CN111865607A - Encryption certificate state online query method, communication method and system for V2X - Google Patents
Encryption certificate state online query method, communication method and system for V2X Download PDFInfo
- Publication number
- CN111865607A CN111865607A CN202010550090.7A CN202010550090A CN111865607A CN 111865607 A CN111865607 A CN 111865607A CN 202010550090 A CN202010550090 A CN 202010550090A CN 111865607 A CN111865607 A CN 111865607A
- Authority
- CN
- China
- Prior art keywords
- certificate
- message body
- state
- signature
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides an online inquiry method, a communication method and a system for the state of an encrypted certificate of V2X, wherein the method comprises the following steps: the method comprises the steps that a first terminal obtains an encryption certificate of a second terminal, generates an encryption certificate state request message body and sends the encryption certificate state request message body to road side equipment; the road side equipment forwards and routes the received encrypted certificate status request message body to a certificate status inquiry mechanism; the certificate state inquiring mechanism inquires and acquires the state of a corresponding encrypted certificate based on the received encrypted certificate state request message body, generates an encrypted certificate state response message body and returns the encrypted certificate state response message body to the road side equipment; the road side equipment returns the encrypted certificate status response message body to the first terminal; and the first terminal judges the state of the encryption certificate of the second terminal based on the encryption certificate state response message body. The invention can ensure the safety and reliability of the application environment of the Internet of vehicles V2X.
Description
Technical Field
The invention relates to the field of digital certificates, in particular to an encryption certificate state online query method, a communication method and a system for V2X.
Background
The application of the Internet of vehicles V2X, the Internet and the mobile Internet can be exposed to various network security attacks, and the attack aiming at the application of the Internet of vehicles can bring greater harm to individuals and the society. The safety authentication technology is of great importance, a trust system of vehicles, facilities, networks and users is fundamentally established, identity validity verification and message integrity verification are realized, and the method is a first safety defense line applied to the intelligent internet automobile V2X.
Digital certificates are the primary means of implementing secure authentication techniques. Generally, a vehicle may have a large number of digital certificates, such as pseudonymous certificates, encryption certificates, and the like, and the encryption certificates are mainly used for realizing encrypted communication of message bodies in the application process of the internet of vehicles V2X; specifically, a message sender usually encrypts a message body by using an encryption certificate of a message receiver, and the state of the encryption certificate of the message receiver directly relates to whether the message body is safely transmitted or not. Therefore, how to efficiently and accurately acquire the state of the encrypted certificate is a problem to be solved urgently in the field of the internet of vehicles V2X.
Disclosure of Invention
In order to solve the above problems, it is necessary to provide an encryption certificate status online inquiry method for V2X, and to provide an information encryption transmission method and system for V2X, and to provide an encryption communication method and system.
The invention provides an online inquiry method for the state of an encrypted certificate based on V2X, which comprises the following steps:
the method comprises the steps that a first terminal obtains an encryption certificate of a second terminal, generates an encryption certificate state request message body and sends the encryption certificate state request message body to road side equipment;
the road side equipment forwards and routes the received encrypted certificate status request message body to a certificate status inquiry mechanism;
the certificate state inquiring mechanism inquires and acquires the state of a corresponding encrypted certificate based on the received encrypted certificate state request message body, generates an encrypted certificate state response message body and returns the encrypted certificate state response message body to the road side equipment;
the road side equipment returns the encrypted certificate status response message body to the first terminal;
and the first terminal judges the state of the encryption certificate of the second terminal based on the encryption certificate state response message body.
Further, the request message body includes: inquiring the name of a requester, a certificate identification list to be inquired and an identification item of each certificate in the identification list by the certificate state; the identification item comprises a Hash algorithm, certificate issuer identification data, a link data structure body and certificate identification data.
Further, the response message body includes: the response state and the certificate state when the response state is valid confirmation; the response state comprises that the response is effectively confirmed, the request is illegally confirmed, the server is internally wrong, the server is retried later, the request needs to be signed, and the request is not authorized; the certificate status includes good, revoked, and unknown.
Further, the certificate status inquiry mechanism may also synchronize the batch certificate status to the edge network in advance;
after receiving the encrypted certificate status request message body, the roadside device forwards and routes the received encrypted certificate status request message body to the edge network;
after receiving the certificate status request message body, the edge network queries and acquires the status of the corresponding digital certificate based on the certificate status request message body, generates a certificate status response message body, and returns the certificate status response message body to the road side equipment.
The second aspect of the present invention provides an information encryption transmission method for V2X, the method comprising the following steps:
the first terminal sends V2X signature information to the second terminal by adopting the information encryption sender;
when the second terminal receives the V2X signature information, a certificate status request message body of the signature certificate of the first terminal is generated, and the signature certificate status request message body is sent to the road side equipment;
The road side equipment forwards and routes the received signature certificate status request message body to the certificate status query mechanism;
the certificate state inquiring mechanism inquires and acquires the state of the corresponding signature certificate based on the received signature certificate state request message body, generates a signature certificate state response message body and returns the signature certificate state response message body to the road side equipment;
the road side equipment returns the signature certificate status response message body to the second terminal;
the second terminal judges the certificate state of the signature certificate of the first terminal based on the signature certificate state response message body; when the certificate status of the signature certificate is valid, verifying the signature of the V2X signature information by using the signature certificate;
and after the verification passes, the second terminal decrypts the acquired V2X ciphertext information by adopting the own encryption certificate private key to obtain the V2X information.
The third aspect of the present invention provides an encrypted communication method for V2X, the method comprising the steps of:
the first terminal sends V2X signature information to the second terminal by adopting the information encryption sender;
when the second terminal receives the V2X signature information, a certificate status request message body of the signature certificate of the first terminal is generated, and the signature certificate status request message body is sent to the road side equipment;
The road side equipment forwards and routes the received signature certificate status request message body to the certificate status query mechanism;
the certificate state inquiring mechanism inquires and acquires the state of the corresponding signature certificate based on the received signature certificate state request message body, generates a signature certificate state response message body and returns the signature certificate state response message body to the road side equipment;
the road side equipment returns the signature certificate status response message body to the second terminal;
the second terminal judges the certificate state of the signature certificate of the first terminal based on the signature certificate state response message body; when the certificate status of the signature certificate is valid, verifying the signature of the V2X signature information by using the signature certificate;
and after the verification passes, the second terminal decrypts the acquired V2X ciphertext information by adopting the own encryption certificate private key to obtain the V2X information.
The fourth aspect of the present invention provides an information encryption transmission system for V2X, comprising: the system comprises a first terminal, a second terminal, a road test device and a certificate state inquiry mechanism, wherein the first terminal is in short-distance communication with the second terminal and the road side device respectively, and the road side device is in network communication with the certificate state inquiry mechanism and is used for executing the information encryption sending method.
Further, the response message body includes: the response state and the certificate state when the response state is valid confirmation; the response state comprises that the response is effectively confirmed, the request is illegally confirmed, the server is internally wrong, the server is retried later, the request needs to be signed, and the request is not authorized; the certificate status includes good, revoked, and unknown.
Further, the certificate status query mechanism is an OCSP responder.
Further, the certificate status query mechanism comprises an OCSP responder and an edge network, wherein the OCSP responder is in network communication with the edge network and is used for synchronizing the batch certificate status to the edge network in advance;
the edge network is in network communication with the drive test equipment, receives the certificate status request message body sent by the drive test equipment, queries and acquires the status of the corresponding digital certificate based on the certificate status request message body, generates a certificate status response message body, and returns the certificate status response message body to the drive test equipment.
The fifth aspect of the present invention provides an encryption communication system for V2X, including the foregoing information encryption transmission system, where the second terminal is further in short-distance communication with the drive test equipment, and is configured to transmit a certificate status request message body of a signature certificate of the first terminal to the certificate status querying authority through the drive test equipment;
A certificate status response message for receiving the certificate status query authority response through the drive test equipment;
the certificate verification module is further used for judging the certificate state of the signature certificate of the first terminal based on the signature certificate state response message body, and adopting the signature certificate to verify the signature information of the V2X when the certificate state of the signature certificate is valid;
and the system is used for decrypting the acquired V2X ciphertext information by using the own encryption certificate private key after the signature passes to obtain V2X information.
Further, the short-range communication is a PC5 point-to-point communication.
According to the invention, the state of the corresponding encrypted certificate can be efficiently and accurately obtained through the online certificate state query mechanism, whether the V2X information is encrypted is determined based on the state of the encrypted certificate, and the safety and reliability of the application environment of the Internet of vehicles V2X are effectively ensured.
Additional aspects and advantages of the invention will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention.
Drawings
The above and/or additional aspects and advantages of the present invention will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:
Fig. 1 shows a flowchart of an encryption certificate status online query method for V2X according to embodiment 1 of the present invention;
fig. 2 shows another flowchart of the encryption certificate status online query method for V2X according to embodiment 1 of the present invention;
fig. 3 shows a flowchart of an information encryption transmission method for V2X according to embodiment 2 of the present invention;
fig. 4 shows a flowchart of an encrypted communication method for V2X according to embodiment 3 of the present invention;
FIG. 5 is a block diagram showing an information encryption transmission system for V2X according to embodiment 4 of the present invention
Fig. 6 shows a block diagram of an encrypted communication system for V2X according to embodiment 5 of the present invention.
Detailed Description
In order that the above objects, features and advantages of the present invention can be more clearly understood, a more particular description of the invention will be rendered by reference to the appended drawings. It should be noted that the embodiments and features of the embodiments of the present application may be combined with each other without conflict.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention, however, the present invention may be practiced in other ways than those specifically described herein, and therefore the scope of the present invention is not limited by the specific embodiments disclosed below.
Example 1
As shown in fig. 1, this embodiment proposes an online inquiry method for encrypted certificate status based on V2X, where the method includes the following steps:
the method comprises the steps that a first terminal obtains an encryption certificate of a second terminal, generates an encryption certificate state request message body and sends the encryption certificate state request message body to road side equipment;
the road side equipment forwards and routes the received encrypted certificate status request message body to a certificate status inquiry mechanism;
the certificate state inquiring mechanism inquires and acquires the state of a corresponding encrypted certificate based on the received encrypted certificate state request message body, generates an encrypted certificate state response message body and returns the encrypted certificate state response message body to the road side equipment;
the road side equipment returns the encrypted certificate status response message body to the first terminal;
and the first terminal judges the state of the encryption certificate of the second terminal based on the encryption certificate state response message body.
In this embodiment, the first terminal and the second terminal may be any one or more of an on-board device, a roadside device, a mobile phone, a PC, and an IPAD.
Preferably, the short-range communication method may be a point-to-point communication method of the PC5, but is not limited thereto.
For example, the first terminal is taken as the vehicle-mounted device, and the vehicle-mounted device may not have an available Uu interface network, so that the vehicle-mounted device cannot directly access the certificate status query mechanism through the network and perform certificate status check. The invention generates PC5 point-to-point communication with road side equipment through a PC5 interface carried by the vehicle-mounted equipment, and requests a certificate state inquiry mechanism to inquire the certificate state by the road side equipment. It will be appreciated that the PC5 interface may enable high speed and high density communications at 250Kph, allowing terminals to broadcast messages directly to each other with or without network coverage.
In practical application, if the V2X information sent by the first terminal is sensitive information and can only be disclosed to the second terminal, at this time, the first terminal needs to obtain an encryption certificate of the second terminal, and encrypts the V2X information by using a public key of the encryption certificate, if the encryption certificate is valid, the second terminal possesses the private key of the encryption certificate and can successfully decrypt and obtain the sensitive information, and the other terminals cannot decrypt and obtain the sensitive information because the private keys without the encryption certificate, so as to ensure the security of sensitive information transmission. However, the validity of the encrypted certificate cannot be directly determined for the first terminal, and the first terminal may not have an available Uu interface network as an in-vehicle device, and the first terminal performs point-to-point communication with the roadside device generation PC5 through its own PC5 interface, and requests the certificate status inquiry authority to inquire the status of the encrypted certificate through the roadside device.
In practical application, if the first terminal has an available Uu interface network, the first terminal may also perform direct network connection with the certificate status query mechanism through the Uu interface network, so as to implement online query of the status of the encrypted certificate.
According to an embodiment of the present invention, the request message body includes: the name of a requester, a certificate identification list to be inquired and an identification item of each certificate in the identification list; the identification item comprises a Hash algorithm, certificate issuer identification data, a link data structure body and certificate identification data.
Specifically, the request message body includes a certificate verification request structure and signature information of the certificate verification request structure, where the certificate verification request structure is composed of a requester name, a certificate identification list to be queried, and an identification item of each certificate in the identification list. When the request message body is generated, the requesting party (i.e. the second terminal) needs to sign the certificate verification request structure body by using a private key of the requesting party, and the integrity of the certificate verification request structure body can be ensured by a signature mechanism, thereby effectively avoiding the risk of tampering the certificate verification request structure body.
According to an embodiment of the present invention, the response message body includes: the response state and the certificate state when the response state is valid confirmation; the response state comprises that the response is effectively confirmed, the request is illegally confirmed, the server is internally wrong, the server is retried later, the request needs to be signed, and the request is not authorized; the certificate status includes good, revoked, and unknown.
Specifically, the response state is generated by the certificate state query mechanism in combination with the running state (e.g., internal error) of the server itself and the query condition (e.g., the request must be signed) after receiving the request message body, and the certificate state is attached to the response message body only when the response is validated, and the certificate state is not attached to the response message body in other cases.
The message body supports an online certificate state query mechanism based on Linkage and HashID. The code of the message body adopts OER rule, and the message structure is simple. The message body can provide better performance indexes for OCSP scenes with requirements on network flow and response time.
Further, as shown in fig. 2, the certificate status query mechanism may also synchronize the batch certificate status to the edge network in advance;
after receiving the encrypted certificate status request message body, the roadside device forwards and routes the received encrypted certificate status request message body to the edge network;
after receiving the certificate status request message body, the edge network queries and acquires the status of the corresponding digital certificate based on the certificate status request message body, generates a certificate status response message body, and returns the certificate status response message body to the road side equipment.
Further, by communicating the OCSP responder with the edge network, the OCSP responder synchronizes the revocation status of the certificate for V2X to the edge network in advance in real time, and the requester (e.g., the second terminal) can directly inquire the revocation status of the corresponding certificate from the edge network, so as to speed up the response speed of the certificate status inquiry.
Example 2
As shown in fig. 3, the present embodiment provides an information encryption transmission method for V2X, the method including the following steps:
generating V2X information;
acquiring the state of the encryption certificate of the second terminal by adopting the encryption certificate state online inquiry method in the embodiment 1 or the embodiment 2;
when the state of the encryption certificate is valid, encrypting the V2X information by using the public key of the encryption certificate to obtain V2X ciphertext information;
and signing the V2X ciphertext information by using a self signature certificate to obtain V2X signature information, and sending the V2X signature information.
Specifically, the V2X signature information sent by the first terminal is usually signed by the private key of the signature certificate of the first terminal, when the second terminal acquires the V2X signature information, the validity of the signature certificate of the first terminal needs to be verified first, and if the signature certificate is valid, the signature can be verified according to the public key of the signature certificate, so as to judge the validity of the V2X signature information; if the signature certificate is invalid, the V2X signature information can be directly regarded as invalid information.
According to an embodiment of the present invention, the request message body includes: the name of a requester, a certificate identification list to be inquired and an identification item of each certificate in the identification list; the identification item comprises a Hash algorithm, certificate issuer identification data, a link data structure body and certificate identification data.
Specifically, the request message body includes a certificate verification request structure and signature information of the certificate verification request structure, where the certificate verification request structure is composed of a requester name, a certificate identification list to be queried, and an identification item of each certificate in the identification list. When the request message body is generated, the requesting party (i.e. the second terminal) needs to sign the certificate verification request structure body by using a private key of the requesting party, and the integrity of the certificate verification request structure body can be ensured by a signature mechanism, thereby effectively avoiding the risk of tampering the certificate verification request structure body.
Furthermore, the certificate to be queried is a pseudonymous certificate, a link value is preset in the pseudonymous certificate, the link value is used for efficient revocation of the pseudonymous certificate, and the link data structure corresponds to the link value of the pseudonymous certificate. The certificate issuer identification data is 8 bytes after the certificate of the certificate issuer is subjected to Hash calculation and taken out as the identification data of the certificate issuer; the certificate identification data is obtained by performing hash calculation on the certificate to be queried and taking out 10 bytes of data as identification data of the certificate.
According to an embodiment of the present invention, the response message body includes: the response state and the certificate state when the response state is valid confirmation; the response state comprises that the response is effectively confirmed, the request is illegally confirmed, the server is internally wrong, the server is retried later, the request needs to be signed, and the request is not authorized; the certificate status includes good, revoked, and unknown.
Specifically, the response state is generated by the certificate state query mechanism in combination with the running state (e.g., internal error) of the server itself and the query condition (e.g., the request must be signed) after receiving the request message body, and the certificate state is attached to the response message body only when the response is validated, and the certificate state is not attached to the response message body in other cases.
Example 3
As shown in fig. 4, the present embodiment provides an encrypted communication method for V2X, the method including the steps of:
the first terminal sends V2X signature information to the second terminal by adopting the information encryption sender;
when the second terminal receives the V2X signature information, a certificate status request message body of the signature certificate of the first terminal is generated, and the signature certificate status request message body is sent to the road side equipment;
The road side equipment forwards and routes the received signature certificate status request message body to the certificate status query mechanism;
the certificate state inquiring mechanism inquires and acquires the state of the corresponding signature certificate based on the received signature certificate state request message body, generates a signature certificate state response message body and returns the signature certificate state response message body to the road side equipment;
the road side equipment returns the signature certificate status response message body to the second terminal;
the second terminal judges the certificate state of the signature certificate of the first terminal based on the signature certificate state response message body; when the certificate status of the signature certificate is valid, verifying the signature of the V2X signature information by using the signature certificate;
and after the verification passes, the second terminal decrypts the acquired V2X ciphertext information by adopting the own encryption certificate private key to obtain the V2X information.
Example 4
As shown in fig. 5, the present embodiment provides an information encryption transmission system for V2X, including: the system comprises a first terminal, a second terminal, a road test device and a certificate state inquiry mechanism, wherein the first terminal is in short-distance communication with the second terminal and the road side device respectively, and the road side device is in network communication with the certificate state inquiry mechanism and is used for executing the information encryption sending method.
Further, the response message body includes: the response state and the certificate state when the response state is valid confirmation; the response state comprises that the response is effectively confirmed, the request is illegally confirmed, the server is internally wrong, the server is retried later, the request needs to be signed, and the request is not authorized; the certificate status includes good, revoked, and unknown.
Further, the certificate status query mechanism is an OCSP responder.
Further, the certificate status query mechanism comprises an OCSP responder and an edge network, wherein the OCSP responder is in network communication with the edge network and is used for synchronizing the batch certificate status to the edge network in advance;
the edge network is in network communication with the drive test equipment, receives the certificate status request message body sent by the drive test equipment, queries and acquires the status of the corresponding digital certificate based on the certificate status request message body, generates a certificate status response message body, and returns the certificate status response message body to the drive test equipment.
Example 5
As shown in fig. 6, this embodiment provides an encrypted communication system for V2X, including the information encryption transmission system of embodiment 4, where the second terminal is further in short-range communication with the drive test device, and is configured to transmit a certificate status request message body of a signature certificate of the first terminal to the certificate status querying authority through the drive test device;
A certificate status response message for receiving the certificate status query authority response through the drive test equipment;
the certificate verification module is further used for judging the certificate state of the signature certificate of the first terminal based on the signature certificate state response message body, and adopting the signature certificate to verify the signature information of the V2X when the certificate state of the signature certificate is valid;
and the system is used for decrypting the acquired V2X ciphertext information by using the own encryption certificate private key after the signature passes to obtain V2X information.
Further, the short-range communication is, but not limited to, a PC5 point-to-point communication.
According to the invention, the state of the corresponding encrypted certificate can be efficiently and accurately obtained through the online certificate state query mechanism, whether the V2X information is encrypted is determined based on the state of the encrypted certificate, and the safety and reliability of the application environment of the Internet of vehicles V2X are effectively ensured.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the appended claims.
Claims (10)
1. An encryption certificate status online inquiry method based on V2X, characterized in that the method comprises the following steps:
the method comprises the steps that a first terminal obtains an encryption certificate of a second terminal, generates an encryption certificate state request message body and sends the encryption certificate state request message body to road side equipment;
the road side equipment forwards and routes the received encrypted certificate status request message body to a certificate status inquiry mechanism;
the certificate state inquiring mechanism inquires and acquires the state of a corresponding encrypted certificate based on the received encrypted certificate state request message body, generates an encrypted certificate state response message body and returns the encrypted certificate state response message body to the road side equipment;
the road side equipment returns the encrypted certificate status response message body to the first terminal;
and the first terminal judges the state of the encryption certificate of the second terminal based on the encryption certificate state response message body.
2. The method for inquiring the status of the encrypted certificate as claimed in claim 1, wherein the request message body comprises: inquiring the name of a requester, a certificate identification list to be inquired and an identification item of each certificate in the identification list by the certificate state; the identification item comprises a Hash algorithm, certificate issuer identification data, a link data structure body and certificate identification data.
3. The method for inquiring the status of the encrypted certificate as claimed in claim 1, wherein the response message body comprises: the response state and the certificate state when the response state is valid confirmation; the response state comprises that the response is effectively confirmed, the request is illegally confirmed, the server is internally wrong, the server is retried later, the request needs to be signed, and the request is not authorized; the certificate status includes good, revoked, and unknown.
4. The encryption certificate status online inquiry method according to any one of claims 1 to 3, characterized in that: the certificate status inquiring mechanism can also synchronize the batch certificate status to the edge network in advance;
after receiving the encrypted certificate status request message body, the roadside device forwards and routes the received encrypted certificate status request message body to the edge network;
after receiving the certificate status request message body, the edge network queries and acquires the status of the corresponding digital certificate based on the certificate status request message body, generates a certificate status response message body, and returns the certificate status response message body to the road side equipment.
5. An information encryption transmission method for V2X, characterized in that the method comprises the following steps:
Generating V2X information;
acquiring the state of the encryption certificate of the second terminal by adopting the encryption certificate state online inquiry method of any one of claims 1 to 4;
when the state of the encryption certificate is valid, encrypting the V2X information by using the public key of the encryption certificate to obtain V2X ciphertext information;
and signing the V2X ciphertext information by using a self signature certificate to obtain V2X signature information, and sending the V2X signature information.
6. An encrypted communication method for V2X, characterized by: the method comprises the following steps:
the first terminal sends V2X signature information to the second terminal by using the information encryption sending party of claim 5;
when the second terminal receives the V2X signature information, a certificate status request message body of the signature certificate of the first terminal is generated, and the signature certificate status request message body is sent to the road side equipment;
the road side equipment forwards and routes the received signature certificate status request message body to the certificate status query mechanism;
the certificate state inquiring mechanism inquires and acquires the state of the corresponding signature certificate based on the received signature certificate state request message body, generates a signature certificate state response message body and returns the signature certificate state response message body to the road side equipment;
The road side equipment returns the signature certificate status response message body to the second terminal;
the second terminal judges the certificate state of the signature certificate of the first terminal based on the signature certificate state response message body; when the certificate status of the signature certificate is valid, verifying the signature of the V2X signature information by using the signature certificate;
and after the verification passes, the second terminal decrypts the acquired V2X ciphertext information by adopting the own encryption certificate private key to obtain the V2X information.
7. An encrypted communications system for V2X, comprising: the system comprises a first terminal, a second terminal, a drive test device and a certificate status inquiry mechanism, wherein the first terminal is in short-distance communication with the second terminal and the road side device respectively, and the road side device is in network communication with the certificate status inquiry mechanism and is used for executing the information encryption sending method of claim 5.
8. The encrypted communications system according to claim 7, wherein the certificate status query authority is an OCSP responder.
9. The cryptographic communication system for V2X, as claimed in claim 7, wherein the certificate status query mechanism includes an OCSP responder and an edge network;
The OCSP responder is in network communication with the edge network and is used for synchronizing the batch certificate state to the edge network in advance;
the edge network is in network communication with the drive test equipment, receives the certificate status request message body sent by the drive test equipment, queries and acquires the status of the corresponding digital certificate based on the certificate status request message body, generates a certificate status response message body, and returns the certificate status response message body to the drive test equipment.
10. An encrypted communications system for V2X, characterized by: the information encryption transmission system comprises the information encryption transmission system of any one of claims 7 to 9, wherein the second terminal is also in short-distance communication with the drive test equipment and is used for transmitting a certificate status request message body of the signature certificate of the first terminal to the certificate status inquiry mechanism through the drive test equipment;
a certificate status response message for receiving the certificate status query authority response through the drive test equipment;
the certificate verification module is further used for judging the certificate state of the signature certificate of the first terminal based on the signature certificate state response message body, and adopting the signature certificate to verify the signature information of the V2X when the certificate state of the signature certificate is valid;
And the system is used for decrypting the acquired V2X ciphertext information by using the own encryption certificate private key after the signature passes to obtain V2X information.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010550090.7A CN111865607B (en) | 2020-06-16 | 2020-06-16 | Encryption certificate state online query method, communication method and system for V2X |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010550090.7A CN111865607B (en) | 2020-06-16 | 2020-06-16 | Encryption certificate state online query method, communication method and system for V2X |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111865607A true CN111865607A (en) | 2020-10-30 |
CN111865607B CN111865607B (en) | 2022-02-11 |
Family
ID=72986720
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010550090.7A Active CN111865607B (en) | 2020-06-16 | 2020-06-16 | Encryption certificate state online query method, communication method and system for V2X |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111865607B (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100668446B1 (en) * | 2006-11-09 | 2007-01-12 | 소프트포럼 주식회사 | Safe --method for transferring digital certificate |
CN107786515A (en) * | 2016-08-29 | 2018-03-09 | 中国移动通信有限公司研究院 | A kind of method and apparatus of certificate verification |
CN107888560A (en) * | 2017-10-12 | 2018-04-06 | 深圳市中易通安全芯科技有限公司 | A kind of mobile intelligent terminal mail security Transmission system and method |
US20180103017A1 (en) * | 2015-09-08 | 2018-04-12 | Tencent Technology (Shenzhen) Company Limited | Service processing method and electronic device |
CN110278086A (en) * | 2019-06-24 | 2019-09-24 | 晋商博创(北京)科技有限公司 | Compatibility method, device, terminal, system and storage medium based on CPK and PKI |
-
2020
- 2020-06-16 CN CN202010550090.7A patent/CN111865607B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100668446B1 (en) * | 2006-11-09 | 2007-01-12 | 소프트포럼 주식회사 | Safe --method for transferring digital certificate |
US20180103017A1 (en) * | 2015-09-08 | 2018-04-12 | Tencent Technology (Shenzhen) Company Limited | Service processing method and electronic device |
CN107786515A (en) * | 2016-08-29 | 2018-03-09 | 中国移动通信有限公司研究院 | A kind of method and apparatus of certificate verification |
CN107888560A (en) * | 2017-10-12 | 2018-04-06 | 深圳市中易通安全芯科技有限公司 | A kind of mobile intelligent terminal mail security Transmission system and method |
CN110278086A (en) * | 2019-06-24 | 2019-09-24 | 晋商博创(北京)科技有限公司 | Compatibility method, device, terminal, system and storage medium based on CPK and PKI |
Non-Patent Citations (3)
Title |
---|
MINMEI WANG: "Collaborative Validation of Public-Key Certificates for IoT by Distributed Caching", 《IEEE》 * |
许俊: "序列号设计优化海量证书状态查询", 《信息安全与通信保密》 * |
谷发平等: "一种增强型SSL安全通道建立方案设计与实现", 《军事通信技术》 * |
Also Published As
Publication number | Publication date |
---|---|
CN111865607B (en) | 2022-02-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN112671798B (en) | Service request method, device and system in Internet of vehicles | |
US7020778B1 (en) | Method for issuing an electronic identity | |
CN110324335B (en) | Automobile software upgrading method and system based on electronic mobile certificate | |
CN112399382A (en) | Vehicle networking authentication method, device, equipment and medium based on block chain network | |
CN111865919B (en) | Digital certificate application method and system based on V2X | |
JP5587239B2 (en) | Vehicle-to-vehicle / road-vehicle communication system | |
WO2011148744A1 (en) | Communication system, vehicle-mounted terminal, roadside device | |
US20140075186A1 (en) | Multiple Access Key Fob | |
KR20160092496A (en) | Communication device, lsi, program, and communication system | |
CN110572418A (en) | Vehicle identity authentication method and device, computer equipment and storage medium | |
CN102118246A (en) | System and method for performing an asymmetric key exchange between a vehicle and a remote device | |
CN109362062B (en) | ID-based group signature-based VANETs anonymous authentication system and method | |
CN110022542A (en) | A kind of anonymous authentication method of the modified based on condition secret protection | |
CN112396735B (en) | Internet automobile digital key safety authentication method and device | |
CN108881176A (en) | A kind of method of secure communication between car networking terminal | |
CN113572795B (en) | Vehicle safety communication method, system and vehicle-mounted terminal | |
CN112565294B (en) | Identity authentication method based on block chain electronic signature | |
Shen et al. | An efficient public key management system: an application in vehicular ad hoc networks | |
CN114079645B (en) | Method and device for registering service | |
CN111865607B (en) | Encryption certificate state online query method, communication method and system for V2X | |
CN111818482B (en) | Online certificate status acquisition method and system for V2X and communication method | |
CN113660662B (en) | Authentication method based on trusted connection architecture in Internet of vehicles environment | |
CN112866240B (en) | Safety communication method and equipment for Internet of vehicles | |
CN111698650B (en) | Digital certificate state cooperation query method, communication method and system | |
KR20190115489A (en) | IOT equipment certification system utilizing security technology |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Online query method, communication method, and system for encryption certificate status for V2X Effective date of registration: 20230412 Granted publication date: 20220211 Pledgee: China Construction Bank Corporation Zhengzhou Jinshui sub branch Pledgor: ZHENGZHOU XINDA JIEAN INFORMATION TECHNOLOGY Co.,Ltd. Registration number: Y2023980037751 |
|
PE01 | Entry into force of the registration of the contract for pledge of patent right |