterfly key derivation method by generating random numbers at the vehicle end k (i) Therefore, the operation pressure of the vehicle end is greatly reduced, and the generation speed of the private key of the vehicle end is improved. And B is used as an intermediate layer i =b i * The derivation is carried out in the mode A, so that the intermediate layer can carry out point addition operation on the SM2 curve for one time, and the operation pressure of the intermediate layer is greatly reduced.
In addition, because the computing capacity of the vehicle end is not enough to carry out a large number of decryption operations, and the decryption operations consume more computing capacity than the operation of generating the key, the invention is not as good as the operation of generating a large number of key pairs directly at the vehicle end, so that the random number generated at the issuing agency and the encryption and decryption processes are eliminated.
According to the key derivation method of the Internet of vehicles, provided by the embodiment of the invention, a pair of key pairs are generated at the vehicle end, a large number of key pairs are derived at the middle layer, only the vehicle end has a private key, and random numbers are generated by the vehicle end to replace an encryption function in the butterfly key derivation method, so that the operation pressure of the vehicle end is greatly reduced, and the generation speed of the private key of the vehicle end is improved.
Based on the key derivation method for the car networking provided by the foregoing embodiment, an embodiment of the present invention provides an apparatus for executing the key derivation method for the car networking, where a schematic structural diagram of the apparatus is shown in fig. 5, and the apparatus includes:
the first processing module 101 is configured to generate an initial key and a random number group, where the random number group includes a plurality of random numbers.
The first communication module 102 is configured to send a certificate request including an initial key and a random number group to the intermediate layer, so that the intermediate layer derives the initial key based on the random numbers in the random number group to obtain corresponding derived keys, where the derived keys are a basis or basis for issuing certificates by an issuing authority; and receiving a certificate which is sent by the intermediate layer and issued by an issuing organization aiming at the random number in the random number group.
The first processing module 101 is further configured to reorganize a corresponding private key based on the certificate.
Optionally, the first processing module 101 configured to generate a random array is specifically configured to:
generating an initial random number, and taking the initial random number as a reference number; carrying out Hash operation on the reference number to obtain a new random number; and taking the new random number as a reference number, returning to the step of executing the Hash operation on the reference number to obtain a new random number, and ending the generation of the random number until a preset ending condition is met.
According to the key derivation device of the Internet of vehicles, provided by the embodiment of the invention, a pair of key pairs are generated at the vehicle end, a large number of key pairs are derived at the middle layer, only the vehicle end has a private key, and random numbers are generated by the vehicle end to replace an encryption function in a butterfly key derivation method, so that the operation pressure of the vehicle end is greatly reduced, and the generation speed of the private key of the vehicle end is improved.
Based on the key derivation method for the internet of vehicles provided by the above embodiment, an embodiment of the present invention provides a vehicle end, where the vehicle end includes:
a first memory and a first processor, wherein the first memory stores computer instructions capable of running on the first processor, and the first processor executes the computer instructions to execute the key derivation method for internet of vehicles provided in steps S101 to S103.
The embodiment of the invention also provides another key derivation method for the internet of vehicles, which is applied to the middle layer, and the flow chart of the method is shown in fig. 6, and the method comprises the following steps:
s201, receiving a certificate request sent by a vehicle end, wherein the certificate request comprises an initial key and a random array generated by the vehicle end, and the random array comprises a plurality of random numbers.
And S202, deriving the initial keys respectively based on the random numbers in the random number groups to obtain corresponding derived keys, and sending the derived keys to an issuing organization so that the issuing organization can issue certificates by taking the derived keys as public keys.
S203, receiving the certificate issued by the issuing organization aiming at the random number in the random number group, and sending the certificate to the vehicle end so that the vehicle end recombines the corresponding private key based on the certificate.
It should be noted that, in the implementation process of the key derivation method for the car networking provided in steps S201 to S203 of the present invention, reference may be made to the implementation process of the key derivation method for the car networking provided in steps S101 to S103, and details are not described here again.
According to the key derivation method of the Internet of vehicles, provided by the embodiment of the invention, a pair of key pairs are generated at the vehicle end, a large number of key pairs are derived at the middle layer, only the vehicle end has a private key, and random numbers are generated by the vehicle end to replace an encryption function in the butterfly key derivation method, so that the operation pressure of the vehicle end is greatly reduced, and the generation speed of the private key of the vehicle end is improved.
Based on the key derivation method for the car networking provided by the foregoing embodiment, an embodiment of the present invention provides an apparatus for executing the key derivation method for the car networking, where a schematic structural diagram of the apparatus is shown in fig. 7, and the apparatus includes:
the second communication module 201 is configured to receive a certificate request sent by a vehicle end, where the certificate request includes an initial key and a random number group generated by the vehicle end, and the random number group includes a plurality of random numbers.
The second processing module 202 is configured to derive the initial key based on the random numbers in the random array to obtain corresponding derived keys.
The second communication module 201 is further configured to send the derived key to an issuing authority, so that the issuing authority issues a certificate by using the derived key as a public key; and receiving a certificate issued by the issuing organization aiming at the random number in the random array, and sending the certificate to the vehicle end so that the vehicle end recombines the corresponding private key based on the certificate.
According to the key derivation device of the Internet of vehicles, provided by the embodiment of the invention, a pair of key pairs are generated at the vehicle end, a large number of key pairs are derived at the middle layer, only the vehicle end has a private key, and random numbers are generated by the vehicle end to replace an encryption function in a butterfly key derivation method, so that the operation pressure of the vehicle end is greatly reduced, and the generation speed of the private key of the vehicle end is improved.
Based on the key derivation method for the internet of vehicles provided by the above embodiment, an embodiment of the present invention provides an intermediate layer, where the intermediate layer includes:
a second memory and a second processor, wherein the second memory stores computer instructions capable of running on the second processor, and the second processor executes the steps of the key derivation method for internet of vehicles provided in steps S201 to S203 when executing the computer instructions.
The embodiment of the invention also provides a key derivation system of the Internet of vehicles, which comprises a vehicle end, a middle layer and an issuing mechanism. Preferably, the vehicle end and the intermediate layer communicate through a secure channel.
In addition, in practical development work, it should be noted that the private key reconstructed at the vehicle end cannot be present in the memory, and a and c are involved i The operations of (2) need to be all performed in the secure chip.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, the system or system embodiments are substantially similar to the method embodiments and therefore are described in a relatively simple manner, and reference may be made to some of the descriptions of the method embodiments for related points. The above-described system and system embodiments are only illustrative, wherein the units described as separate parts may or may not be physically separate, and the parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
The foregoing is only a preferred embodiment of the present application and it should be noted that those skilled in the art can make several improvements and modifications without departing from the principle of the present application, and these improvements and modifications should also be considered as the protection scope of the present application.
Claims (10)
1. A key derivation method of Internet of vehicles is characterized in that the method is applied to a vehicle end, and the method comprises the following steps:
generating an initial key and a random array, wherein the random array comprises a plurality of random numbers;
sending a certificate request containing the initial key and the random array to a middle layer so that the middle layer respectively derives the initial key based on the random array to obtain corresponding derived keys, wherein the derived keys are the basis or basis for certificate issuance by an issuing authority; wherein the derived key B is obtained by the following formula i :
B i =b i *A
A is the initial key, b i Is a random number;
and receiving a certificate which is sent by the intermediate layer and issued by the issuing mechanism aiming at the random number in the random number group, and recombining a corresponding private key based on the certificate.
2. The method of claim 1, wherein the generating of the random array comprises:
generating an initial random number, and taking the initial random number as a reference number;
carrying out Hash operation on the reference number to obtain a new random number;
and taking the new random number as a reference number, and returning to the step of executing the hash operation on the reference number to obtain a new random number until the generation of the random number is finished when a preset finishing condition is met.
3. An Internet of vehicles key derivation apparatus, the apparatus comprising:
the device comprises a first processing module, a second processing module and a third processing module, wherein the first processing module is used for generating an initial key and a random array, and the random array comprises a plurality of random numbers;
the first communication module is used for sending a certificate request containing the initial key and the random number group to the middle layer so that the middle layer can respectively derive the initial key based on the random numbers in the random number group to obtain corresponding derived keys, and the derived keys are the basis or basis for certificate issuance by an issuing authority; receiving a certificate which is sent by the intermediate layer and is issued by the issuing organization aiming at the random number in the random number group; wherein the derived key B is obtained by the following formula i :
B i =b i *A
A is the initial key, b i Is a random number;
the first processing module is further configured to reorganize a corresponding private key based on the certificate.
4. The apparatus of claim 3, wherein the first processing module configured to generate a random array is specifically configured to:
generating an initial random number, and taking the initial random number as a reference number; carrying out Hash operation on the reference number to obtain a new random number; and taking the new random number as a reference number, and returning to the step of executing the hash operation on the reference number to obtain a new random number until the generation of the random number is finished when a preset finishing condition is met.
5. A car end, comprising:
a first memory and a first processor, the first memory having stored thereon computer instructions executable on the first processor, wherein the first processor, when executing the computer instructions, performs the steps of the key derivation method for the internet of vehicles according to any one of claims 1 to 2.
6. A key derivation method for Internet of vehicles, which is applied to a middle layer, and comprises the following steps:
receiving a certificate request sent by a vehicle end, wherein the certificate request comprises an initial key and a random array generated by the vehicle end, and the random array comprises a plurality of random numbers;
deriving the initial key respectively based on the random numbers in the random number groups to obtain corresponding derived keys, and sending the derived keys to an issuing organization so that the issuing organization takes the derived keys as public keys to perform certificate issuing; wherein the derived key B is obtained by the following formula i :
B i =b i *A
A is the initial key, b i Is a random number;
and receiving a certificate which is sent by the issuing organization and issued aiming at the random number in the random number group, and sending the certificate to the vehicle end so that the vehicle end recombines the corresponding private key based on the certificate.
7. A key derivation apparatus of a car networking, the apparatus comprising:
the second communication module is used for receiving a certificate request sent by a vehicle end, wherein the certificate request comprises an initial key and a random array generated by the vehicle end, and the random array comprises a plurality of random numbers;
the second processing module is used for deriving the initial key respectively based on the random numbers in the random number group to obtain corresponding derived keys; wherein the derived key B is obtained by the following formula i :
B i =b i *A
A is the initial key, b i Is a random number;
the second communication module is further configured to send the derived key to an issuing authority, so that the issuing authority issues a certificate by using the derived key as a public key; and receiving a certificate issued by the issuing mechanism aiming at the random numbers in the random number group, and sending the certificate to the vehicle end so that the vehicle end recombines the corresponding private key based on the certificate.
8. An interlayer, comprising:
a second memory having stored thereon computer instructions executable on the second processor, wherein the second processor when executing the computer instructions performs the steps of the key derivation method for internet of vehicles of claim 6.
9. A key derivation system for internet of vehicles, the system comprising:
the vehicle end of claim 5, the intermediate layer of claim 8, and the issuing authority.
10. The system of claim 9, wherein the vehicle end and the intermediate tier communicate over a secure channel.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010230224.7A CN111245619B (en) | 2020-03-27 | 2020-03-27 | Key derivation method, device and system for Internet of vehicles, vehicle end and middle layer |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010230224.7A CN111245619B (en) | 2020-03-27 | 2020-03-27 | Key derivation method, device and system for Internet of vehicles, vehicle end and middle layer |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111245619A CN111245619A (en) | 2020-06-05 |
| CN111245619B true CN111245619B (en) | 2023-03-24 |
Family
ID=70870565
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010230224.7A Active CN111245619B (en) | 2020-03-27 | 2020-03-27 | Key derivation method, device and system for Internet of vehicles, vehicle end and middle layer |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111245619B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB2595639A (en) * | 2020-05-22 | 2021-12-08 | British Telecomm | Pairing of user device with remote system |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2018026807A1 (en) * | 2016-08-02 | 2018-02-08 | Pcms Holdings, Inc. | Managing automotive vehicle premium lane access |
| CN107425971B (en) * | 2017-04-25 | 2020-06-05 | 深圳奥联信息安全技术有限公司 | Certificateless data encryption/decryption method and device and terminal |
| EP3701669B1 (en) * | 2017-10-22 | 2023-09-06 | Lg Electronics, Inc. | Cryptographic methods and systems for managing digital certificates |
| US11190363B2 (en) * | 2018-01-11 | 2021-11-30 | Lg Electronics, Inc. | Cryptographic methods and systems using activation codes for digital certificate revocation |
| WO2020041499A1 (en) * | 2018-08-21 | 2020-02-27 | Lg Electronics, Inc. | Systems and methods for a butterfly key exchange program |
| CN110896348B (en) * | 2019-11-26 | 2022-04-01 | 飞天诚信科技股份有限公司 | Method and system for key agreement |
-
2020
- 2020-03-27 CN CN202010230224.7A patent/CN111245619B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN111245619A (en) | 2020-06-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110022217B (en) | Advertisement media service data credible storage system based on block chain | |
| JP4527358B2 (en) | An authenticated individual cryptographic system that does not use key escrow | |
| EP1687931B1 (en) | Method and apparatus for verifiable generation of public keys | |
| CN110545279A (en) | block chain transaction method, device and system with privacy and supervision functions | |
| CN112104453B (en) | Anti-quantum computation digital signature system and signature method based on digital certificate | |
| CN109361519B (en) | Improved secret-containing number generation method and system | |
| CN109547209A (en) | A kind of two side's SM2 digital signature generation methods | |
| CN111698238A (en) | Management method, system and storage medium for terminal layer equipment key of power internet of things | |
| CN110830244A (en) | Anti-quantum computing vehicle networking method and system based on identity secret sharing and alliance chain | |
| CN112291059B (en) | Key generation method and device, storage medium and electronic equipment | |
| CN107395627B (en) | Lightweight authentication protocol based on one-way function | |
| CN109962783B (en) | SM9 digital signature collaborative generation method and system based on progressive calculation | |
| CN111245619B (en) | Key derivation method, device and system for Internet of vehicles, vehicle end and middle layer | |
| CN114499887A (en) | Signature key generation and related methods, systems, computer devices, and storage media | |
| CN111224783A (en) | Two-square elliptic curve digital signature algorithm supporting secret key refreshing | |
| CN108449174B (en) | Revocable encryption method and device for intelligent terminal in cloud computing application | |
| CN110798313A (en) | Secret dynamic sharing-based collaborative generation method and system for number containing secret | |
| CN113132315B (en) | Online conference authentication method, device, equipment, medium and system | |
| Bottinelli et al. | Accelerating V2X cryptography through batch operations | |
| JPH11234263A (en) | Method and device for mutual authentication | |
| CN114389808A (en) | Open ID protocol design method based on SM9 blind signature | |
| CN114978622A (en) | Anonymous credential verification method and system based on block chain and zero-knowledge proof | |
| CN114362958A (en) | Intelligent home data security storage auditing method and system based on block chain | |
| CN114189338A (en) | SM9 secret key safety distribution and management system and method based on homomorphic encryption technology | |
| CN112667995A (en) | Restricted Paillier encryption system and application method thereof in key distribution and identity authentication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20220530 Address after: No. 203, Shanghai Songjiang Road, No. 201563, Pudong New Area Applicant after: SAIC Motor Corp.,Ltd. Applicant after: Shanghai automotive industry (Group) Co.,Ltd. Address before: 201203 Room 509, Building No. 1, 563 Songtao Road, Zhangjiang High-tech Park, Pudong New Area, Shanghai Applicant before: SAIC Motor Corp.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |