CN111600708A

CN111600708A - Information processing method, certificate generation method, device, equipment and medium

Info

Publication number: CN111600708A
Application number: CN202010415285.0A
Authority: CN
Inventors: 胡伯良; 安晓江; 王学进
Original assignee: Beijing Haitai Fangyuan High Technology Co Ltd
Current assignee: Beijing Haitai Fangyuan High Technology Co Ltd
Priority date: 2020-05-15
Filing date: 2020-05-15
Publication date: 2020-08-28

Abstract

The application discloses an information processing method, a certificate generation device, equipment and a medium, which are applied to the technical field of information security and are used for solving the problem of poor information security of V2V communication in the prior art. The method specifically comprises the following steps: the CA center generates each information certificate and returns the information certificate to the vehicle-mounted terminal equipment for storage based on the public key in each public and private key pair generated by the vehicle-mounted terminal equipment and the CA signature result corresponding to the public key in each public and private key pair; the vehicle-mounted terminal equipment acquires vehicle running information; selecting one information certificate from the stored information certificates as a target information certificate, and signing the vehicle driving information to obtain an information signing result; and broadcasting the target information certificate, the vehicle running information and the information signature result. In this way, the vehicle driving information is signed by the information certificate and then broadcasted, so that the broadcasted vehicle driving information has authenticity, integrity and non-repudiation, and the communication safety of V2V can be ensured.

Description

Information processing method, certificate generation method, device, equipment and medium

Technical Field

The present application relates to the field of information security technologies, and in particular, to an information processing method, a certificate generation method, an apparatus, a device, and a medium.

Background

At present, Vehicle to outside communication (V2X) mainly includes Vehicle to Vehicle (V2V), Vehicle to road (V2I), Vehicle to background (V2N), and the like, and the communication security of V2V is a focus of attention with respect to the communication security and credibility of V2I and V2N.

In practical application, the requirements of V2V communication on security mainly include authenticity, integrity, non-repudiation and user identity information leakage prevention, how to achieve the requirements of V2V communication on security and ensure V2V communication security are problems to be solved in the technical field of information security.

Disclosure of Invention

The embodiment of the application provides an information processing method, a certificate generation method, a device, equipment and a medium, which are used for solving the problem of poor information security of V2V communication in the prior art.

The technical scheme provided by the embodiment of the application is as follows:

in one aspect, an embodiment of the present application provides an information processing method applied to a vehicle-mounted terminal device, including:

acquiring vehicle running information;

selecting a private key of an information certificate from private keys of all information certificates, and signing the vehicle driving information to obtain an information signing result of the vehicle driving information, wherein the private key of each information certificate is a private key in each public and private key pair generated by vehicle-mounted terminal equipment, and each information certificate is generated by a Certificate Authority (CA) center based on a public key in each public and private key pair and a CA signing result corresponding to the public key in each public and private key pair;

and broadcasting the vehicle running information, the information signature result and the selected information certificate as vehicle communication information.

In one possible embodiment, before acquiring the vehicle driving information, the method further includes:

generating at least two public and private key pairs;

signing the public key in each public and private key pair by using the private key of the equipment certificate to obtain a public key signature result, and carrying the certificate identification of the equipment certificate, the public key signature result and the public key in each public and private key pair in a batch certificate application request to send the batch certificate application request to a CA center;

receiving batch application certificate responses returned by a CA center, wherein the batch application certificate responses are returned after the CA center utilizes a public key of an equipment certificate represented by a certificate identifier to determine that a public key signature result in a batch application certificate request passes verification, the private key of the CA certificate is utilized to respectively sign the public keys in each public and private key pair to obtain CA signature results corresponding to the public keys in each public and private key pair, and each information certificate is generated based on the public key in each public and private key pair and the CA signature result corresponding to the public key in each public and private key pair;

and acquiring each information certificate generated by the CA center from the batch certificate application response.

In one possible embodiment, acquiring vehicle travel information includes:

acquiring driving state information and road condition state information, and determining the driving state information and the road condition state information as vehicle driving information;

or acquiring the driving state information, the road condition state information and the current time, and determining the driving state information, the road condition state information and the current time as the vehicle driving information.

In one possible implementation, selecting a private key of an information certificate from private keys of respective information certificates, and signing the vehicle driving information to obtain an information signature result of the vehicle driving information, includes:

randomly selecting a private key of an information certificate from the private keys of all the information certificates, and signing the vehicle driving information to obtain an information signing result of the vehicle driving information;

or selecting the private key of the information certificate of which the number of times of use is not more than a set threshold value within a set time range from the private keys of the information certificates, and signing the vehicle driving information to obtain an information signing result of the vehicle driving information.

On the other hand, an embodiment of the present application provides another information processing method applied to a vehicle-mounted terminal device, including:

receiving the broadcasted vehicle communication information;

verifying the information certificate in the vehicle communication information by using the public key of the CA certificate;

when the information certificate passes the verification, the public key of the information certificate is utilized to verify the information signature result in the vehicle communication information;

and when the information signature result is determined to pass the verification, the vehicle running information in the vehicle communication information is considered to be legal, and the driving control processing is carried out based on the vehicle running information.

In a possible implementation manner, the information processing method provided in an embodiment of the present application further includes:

and when the information certificate is determined not to pass the verification, or when the information signature result is determined not to pass the verification, considering that the vehicle driving information in the vehicle communication information is illegal, and discarding the vehicle communication information.

On the other hand, an embodiment of the present application provides a certificate generation method applied to a vehicle-mounted terminal device, including:

generating at least two public and private key pairs;

receiving batch application certificate responses returned by a CA center, wherein the batch application certificate responses are returned after the CA center utilizes a public key of an equipment certificate represented by a certificate identifier to determine that a public key signature result in a batch application certificate request passes verification, the private key of the CA certificate is utilized to respectively sign the public keys in each public and private key pair to obtain CA signature results corresponding to the public keys in each public and private key pair, and the corresponding information certificate is generated based on the public keys in each public and private key pair and the CA signature results corresponding to the public keys in each public and private key pair;

On the other hand, an embodiment of the present application provides a certificate generation method applied to a CA center, including:

receiving a batch certificate application request sent by vehicle-mounted terminal equipment;

determining an equipment certificate of the vehicle-mounted terminal equipment based on a certificate identifier carried by the batch certificate application request, and verifying a public key signature result carried by the batch certificate application request by using a public key of the equipment certificate of the vehicle-mounted terminal equipment;

when the verification of the public key signature result is confirmed to pass, the private keys of the CA certificates are used for respectively signing the public keys carried by the batch certificate application requests to obtain the CA signature results corresponding to the public keys;

and generating each information certificate based on each public key and the CA signature result corresponding to each public key, and carrying each information certificate in the batch certificate application request response to return to the vehicle-mounted terminal equipment.

On the other hand, an embodiment of the present application provides an information processing apparatus applied to a vehicle-mounted terminal device, including:

an information acquisition unit for acquiring vehicle travel information;

the information signing unit is used for selecting a private key of an information certificate from private keys of all the information certificates, signing the vehicle driving information and obtaining an information signing result of the vehicle driving information, wherein the private key of each information certificate is a private key in each public and private key pair generated by the vehicle-mounted terminal equipment, and each information certificate is generated by a CA center based on a public key in each public and private key pair and a CA signing result corresponding to the public key in each public and private key pair;

and the information broadcasting unit is used for broadcasting the vehicle running information, the information signature result and the selected information certificate as vehicle communication information.

In a possible implementation manner, an information processing apparatus provided in an embodiment of the present application further includes:

the certificate application unit is used for generating at least two public and private key pairs before the information acquisition unit acquires the vehicle running information; signing the public key in each public and private key pair by using the private key of the equipment certificate to obtain a public key signature result, and carrying the certificate identification of the equipment certificate, the public key signature result and the public key in each public and private key pair in a batch certificate application request to send the batch certificate application request to a CA center; receiving batch application certificate responses returned by a CA center, wherein the batch application certificate responses are returned after the CA center utilizes a public key of an equipment certificate represented by a certificate identifier to determine that a public key signature result in a batch application certificate request passes verification, the private key of the CA certificate is utilized to respectively sign the public keys in each public and private key pair to obtain CA signature results corresponding to the public keys in each public and private key pair, and each information certificate is generated based on the public key in each public and private key pair and the CA signature result corresponding to the public key in each public and private key pair; and acquiring each information certificate generated by the CA center from the batch certificate application response.

In one possible embodiment, when acquiring the vehicle travel information, the information acquisition unit is specifically configured to:

In a possible implementation manner, when the private key of one information certificate is selected from the private keys of the information certificates, and the vehicle driving information is signed to obtain the information signature result of the vehicle driving information, the information signature unit is specifically configured to:

On the other hand, an embodiment of the present application provides another information processing apparatus applied to a vehicle-mounted terminal device, including:

an information receiving unit for receiving the broadcasted vehicle communication information;

the certificate verification unit is used for verifying the information certificate in the vehicle communication information by using the public key of the CA certificate;

the signature verification unit is used for verifying the information signature result in the vehicle communication information by using the public key of the information certificate when the information certificate passes verification;

and an information processing unit for determining that the vehicle running information in the vehicle communication information is legal when the information signature result is verified, and performing driving control processing based on the vehicle running information.

In one possible embodiment, the information processing unit is further configured to:

On the other hand, an embodiment of the present application provides a certificate generating apparatus applied to a vehicle-mounted terminal device, including:

the public key signature unit is used for generating at least two public and private key pairs and signing the public key in each public and private key pair by using the private key of the equipment certificate to obtain a public key signature result;

the request sending unit is used for carrying the certificate identification of the equipment certificate, the public key signature result and the public keys in each public and private key pair in the batch certificate application request and sending the batch certificate application request to the CA center;

the response receiving unit is used for receiving batch application certificate responses returned by the CA center, wherein the batch application certificate responses are returned after the CA center utilizes the public key of the equipment certificate represented by the certificate identifier to determine that the public key signature result in the batch application certificate request passes verification, the private key of the CA certificate is utilized to respectively sign the public key in each public and private key pair to obtain CA signature results corresponding to the public keys in each public and private key pair, and the corresponding information certificate is generated based on the public key in each public and private key pair and the CA signature result corresponding to the public key in each public and private key pair;

and the certificate acquisition unit is used for acquiring each information certificate generated by the CA center from the batch certificate application response.

On the other hand, an embodiment of the present application provides a certificate generation apparatus applied to CA, including:

the request receiving unit is used for receiving batch certificate application requests sent by the vehicle-mounted terminal equipment;

the signature verification unit is used for determining the equipment certificate of the vehicle-mounted terminal equipment based on the certificate identification carried by the batch application certificate request and verifying the public key signature result carried by the batch application certificate request by using the public key of the equipment certificate of the vehicle-mounted terminal equipment;

the public key signature unit is used for respectively signing the public keys carried by the batch certificate application requests by using the private keys of the CA certificates when the verification of the public key signature result is passed, so as to obtain the CA signature results corresponding to the public keys;

the certificate generating unit is used for generating each information certificate based on each public key and the CA signature result corresponding to each public key;

and the response returning unit is used for returning each information certificate carried in the batch certificate application request response to the vehicle-mounted terminal equipment.

On the other hand, an embodiment of the present application provides a vehicle-mounted terminal device, including: the information processing method and the certificate generation method applied to the vehicle-mounted terminal device provided by the embodiment of the application are realized when the processor executes the computer program.

On the other hand, the embodiment of the present application further provides a computer-readable storage medium, where computer instructions are stored, and when the computer instructions are executed by a processor, the information processing method and the certificate generation method applied to the vehicle-mounted terminal device provided by the embodiment of the present application are implemented.

The beneficial effects of the embodiment of the application are as follows:

in the embodiment of the application, the information certificate generated by the CA center is used for signing and then broadcasting the vehicle driving information, so that the broadcasted vehicle driving information has authenticity, integrity and non-repudiation, and the information certificate generated by the CA center does not contain user identity information, thereby effectively avoiding the problem of user identity information leakage, further improving the safety of V2V communication, in addition, a private key of an information certificate is selected from private keys of all the information certificates, the vehicle driving information is signed, the problem that the vehicle is easy to track due to the fact that the same vehicle uses the private key of the same information certificate to sign the vehicle driving information can be effectively solved, and further improving the safety of V2V communication.

Additional features and advantages of the application will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the application. The objectives and other advantages of the application may be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.

Drawings

The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:

fig. 1 is a system framework diagram of a V2V communication system in an embodiment of the present application;

FIG. 2 is a schematic diagram illustrating an interaction flow of a certificate generation method in an embodiment of the present application;

FIG. 3 is a schematic interaction flow diagram of an information processing method according to an embodiment of the present application;

fig. 4 is a schematic specific flowchart of a certificate generation method and an information processing method in an embodiment of the present application;

fig. 5 is a schematic flowchart of another specific flowchart of a certificate generation method and an information processing method in an embodiment of the present application;

fig. 6 is a functional structure diagram of an information processing apparatus applied to a vehicle-mounted terminal device in an embodiment of the present application;

FIG. 7 is a functional structure diagram of another information processing apparatus applied to a vehicle-mounted terminal device in the embodiment of the present application;

fig. 8 is a functional structure diagram of a certificate generating apparatus applied to a vehicle-mounted terminal device in the embodiment of the present application;

fig. 9 is a functional configuration diagram of a certificate generating apparatus applied to CA in the embodiment of the present application;

fig. 10 is a schematic diagram of a hardware structure of the vehicle-mounted terminal device in the embodiment of the present application.

Detailed Description

In order to make the purpose, technical solution and advantages of the present application more clearly and clearly understood, the technical solution in the embodiments of the present application will be described below in detail and completely with reference to the accompanying drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.

To facilitate a better understanding of the present application by those skilled in the art, a brief description of the technical terms involved in the present application will be given below.

1. Vehicle-mounted terminal equipment, it is integrated to have the location, communication, multinomial functions such as car driving recorder, support phone call simultaneously, voice broadcast, the security protection is reported to the police, the trimming is reported to the police, multinomial services such as long-range safe fuel cut-off and outage safety protection, and reserve a plurality of RS-232 interfaces and RS485 interface, can external meter, the front-end equipment of camera, microphone, earphone etc. in this application, vehicle-mounted terminal equipment embeds there are main control unit and safety chip, wherein:

the security chip is used for generating at least two public and private key pairs, storing private keys in each generated public and private key pair and executing signature operation;

and the main control unit is used for applying for the equipment certificate and each information certificate from the CA center, storing the equipment certificate and each information certificate, and processing and broadcasting the vehicle running information by using the stored information certificate.

2. The CA center is a certificate authority that generates digital certificates such as device certificates and information certificates for the in-vehicle terminal devices.

3. The information certificate is a digital certificate which is generated by the CA center for the vehicle-mounted terminal equipment and contains a public key and two parts of content of a CA signature result corresponding to the public key.

4. The device certificate is a digital certificate which is generated by the CA center for the vehicle-mounted terminal device and contains three parts of user identity information, a public key and a CA signature result corresponding to the public key.

5. The certificate identifier is a serial number uniquely identifying a digital certificate such as an equipment certificate and an information certificate.

6. The vehicle running information is information describing a running state of a vehicle and a road condition, and in the present application, the vehicle running information at least includes: the driving state information and the road condition state information may further include a current time, wherein:

the driving state information is information describing a driving state of the vehicle, and in the present application, the vehicle driving information may include, but is not limited to: current vehicle position, current driving speed, current driving direction, current driving route, etc.;

the traffic status information is information describing a traffic status, and in the present application, the traffic status information may include, but is not limited to: vehicle distance, road conditions, etc.

7. The vehicle communication information is communication information between vehicles, and in the present application, the vehicle communication information may include, but is not limited to: vehicle travel information, an information certificate that signs the vehicle travel information, an information signature result of the vehicle travel information, and the like.

After introducing the technical terms related to the present application, the following briefly introduces the application scenarios and design ideas of the embodiments of the present application.

At present, in V2V communication, authenticity of vehicle travel information is particularly important, and particularly when vehicle travel information on a vehicle travel state, a road emergency, and the like is transmitted, it is necessary to ensure that the vehicle travel information is issued by a legitimate vehicle-mounted terminal device and is not falsified or reproduced, and at the same time, in order to prevent user identification information from being leaked or the vehicle from being tracked, it is necessary to avoid use of identification information of the vehicle or its owner as much as possible when authenticating authenticity of the vehicle travel information.

Therefore, in the embodiment of the present application, referring to fig. 1, the vehicle-mounted terminal device 110 may be in communication connection with the CA center 120 through a communication network, and in practical applications, the vehicle-mounted terminal device 110 may generate at least two public and private key pairs, and sign a public key in each generated public and private key pair by using a private key of a device certificate, and after obtaining a public key signature result, carry a certificate identifier of the device certificate, a public key signature result, and a public key in each public and private key pair in a batch certificate application request to send to the CA center 120; when the CA center 120 receives a batch certificate application request sent by the vehicle-mounted terminal device 110, the CA center can obtain a certificate identifier, a public key signature result and public keys in the public and private key pairs from the batch certificate application request, verify the public key signature result by using the public keys of the device certificates represented by the certificate identifier, and when the verification of the public key signature result is passed, respectively sign the public keys in the public and private key pairs by using the private keys of the CA certificate to obtain CA signature results corresponding to the public keys in the public and private key pairs, and generate corresponding information certificates based on the public keys in the public and private key pairs and the CA signature results corresponding to the public keys in the public and private key pairs, and then carry the generated information certificates in the batch certificate application response to return to the vehicle-mounted terminal device 110; when the vehicle-mounted terminal device 110 receives the batch certificate application response returned by the CA center 120, each information certificate generated by the CA center 120 may be acquired from the batch certificate application response, further, the vehicle-mounted terminal device 110 may acquire vehicle driving information, select a private key of one information certificate from the private keys of each information certificate, sign the vehicle driving information to obtain an information signature result of the vehicle driving information, and broadcast the vehicle driving information, the information signature result, and the selected information certificate as vehicle communication information; the other in-vehicle terminal device 110 may verify the information certificate in the vehicle communication information using the public key of the CA certificate when the broadcasted vehicle communication information is received, and verify the information signature result in the vehicle communication information using the public key of the information certificate when it is determined that the information certificate verification is passed, and when it is determined that the information signature result is passed, consider the vehicle travel information in the vehicle communication information to be legitimate, and perform the driving control process based on the vehicle travel information.

In addition, the private key of one information certificate is selected from the private keys of all the information certificates to sign the vehicle running information, so that the problem that the vehicle is easy to track due to the fact that the same vehicle signs the vehicle running information by using the private key of the same information certificate can be effectively solved, and the safety of V2V communication is further improved.

After introducing the application scenario and the design concept of the embodiment of the present application, the following describes in detail the technical solution provided by the embodiment of the present application.

In the embodiment of the present application, before the in-vehicle terminal device 110 applies for the information certificate to the CA center 120 and processes the vehicle travel information using the information certificate, the in-vehicle terminal device 110 may apply for the device certificate to the CA center 120. Specifically, a security chip built in vehicle-mounted terminal device 110 may generate a public and private key pair, and after storing a private key in the public and private key pair, may send a public key in the public and private key pair to a main control unit built in vehicle-mounted terminal device 110, and when the main control unit built in vehicle-mounted terminal device 110 receives the public key in the public and private key pair sent by the security chip built in vehicle-mounted terminal device 110, may carry user identity information and the public key in the public and private key pair in an apparatus certificate application request to send to CA center 120; when the CA center 120 receives an application device certificate request sent by the vehicle-mounted terminal device 110, it may obtain user identity information and a public key from the application device certificate request, verify the user identity information, when it is determined that the user identity information passes the verification, sign the public key by using a private key of the CA certificate, after a CA signature result corresponding to the public key is obtained, generate a device certificate for the vehicle-mounted terminal device 110 based on the public key and the CA signature result corresponding to the public key, and return the device certificate of the vehicle-mounted terminal device 110 to the vehicle-mounted terminal device 110; when receiving the device certificate returned by the CA center 120, the main control unit built in the vehicle-mounted terminal device 110 may store the device certificate, and in practical application, the main control unit built in the vehicle-mounted terminal device 110 may store the device certificate and store the private key of the device certificate in the security chip built in the vehicle-mounted terminal device 110.

Further, after applying the device certificate to the CA center 120, the vehicle-mounted terminal device 110 may apply the information certificate to the CA center 120, specifically, as shown in fig. 2, an interaction flow of the certificate generation method provided in the embodiment of the present application is as follows:

step 201: in-vehicle terminal apparatus 110 generates at least two public-private key pairs.

In practical applications, step 201 may be performed in a security chip built in vehicle-mounted terminal device 110, that is, the security chip built in vehicle-mounted terminal device 110 generates at least two public and private key pairs.

Further, in order to facilitate the subsequent selection of a private key from the generated private keys by the security chip built in vehicle-mounted terminal device 110, the vehicle driving information is signed, in this embodiment, after the security chip built in vehicle-mounted terminal device 110 generates at least two public and private key pairs, the private keys in the generated public and private key pairs may be further stored, and in practical application, the private keys in the public and private key pairs may be stored in the security chip built in vehicle-mounted terminal device 110.

Step 202: vehicle-mounted terminal device 110 uses the private key of the device certificate to sign the public key in each public-private key pair, and obtains the public key signature result.

In practical application, step 202 may also be executed in a security chip built in vehicle-mounted terminal device 110, that is, after the security chip built in vehicle-mounted terminal device 110 generates at least two public and private key pairs, a private key of a device certificate may also be used to sign a public key in each public and private key pair, so as to obtain a public key signature result.

Step 203: vehicle-mounted terminal device 110 carries the certificate identification of the device certificate, the public key signature result and the public keys in each public and private key pair in the batch certificate application request, and sends the batch certificate application request to CA center 120.

In practical applications, step 203 may be executed in a main control unit built in vehicle-mounted terminal device 110, that is, a security chip built in vehicle-mounted terminal device 110 signs a public key in each public/private key pair by using a private key of a device certificate, and after a public key signature result is obtained, the public key signature result and the public key in each public/private key pair may be sent to the main control unit built in vehicle-mounted terminal device 110, and when the main control unit built in vehicle-mounted terminal device 110 receives the public key signature result and the public key in each public/private key pair sent by the security chip built in vehicle-mounted terminal device 110, the certificate identifier of the device certificate, the public key signature result, and the public key in each public/private key pair may be carried in a batch certificate application request and sent to CA center 120.

Step 204: when the CA center 120 receives the batch application certificate request sent by the vehicle-mounted terminal device 110, the device certificate of the vehicle-mounted terminal device 110 is determined based on the certificate identifier carried in the batch application certificate request, and the public key signature result carried in the batch application certificate request is verified by using the public key of the device certificate of the vehicle-mounted terminal device 110.

Step 205: when the CA center 120 determines that the public key signature result passes verification, the private keys of the CA certificates are used for respectively signing the public keys carried by the batch certificate application requests, and CA signature results corresponding to the public keys are obtained.

It should be noted that, in practical applications, when the CA center 120 determines that the verification of the public key signature result fails, the batch certificate application request of the vehicle-mounted terminal device 110 may be rejected.

Step 206: the CA center 120 generates each information certificate based on each public key and the CA signature result corresponding to each public key.

Step 207: the CA center 120 returns each information certificate to the in-vehicle terminal device 110 in a batch application certificate request response.

Step 208: when the vehicle-mounted terminal device 110 receives the batch certificate application response returned by the CA center 120, each information certificate generated by the CA center is acquired from the batch certificate application response.

In practical applications, step 208 may be executed in the main control unit built in the vehicle-mounted terminal device 110, that is, when the main control unit built in the vehicle-mounted terminal device 110 receives the batch application certificate response returned by the CA center 120, each information certificate generated by the CA center is obtained from the batch application certificate response.

It is worth mentioning that, in order to reduce the communication data amount between the main control unit built in the vehicle-mounted terminal device 110 and the security chip built in the vehicle-mounted terminal device 110, and reduce the extra time delay caused by introducing the information certificate mechanism to process the vehicle driving information, in this embodiment of the application, the main control unit built in the vehicle-mounted terminal device 110 may further store each information certificate after acquiring each information certificate generated by the CA center from the batch certificate application response, and in practical application, each information certificate may be stored in the main control unit built in the vehicle-mounted terminal device 110.

Further, after the vehicle-mounted terminal device 110 applies the information certificate to the CA center 120, the vehicle driving information may be processed, specifically, referring to fig. 3, an interaction flow of the information processing method provided in the embodiment of the present application is as follows:

step 301: the in-vehicle terminal device 110 acquires vehicle travel information.

In practical applications, step 301 may be executed in a main control unit built in vehicle-mounted terminal device 110, and specifically, in an embodiment, when executing step 301, the main control unit built in vehicle-mounted terminal device 110 may adopt, but is not limited to, the following manners: and acquiring the driving state information and the road condition state information, and determining the driving state information and the road condition state information as vehicle driving information.

In another embodiment, in order to prevent replay attack, the main control unit built in the in-vehicle terminal device 110 may also adopt, but is not limited to, the following ways when executing step 301: and acquiring the driving state information, the road condition state information and the current time, and determining the driving state information, the road condition state information and the current time as the vehicle driving information.

Step 302: the vehicle-mounted terminal device 110 selects a private key of an information certificate from the private keys of the information certificates, signs the vehicle driving information, and obtains an information signature result of the vehicle driving information.

In practical applications, step 302 may be executed in a security chip built in the vehicle-mounted terminal device 110, and specifically, in an embodiment, the security chip built in the vehicle-mounted terminal device 110 may automatically select a private key from stored private keys to sign the vehicle driving information, that is, after the main control unit built in the vehicle-mounted terminal device 110 obtains the vehicle driving information, the vehicle driving information may be sent to the security chip built in the vehicle-mounted terminal device 110, and when the security chip built in the vehicle-mounted terminal device 110 receives the vehicle driving information sent by the main control unit built in the vehicle-mounted terminal device 110, the security chip may select a private key from the stored private keys to sign the vehicle driving information, so as to obtain an information signature result of the vehicle driving information.

Specifically, when the security chip built in the vehicle-mounted terminal device 110 selects one private key from the stored private keys to sign the vehicle driving information and obtain the information signature result of the vehicle driving information, the following methods may be adopted, but are not limited to:

the first mode is as follows: the security chip built in the vehicle-mounted terminal device 110 randomly selects one private key from the stored private keys, signs the vehicle driving information, and obtains an information signature result of the vehicle driving information.

The second mode is as follows: the security chip built in the vehicle-mounted terminal device 110 selects a private key whose number of times of use is not greater than a set threshold value within a set time range from the stored private keys, and signs the vehicle driving information to obtain an information signature result of the vehicle driving information. If the number of the private keys with the use times not greater than the set threshold within the set time range is greater than 1, one private key can be randomly selected from the private keys with the use times not greater than the set threshold within the set time range, and the vehicle driving information is signed to obtain an information signature result of the vehicle driving information.

In another embodiment, the security chip built in the vehicle-mounted terminal device 110 may select a private key specified by the main control unit built in the vehicle-mounted terminal device 110 from the stored private keys to sign the vehicle driving information, specifically, after the main control unit built in the vehicle-mounted terminal device 110 obtains the vehicle driving information, a public key may be selected from public keys included in each information certificate, and serial numbers of the vehicle driving information and the selected public key in each public and private key pair are sent to the security chip built in the vehicle-mounted terminal device 110, when the security chip built in the vehicle-mounted terminal device 110 receives the vehicle driving information sent by the main control unit built in the vehicle-mounted terminal device 110 and the serial number of the selected public key in each public and private key pair, the private keys having the same serial number may be determined from the stored private keys according to the serial numbers of the selected public key in each public and private key pair, and signing the vehicle driving information by using the private key to obtain an information signature result of the vehicle driving information.

Specifically, when the main control unit built in the vehicle-mounted terminal device 110 selects one public key from the public keys included in the information certificates, the following methods may be adopted, but are not limited to:

the first mode is as follows: the main control unit built in the in-vehicle terminal device 110 randomly selects one public key from the public keys included in each information certificate.

The second mode is as follows: the main control unit built in the in-vehicle terminal device 110 selects a public key whose number of times of use is not greater than a set threshold value within a set time range from the public keys included in each information certificate. If the number of the public keys of which the number of times of use is not more than the set threshold in the set time range is more than 1, one public key can be randomly selected from the public keys of which the number of times of use is not more than the set threshold in the set time range.

Step 303: the in-vehicle terminal device 110 broadcasts the vehicle travel information, the information signing result, and the selected information certificate as vehicle communication information.

In practical applications, step 303 may be executed in a main control unit built in the vehicle-mounted terminal device 110, and correspondingly, in an embodiment, after the security chip built in the vehicle-mounted terminal device 110 selects a private key from the stored private keys to sign the vehicle driving information and obtain the information signature result of the vehicle driving information, the information signature result and the serial number of the selected private key in each public and private key pair may be returned to the main control unit built in the vehicle-mounted terminal device 110, and when the main control unit built in the vehicle-mounted terminal device 110 receives the information signature result returned by the security chip built in the vehicle-mounted terminal device 110 and the serial number of the selected private key in each public and private key pair, the public keys having the same serial number may be determined from the public keys included in each information certificate according to the serial number of the selected private key in each public and private key pair, and the public keys included in each information certificate may be determined, and the information certificate including the public, The vehicle travel information and the information signature result are broadcast as vehicle communication information.

In another embodiment, the security chip built in the vehicle-mounted terminal device 110 determines, according to the serial numbers of the public key selected by the main control unit built in the vehicle-mounted terminal device 110 in each public-private key pair, the private keys having the same serial number from the stored private keys, and signs the vehicle driving information by using the private keys to obtain the information signature result of the vehicle driving information, and then returns the information signature result to the main control unit built in the vehicle-mounted terminal device 110, and when the main control unit built in the vehicle-mounted terminal device 110 receives the information signature result returned by the security chip built in the vehicle-mounted terminal device 110, the vehicle driving information, the information signature result, and the information certificate containing the selected public key can be broadcasted as the vehicle communication information.

Step 304: when receiving the broadcasted vehicle communication information, the other in-vehicle terminal device 110 verifies the information certificate in the vehicle communication information by using the public key of the CA certificate.

In practical applications, step 304 may be executed in a main control unit built in the vehicle-mounted terminal device 110, that is, when the main control unit built in the vehicle-mounted terminal device 110 receives the broadcasted vehicle communication information, the public key of the CA certificate is used to verify the information certificate in the vehicle communication information.

Step 305: and when the other vehicle-mounted terminal equipment 110 determines that the information certificate passes the verification, the public key of the information certificate is used for verifying the information signature result in the vehicle communication information.

In practical applications, step 305 may also be executed in the main control unit built in the vehicle-mounted terminal device 110, that is, when the main control unit built in the vehicle-mounted terminal device 110 determines that the information certificate passes verification, the public key of the information certificate is further used to verify the information signature result in the vehicle communication information.

Step 306: when the other in-vehicle terminal device 110 determines that the information signature result is verified, it regards the vehicle travel information in the vehicle communication information as legitimate, and performs the driving control process based on the vehicle travel information.

In practical applications, step 306 may also be executed in the main control unit built in vehicle-mounted terminal device 110, that is, when the main control unit built in vehicle-mounted terminal device 110 determines that the information signature result is verified, it may be considered that the vehicle driving information in the vehicle communication information is legal, and at this time, the main control unit built in vehicle-mounted terminal device 110 may perform driving control processing based on the vehicle driving information, and specifically, the main control unit built in vehicle-mounted terminal device 110 may perform driving control processing such as safety warning and automatic driving control based on the vehicle driving information.

It should be noted that, in this embodiment of the application, when the main control unit built in the vehicle-mounted terminal device 110 determines that the information certificate does not pass the verification, or determines that the information signature result does not pass the verification, it may be considered that the vehicle driving information in the vehicle communication information is illegal, and at this time, the main control unit built in the vehicle-mounted terminal device 110 may discard the vehicle communication information.

In the following, as a specific application scenario, a security chip built in the vehicle-mounted terminal device 110 is adopted to automatically select one private key from the stored private keys to sign the vehicle driving information, and the certificate generation method and the information processing method provided in the embodiment of the present application are further described in detail, referring to fig. 4, a specific interaction flow of the certificate generation method and the information processing method provided in the embodiment of the present application is as follows:

step 401: the security chip built in vehicle-mounted terminal device 110 generates N public and private key pairs, where the public keys are { PK1, PK2, …, PKn } and the private keys are { SK1, SK2, …, SKn }.

Step 402: the security chip built in vehicle-mounted terminal device 110 stores private keys { SK1, SK2, …, SKn } in each public-private key pair, and signs public keys { PK1, PK2, …, PKn } in each public-private key pair by using the private key of the device certificate, thereby obtaining public key signature results SV (PK1, PK2, …, PKn).

Step 403: the security chip built in vehicle-mounted terminal device 110 transmits the public key signature result SV (PK1, PK2, …, PKn) and the public keys { PK1, PK2, …, PKn } in each public-private key pair to the main control unit built in vehicle-mounted terminal device 110.

Step 404: when the main control unit built in the vehicle-mounted terminal device 110 receives the public key signature result SV (PK1, PK2, …, PKn) and the public keys { PK1, PK2, …, PKn } in each public-private key pair sent by the security chip built in the vehicle-mounted terminal device 110, the certificate identifier SN of the device certificate, the public key signature result SV (PK1, PK2, …, PKn) and the public keys { PK1, PK2, …, PKn } in each public-private key pair are carried in the batch application certificate request and sent to the CA center 120.

Step 405: when the CA center 120 receives the batch application certificate request transmitted from the in-vehicle terminal device 110, the certificate identifier SN, the public key signature result SV (PK1, PK2, …, PKn) and the public keys { PK1, PK2, …, PKn } are acquired from the batch application certificate request.

Step 406: the CA center 120 determines the device certificate of the in-vehicle terminal device 110 based on the certificate identification SN, and verifies the public key signature result SV (PK1, PK2, …, PKn) using the public key of the device certificate of the in-vehicle terminal device 110.

Step 407: when the CA center 120 determines that the verification of the public key signature result SV (PK1, PK2, … and PKn) is passed, the private keys of the CA certificate are used for respectively signing the public keys { PK1, PK2, … and PKn } to obtain CA signature results { S1, S2, … and Sn } corresponding to the public keys.

Step 408: the CA center 120 generates information certificates { PK1_ S1, PK2_ S2, …, PKn _ Sn } based on the respective public keys { PK1, PK2, …, PKn } and CA signature results { S1, S2, …, Sn } corresponding to the respective public keys.

Step 409: the CA center 120 returns the respective information certificates { PK1_ S1, PK2_ S2, …, PKn _ Sn } to the in-vehicle terminal device 110 in the batch application certificate request response, with being carried.

Step 410: when the main control unit built in the vehicle-mounted terminal device 110 receives the batch certificate application response returned by the CA center 120, the information certificates { PK1_ S1, PK2_ S2, …, PKn _ Sn } are acquired from the batch certificate application response, and the information certificates { PK1_ S1, PK2_ S2, …, PKn _ Sn } are stored.

Step 411: the main control unit built in the in-vehicle terminal device 110 acquires the driving state information, the traffic state information, and the current time, and determines the driving state information, the traffic state information, and the current time as the vehicle driving information.

Step 412: the main control unit built in the in-vehicle terminal device 110 transmits the vehicle travel information to the security chip built in the in-vehicle terminal device 110.

Step 413: when the safety chip built in the vehicle-mounted terminal device 110 receives the vehicle running information sent by the main control unit built in the vehicle-mounted terminal device 110, one private key SKi is randomly selected from the stored private keys { SK1, SK2, … and SKn } to sign the vehicle running information, and an information signature result SVi of the vehicle running information is obtained.

Step 414: the security chip built in the vehicle-mounted terminal device 110 returns the information signature result SVi and the serial number i of the selected private key SKi in each public and private key pair to the main control unit built in the vehicle-mounted terminal device 110.

Step 415: when the main control unit built in the vehicle-mounted terminal device 110 receives the information signature result returned by the security chip built in the vehicle-mounted terminal device 110 and the serial numbers i of the private keys SKi in the public and private key pairs, the public keys PKi with the same serial numbers i are determined from the public keys contained in the information certificates according to the serial numbers i of the private keys SKi in the public and private key pairs.

Step 416: the main control unit built in the in-vehicle terminal device 110 broadcasts the information certificate PKi _ Si including the public key, the information signature result SVi, and the vehicle travel information as vehicle communication information.

Step 417: when the main control unit built in the other vehicle-mounted terminal device 110 receives the broadcasted vehicle communication information, the public key of the CA certificate is used to verify the information certificate PKi _ Si in the vehicle communication information.

Step 418: when the main control unit built in the other vehicle-mounted terminal device 110 determines that the information certificate PKi _ Si passes the verification, the public key PKi of the information certificate PKi _ Si is used for verifying the information signature result SVi in the vehicle communication information.

Step 419: when the main control unit built in the other vehicle-mounted terminal device 110 determines that the information signature result SVi passes verification, it considers that the vehicle running information in the vehicle communication information is legal, and performs driving control processing such as safety warning and automatic driving control based on the vehicle running information.

In the following, a specific application scenario is that "a security chip built in the vehicle-mounted terminal device 110 selects a private key specified by a main control unit built in the vehicle-mounted terminal device 110 from stored private keys to sign vehicle driving information", and further details a certificate generation method and an information processing method provided in the embodiment of the present application are described, referring to fig. 5, a specific interaction flow of the certificate generation method and the information processing method provided in the embodiment of the present application is as follows:

step 501: the security chip built in vehicle-mounted terminal device 110 generates N public and private key pairs, where the public keys are { PK1, PK2, …, PKn } and the private keys are { SK1, SK2, …, SKn }.

Step 502: the security chip built in vehicle-mounted terminal device 110 stores private keys { SK1, SK2, …, SKn } in each public-private key pair, and signs public keys { PK1, PK2, …, PKn } in each public-private key pair by using the private key of the device certificate, thereby obtaining public key signature results SV (PK1, PK2, …, PKn).

Step 503: the security chip built in vehicle-mounted terminal device 110 transmits the public key signature result SV (PK1, PK2, …, PKn) and the public keys { PK1, PK2, …, PKn } in each public-private key pair to the main control unit built in vehicle-mounted terminal device 110.

Step 504: when the main control unit built in the vehicle-mounted terminal device 110 receives the public key signature result SV (PK1, PK2, …, PKn) and the public keys { PK1, PK2, …, PKn } in each public-private key pair sent by the security chip built in the vehicle-mounted terminal device 110, the certificate identifier SN of the device certificate, the public key signature result SV (PK1, PK2, …, PKn) and the public keys { PK1, PK2, …, PKn } in each public-private key pair are carried in the batch application certificate request and sent to the CA center 120.

Step 505: when the CA center 120 receives the batch application certificate request transmitted from the in-vehicle terminal device 110, the certificate identifier SN, the public key signature result SV (PK1, PK2, …, PKn) and the public keys { PK1, PK2, …, PKn } are acquired from the batch application certificate request.

Step 506: the CA center 120 determines the device certificate of the in-vehicle terminal device 110 based on the certificate identification SN, and verifies the public key signature result SV (PK1, PK2, …, PKn) using the public key of the device certificate of the in-vehicle terminal device 110.

Step 507: when the CA center 120 determines that the verification of the public key signature result SV (PK1, PK2, … and PKn) is passed, the private keys of the CA certificate are used for respectively signing the public keys { PK1, PK2, … and PKn } to obtain CA signature results { S1, S2, … and Sn } corresponding to the public keys.

Step 508: the CA center 120 generates information certificates { PK1_ S1, PK2_ S2, …, PKn _ Sn } based on the respective public keys { PK1, PK2, …, PKn } and CA signature results { S1, S2, …, Sn } corresponding to the respective public keys.

Step 509: the CA center 120 returns the respective information certificates { PK 1S 1, PK 2S 2, …, PKn Sn } to the in-vehicle terminal apparatus 110 in the batch application certificate request response, with being carried.

Step 510: when the main control unit built in the vehicle-mounted terminal device 110 receives the batch certificate application response returned by the CA center 120, the information certificates { PK 1S 1, PK 2S 2, …, PKn Sn } are acquired from the batch certificate application response, and the information certificates { PK 1S 1, PK 2S 2, …, PKn Sn } are stored.

Step 511: the main control unit built in the in-vehicle terminal device 110 acquires the driving state information, the traffic state information, and the current time, and determines the driving state information, the traffic state information, and the current time as the vehicle driving information.

Step 512: the main control unit built in the in-vehicle terminal device 110 selects a public key PKi, the number of times of use of which is not greater than a set threshold value within a set time range, from public keys { PK1, PK2, …, PKn } included in each information certificate.

Step 513: the main control unit built in the vehicle-mounted terminal device 110 sends the vehicle driving information and the serial number i of the selected public key PKi in each public and private key pair to the security chip built in the vehicle-mounted terminal device 110.

Step 514: when the safety chip arranged in the vehicle-mounted terminal device 110 receives the vehicle driving information and the serial number i of the public key PKi in each public and private key pair sent by the main control unit arranged in the vehicle-mounted terminal device 110, the private key SKi with the same serial number i is selected from the stored private keys { SK1, SK2, … and SKn } to sign the vehicle driving information, and the information signature result SVi of the vehicle driving information is obtained.

Step 515: the security chip built in the in-vehicle terminal device 110 returns the information signature result SVi to the main control unit built in the in-vehicle terminal device 110.

Step 516: when the main control unit built in the vehicle-mounted terminal device 110 receives the information signature result returned by the security chip built in the vehicle-mounted terminal device 110, the information signature result SVi, the vehicle driving information and the information certificate PKi _ Si including the selected public key PKi are broadcasted as the vehicle communication information.

517: when the main control unit built in the other vehicle-mounted terminal device 110 receives the broadcasted vehicle communication information, the public key of the CA certificate is used to verify the information certificate PKi _ Si in the vehicle communication information.

Step 518: when the main control unit built in the other vehicle-mounted terminal device 110 determines that the information certificate PKi _ Si passes the verification, the public key PKi of the information certificate PKi _ Si is used for verifying the information signature result SVi in the vehicle communication information.

Step 519: when the main control unit built in the other vehicle-mounted terminal device 110 determines that the information signature result SVi passes verification, it considers that the vehicle running information in the vehicle communication information is legal, and performs driving control processing such as safety warning and automatic driving control based on the vehicle running information.

Based on the foregoing embodiments, the present application provides an information processing apparatus applied to the vehicle-mounted terminal device 110, and referring to fig. 6, an information processing apparatus 600 applied to the vehicle-mounted terminal device 110 according to the present application includes at least:

an information acquisition unit 601 for acquiring vehicle travel information;

an information signature unit 602, configured to select a private key of an information certificate from the private keys of the information certificates, and sign the vehicle driving information to obtain an information signature result of the vehicle driving information, where the private key of each information certificate is a private key of each public and private key pair generated by the vehicle-mounted terminal device 110, and each information certificate is generated by the CA center 120 based on a public key of each public and private key pair and a CA signature result corresponding to the public key of each public and private key pair;

an information broadcasting unit 603 configured to broadcast the vehicle travel information, the information signature result, and the selected information certificate as vehicle communication information.

In a possible implementation manner, the information processing apparatus 600 provided in the embodiment of the present application further includes:

a certificate applying unit 604 for generating at least two public and private key pairs before the information obtaining unit 601 obtains the vehicle travel information; signing the public key in each public and private key pair by using the private key of the equipment certificate to obtain a public key signature result, and carrying the certificate identification of the equipment certificate, the public key signature result and the public key in each public and private key pair in a batch certificate application request to send the batch certificate application request to the CA center 120; receiving batch application certificate responses returned by the CA center 120, wherein the batch application certificate responses are returned after the CA center 120 utilizes the public key of the equipment certificate represented by the certificate identifier to determine that the public key signature result in the batch application certificate request passes verification, the private key of the CA certificate is utilized to respectively sign the public keys in each public and private key pair to obtain CA signature results corresponding to the public keys in each public and private key pair, and each information certificate is generated based on the public key in each public and private key pair and the CA signature result corresponding to the public key in each public and private key pair; each information certificate generated by the CA center 120 is acquired from the batch certificate application response.

In one possible embodiment, when acquiring the vehicle driving information, the information acquiring unit 601 is specifically configured to:

In a possible implementation manner, when the private key of one information certificate is selected from the private keys of the information certificates, and the vehicle driving information is signed to obtain the information signature result of the vehicle driving information, the information signature unit 602 is specifically configured to:

In addition, another information processing apparatus applied to vehicle-mounted terminal device 110 is provided in an embodiment of the present application, and referring to fig. 7, another information processing apparatus 700 applied to vehicle-mounted terminal device 110 provided in an embodiment of the present application at least includes:

an information receiving unit 701 for receiving broadcasted vehicle communication information;

a certificate verification unit 702 configured to verify an information certificate in the vehicle communication information using a public key of the CA certificate;

the signature verification unit 703 is configured to verify an information signature result in the vehicle communication information by using a public key of the information certificate when it is determined that the information certificate passes verification;

and an information processing unit 704 configured to determine that the vehicle travel information in the vehicle communication information is legitimate when the information signature result is verified, and perform driving control processing based on the vehicle travel information.

In one possible implementation, the information processing unit 704 is further configured to:

Based on the foregoing embodiments, an embodiment of the present application provides a certificate generating apparatus applied to the vehicle-mounted terminal device 110, and referring to fig. 8, a certificate generating apparatus 800 applied to the vehicle-mounted terminal device 110 according to an embodiment of the present application at least includes:

the public key signature unit 801 is configured to generate at least two public and private key pairs, and sign a public key in each public and private key pair by using a private key of the device certificate to obtain a public key signature result;

a request sending unit 802, configured to carry the certificate identifier of the device certificate, the public key signature result, and the public keys in each public and private key pair in the batch certificate application request, and send the batch certificate application request to the CA center 120;

a response receiving unit 803, configured to receive a batch application certificate response returned by the CA center 120, where the batch application certificate response is returned after the CA center 120 determines that the verification of the public key signature result in the batch application certificate request passes by using the public key of the device certificate represented by the certificate identifier, and signs the public key in each public and private key pair by using the private key of the CA certificate to obtain CA signature results corresponding to the public keys in each public and private key pair, and generates a corresponding information certificate based on the public key in each public and private key pair and the CA signature result corresponding to the public key in each public and private key pair;

the certificate acquiring unit 804 is configured to acquire each information certificate generated by the CA center 120 from the batch certificate application response.

In addition, an embodiment of the present application further provides a certificate generating apparatus applied to CA, and referring to fig. 9, a certificate generating apparatus 900 applied to CA provided by an embodiment of the present application at least includes:

a request receiving unit 901, configured to receive a batch certificate application request sent by the vehicle-mounted terminal device 110;

a signature verification unit 902, configured to determine an apparatus certificate of the vehicle-mounted terminal apparatus 110 based on the certificate identifier carried in the batch application certificate request, and verify a public key signature result carried in the batch application certificate request by using a public key of the apparatus certificate of the vehicle-mounted terminal apparatus 110;

the public key signature unit 903 is configured to utilize a private key of the CA certificate to sign each public key carried in the batch application certificate request when it is determined that the public key signature result passes verification, so as to obtain a CA signature result corresponding to each public key;

a certificate generation unit 904, configured to generate each information certificate based on each public key and a CA signature result corresponding to each public key;

the response returning unit 905 is configured to return each information certificate to the vehicle-mounted terminal device 110 by carrying the information certificate in the batch application certificate request response.

It should be noted that the principle of solving the technical problem of the two information processing apparatuses and the two certificate generating apparatuses provided in the embodiment of the present application is similar to that of the information processing method and the certificate generating method provided in the embodiment of the present application, and therefore, for implementation of the two information processing apparatuses and the two certificate generating apparatuses provided in the embodiment of the present application, reference may be made to implementation of the information processing method and the certificate generating method provided in the embodiment of the present application, and repeated parts are not described again.

After the information processing method, the certificate generation method, and the corresponding apparatus provided in the embodiment of the present application are introduced, a brief description is provided next for the vehicle-mounted terminal device provided in the embodiment of the present application.

Referring to fig. 10, a vehicle-mounted terminal device 110 provided in the embodiment of the present application at least includes: the information processing method and the certificate generating method applied to the vehicle-mounted terminal device provided by the embodiment of the application are realized when the processor 101 executes the computer program, wherein the computer program is stored in the memory 102 and can run on the processor 101.

It should be noted that the in-vehicle terminal device 110 shown in fig. 10 is only an example, and should not bring any limitation to the functions and the use range of the embodiment of the present application.

The in-vehicle terminal device 110 provided in the embodiment of the present application may further include a bus 103 that connects different components (including the processor 101 and the memory 102). Bus 103 represents one or more of any of several types of bus structures, including a memory bus, a peripheral bus, a local bus, and so forth.

The Memory 102 may include readable media in the form of volatile Memory, such as Random Access Memory (RAM) 1021 and/or cache Memory 1022, and may further include Read Only Memory (ROM) 1023.

Memory 102 may also include program means 1025 having a set (at least one) of program modules 1024, program modules 1024 including, but not limited to: an operating subsystem, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.

In-vehicle terminal device 110 may also communicate with one or more external devices 104 (e.g., a keyboard, a remote control, etc.), with one or more devices that enable a user to interact with in-vehicle terminal device 110 (e.g., a cell phone, a computer, etc.), and/or with any device that enables in-vehicle terminal device 110 to communicate with one or more other in-vehicle terminal devices 110 (e.g., a router, a modem, etc.). This communication may be through an Input/Output (I/O) interface 105. Furthermore, in-vehicle terminal device 110 may also communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public Network such as the internet) through Network adapter 106. As shown in fig. 1, the network adapter 106 communicates with other modules of the in-vehicle terminal apparatus 110 through the bus 103. It should be understood that although not shown in FIG. 1, other hardware and/or software modules may be used in conjunction with in-vehicle terminal device 110, including but not limited to: microcode, device drivers, Redundant processors, external disk drive Arrays, disk array (RAID) subsystems, tape drives, and data backup storage subsystems, to name a few.

In addition, a computer-readable storage medium is provided, and the computer-readable storage medium stores computer instructions, and the computer instructions, when executed by a processor, implement the information processing method and the certificate generation method applied to the vehicle-mounted terminal device provided by the embodiment of the present application. Specifically, the executable program may be built in or installed in the vehicle-mounted terminal device 110, so that the vehicle-mounted terminal device 110 may implement the information processing method and the certificate generation method applied to the vehicle-mounted terminal device provided in the embodiment of the present application by executing the built-in or installed executable program.

Furthermore, the information processing method and the certificate generation method applied to the vehicle-mounted terminal device provided by the embodiment of the present application can also be implemented as a program product including program code for causing the vehicle-mounted terminal device 110 to execute the information processing method and the certificate generation method applied to the vehicle-mounted terminal device provided by the embodiment of the present application when the program product can run on the vehicle-mounted terminal device 110.

The program product provided by the embodiments of the present application may be any combination of one or more readable media, where the readable media may be a readable signal medium or a readable storage medium, and the readable storage medium may be, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination thereof, and in particular, more specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a RAM, a ROM, an Erasable Programmable Read-Only Memory (EPROM), an optical fiber, a portable Compact disk Read-Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.

The program product provided by the embodiment of the application can adopt a CD-ROM and comprises program codes, and can run on a computing device. However, the program product provided by the embodiments of the present application is not limited thereto, and in the embodiments of the present application, the readable storage medium may be any tangible medium that can contain or store a program, which can be used by or in connection with an instruction execution system, apparatus, or device.

It should be noted that although several units or sub-units of the apparatus are mentioned in the above detailed description, such division is merely exemplary and not mandatory. Indeed, the features and functions of two or more units described above may be embodied in one unit, according to embodiments of the application. Conversely, the features and functions of one unit described above may be further divided into embodiments by a plurality of units.

Further, while the operations of the methods of the present application are depicted in the drawings in a particular order, this does not require or imply that these operations must be performed in this particular order, or that all of the illustrated operations must be performed, to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step execution, and/or one step broken down into multiple step executions.

While the preferred embodiments of the present application have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all alterations and modifications as fall within the scope of the application.

It will be apparent to those skilled in the art that various changes and modifications may be made in the embodiments of the present application without departing from the spirit and scope of the embodiments of the present application. Thus, if such modifications and variations of the embodiments of the present application fall within the scope of the claims of the present application and their equivalents, the present application is also intended to encompass such modifications and variations.

Claims

1. An information processing method, applied to a vehicle-mounted terminal device, includes:

acquiring vehicle running information;

selecting a private key of an information certificate from private keys of all information certificates, and signing the vehicle driving information to obtain an information signing result of the vehicle driving information, wherein the private key of each information certificate is a private key in each public and private key pair generated by the vehicle-mounted terminal equipment, and each information certificate is generated by a Certificate Authority (CA) center based on the public key in each public and private key pair and the CA signing result corresponding to the public key in each public and private key pair;

2. The information processing method according to claim 1, wherein acquiring vehicle travel information includes:

acquiring driving state information and road condition state information, and determining the driving state information and the road condition state information as vehicle driving information; or,

the method comprises the steps of obtaining driving state information, road condition state information and current time, and determining the driving state information, the road condition state information and the current time as vehicle driving information.

3. The information processing method according to claim 1 or 2, wherein the step of selecting a private key of an information certificate from among private keys of respective information certificates, and signing the vehicle travel information to obtain an information signature result of the vehicle travel information comprises:

randomly selecting a private key of an information certificate from the private keys of the information certificates, and signing the vehicle driving information to obtain an information signing result of the vehicle driving information; or,

and selecting the private key of the information certificate of which the number of times of use is not more than a set threshold value within a set time range from the private keys of the information certificates, and signing the vehicle driving information to obtain an information signing result of the vehicle driving information.

4. An information processing method, applied to a vehicle-mounted terminal device, includes:

receiving the broadcasted vehicle communication information;

verifying an information certificate in the vehicle communication information by using a public key of a Certificate Authority (CA) certificate;

when the information certificate is confirmed to pass the verification, the public key of the information certificate is utilized to verify the information signature result in the vehicle communication information;

5. A certificate generation method is applied to vehicle-mounted terminal equipment and comprises the following steps:

generating at least two public and private key pairs;

signing the public key in each public and private key pair by using the private key of the equipment certificate to obtain a public key signature result, carrying the certificate identification of the equipment certificate, the public key signature result and the public key in each public and private key pair in a batch certificate application request, and sending the batch certificate application request to a Certificate Authority (CA);

receiving batch application certificate responses returned by the CA center, wherein the batch application certificate responses are returned after the CA center utilizes the public key of the equipment certificate represented by the certificate identification to determine that the public key signature result in the batch application certificate request passes verification, the private keys of the CA certificate are utilized to respectively sign the public keys in each public and private key pair to obtain CA signature results corresponding to the public keys in each public and private key pair, and the corresponding information certificate is generated based on the public keys in each public and private key pair and the CA signature results corresponding to the public keys in each public and private key pair;

6. A certificate generation method is applied to a Certificate Authority (CA) center and comprises the following steps:

determining an equipment certificate of the vehicle-mounted terminal equipment based on the certificate identification carried by the batch application certificate request, and verifying a public key signature result carried by the batch application certificate request by using a public key of the equipment certificate of the vehicle-mounted terminal equipment;

when the verification of the public key signature result is confirmed to pass, the private keys of the CA certificates are used for respectively signing the public keys carried by the batch certificate application requests to obtain CA signature results corresponding to the public keys;

and generating each information certificate based on each public key and the CA signature result corresponding to each public key, and returning each information certificate carried in the batch certificate application request response to the vehicle-mounted terminal equipment.

7. An information processing apparatus, applied to a vehicle-mounted terminal device, comprising:

an information acquisition unit for acquiring vehicle travel information;

the information signing unit is used for selecting a private key of an information certificate from private keys of all the information certificates, signing the vehicle driving information and obtaining an information signing result of the vehicle driving information, wherein the private key of each information certificate is a private key in each public and private key pair generated by the vehicle-mounted terminal equipment, and each information certificate is generated by a Certificate Authority (CA) center based on public keys in each public and private key pair and CA signing results corresponding to the public keys in each public and private key pair;

8. An information processing apparatus, applied to a vehicle-mounted terminal device, comprising:

the certificate verification unit is used for verifying the information certificate in the vehicle communication information by using the public key of the Certificate Authority (CA) certificate;

and the information processing unit is used for determining that the vehicle running information in the vehicle communication information is legal when the information signature result is verified, and performing driving control processing based on the vehicle running information.

9. A certificate generation device, which is applied to a vehicle-mounted terminal device, includes:

the request sending unit is used for carrying the certificate identification of the equipment certificate, the public key signature result and the public keys in each public and private key pair in a batch certificate application request and sending the batch certificate application request to a Certificate Authority (CA) center;

a response receiving unit, configured to receive a batch application certificate response returned by the CA center, where the batch application certificate response is returned after the CA center uses the public key of the device certificate represented by the certificate identifier to determine that the public key signature result in the batch application certificate request passes verification, and uses the private key of the CA certificate to sign the public keys in the public and private key pairs respectively to obtain CA signature results corresponding to the public keys in the public and private key pairs, and generates a corresponding information certificate based on the public keys in the public and private key pairs and the CA signature results corresponding to the public keys in the public and private key pairs;

10. A certificate generation apparatus applied to a certificate authority CA center, comprising:

the public key signature unit is used for respectively signing the public keys carried by the batch application certificate requests by using a private key of a CA (certificate authority) certificate when the verification of the public key signature result is passed, so as to obtain CA signature results corresponding to the public keys;