CN111865919A - Digital certificate application method and system based on V2X - Google Patents

Digital certificate application method and system based on V2X Download PDF

Info

Publication number
CN111865919A
CN111865919A CN202010548772.4A CN202010548772A CN111865919A CN 111865919 A CN111865919 A CN 111865919A CN 202010548772 A CN202010548772 A CN 202010548772A CN 111865919 A CN111865919 A CN 111865919A
Authority
CN
China
Prior art keywords
certificate
digital certificate
server
digital
private key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010548772.4A
Other languages
Chinese (zh)
Other versions
CN111865919B (en
Inventor
李鑫
周吉祥
康亮
王建伟
李顶占
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Xinda Jiean Information Technology Co Ltd
Original Assignee
Zhengzhou Xinda Jiean Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Xinda Jiean Information Technology Co Ltd filed Critical Zhengzhou Xinda Jiean Information Technology Co Ltd
Priority to CN202010548772.4A priority Critical patent/CN111865919B/en
Publication of CN111865919A publication Critical patent/CN111865919A/en
Application granted granted Critical
Publication of CN111865919B publication Critical patent/CN111865919B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/40Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
    • H04W4/44Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P] for communication between vehicles and infrastructures, e.g. vehicle-to-cloud [V2C] or vehicle-to-home [V2H]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/40Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
    • H04W4/46Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P] for vehicle-to-vehicle communication [V2V]

Abstract

The invention provides a digital certificate application method and a system based on V2X, wherein the method comprises the following steps: the vehicle-mounted terminal generates a digital certificate application request and sends the digital certificate application request to the certificate access server; the certificate access server forwards the digital certificate application request to a certificate registration server; the certificate registration server verifies the digital certificate application request, and after the verification is passed, the certificate registration server sends a digital certificate issuing request to the certificate issuing server and simultaneously returns a digital certificate application response to the certificate access server; the certificate signing server signs a digital certificate and returns the digital certificate to the certificate registration server; the certificate registration server receives the digital certificate and compresses the digital certificate to form a download package, and the download package is synchronized to the certificate access server; and the vehicle-mounted terminal requests the certificate access server to download a compressed package of the digital certificate according to the received digital certificate application response forwarded by the certificate access server.

Description

Digital certificate application method and system based on V2X
Technical Field
The invention relates to the field of digital certificates, in particular to a digital certificate application method and a digital certificate application system based on V2X.
Background
The application of the Internet of vehicles V2X, the Internet and the mobile Internet can be exposed to various network security attacks, and the attack aiming at the application of the Internet of vehicles can bring greater harm to individuals and the society. The safety authentication technology is of great importance, a trust system of vehicles, facilities, networks and users is fundamentally established, identity validity verification and message integrity verification are realized, and the method is a first safety defense line applied to the intelligent internet automobile V2X.
Registering a certificate authority: which is responsible for the issuance of registration certificates (ECs), which are typically operated by vehicle enterprises.
Certificate registration authority: which is responsible for the registration of authorized certificates (pseudonymous certificates, identity certificates, application certificates, etc.) and requests the certificate issuing authority to issue certificates. Generally, the certificate registration authority and the certificate issuing authority are generally operated by a Certificate Authority (CA) of a provincial administration.
If a vehicle enterprise wants to additionally deploy an operating certificate registration authority in an own certificate registration authority, the mobile network access capability of the certificate registration authority originally is not born.
Disclosure of Invention
In order to solve the above problems, it is necessary to provide a digital certificate application method and system based on V2X.
The invention provides a digital certificate application method based on V2X in a first aspect, which comprises the following steps:
step S101, a vehicle-mounted terminal generates a digital certificate application request and sends the digital certificate application request to a certificate access server;
step S102, the certificate access server forwards the digital certificate application request to the certificate registration server;
step S103, the certificate registration server verifies the digital certificate application request, after the verification is passed, the digital certificate signing and issuing request is sent to the certificate signing and issuing server, and meanwhile, a digital certificate application response is returned to the certificate access server;
step S104, the certificate issuing server issues a digital certificate and returns the digital certificate to the certificate registration server;
step S105, the certificate registration server receives the digital certificate and compresses the digital certificate to form a download package, and the download package is synchronized to the certificate access server;
and step S106, the vehicle-mounted terminal requests the certificate access server to download the compressed package of the digital certificate according to the received digital certificate application response forwarded by the certificate access server.
Based on the above, in step S101, the vehicle-mounted terminal performs short-distance communication with the road side device, and after the vehicle-mounted terminal generates the digital certificate application request, the road side device sends the digital certificate application request to the certificate access server;
In step S103, the certificate access server returns a digital certificate application response to the vehicle-mounted terminal through the road side device;
in step S106, the vehicle-mounted terminal requests the certificate access server to download a compressed packet of the digital certificate through the road side device.
Based on the above, the digital certificate application response includes the digital certificate download time.
Based on the above, the road side devices in steps S101, S103, and S106 are all the same road side device.
Based on the above, the road side devices in steps S101 and S103 are the same road side device, and the road side device in step S106 is a different road side device from the road side device in step S101 or S103.
Based on the above, the certificate application request at least includes the certificate application information and the registration certificate.
Based on the above, in step S101, when the vehicle-mounted terminal generates the digital certificate application request, two pairs of seed public and private key pairs are generated by using the asymmetric key algorithm: a key pair for signature (A, a) for issuing a digital certificate, and a key pair for encryption (P, P) for encrypting a generated pseudonymous certificate; two symmetric keys are generated using a symmetric key algorithm: a symmetric key ck for signature and a symmetric key ek for encryption;
the public key factor A, the public key factor P, the symmetric key ck for signature and the symmetric key ek for encryption are used as certificate application information and are included in a digital certificate application request to be sent to a certificate registration server;
In step S103, after the certificate registration server passes the verification of the digital certificate application request, the public key factor a and the symmetric key ck for signature are used to calculate to obtain a public key B for signature, and the public key factor P and the symmetric key ek for encryption are used to calculate to obtain a public key Q for encryption;
when the certificate registration server sends a digital certificate signing request to the certificate signing server, the public key B for signature and the public key Q for encryption are sent to the certificate signing server;
in step S104, before the certificate issuing server issues the digital certificate, a pair of public and private key pairs (C, C) is randomly generated, wherein public key factors C and B are operated to obtain a complete public key S;
the certificate signing server signs and issues data to be signed based on the complete public key S to obtain a digital certificate PC, encrypts the digital certificate PC and a private key factor c by using a corresponding public key Q, and then sends the n ciphertexts to a certificate registration server;
in step S106, after receiving a digital certificate download response returned by the certificate access server, the vehicle-mounted terminal calculates a private key factor a and a private key factor p with a symmetric key ck for signature and a symmetric key ek for encryption respectively to obtain a private key b for signature and a private key q for encryption;
And decrypting the corresponding ciphertext by using the private key factor q to obtain a digital certificate PC and a private key factor c, and finally calculating by using the private key b and the private key factor c to obtain a complete private key s corresponding to the digital certificate PC.
Based on the above, in step S103, after the certificate registration server passes the verification of the digital certificate application request, the public key factor a and the symmetric key ck for signature are used to perform the first round of expansion calculation, so as to obtain the public key B1 for signature, and the public key factor P and the symmetric key ek for encryption are used to perform the first round of expansion calculation, so as to obtain the public key Q1 for encryption; repeating n rounds of extension operations to obtain (Bi, Qi), i = (1, …, n);
in step S104, the public key factor C and n Bi are operated one by one to obtain a complete public key Si; the certificate signing server signs and issues data to be signed based on the complete public key Si to obtain a digital certificate PCi, encrypts the digital certificate PCi and a private key factor c by using a corresponding public key Qi and then sends a ciphertext to a certificate registration server;
in step S106, after receiving the digital certificate download response returned by the certificate access server, the vehicle-mounted terminal performs n rounds of calculations with the symmetric key ck for signature and the symmetric key ek for encryption by using the private key factor a and the private key factor p, respectively, to obtain a private key bi for signature and a private key qi for encryption, i = (1, …, n);
And decrypting the corresponding ciphertext by using the private key factor qi to obtain the digital certificate PCi and a private key factor c, and finally calculating by using the private key bi and the private key factor c to obtain a complete private key si corresponding to the digital certificate PCi.
The second aspect of the invention provides a digital certificate application system based on V2X, which comprises a certificate access server, a certificate registration server and a certificate issuing server; the certificate registration server is respectively connected with the certificate access server and the certificate issuing server in a communication way; when the vehicle-mounted terminal applies for the digital certificate, the steps of the digital certificate application method based on V2X are executed.
The third aspect of the invention provides a digital certificate application system based on V2X, which comprises road side equipment, a certificate access server, a certificate registration server and a certificate issuing server; the certificate registration server is respectively connected with the certificate access server and the certificate issuing server in a communication way; when the vehicle-mounted terminal applies for the digital certificate, the steps of the digital certificate application method based on V2X are executed.
The invention divides and deploys the function of the traditional certificate registration server, namely, divides and deploys the digital certificate downloading function provided by the traditional certificate registration server on the certificate access server, ensures that the certificate application of the vehicle-mounted terminal is controlled as much as possible under the condition that the operator of the divided certificate registration mechanism does not need to be responsible for the high-availability mobile network access, reduces the network service burden of the operator of the certificate registration mechanism, and protects the certificate application behavior information of the vehicle-mounted terminal.
According to the method and the system, the vehicle-mounted terminal provides the seed public key, the certificate registration server expands based on the seed public key, and then applies to the certificate issuing server for issuing the batch of digital certificates according to the expanded public key.
Additional aspects and advantages of the invention will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention.
Drawings
The above and/or additional aspects and advantages of the present invention will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:
fig. 1 shows a work flow diagram of the digital certificate application method based on V2X in accordance with the present invention.
Fig. 2 shows a system block diagram of the digital certificate application method based on V2X according to embodiment 1 of the present invention.
Fig. 3 shows a system block diagram of an implementation manner of the V2X-based digital certificate application method according to embodiment 2 of the present invention.
Fig. 4 shows a system block diagram of another implementation manner of the V2X-based digital certificate application method according to embodiment 2 of the present invention.
Detailed Description
In order that the above objects, features and advantages of the present invention can be more clearly understood, a more particular description of the invention will be rendered by reference to the appended drawings. It should be noted that the embodiments and features of the embodiments of the present application may be combined with each other without conflict.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention, however, the present invention may be practiced in other ways than those specifically described herein, and therefore the scope of the present invention is not limited by the specific embodiments disclosed below.
Example 1
As shown in fig. 1 and fig. 2, a digital certificate application method based on V2X includes:
step S101, a vehicle-mounted terminal generates a digital certificate application request and sends the digital certificate application request to a certificate access server;
step S102, the certificate access server forwards the digital certificate application request to the certificate registration server;
step S103, the certificate registration server verifies the digital certificate application request, after the verification is passed, the digital certificate signing and issuing request is sent to the certificate signing and issuing server, and meanwhile, a digital certificate application response is returned to the certificate access server;
Step S104, the certificate issuing server issues a digital certificate and returns the digital certificate to the certificate registration server;
step S105, the certificate registration server receives the digital certificate and compresses the digital certificate to form a download package, and the download package is synchronized to the certificate access server;
and step S106, the vehicle-mounted terminal requests the certificate access server to download the compressed package of the digital certificate according to the received digital certificate application response forwarded by the certificate access server.
In this embodiment, the certificate access server is further configured to receive a certificate downloading request of the vehicle-mounted terminal, forward the certificate downloading request to the certificate registration authority, verify the identity of the vehicle-mounted terminal by the certificate registration authority, and after the identity verification passes, provide a downloading function of the corresponding digital certificate to the vehicle-mounted terminal by the certificate access server.
It should be noted that, in this embodiment, the certificate registration server verifies the digital certificate application request, and if the verification result is valid, the digital certificate issuance request may be triggered to be generated and forwarded to the certificate issuance server; and if the verification result is invalid, feeding back to the vehicle-mounted terminal through the certificate access server, and simultaneously finishing the digital certificate application process.
Preferably, the digital certificate in this embodiment may be any one of a pseudonymous certificate, an application certificate, and an identity certificate. But is not limited thereto.
Specifically, the digital certificate application request at least includes certificate application information and a registration certificate.
It should be noted that, the certificate application main body (i.e. the vehicle-mounted terminal) first applies for obtaining the registration certificate through the authentication and authorization system, and then applies for other application digital certificates (such as a pseudonymous certificate, an application certificate, etc.) related to secure communication based on the registration certificate. Since the digital certificate application request includes the registration certificate of the in-vehicle terminal, the certificate registration server can verify the validity of the digital certificate application request based on the registration certificate.
The digital certificate issued by the certificate issuing server may be generated by issuing a public key of the certificate issuing server, or may be provided by the vehicle-mounted terminal, and then the vehicle-mounted terminal applies for issuing the digital certificate based on the public key. The specific process that the vehicle-mounted terminal provides the public key and then applies for signing and issuing the digital certificate based on the public key is as follows:
in step S101, when the vehicle-mounted terminal generates a digital certificate application request, two pairs of seed public and private key pairs are generated by using an asymmetric key algorithm: a key pair for signature (A, a) for issuing a digital certificate, and a key pair for encryption (P, P) for encrypting a generated pseudonymous certificate; two symmetric keys are generated using a symmetric key algorithm: a symmetric key ck for signature and a symmetric key ek for encryption;
The public key factor A, the public key factor P, the symmetric key ck for signature and the symmetric key ek for encryption are used as certificate application information and are included in a digital certificate application request to be sent to a certificate registration server;
in step S103, after the certificate registration server passes the verification of the digital certificate application request, the public key factor a and the symmetric key ck for signature are used to calculate to obtain a public key B for signature, and the public key factor P and the symmetric key ek for encryption are used to calculate to obtain a public key Q for encryption;
when the certificate registration server sends a digital certificate signing request to the certificate signing server, the public key B for signature and the public key Q for encryption are sent to the certificate signing server;
in step S104, before the certificate issuing server issues the digital certificate, a pair of public and private key pairs (C, C) is randomly generated, wherein public key factors C and B are operated to obtain a complete public key S;
the certificate signing server signs and issues data to be signed based on the complete public key S to obtain a digital certificate PC, encrypts the digital certificate PC and a private key factor c by using a corresponding public key Q, and then sends the n ciphertexts to a certificate registration server;
in step S106, after receiving a digital certificate download response returned by the certificate access server, the vehicle-mounted terminal calculates a private key factor a and a private key factor p with a symmetric key ck for signature and a symmetric key ek for encryption respectively to obtain a private key b for signature and a private key q for encryption;
And decrypting the corresponding ciphertext by using the private key factor q to obtain a digital certificate PC and a private key factor c, and finally calculating by using the private key b and the private key factor c to obtain a complete private key s corresponding to the digital certificate PC.
For the digital certificate, there are long-term certificate and short-term certificate, which are usually in the field of the car networking V2X, such as a pseudonymous certificate, the usage period of which is one week, 20 pseudonymous certificates are applied for the corresponding vehicle-mounted terminal every week, one pseudonymous certificate is randomly selected from the pseudonymous certificate list every 5 minutes during the application process and used as a message signature certificate, and in a specific application scenario, the pseudonymous certificate is also required to be randomly changed every two kilometers. Therefore, before each pseudonymous certificate is issued, the seed public key provided by the vehicle-mounted terminal needs to be expanded, and then the application for issuing the pseudonymous certificate is based on the expanded public key, specifically:
in step S103, after the certificate registration server passes the verification of the digital certificate application request, performing a first round of expansion calculation using the public key factor a and the symmetric key ck for signature to obtain a public key B1 for signature, and performing a first round of expansion calculation using the public key factor P and the symmetric key ek for encryption to obtain a public key Q1 for encryption; repeating n rounds of extension operations to obtain (Bi, Qi), i = (1, …, n);
In step S104, the public key factor C and n Bi are operated one by one to obtain a complete public key Si; the certificate signing server signs and issues data to be signed based on the complete public key Si to obtain a digital certificate PCi, encrypts the digital certificate PCi and a private key factor c by using a corresponding public key Qi and then sends a ciphertext to a certificate registration server;
in step S106, after receiving the digital certificate download response returned by the certificate access server, the vehicle-mounted terminal performs n rounds of calculations with the symmetric key ck for signature and the symmetric key ek for encryption by using the private key factor a and the private key factor p, respectively, to obtain a private key bi for signature and a private key qi for encryption, i = (1, …, n);
and decrypting the corresponding ciphertext by using the private key factor qi to obtain the digital certificate PCi and a private key factor c, and finally calculating by using the private key bi and the private key factor c to obtain a complete private key si corresponding to the digital certificate PCi.
In other embodiments, when the digital certificate is a pseudonymous certificate, the certificate registration server is further configured to form a link value of the pseudonymous certificate, and form a pseudonymous certificate issuance request based on the link value. The certificate registration server includes the functionality of a link mechanism that is capable of forming a link value for a pseudonymous certificate to support efficient revocation of pseudonymous certificates.
Example 2
This example differs from example 1 in that: road side equipment is added on the basis of the embodiment 1, because in a specific application scenario, a vehicle-mounted terminal (such as a vehicle) may not have an available Uu network interface, that is, cannot be in direct network connection with a certificate access server, at this time, information can be transferred by the road side equipment, that is, point-to-point short-distance communication can be performed between the vehicle-mounted terminal and the road side equipment through the PC 5.
The specific process comprises the following steps:
in the step S101, the vehicle-mounted terminal carries out short-distance communication with the road side equipment, and after the vehicle-mounted terminal generates a digital certificate application request, the road side equipment sends the digital certificate application request to the certificate access server;
in step S103, the certificate access server returns a digital certificate application response to the vehicle-mounted terminal through the road side device;
in step S106, the vehicle-mounted terminal requests the certificate access server to download a compressed packet of the digital certificate through the road side device.
In this embodiment, if the certificate authority verifies that the certificate application request passes, the digital certificate application response includes digital certificate download time.
The vehicle-mounted terminal can determine when to start a digital certificate downloading process according to the digital certificate downloading time provided by the certificate registration server; judging whether the digital certificate downloading time is up or not by the vehicle-mounted terminal; and if the downloading time is up, the vehicle-mounted terminal establishes a secure connection with the certificate access server. And the vehicle-mounted terminal sends a certificate downloading request to the certificate access server and transmits the certificate downloading request through the established secure communication channel. The certificate access server receives the certificate downloading request and forwards the certificate downloading request to the certificate registration authority, and the certificate registration authority verifies the certificate downloading request. And after the verification is successful, the certificate access server sends a certificate downloading response message to the vehicle-mounted terminal, wherein the certificate downloading response message comprises a digital certificate compression packet. And the vehicle-mounted terminal carries out safe storage on the pseudonymous certificate.
In a specific application scenario, in this embodiment, as shown in fig. 3, the road side devices in steps S101, S103, and S106 are all the same road side device, so that the effect that the vehicle-mounted terminal applies for the digital certificate without the Uu port network is achieved. However, as shown in fig. 4, the vehicle-mounted terminal sends the application request to the certificate registration server through the first roadside device, and since the vehicle-mounted terminal is traveling, the vehicle-mounted terminal may already be at the second location after the certificate issuing server issues the digital certificate, and the digital certificate may be downloaded through the second roadside device at the second location. Therefore, the road side devices in steps S101 and S103 are the same road side device, and the road side device in step S106 is a different road side device from the road side device in step S101 or S103. Therefore, the effect that the vehicle-mounted terminal realizes mobile application of the digital certificate under the condition of no Uu port network is achieved.
Example 3
As shown in fig. 2, the present embodiment provides a digital certificate application system based on V2X, which includes a certificate access server, a certificate registration server, and a certificate issuing server; the certificate registration server is respectively connected with the certificate access server and the certificate issuing server in a communication way; when the vehicle-mounted terminal applies for the digital certificate, the steps of the digital certificate application method based on V2X described in embodiment 1 are executed.
Example 4
As shown in fig. 3 and 4, the present embodiment provides a digital certificate application system based on V2X, including a road side device, a certificate access server, a certificate registration server, and a certificate issuing server; the certificate registration server is respectively connected with the certificate access server and the certificate issuing server in a communication way; when the vehicle-mounted terminal applies for the digital certificate, the steps of the digital certificate application method based on V2X described in embodiment 2 are executed.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the appended claims.

Claims (10)

1. A digital certificate application method based on V2X, comprising:
step S101, a vehicle-mounted terminal generates a digital certificate application request and sends the digital certificate application request to a certificate access server;
step S102, the certificate access server forwards the digital certificate application request to the certificate registration server;
Step S103, the certificate registration server verifies the digital certificate application request, after the verification is passed, the digital certificate signing and issuing request is sent to the certificate signing and issuing server, and meanwhile, a digital certificate application response is returned to the certificate access server;
step S104, the certificate issuing server issues a digital certificate and returns the digital certificate to the certificate registration server;
step S105, the certificate registration server receives the digital certificate and compresses the digital certificate to form a download package, and the download package is synchronized to the certificate access server;
and step S106, the vehicle-mounted terminal requests the certificate access server to download the compressed package of the digital certificate according to the received digital certificate application response forwarded by the certificate access server.
2. The V2X-based digital certificate application method according to claim 1, wherein:
in the step S101, the vehicle-mounted terminal carries out short-distance communication with the road side equipment, and after the vehicle-mounted terminal generates a digital certificate application request, the road side equipment sends the digital certificate application request to the certificate access server;
in step S103, the certificate access server returns a digital certificate application response to the vehicle-mounted terminal through the road side device;
in step S106, the vehicle-mounted terminal requests the certificate access server to download a compressed packet of the digital certificate through the road side device.
3. The V2X-based digital certificate application method according to claim 2, wherein: the digital certificate application response includes a digital certificate download time.
4. The V2X-based digital certificate application method according to claim 2 or 3, wherein: the road side devices in steps S101, S103 and S106 are all the same road side device.
5. The V2X-based digital certificate application method according to claim 2 or 3, wherein: the road side devices in steps S101 and S103 are the same road side device, and the road side device in step S106 and the road side device in step S101 or S103 are different road side devices.
6. The V2X-based digital certificate application method according to claim 1, wherein: the certificate application request at least comprises certificate application information and a registration certificate.
7. The V2X-based digital certificate application method according to claim 6, wherein:
in step S101, when the vehicle-mounted terminal generates a digital certificate application request, two pairs of seed public and private key pairs are generated by using an asymmetric key algorithm: a key pair for signature (A, a) for issuing a digital certificate, and a key pair for encryption (P, P) for encrypting a generated pseudonymous certificate; two symmetric keys are generated using a symmetric key algorithm: a symmetric key ck for signature and a symmetric key ek for encryption;
The public key factor A, the public key factor P, the symmetric key ck for signature and the symmetric key ek for encryption are used as certificate application information and are included in a digital certificate application request to be sent to a certificate registration server;
in step S103, after the certificate registration server passes the verification of the digital certificate application request, the public key factor a and the symmetric key ck for signature are used to calculate to obtain a public key B for signature, and the public key factor P and the symmetric key ek for encryption are used to calculate to obtain a public key Q for encryption;
when the certificate registration server sends a digital certificate signing request to the certificate signing server, the public key B for signature and the public key Q for encryption are sent to the certificate signing server;
in step S104, before the certificate issuing server issues the digital certificate, a pair of public and private key pairs (C, C) is randomly generated, wherein public key factors C and B are operated to obtain a complete public key S;
the certificate signing server signs and issues data to be signed based on the complete public key S to obtain a digital certificate PC, encrypts the digital certificate PC and a private key factor c by using a corresponding public key Q, and then sends the n ciphertexts to a certificate registration server;
in step S106, after receiving a digital certificate download response returned by the certificate access server, the vehicle-mounted terminal calculates a private key factor a and a private key factor p with a symmetric key ck for signature and a symmetric key ek for encryption respectively to obtain a private key b for signature and a private key q for encryption;
And decrypting the corresponding ciphertext by using the private key factor q to obtain a digital certificate PC and a private key factor c, and finally calculating by using the private key b and the private key factor c to obtain a complete private key s corresponding to the digital certificate PC.
8. The V2X-based digital certificate application method according to claim 7, wherein:
in step S103, after the certificate registration server passes the verification of the digital certificate application request, performing a first round of expansion calculation using the public key factor a and the symmetric key ck for signature to obtain a public key B1 for signature, and performing a first round of expansion calculation using the public key factor P and the symmetric key ek for encryption to obtain a public key Q1 for encryption; repeating n rounds of extension operations to obtain (Bi, Qi), i = (1, …, n);
in step S104, the public key factor C and n Bi are operated one by one to obtain a complete public key Si; the certificate signing server signs and issues data to be signed based on the complete public key Si to obtain a digital certificate PCi, encrypts the digital certificate PCi and a private key factor c by using a corresponding public key Qi and then sends a ciphertext to a certificate registration server;
in step S106, after receiving the digital certificate download response returned by the certificate access server, the vehicle-mounted terminal performs n rounds of calculations with the symmetric key ck for signature and the symmetric key ek for encryption by using the private key factor a and the private key factor p, respectively, to obtain a private key bi for signature and a private key qi for encryption, i = (1, …, n);
And decrypting the corresponding ciphertext by using the private key factor qi to obtain the digital certificate PCi and a private key factor c, and finally calculating by using the private key bi and the private key factor c to obtain a complete private key si corresponding to the digital certificate PCi.
9. A digital certificate application system based on V2X, characterized in that: the system comprises a certificate access server, a certificate registration server and a certificate issuing server; the certificate registration server is respectively connected with the certificate access server and the certificate issuing server in a communication way; when the vehicle-mounted terminal applies for the digital certificate, the steps of the digital certificate application method based on V2X as claimed in claim 1, 6, 7 or 8 are executed.
10. A digital certificate application system based on V2X, characterized in that: the system comprises road side equipment, a certificate access server, a certificate registration server and a certificate signing server; the certificate registration server is respectively connected with the certificate access server and the certificate issuing server in a communication way; when the vehicle-mounted terminal applies for the digital certificate, the steps of the digital certificate application method based on V2X as claimed in claim 2, 3, 4 or 5 are executed.
CN202010548772.4A 2020-06-16 2020-06-16 Digital certificate application method and system based on V2X Active CN111865919B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010548772.4A CN111865919B (en) 2020-06-16 2020-06-16 Digital certificate application method and system based on V2X

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010548772.4A CN111865919B (en) 2020-06-16 2020-06-16 Digital certificate application method and system based on V2X

Publications (2)

Publication Number Publication Date
CN111865919A true CN111865919A (en) 2020-10-30
CN111865919B CN111865919B (en) 2022-02-11

Family

ID=72987235

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010548772.4A Active CN111865919B (en) 2020-06-16 2020-06-16 Digital certificate application method and system based on V2X

Country Status (1)

Country Link
CN (1) CN111865919B (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112738761A (en) * 2020-12-25 2021-04-30 高新兴智联科技有限公司 Automobile electronic identification and V2X authentication combination method
CN113163375A (en) * 2021-03-31 2021-07-23 郑州信大捷安信息技术股份有限公司 Air certificate issuing method and system based on NB-IoT communication module
CN113301523A (en) * 2021-04-14 2021-08-24 江铃汽车股份有限公司 Application and update method and system for V2X vehicle-mounted terminal digital certificate
CN113541939A (en) * 2021-06-25 2021-10-22 上海吉大正元信息技术有限公司 Internet of vehicles digital certificate issuing method and system
WO2023010871A1 (en) * 2021-08-05 2023-02-09 中兴通讯股份有限公司 Vehicle-infrastructure cooperation-based certificate application method and apparatus, computer device, and medium
CN116094730A (en) * 2023-01-18 2023-05-09 中国第一汽车股份有限公司 Vehicle ECU digital certificate application method and system
CN116846561A (en) * 2023-06-13 2023-10-03 车百智能网联研究院(武汉)有限公司 Digital certificate management method and system based on V2X communication
US11792645B2 (en) 2021-03-10 2023-10-17 Qualcomm Incorporated Authenticating plaintext and ciphertext in a vehicle-to-everything (V2X) message

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101521881A (en) * 2009-03-24 2009-09-02 刘建 Method and system for assessing wireless local area network
CN105393489A (en) * 2013-04-26 2016-03-09 维萨国际服务协会 Providing digital certificates
US20190149342A1 (en) * 2017-11-14 2019-05-16 INTEGRITY Security Services, Inc. Systems, methods, and devices for multi-stage provisioning and multi-tenant operation for a security credential management system
CN111133729A (en) * 2017-09-05 2020-05-08 思杰系统有限公司 Securing security of a data connection for communication between two endpoints

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101521881A (en) * 2009-03-24 2009-09-02 刘建 Method and system for assessing wireless local area network
CN105393489A (en) * 2013-04-26 2016-03-09 维萨国际服务协会 Providing digital certificates
CN111133729A (en) * 2017-09-05 2020-05-08 思杰系统有限公司 Securing security of a data connection for communication between two endpoints
US20190149342A1 (en) * 2017-11-14 2019-05-16 INTEGRITY Security Services, Inc. Systems, methods, and devices for multi-stage provisioning and multi-tenant operation for a security credential management system

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
BENEDIKT BRECHT: "A Security Credential Management System for V2X Communications", 《IEEE》 *
伍思义: "电子数字证书签发系统CA及其交叉认证(二)", 《计算机安全》 *
黄海等: "遵循X.509标准的CA认证中心设计与实现", 《计算技术与自动化》 *

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112738761A (en) * 2020-12-25 2021-04-30 高新兴智联科技有限公司 Automobile electronic identification and V2X authentication combination method
US11792645B2 (en) 2021-03-10 2023-10-17 Qualcomm Incorporated Authenticating plaintext and ciphertext in a vehicle-to-everything (V2X) message
CN113163375A (en) * 2021-03-31 2021-07-23 郑州信大捷安信息技术股份有限公司 Air certificate issuing method and system based on NB-IoT communication module
CN113163375B (en) * 2021-03-31 2022-02-11 郑州信大捷安信息技术股份有限公司 Air certificate issuing method and system based on NB-IoT communication module
CN113301523A (en) * 2021-04-14 2021-08-24 江铃汽车股份有限公司 Application and update method and system for V2X vehicle-mounted terminal digital certificate
CN113301523B (en) * 2021-04-14 2022-09-16 江铃汽车股份有限公司 Application and update method and system for V2X vehicle-mounted terminal digital certificate
CN113541939A (en) * 2021-06-25 2021-10-22 上海吉大正元信息技术有限公司 Internet of vehicles digital certificate issuing method and system
CN113541939B (en) * 2021-06-25 2022-12-06 上海吉大正元信息技术有限公司 Internet of vehicles digital certificate issuing method and system
WO2023010871A1 (en) * 2021-08-05 2023-02-09 中兴通讯股份有限公司 Vehicle-infrastructure cooperation-based certificate application method and apparatus, computer device, and medium
CN116094730A (en) * 2023-01-18 2023-05-09 中国第一汽车股份有限公司 Vehicle ECU digital certificate application method and system
CN116846561A (en) * 2023-06-13 2023-10-03 车百智能网联研究院(武汉)有限公司 Digital certificate management method and system based on V2X communication
CN116846561B (en) * 2023-06-13 2024-02-02 车百智能网联研究院(武汉)有限公司 Digital certificate management method and system based on V2X communication

Also Published As

Publication number Publication date
CN111865919B (en) 2022-02-11

Similar Documents

Publication Publication Date Title
CN111865919B (en) Digital certificate application method and system based on V2X
CN110769393B (en) Identity authentication system and method for vehicle-road cooperation
TWI779139B (en) Vehicle virtual key generation and use method, system and user terminal
CN110572418B (en) Vehicle identity authentication method and device, computer equipment and storage medium
US7689828B2 (en) System and method for implementing digital signature using one time private keys
US7424115B2 (en) Generating asymmetric keys in a telecommunications system
US20030147534A1 (en) Method and apparatus for in-vehicle device authentication and secure data delivery in a distributed vehicle network
CN112671798B (en) Service request method, device and system in Internet of vehicles
CN110324335B (en) Automobile software upgrading method and system based on electronic mobile certificate
CN112039951A (en) Safe distribution method, device and system of vehicle Bluetooth key and storage medium
CN110768938A (en) Vehicle safety communication method and device
CN107026823B (en) Access authentication method and terminal applied to Wireless Local Area Network (WLAN)
GB2454641A (en) Security in a telecommunications network
CN111601280B (en) Access verification method and device
CN112565294B (en) Identity authentication method based on block chain electronic signature
CN113572795B (en) Vehicle safety communication method, system and vehicle-mounted terminal
CN114327532A (en) Automobile OTA (over the air) upgrade information security implementation method based on digital signature and encryption
CN115665138A (en) Automobile OTA (over the air) upgrading system and method
CN114095919A (en) Certificate authorization processing method based on Internet of vehicles and related equipment
CN116614811A (en) Distributed information authentication method and system for Internet of vehicles
Kleberger et al. Protecting vehicles against unauthorised diagnostics sessions using trusted third parties
CN112423298B (en) Identity authentication system and method for road traffic signal management and control facility
US10263976B2 (en) Method for excluding a participant from a group having authorized communication
CN112866240A (en) Safety communication method and equipment for Internet of vehicles
KR102049262B1 (en) Telematics system with security

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
PE01 Entry into force of the registration of the contract for pledge of patent right

Denomination of invention: A Digital Certificate Application Method and System Based on V2X

Effective date of registration: 20230412

Granted publication date: 20220211

Pledgee: China Construction Bank Corporation Zhengzhou Jinshui sub branch

Pledgor: ZHENGZHOU XINDA JIEAN INFORMATION TECHNOLOGY Co.,Ltd.

Registration number: Y2023980037751

PE01 Entry into force of the registration of the contract for pledge of patent right