CN112152791B

CN112152791B - Certificate updating method and related equipment

Info

Publication number: CN112152791B
Application number: CN201910569179.5A
Authority: CN
Inventors: 朱锦涛; 彭宇才
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Cloud Computing Technologies Co Ltd
Priority date: 2019-06-27
Filing date: 2019-06-27
Publication date: 2021-12-03
Anticipated expiration: 2039-06-27
Also published as: CN112152791A; WO2020259519A1

Abstract

The embodiment of the application discloses a certificate updating method and related equipment, wherein the certificate updating method comprises the following steps: when the first certificate of authenticity cannot be queried locally by the terminal equipment of the Internet of vehicles, the terminal equipment of the Internet of vehicles sends a certificate of authenticity query request to the terminal equipment of the Internet of vehicles to query the first certificate of authenticity. Then, the Internet of vehicles network equipment inquires the first certificate of authentication according to the certificate of authentication inquiry request. When the vehicle networking network equipment determines that the first authentication certificate exists, the vehicle networking network equipment sends a certificate updating notice to the vehicle networking terminal equipment. Then, after the vehicle networking network device receives the certificate updating request sent by the vehicle networking terminal device, the vehicle networking network device sends the target verification certificate to the vehicle networking terminal device. Therefore, timely updating of the certificate can be guaranteed between the vehicle networking terminal device and the vehicle networking network device.

Description

Certificate updating method and related equipment

Technical Field

The embodiment of the application relates to the field of Internet of vehicles, in particular to a certificate updating method and related equipment.

Background

A digital certificate is a file that is digitally signed by a Certificate Authority (CA) that contains the owner information of the public key and the public key. Since the certificate authority is a third party authority which is authoritative and fair, the integrity of information transmission and the non-repudiation of information interaction can be ensured by applying the digital certificate to the information transmission among all the vehicle networking terminals in the vehicle networking. Since the digital certificate has a certain time limit, in order to ensure that the technology taking the digital certificate as a core can be reliably realized, the digital certificate in the internet of vehicles needs to be updated in time.

Generally, the terminal device of the internet of vehicles is provided with an update period when leaving the factory, the terminal device of the internet of vehicles will apply for updating the digital certificate to the network device of the internet of vehicles regularly according to the update period, and the network device of the internet of vehicles will also apply for updating the digital certificate to the certificate issuing device regularly.

In such a scheme, the update cycle of the digital certificate in the internet of vehicles network equipment and the digital certificate in the internet of vehicles terminal equipment is set by the manufacturer, and the duration of the update cycle is set to be long. Therefore, the digital certificates in the terminal device and the network device cannot be updated in time, and service processing delay or service processing failure of the terminal device is caused.

Disclosure of Invention

The embodiment of the application provides a certificate updating method and related equipment, which are used for ensuring that digital certificates in terminal equipment and network equipment in the Internet of vehicles are updated in time.

In a first aspect, an embodiment of the present application provides a certificate updating method, including: when the first certificate of authenticity cannot be locally inquired by the terminal equipment of the internet of vehicles, the terminal equipment of the internet of vehicles sends a certificate of authenticity inquiry request to the terminal equipment of the internet of vehicles. Then, the vehicle networking network device may receive a certificate of authenticity query request sent by the vehicle networking terminal device, where the certificate of authenticity query request is used for querying the first certificate of authenticity. Then, the vehicle networking network equipment inquires the first certificate of authenticity in the vehicle networking network equipment according to the certificate of authenticity inquiry request. When the vehicle networking network equipment determines that the first verification certificate exists, the vehicle networking network equipment sends a certificate updating notification to the vehicle networking terminal equipment, and the certificate updating notification is used for prompting the vehicle networking terminal equipment to send a certificate updating request to the vehicle networking network equipment. The vehicle networking network device may then receive the certificate update request sent by the vehicle networking terminal device. Then, the internet of vehicles device sends the target certificate of authenticity to the internet of vehicles terminal device, wherein the target certificate of authenticity comprises the first certificate of authenticity.

In the embodiment of the application, since the terminal device in the internet of vehicles sends the certificate authority request to the network device in the internet of vehicles to inquire the first certificate authority, it indicates that the first certificate authority is not stored in the terminal device in the internet of vehicles; and if the vehicle networking network device can determine that the first authentication certificate exists, it indicates that the vehicle networking network device can acquire the first authentication certificate. Therefore, the vehicle networking network device can determine that the certificate of authenticity in the vehicle networking network device is inconsistent with the certificate of authenticity in the vehicle networking terminal device, and then the vehicle networking network device sends a certificate updating notification to the vehicle networking terminal device, so that the vehicle networking terminal device sends a certificate updating request to the vehicle networking network device, and a target certificate of authenticity in the vehicle networking network device is obtained. Therefore, timely updating of the certificate can be guaranteed between the terminal equipment of the internet of vehicles and the network equipment of the internet of vehicles, and the probability of service processing delay or service processing failure of the terminal equipment of the internet of vehicles caused by untimely updating of the certificate is further reduced.

According to the first aspect, in a first implementation manner of the first aspect of the embodiment of the present application, after the network device receives the certificate verification query request sent by the network device, before the network device sends a certificate update notification to the network device, the method further includes: the vehicle networking network equipment checks the legality of the registration certificate; when the Internet of vehicles equipment determines that the registration certificate is a legal certificate of the Internet of vehicles terminal equipment, the Internet of vehicles equipment queries the first verification certificate according to the identification information, and the first verification certificate is a superior signed certificate of the unknown pseudonymous certificate; when the vehicle networking network equipment determines that the first certificate of authentication exists, the vehicle networking network equipment triggers a step of sending a certificate updating notice to the vehicle networking terminal equipment. In this embodiment, the certificate authority request includes identification information of a certificate authority in the registration certificate and the unknown pseudonymous certificate of the terminal device in the internet of vehicles.

In this embodiment, the network device in the internet of vehicles can only inquire the first certificate of authenticity for the legal terminal device in the internet of vehicles. Therefore, before querying the first certificate of authenticity, the network device of the internet of vehicles needs to determine the validity of the terminal device of the internet of vehicles that sent the request for querying the certificate of authenticity. When the vehicle networking terminal device determines that the vehicle networking terminal device is a legal vehicle networking terminal device, the vehicle networking terminal device may query the first certificate of authenticity by using the identification information, and when it is determined that the first certificate of authenticity exists, trigger a step of sending a certificate update notification to the vehicle networking terminal device. In such an embodiment, since the vehicle networking device may know that the first certificate of authenticity does not exist in the vehicle networking terminal device by querying the first certificate of authenticity. The vehicle networking network device may then determine that the certificate of authenticity in the vehicle networking terminal device is inconsistent with the certificate of authenticity in the vehicle networking network device, and may then trigger the step of sending a certificate update notification to the vehicle networking terminal device.

According to the first aspect, in a second implementation manner of the first aspect of the embodiment of the present application, after the network device receives the certificate of authentication query request sent by the network device, the method further includes: the vehicle networking network equipment checks the legality of the registration certificate; when the Internet of vehicles equipment determines that the registration certificate is a legal certificate of the Internet of vehicles terminal equipment, the Internet of vehicles equipment queries the first verification certificate according to the identification information, and the first verification certificate is a superior signed certificate of the unknown pseudonymous certificate; when the vehicle networking network equipment determines that the first verification certificate exists, the vehicle networking network equipment triggers a step of sending a certificate updating notification to the vehicle networking terminal equipment, and the vehicle networking network equipment adopts the first verification certificate to verify the unknown pseudonymous certificate to obtain a verification result of the unknown pseudonymous certificate, wherein the verification result is used for indicating the validity of the unknown pseudonymous certificate; and the Internet of vehicles network equipment sends the verification result of the unknown pseudonymous name certificate to the Internet of vehicles terminal equipment. In this embodiment, the certificate verification query request includes a registration certificate of the terminal device in the internet of vehicles and an unknown pseudonymous certificate, where the unknown pseudonymous certificate carries identification information of the certificate verification.

In this embodiment, another way of encapsulating registration certificates and identification information is proposed. Specifically, the registration certificate and the unknown pseudonymous certificate are both encapsulated in the certificate of authenticity query request. Then, after querying the first certificate of authenticity, the network device may verify the unknown pseudonymous certificate with the first certificate of authenticity and send the verification result to the network device. Therefore, the vehicle networking terminal device does not need to adopt the first certificate of authenticity to verify the unknown pseudonymous certificate after receiving the first certificate of authenticity. In such an embodiment, the computational overhead of the terminal device in the vehicle networking system may be reduced, so that after receiving the first certificate of authenticity and the verification result, the terminal device in the vehicle networking system may perform other business processes directly according to the first certificate of authenticity and the verification result. Therefore, timely updating of the first certificate can be guaranteed, and the probability of service processing delay or service processing failure of the terminal equipment of the internet of vehicles caused by the fact that the first certificate is not updated timely is reduced.

According to the first implementation manner of the first aspect or the second implementation manner of the first aspect, in a third implementation manner of the first aspect of this embodiment of the present application, after the vehicle networking network device determines that the first certificate of authenticity exists, before the vehicle networking network device sends the target certificate of authenticity to the vehicle networking terminal device, the method further includes: the vehicle networking network equipment sends the first certificate of authentication to the vehicle networking terminal equipment.

In this embodiment, since the terminal device of the internet of vehicles needs the first certificate of authenticity to authenticate the PC5 message received by the terminal device of the internet of vehicles, the terminal device of the internet of vehicles will send the first certificate of authenticity to the terminal device of the internet of vehicles when determining that the first certificate of authenticity exists, so that the terminal device of the internet of vehicles can perform other services according to the first certificate of authenticity.

According to any one implementation manner of the first aspect to the third implementation manner of the first aspect, in a fourth implementation manner of the first aspect of the embodiment of the present application, the querying, by the network device of the internet of vehicles, the first certificate of authentication according to the identification information includes: the Internet of vehicles network equipment inquires a first certificate of authenticity from a database of the Internet of vehicles network equipment according to the identification information; or the vehicle networking network equipment inquires the first verification certificate from the certificate issuing equipment according to the identification information.

In this embodiment, a specific embodiment of querying the first certificate of authenticity is proposed. Specifically, in the process of querying the first certificate of authenticity, the network device of the vehicle networking may query the first certificate of authenticity from a database of the network device of the vehicle networking according to the identification information, and the network device of the vehicle networking may also query the first certificate of authenticity from the certificate issuing device according to the identification information. Thus, implementation flexibility of the scheme can be enhanced.

According to the first aspect, in a fifth implementation manner of the first aspect of this embodiment of the present application, when the vehicle networking network device determines that the first certificate of authentication does not exist, the method further includes: the vehicle networking network equipment sends a prompt message to the vehicle networking terminal equipment, and the prompt message is used for prompting that the first verification certificate does not exist in the vehicle networking terminal equipment.

In this embodiment, after the car networking network device determines that the car networking terminal device is a legal car networking terminal device, if the car networking network device determines that the first verification certificate does not exist, the car networking network device sends a prompt message to the car networking terminal device to prompt that the car networking terminal device does not exist the first verification certificate. In such an implementation manner, the terminal device of the internet of vehicles can be reminded in time to avoid that the terminal device of the internet of vehicles waits for the first certificate of authenticity all the time and delays other business operations.

According to the first aspect, or any one of the first implementation manner of the first aspect to the fifth implementation manner of the first aspect, in a sixth implementation manner of the first aspect of the embodiment of the present application, before the network device sends the certificate update notification to the network device, the method further includes: the Internet of vehicles network equipment acquires the target verification certificate from the certificate issuing equipment.

In this embodiment, a manner is provided in which the network device in the internet of vehicles can obtain the target certificate of authenticity from the certificate issuing device, so that the certificate of authenticity in the network device in the internet of vehicles can be updated in time, and it is further ensured that the target certificate of authenticity obtained by the network device in the internet of vehicles contains more certificates of authenticity newly issued by the certificate issuing device or certificates of authenticity newly modified by the certificate issuing device.

According to the first aspect, or any one of the first implementation manner of the first aspect to the sixth implementation manner of the first aspect, in a seventh implementation manner of the first aspect of the embodiment of the present application, the certificate update request includes first version information of the authentication certificate of the terminal device in the internet of vehicles; before the network device sends the target certificate to the terminal device, the method further includes: the Internet of vehicles network equipment determines a second certificate of authenticity corresponding to the first version information, wherein the second certificate of authenticity is different from the first certificate of authenticity; the vehicle networking network device determines a certificate in the vehicle networking network device different from the second certificate of authenticity as a target certificate of authenticity, the target certificate of authenticity comprising at least one certificate of authenticity.

In the present embodiment, an embodiment is provided in which a target certificate of authenticity is determined based on first version information. In this embodiment, the vehicle networking network device determines the certificate of authenticity different from the second certificate of authenticity as the target certificate of authenticity, and thus, the vehicle networking network device is prevented from sending the existing certificate of authenticity of the vehicle networking terminal device to the vehicle networking terminal device.

According to the first aspect, or any one of the first implementation manner of the first aspect to the sixth implementation manner of the first aspect, in an eighth implementation manner of the first aspect of the embodiment of the present application, the certificate update request includes first version information of the authentication certificate of the terminal device in the internet of vehicles; before the network device sends the target certificate to the terminal device, the method further includes: the Internet of vehicles network equipment compares the latest version information of the certificate of authenticity with the first version information; when the first version information is inconsistent with the latest version information, the internet of vehicles network equipment determines that the certificate of authenticity corresponding to the latest version information is a target certificate of authenticity, and the target certificate of authenticity comprises at least one certificate of authenticity.

In the present embodiment, another embodiment is provided in which the target certificate of authenticity is determined based on the first version information. In the embodiment, the vehicle networking network device directly sends the verification certificate corresponding to the latest version information to the vehicle networking terminal device, so that the condition that a certain verification certificate is missed is avoided.

In a second aspect, an embodiment of the present application provides a certificate updating method, including: when the car networking terminal device receives the PC5 message sent by other car networking terminal devices, the car networking terminal device checks the validity of the pseudonymous name certificate carried in the PC5 message. Specifically, the terminal equipment of the internet of vehicles inquires a first certificate of authenticity in a database of the terminal equipment of the internet of vehicles according to the identification information of the certificate of authenticity in the pseudonymous certificate. If the first certificate of authenticity is not queried in the database of the terminal device of internet of vehicles, the terminal device of internet of vehicles may send a certificate of authenticity query request to the terminal device of internet of vehicles, where the certificate of authenticity query request is used to query the first certificate of authenticity. Then, when the vehicle networking network device determines that the first authentication certificate exists, the vehicle networking terminal device receives a certificate updating notification sent by the vehicle networking network device. Then, the terminal device of the internet of vehicles sends a certificate update request to the network device of the internet of vehicles to request the network device of the internet of vehicles to send a target authentication certificate to the terminal device of the internet of vehicles. Then, the terminal device may receive the target certificate of authenticity sent by the network device, where the target certificate of authenticity includes the first certificate of authenticity.

According to a second aspect, in the first implementation manner of the second aspect of the embodiments of the present application, the certificate authority request includes identification information of a certificate authority in the registration certificate and the unknown pseudonymous certificate of the terminal device in the internet of vehicles; before the terminal device of the internet of vehicles receives the certificate update notification sent by the network device of the internet of vehicles, the method further comprises: when the vehicle networking network equipment determines that a first verification certificate exists, the vehicle networking terminal equipment receives the first verification certificate sent by the vehicle networking network equipment, the first verification certificate corresponds to the identification information, and the first verification certificate is a superior signing and issuing certificate of the unknown pseudonymous certificate.

According to the second aspect, in a second implementation manner of the second aspect of the embodiment of the present application, the certificate authority query request includes a registration certificate of the terminal device in the internet of vehicles and an unknown pseudonymous certificate, where the unknown pseudonymous certificate carries identification information of the certificate authority; before the terminal device of the internet of vehicles receives the certificate update notification sent by the network device of the internet of vehicles, the method further comprises: the terminal equipment of the internet of vehicles receives the checking result sent by the network equipment of the internet of vehicles, and the checking result is used for indicating the validity of the unknown pseudonymous certificate.

In this embodiment, after querying the first certificate, the network device may check the unknown pseudonymous name certificate by using the first certificate, and send a check result to the network device. Therefore, the vehicle networking terminal device does not need to adopt the first certificate of authenticity to verify the unknown pseudonymous certificate after receiving the first certificate of authenticity. In such an embodiment, the computational overhead of the terminal device in the vehicle networking system may be reduced, so that after receiving the first certificate of authenticity and the verification result, the terminal device in the vehicle networking system may perform other business processes directly according to the first certificate of authenticity and the verification result. Therefore, timely updating of the first certificate can be guaranteed, and the probability of service processing delay or service processing failure of the terminal equipment of the internet of vehicles caused by the fact that the first certificate is not updated timely is reduced.

According to the second aspect, in a third implementation manner of the second aspect of the embodiment of the present application, before the terminal device receives the certificate update notification sent by the network device, the method further includes: when the vehicle networking network equipment determines that the first verification certificate does not exist, the vehicle networking terminal equipment receives a prompt message sent by the vehicle networking network equipment, and the prompt message is used for prompting that the vehicle networking terminal equipment does not exist the first verification certificate.

In this embodiment, after the car networking network device determines that the car networking terminal device is a legal car networking terminal device, if the car networking network device determines that the first verification certificate does not exist, the car networking terminal device may receive a prompt message sent by the car networking network device, where the prompt message is used to prompt that the car networking terminal device does not exist the first verification certificate. In such an implementation manner, the terminal device of the internet of vehicles can be reminded in time to avoid that the terminal device of the internet of vehicles waits for the first certificate of authenticity all the time and delays other business operations.

According to the second aspect and any one implementation manner of the first implementation manner of the second aspect to the third implementation manner of the second aspect, in a fourth implementation manner of the second aspect of the embodiment of the present application, before the terminal device of the internet of vehicles sends the request for the certificate of authentication to the network device of the internet of vehicles, the method further includes: the Internet of vehicles terminal equipment receives the unknown pseudonymous certificate, and the unknown pseudonymous certificate carries the identification information; the vehicle networking terminal device determines that the first certificate of authenticity does not exist in the database of the vehicle networking terminal device according to the identification information.

In this embodiment, it is proposed that the terminal device of the internet of vehicles queries the first certificate of authenticity from the network device of the internet of vehicles only when the terminal device of the internet of vehicles does not query the first certificate of authenticity from the database of the terminal device of the internet of vehicles. Therefore, the fact that the vehicle networking terminal device directly queries the vehicle networking network device without querying from the database of the vehicle networking terminal device can be avoided.

In a third aspect, an embodiment of the present application provides a certificate updating method, including: the method comprises the steps that the Internet of vehicles network equipment obtains a first target verification certificate from certificate issuing equipment; the Internet of vehicles network equipment sends a certificate updating notice to the Internet of vehicles terminal equipment; the Internet of vehicles network equipment receives a certificate updating request sent by the Internet of vehicles terminal equipment; the vehicle networking network equipment sends a second target certificate of authenticity to the vehicle networking terminal equipment, wherein the second target certificate of authenticity comprises the first target certificate of authenticity.

In the embodiment of the application, the network device in the internet of vehicles can acquire the first target certificate of authenticity from the certificate issuing device, and the first target certificate of authenticity is a certificate of authenticity newly issued by the certificate issuing device or a certificate of authenticity newly modified by the certificate issuing device. Therefore, the internet of vehicles network device may determine that the first target certificate of authentication that the internet of vehicles network device just obtained does not appear in the internet of vehicles terminal device, that is, the certificate of authentication in the internet of vehicles network device is inconsistent with the certificate of authentication in the internet of vehicles terminal device, and then the internet of vehicles network device sends a certificate update notification to the internet of vehicles terminal device, so that the internet of vehicles terminal device sends a certificate update request to the internet of vehicles network device, thereby obtaining the second target certificate of authentication in the internet of vehicles network device. Therefore, timely updating of the certificate can be guaranteed between the terminal equipment of the internet of vehicles and the network equipment of the internet of vehicles, and the probability of service processing delay or service processing failure of the terminal equipment of the internet of vehicles caused by untimely updating of the certificate is further reduced.

According to the third aspect, in the first implementation manner of the third aspect of the embodiment of the present application, before the network device sends the certificate update notification to the network device, the method further includes: the method comprises the steps that the Internet of vehicles network equipment receives a pseudonymous certificate query request sent by the Internet of vehicles terminal equipment, wherein the pseudonymous certificate query request comprises a registration certificate of the Internet of vehicles terminal equipment; when the vehicle networking network equipment determines that the registration certificate is a legal certificate of the vehicle networking terminal equipment, the vehicle networking network equipment inquires a first pseudonymous certificate of the vehicle networking terminal equipment according to the registration certificate of the vehicle networking terminal equipment and acquires the remaining period of the first pseudonymous certificate; when the vehicle networking network equipment determines that the remaining time limit of the first pseudonymous name certificate is smaller than a preset time limit, the vehicle networking network equipment triggers a step of sending a certificate updating notification to the vehicle networking terminal equipment.

In this embodiment, another scenario is provided for triggering the network device to send a certificate update notification to the terminal device in the network device. Because, the vehicle networking network device can acquire the first target verification certificate from the certificate issuing device more frequently. However, if the vehicle networking network device sends a certificate update notification to the vehicle networking terminal device each time the first target certificate of authenticity is acquired, the execution of other services of the vehicle networking network device and the vehicle networking terminal device may be affected. Therefore, the network device may trigger the step of sending the certificate update notification to the terminal device of the network device of the vehicle upon receiving the pseudonymous certificate query request sent by the terminal device of the network device of the vehicle. Such an embodiment may reduce the flow of information between the end devices of the internet of vehicles and the internet of vehicles network device, thereby reducing the chance of affecting the execution of other traffic of the internet of vehicles network device and the internet of vehicles network device.

According to the first implementation manner of the third aspect, in a second implementation manner of the third aspect of this embodiment of the present application, when the internet of vehicles network device determines that the remaining duration of the first pseudonymous name certificate is less than a preset duration, the method further includes: and the Internet of vehicles network equipment sends a target pseudonymous name certificate to the Internet of vehicles terminal equipment, wherein the remaining time limit of the target pseudonymous name certificate is greater than the preset time limit.

In this embodiment, when the network device determines that the remaining duration of the first pseudonymous name certificate is less than the preset duration, the network device sends a target pseudonymous name certificate whose remaining duration is greater than the preset duration to the terminal device of the network device. Therefore, the pseudonymous name certificate in the terminal equipment of the Internet of vehicles can be updated in time.

According to the third aspect, the first implementation manner of the third aspect, or the second implementation manner of the third aspect, in a third implementation manner of the third aspect of the present application example, the certificate update request includes first version information of the certificate of authentication of the terminal device in the internet of vehicles; before the vehicle networking network device sends the second target verification certificate to the vehicle networking terminal device, the method further includes: the Internet of vehicles network equipment determines a second certificate of authentication corresponding to the first version information; the vehicle networking network device determines a certificate in the vehicle networking network device different from the second certificate of authenticity as a second target certificate of authenticity, the second target certificate of authenticity including at least one certificate of authenticity.

In the present embodiment, an embodiment is provided in which the second target certificate of authenticity is determined based on the first version information. In this embodiment, the vehicle networking network device determines the certificate of authenticity different from the second certificate of authenticity as the second target certificate of authenticity, and thus, the vehicle networking network device is prevented from sending the existing certificate of authenticity of the vehicle networking terminal device to the vehicle networking terminal device.

According to the third aspect and any one of the first implementation manner of the third aspect to the third implementation manner of the third aspect, in a fourth implementation manner of the third aspect of the present application example, the certificate update request includes first version information of the certificate of the terminal device in the internet of vehicles; before the network device sends the target certificate to the terminal device, the method further includes: the Internet of vehicles network equipment compares the latest version information of the certificate of authenticity with the first version information; when the first version information is inconsistent with the latest version information, the vehicle networking network equipment determines that the certificate corresponding to the latest version information is a second target certificate, and the second target certificate includes at least one certificate.

In this embodiment, another embodiment is provided in which the second target certificate of authenticity is determined based on the first version information. In the embodiment, the vehicle networking network device directly sends the verification certificate corresponding to the latest version information to the vehicle networking terminal device, so that the condition that a certain verification certificate is missed is avoided.

In a fourth aspect, an embodiment of the present application provides a certificate updating method, including: the terminal equipment of the Internet of vehicles receives a certificate updating notice sent by the network equipment of the Internet of vehicles; the terminal equipment of the Internet of vehicles sends a certificate updating request to the network equipment of the Internet of vehicles; the terminal equipment of the Internet of vehicles receives a second target certificate of authenticity sent by the network equipment of the Internet of vehicles, the second target certificate of authenticity comprises a first target certificate of authenticity, and the first target certificate of authenticity is a certificate of authenticity obtained by the network equipment of the Internet of vehicles from the certificate issuing equipment.

In this embodiment, after the vehicle networking network device acquires the first target certificate from the certificate issuing device, the vehicle networking network device may learn that the first target certificate does not exist in the vehicle networking terminal device, and then, the vehicle networking network device may determine that the digital certificate in the vehicle networking network device is inconsistent with the digital certificate in the vehicle networking terminal device, and then, the vehicle networking network device sends a certificate update notification to the vehicle networking terminal device, so that the vehicle networking terminal device sends a certificate update request to the vehicle networking network device, and thereby acquires the second target certificate in the vehicle networking network device. Therefore, timely updating of the certificate can be guaranteed between the terminal equipment of the internet of vehicles and the network equipment of the internet of vehicles, and the probability of service processing delay or service processing failure of the terminal equipment of the internet of vehicles caused by untimely updating of the certificate is further reduced.

According to a fourth aspect, in the first implementation manner of the fourth aspect of the embodiment of the present application, before the terminal device receives the certificate update notification sent by the network device, the method further includes: the method comprises the steps that the vehicle networking terminal equipment sends a pseudonymous name certificate inquiry request to the vehicle networking network equipment, wherein the pseudonymous name certificate inquiry request comprises a registration certificate of the vehicle networking terminal equipment and the remaining term information of a first pseudonymous name certificate, and the remaining term information of the first pseudonymous name certificate is used for indicating that the remaining term of the first pseudonymous name certificate is smaller than a preset term; when the vehicle networking network equipment determines that the registration certificate is a legal certificate of the vehicle networking terminal equipment, the vehicle networking terminal equipment receives a target pseudonymous name certificate sent by the vehicle networking network equipment, and the remaining time limit of the target pseudonymous name certificate is greater than the preset time limit.

In a fifth aspect, an embodiment of the present application provides a network device, including: and the receiving and sending module is used for receiving a certificate verification inquiry request sent by the Internet of vehicles terminal equipment, and the certificate verification inquiry request is used for inquiring the first certificate verification. A processing module to determine whether the first certificate of authenticity exists. The transceiving module is further used for sending a certificate updating notification to the vehicle networking terminal equipment when the processing module determines that the first authentication certificate exists. The receiving and sending module is also used for receiving a certificate updating request sent by the terminal equipment of the Internet of vehicles. The processing module is further configured to determine a target certificate of authenticity. The transceiving module is further configured to send the target certificate of authenticity to the vehicle networking terminal device, where the target certificate of authenticity includes the first certificate of authenticity.

In this embodiment of the application, the transceiver module in the network device may send a certificate update notification to the terminal device in the internet of vehicles and receive a certificate update request when the processing module determines that the first certificate of authenticity exists, and then respond to the certificate update request and send the target certificate of authenticity to the terminal device in the internet of vehicles. Therefore, timely updating of the certificate can be guaranteed between the terminal equipment of the internet of vehicles and the network equipment of the internet of vehicles, and the probability of service processing delay or service processing failure of the terminal equipment of the internet of vehicles caused by untimely updating of the certificate is further reduced.

According to a fifth aspect, in a first implementation manner of the fifth aspect of this embodiment of the present application, the processing module is further configured to: and checking the legality of the registration certificate, and inquiring the first verification certificate according to the identification information when the registration certificate is determined to be the legal certificate of the terminal equipment in the Internet of vehicles. In addition, the processing module is further configured to trigger a step of sending a certificate update notification to the terminal device in the internet of vehicles when it is determined that the first certificate of authenticity exists. In this embodiment, the certificate authority request includes identification information of a certificate authority in the registration certificate and the unknown pseudonymous certificate of the terminal device in the internet of vehicles, and the first certificate authority is an upper-level certificate authority of the unknown pseudonymous certificate.

According to a fifth aspect, in a second implementation manner of the fifth aspect of this embodiment of the present application, the processing module is further configured to: and checking the legality of the registration certificate, and inquiring the first verification certificate according to the identification information when the registration certificate is determined to be the legal certificate of the terminal equipment in the Internet of vehicles. In addition, the processing module is further configured to trigger the step of sending a certificate update notification to the terminal device in the internet of vehicles when it is determined that the first certificate of authentication exists, and verify the unknown pseudonymous certificate with the first certificate of authentication to obtain a verification result of the unknown pseudonymous certificate. In addition, the transceiver module is further configured to send a verification result of the unknown pseudonymous certificate to the terminal device of the internet of vehicles. In this embodiment, the certificate verification query request includes a registration certificate of the terminal device in the internet of vehicles and an unknown pseudonymous certificate, where the unknown pseudonymous certificate carries identification information of the certificate verification. The first certificate of authenticity is an upper-level issuing certificate of the unknown pseudonymous certificate. The verification result is used to indicate the validity of the unknown pseudonymous certificate.

According to the first implementation manner of the fifth aspect or the second implementation manner of the fifth aspect, in a third implementation manner of the fifth aspect of the embodiment of the present application, the transceiver module is further configured to send the first certificate of authenticity to the terminal device of the internet of vehicles.

According to any one of the first implementation manner of the fifth aspect to the third implementation manner of the fifth aspect, in a fourth implementation manner of the fifth aspect of the embodiment of the present application, the processing module is specifically configured to query the database of the internet of vehicles for the first certificate of authenticity according to the identification information, or query the certificate of authenticity from the certificate issuing device according to the identification information.

According to a fifth aspect of the fifth implementation manner of the fifth aspect of the embodiment of the present application, the transceiver module is further configured to send a prompt message to the terminal device of the internet of vehicles, where the prompt message is used to prompt that the terminal device of the internet of vehicles does not have the first certificate of authenticity.

According to the fifth aspect and any one of the first implementation manner of the fifth aspect to the fifth implementation manner of the fifth aspect, in a sixth implementation manner of the fifth aspect of the embodiments of the present application, the processing module is further configured to acquire the target verification certificate from the certificate issuing apparatus.

According to the fifth aspect and any one of the first implementation manner of the fifth aspect to the sixth implementation manner of the fifth aspect, in a seventh implementation manner of the fifth aspect, in an embodiment of the present application, the processing module is further configured to determine a second certificate of authenticity corresponding to the first version information, where the second certificate of authenticity is different from the first certificate of authenticity, and determine a certificate in the internet-of-vehicles network device that is different from the second certificate of authenticity as a target certificate of authenticity, where the target certificate of authenticity includes at least one certificate of authenticity.

According to the fifth aspect and any one of the first implementation manner of the fifth aspect to the sixth implementation manner of the fifth aspect, in an eighth implementation manner of the fifth aspect of the embodiment of the present application, the processing module is further configured to compare latest version information of a certificate of authenticity with the first version information, and when the first version information is inconsistent with the latest version information, determine that the certificate of authenticity corresponding to the latest version information is a target certificate of authenticity, where the target certificate of authenticity includes at least one certificate of authenticity.

In a sixth aspect, an embodiment of the present application provides a terminal device, including: the receiving and sending module is used for sending a certificate verification inquiry request to the Internet of vehicles network equipment, and the certificate verification inquiry request is used for inquiring the first certificate verification. The receiving and sending module is further used for receiving a certificate updating notification sent by the Internet of vehicles network equipment. The receiving and sending module is also used for sending a certificate updating request to the Internet of vehicles network equipment. The transceiving module is further configured to receive the target certificate of authenticity sent by the internet of vehicles network device, where the target certificate of authenticity includes the first certificate of authenticity.

According to a sixth aspect, in the first implementation manner of the sixth aspect of the embodiments of the present application, the certificate authority request includes identification information of a certificate authority in a registration certificate and an unknown pseudonymous certificate of the terminal device in the internet of vehicles; the transceiving module is further configured to receive the first certificate of authenticity sent by the network device of internet of vehicles, where the first certificate of authenticity corresponds to the identification information, and the first certificate of authenticity is a superior signed certificate of the unknown pseudonymous certificate.

According to a sixth aspect, in a second implementation manner of the sixth aspect of this embodiment of the present application, the certificate authority query request includes a registration certificate of the terminal device in the internet of vehicles and an unknown pseudonymous certificate, where the unknown pseudonymous certificate carries identification information of the certificate authority; the transceiving module is further used for receiving a checking result sent by the internet of vehicles network equipment, and the checking result is used for indicating the validity of the unknown pseudonymous certificate.

According to a sixth aspect, in a third implementation manner of the sixth aspect of this embodiment of this application, the transceiver module is further configured to receive a prompt message sent by the car networking network device, where the prompt message is used to prompt that the first certificate of authenticity does not exist in the car networking terminal device.

According to the sixth aspect or any one of the first implementation manner to the third implementation manner of the sixth aspect, in a fourth implementation manner of the sixth aspect of the embodiments of the present application, the transceiver module is further configured to receive the unknown pseudonymous certificate, where the unknown pseudonymous certificate carries the identification information. The terminal device further comprises a processing module, which is used for determining that the first certificate of authentication does not exist in the database of the terminal device connected to the Internet of vehicles according to the identification information.

In a seventh aspect, an embodiment of the present application provides a network device, including: and the processing module is used for acquiring the first target verification certificate from the certificate issuing equipment. And the receiving and sending module is used for sending a certificate updating notice to the terminal equipment of the Internet of vehicles. The receiving and sending module is also used for receiving a certificate updating request sent by the terminal equipment of the Internet of vehicles. In addition, the transceiver module is further configured to send a second target certificate of authenticity to the vehicle networking terminal device, where the second target certificate of authenticity includes the first target certificate of authenticity.

According to a seventh aspect, in a first implementation manner of the seventh aspect of this embodiment of the present application, the transceiver module is further configured to receive a pseudonymous certificate query request sent by a terminal device in a vehicle networking system, where the pseudonymous certificate query request includes a registration certificate of the terminal device in the vehicle networking system. The processing module is further configured to, when it is determined that the registration certificate is a legal certificate of the terminal device in the internet of vehicles, query a first pseudonymous certificate of the terminal device in the internet of vehicles according to the registration certificate of the terminal device in the internet of vehicles, and obtain a remaining term of the first pseudonymous certificate. In addition, the processing module is further configured to trigger a step of sending a certificate update notification to the terminal device in the internet of vehicles when it is determined that the remaining duration of the first pseudonymous certificate is smaller than a preset duration.

According to a first implementation manner of the seventh aspect, in a second implementation manner of the seventh aspect of this embodiment, the transceiver module is further configured to send a target pseudonymous certificate to the car networking terminal device, where a remaining duration of the target pseudonymous certificate is greater than the preset duration.

According to the seventh aspect, the first implementation manner of the seventh aspect, or the second implementation manner of the seventh aspect, in a third implementation manner of the seventh aspect of this embodiment of the present application, the processing module is further configured to determine a second certificate of authenticity corresponding to the first version information, and determine a certificate in the internet of vehicles network device that is different from the second certificate of authenticity as a second target certificate of authenticity, where the second target certificate of authenticity includes at least one certificate of authenticity.

According to the seventh aspect and any one of the first implementation manner to the third implementation manner of the seventh aspect, in a fourth implementation manner of the seventh aspect of this embodiment of the present application, the processing module is further configured to compare latest version information of the certificate of authenticity with the first version information, and when the first version information is inconsistent with the latest version information, determine that the certificate of authenticity corresponding to the latest version information is a second target certificate of authenticity, where the second target certificate of authenticity includes at least one certificate of authenticity.

In an eighth aspect, an embodiment of the present application provides a terminal device, including: and the receiving and sending module is used for receiving the certificate updating notification sent by the Internet of vehicles network equipment. The receiving and sending module is also used for sending a certificate updating request to the Internet of vehicles network equipment. The transceiving module is further configured to receive a second target certificate of authenticity sent by the internet of vehicles network device, where the second target certificate of authenticity includes a first target certificate of authenticity, and the first target certificate of authenticity is a certificate of authenticity obtained by the internet of vehicles network device from the certificate issuing device.

According to an eighth aspect of the first implementation manner of the eighth aspect of the embodiments of the present application, the transceiver module is further configured to send a pseudonymous certificate query request to the car networking network device, where the pseudonymous certificate query request includes the registration certificate of the car networking terminal device and remaining duration information of a first pseudonymous certificate, and the remaining duration information of the first pseudonymous certificate is used to indicate that a remaining duration of the first pseudonymous certificate is less than a preset duration. The transceiving module is further configured to receive a target pseudonymous name certificate sent by the vehicle networking network device, and a remaining time limit of the target pseudonymous name certificate is greater than the preset time limit.

In a ninth aspect, an embodiment of the present application provides a network device, where the network device may be a network device in a vehicle networking, or may be a chip in the network device in the vehicle networking. The network device may include a processing module and a transceiver module. When the network device is a vehicle networking network device, the processing module may be a processor, and the transceiver module may be a transceiver; the vehicle networking network device may further comprise a storage module, which may be a memory; the storage module is used for storing instructions, and the processing module executes the instructions stored by the storage module to enable the internet of vehicles network device to execute the method described in the first aspect or any one of the embodiments of the first aspect, or the method described in any one of the third aspect or any one of the embodiments of the third aspect. When the network device is a chip in a network device of the internet of vehicles, the processing module may be a processor, and the transceiver module may be an input/output interface, a pin, a circuit, or the like; the processing module executes instructions stored by the storage module to cause the vehicle networking device to perform the method of the first aspect or any of the embodiments of the first aspect, or the method introduced by any of the third aspect or any of the embodiments of the third aspect. In addition, the storage module may be a storage module (e.g., register, cache, etc.) within the chip, or may be a storage module (e.g., read only memory, random access memory, etc.) external to the chip within the vehicle networking device.

In a tenth aspect, an embodiment of the present application provides a terminal device, where the terminal device may be a terminal device in a vehicle networking, or may be a chip in the terminal device in the vehicle networking. The terminal device may include a processing module and a transceiver module. When the terminal device is a vehicle networking terminal device, the processing module may be a processor, and the transceiver module may be a transceiver; the terminal equipment of the internet of vehicles can also comprise a storage module, and the storage module can be a memory; the storage module is used for storing instructions, and the processing module executes the instructions stored by the storage module to enable the vehicle networking terminal device to execute the method in the second aspect or any one of the embodiments of the second aspect, or the method introduced in any one of the fourth aspect or any one of the embodiments of the fourth aspect. When the terminal device is a chip in the car networking terminal device, the processing module may be a processor, and the transceiver module may be an input/output interface, a pin, a circuit, or the like; the processing module executes the instructions stored by the storage module to cause the terminal device of the internet of vehicles to execute the method of the second aspect or any embodiment of the second aspect, or the method introduced by any embodiment of the fourth aspect or fourth aspect. The memory module may be a memory module (e.g., register, cache, etc.) within the chip, or may be a memory module (e.g., read only memory, random access memory, etc.) external to the chip within the vehicle networking terminal device.

In an eleventh aspect, an embodiment of the present application provides a communication system, where the communication system includes a network device in the internet of vehicles, a terminal device in the internet of vehicles, and a certificate issuing device; the vehicle networking network equipment is used for sending a certificate updating notice to the vehicle networking terminal equipment and sending a target verification certificate to the vehicle networking terminal equipment; the terminal device of the internet of vehicles is used for sending a certificate updating request to the network device of the internet of vehicles and receiving a target verification certificate sent by the network device of the internet of vehicles; the certificate issuing device is used for issuing the target verification certificate.

According to an eleventh aspect, in a first implementation manner of the eleventh aspect of the present application, the network device in car networking may implement the functions of the network device as described in the fifth aspect, the seventh aspect, or the ninth aspect.

In a twelfth aspect, an embodiment of the present application provides a communication system, where the communication system includes a network device in the internet of vehicles, a terminal device in the internet of vehicles, and a certificate issuing device; the certificate issuing equipment is used for issuing a first target verification certificate; the vehicle networking network equipment is used for acquiring the first target verification certificate from the certificate issuing equipment; the Internet of vehicles network equipment is also used for sending a certificate updating notice to the Internet of vehicles terminal equipment and sending a second target verification certificate to the Internet of vehicles terminal equipment; the terminal device of the internet of vehicles is used for sending a certificate updating request to the network device of the internet of vehicles and receiving a second target verification certificate sent by the network device of the internet of vehicles.

According to a twelfth aspect of the present invention, in a first implementation manner of the twelfth aspect of the present embodiment, the car networking network device may implement the functions of the terminal device according to the sixth aspect, the eighth aspect, or the tenth aspect.

In a thirteenth aspect, embodiments of the present application provide a computer program product containing instructions, which when run on a computer, cause the computer to perform the method as described in any one of the foregoing first aspect and first aspect, or any one of the second aspect and second aspect, or any one of the third aspect and third aspect, or any one of the fourth aspect and fourth aspect.

In a fourteenth aspect, an embodiment of the present application provides a computer-readable storage medium, which includes instructions, when the instructions are executed on a computer, to cause the computer to perform the method as described in the first aspect and any one of the embodiments of the first aspect, or any one of the second aspect and the second aspect, or any one of the third aspect and the third aspect, or any one of the fourth aspect and the fourth aspect.

According to the technical scheme, the embodiment of the application has the following advantages:

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings used in the description of the embodiments will be briefly introduced below, and it is apparent that the drawings in the following description are only some embodiments of the present application.

FIG. 1 is a schematic diagram of an architecture of a 5G-based vehicle networking certificate updating system;

FIG. 2 is a flowchart of a certificate update method in an embodiment of the present application;

FIG. 3 is another flowchart of a certificate update method in an embodiment of the present application;

FIG. 4 is another flowchart of a certificate update method in an embodiment of the present application;

FIG. 5 is a schematic diagram of an embodiment of a communication device in an embodiment of the present application;

fig. 6 is a schematic diagram of another embodiment of the communication device in the embodiment of the present application;

fig. 7 is a schematic diagram of an embodiment of a communication system in an embodiment of the present application;

fig. 8 is a schematic diagram of another embodiment of the communication device in the embodiment of the present application;

fig. 9 is a schematic diagram of another embodiment of the communication device in the embodiment of the present application;

fig. 10 is a schematic diagram of another embodiment of the communication device in the embodiment of the present application;

fig. 11 is a schematic diagram of another embodiment of the communication device in the embodiment of the present application.

Detailed Description

The embodiment of the application provides a certificate updating method and related equipment, which are used for ensuring that digital certificates in the terminal equipment and the network equipment are updated in time.

The terms "first," "second," "third," "fourth," and the like in the description and in the claims of the present application and in the drawings described above, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the application described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.

For ease of understanding, some terms referred to in the embodiments of the present application are described below:

vehicle to internet (V2X): the finger can provide vehicle information through a sensor or a vehicle-mounted terminal device or the like mounted on a vehicle, and communication between a vehicle to vehicle (V2V), a vehicle to infrastructure (V2I), a vehicle to network (V2N), and a vehicle to pedestrian (V2P) is realized. Therefore, the terminal devices involved in the car networking can be referred to as car networking terminal devices or V2X terminal devices, and the network devices involved in the car networking can be referred to as car networking network devices or V2X management platforms.

Digital certificate: the digital certificate is a string of numbers which mark identity information of each communication party in network communication and provides a way of verifying the identity of a communication entity (terminal equipment in the internet of vehicles) in a network. It should be noted that the digital certificate is not a digital identification card, but rather a seal or stamp (or a signature added to a digital identification card) that is covered by the identity certificate authority (certificate issuing device) on the digital identification card. The digital certificate in the embodiment of the present application includes an authentication certificate, a pseudonymous certificate, and a registration certificate. Specifically, the digital certificates will be described in detail later in conjunction with the system architecture, and will not be described in detail here.

The effective period is as follows: the term "validity period" refers to a period of time from the date of issuance of the digital certificate to the date of revocation of the digital certificate, and generally, the validity period of the registered certificate is long and the validity period of the pseudonymous certificate is short.

Remaining life: refers to a period of time from a current date to a date of expiration of the digital certificate, the current date may be any point of time from a date of issuance of the digital certificate to the date of expiration of the digital certificate, and thus, the remaining period is generally less than the valid period.

The following describes a system architecture related to an embodiment of the present application:

the scheme provided by the embodiment of the application can be applied to a vehicle networking certificate updating system, the vehicle networking certificate updating system can be an LTE-V2X certificate updating system based on a Long Term Evolution (LTE) system, can also be a 5G-V2X certificate updating system based on a fifth generation mobile communication technology (the 5th generation, 5G), and can also be based on a subsequent evolution access system, and the specific details are not limited herein. The following description takes a 5G-based vehicle networking certificate updating system as an example, and as shown in fig. 1, the vehicle networking certificate updating system includes: the system comprises a vehicle networking network device 101, a vehicle networking terminal device 102 and a certificate issuing device 103.

The car networking device 101 serves as a management platform or a management server for managing the car networking terminal device 102, which may be referred to as a V2X management platform, and is used for managing request messages and digital certificates of the car networking terminal device. In this embodiment of the application, the network device 101 of the internet of vehicles may be a server deployed in a cloud, may also be an independent computer device, and may also be a server or a device in other deployment forms, which is not limited herein specifically.

Besides, the terminal device 102 in the car networking refers to a terminal device in the car networking that can implement short-distance communication through a sidelink interface, which may also be referred to as a proximity communication 5 (PC 5) interface or a direct link interface. In the vehicle networking certificate updating system based on 5G, the vehicle networking terminal device 102 includes: a handheld device with wireless connection capability, or a processing device that may be connected to a wireless modem. Specifically, during the V2V communication process, the terminal device of the internet of vehicles may be a vehicle-mounted terminal, for example, a vehicle-mounted navigation device or the like; in the V2I communication process, the terminal device of the internet of vehicles may be an infrastructure with a communication function, for example, a traffic indicating device with a communication function, a roadside lighting device with a communication function, in addition to the vehicle-mounted terminal; in the V2P communication process, the terminal device in the internet of vehicles may be a vehicle-mounted terminal, and may also be a device with a communication function, such as a mobile phone or an intercom; in other V2X scenarios, the car networking terminal device may also be other V2X devices, and in particular, the car networking terminal device may also be wearable device such as glasses, gloves, watches, clothing and shoes, or other portable device that can be worn directly on the body or integrated into the clothing or accessories of the user. The details are not limited herein. In this embodiment and the following embodiments, only the terminal device of the internet of vehicles is taken as an example for description.

It should be understood that, in the vehicle networking certificate updating system based on 5G shown in fig. 1, the certificate issuing apparatus 103 refers to a server or an apparatus that can manage or issue digital certificates, and thus, may also be referred to as a certificate server. Specifically, the certificate issuing apparatus 103 may be a ROOT certificate authority (ROOT CA), which may also be referred to as a ROOT certificate server. The certificate issued by the root certificate server is called an authentication certificate. In addition, the certificate issuing apparatus 103 may also be a registration certificate server or a long-term certificate server, and the name of the certificate issuing apparatus 103 may be different in standards of different countries or regions, for example, in european standards, the registration certificate server is a registration center/registry (EA) in a C-ITS certificate management system (CCMS); in the U.S. standard, the certificate registration server is a registry/registry (ECA) in a Security Certificate Management System (SCMS). The certificate issued by the registration certificate server is called registration certificate (EC) or long-term certificate (long-term certificate) to indicate the identity of the terminal device in the internet of vehicles. It should be understood that the certificate issuing apparatus 103 may also be a certificate server that issues a short-term certificate, which may also be referred to as a pseudonym certificate server or a short-term certificate server or a business certificate server, for example, in the european standard CCMS, the pseudonym certificate server is an Authorization Authority (AA), and in the us standard SCMS, the pseudonym certificate server is a Pseudonym Certificate Authority (PCA). The certificate issued by the pseudonymous certificate server is called a short-term certificate (short-term certificate) or pseudonymous certificate (pseudonym certificate) or service certificate (authorization certificate).

In this embodiment of the application, the certificate issuing apparatus 103 may be a certificate issuing system including at least two servers of the root certificate server, the registered certificate server, or the pseudonymous certificate server, which is not limited herein. It should also be noted that the root certificate server, the registration certificate server, or the pseudonymous certificate server in the certificate issuing apparatus 103 may be one server, or may be a server cluster distributed in different regions or composed of servers of different ranks. For example, when the certificate issuing apparatus 103 includes a root certificate server and a pseudonymous certificate server, the root certificate server may be one server or a server cluster including servers of different ranks. Similarly, the pseudonymous certificate server may be a server or a server cluster composed of servers of different levels. In addition, the aforementioned server or server cluster may be located in different regions or managed by different third-party organizations in different business domains, and is not limited herein.

In this embodiment and the following embodiments, a certificate issuing system in which the certificate issuing apparatus 103 is a root certificate server, the registered certificate server, and the pseudonymous certificate server is taken as an example for description. The certificate issuing device 103 is used for updating or maintaining various digital certificates in the aforementioned terminal devices and network devices in the internet of vehicles. In practical applications, the certificate issuing apparatus 103 includes a plurality of certificate servers deployed in different regions, and these certificate servers may be servers of different levels to implement issuing digital certificates of different authority levels.

In addition, it should be noted that there is a certain association relationship between the authentication certificate issued by the root certificate server, the registration certificate issued by the registration certificate server, and the pseudonymous certificate issued by the pseudonymous certificate server, which is described below:

the registration certificate is a digital certificate which is issued by the registration server to the terminal equipment of the Internet of vehicles when the terminal equipment of the Internet of vehicles is registered, and the registration certificate is longer in validity period and used for indicating the identity of the terminal equipment of the Internet of vehicles. For example, when the terminal device sends a message to the network device, the registration certificate is always carried in the message, so that the network device can know the identity of the terminal device through the registration certificate.

The pseudonymous certificate has a shorter validity period than the registered certificate, and therefore, the pseudonymous certificate needs to be updated more frequently. In the process of issuing the pseudonymous certificate, the pseudonymous certificate server performs hash calculation on the identity information of the terminal equipment in the Internet of vehicles, the public key of the terminal equipment in the Internet of vehicles and other contents to obtain a random number. Then, the pseudonym certificate server encrypts the random number by using a private key corresponding to the public key in the certificate of authenticity to obtain a digital signature. The digital signature is then appended to the end of the preceding content to obtain a complete pseudonymous certificate.

In addition, the service of the terminal device in the internet of vehicles requires the certificate, so the certificate also needs to be updated more frequently, so as to reduce the probability of service processing delay or service processing failure of the terminal device in the internet of vehicles caused by the fact that the certificate is not updated in time. Since the certificate is required to be used in the process of issuing the pseudonymous certificate, and the pseudonymous certificate also carries an identification number (ID) of the certificate, i.e., identification information which will be described in detail later, the certificate is also referred to as an upper-level issuing certificate of the pseudonymous certificate.

For convenience of understanding, the flow of the certificate updating method is described below based on the system architecture shown in fig. 1, and specifically, as shown in fig. 2, an application scenario of the certificate updating method is as follows:

in this embodiment, the terminal device in the internet of vehicles may send or receive broadcast messages to other terminal devices in the internet of vehicles, for example, the terminal device in the internet of vehicles may receive PC5 messages sent by other terminal devices in the internet of vehicles through a PC5 interface. For the convenience of the following description, the internet-of-vehicles terminal device sending the PC5 message is referred to as a sender, and the internet-of-vehicles terminal device receiving the PC5 message is referred to as a receiver. In the application scenario of this embodiment, the PC5 message received by the receiving side from the sending side carries the pseudonymous name certificate of the sending side and the service information of the sending side, such as the driving state information of the sending side, the driving direction information of the sending side, and the like. At this time, the receiver needs to check whether the PC5 message is from a legitimate sender, so as to avoid the receiver receiving a fake PC5 message, which causes a delay in or failure in the service processing of the receiver.

Specifically, the receiver searches for a first verification certificate corresponding to the identification information in the pseudonymous certificate in the database of the receiver, and if the receiver cannot find the first verification certificate in the database of the receiver, the pseudonymous certificate sent by the sender may be called as an unknown pseudonymous certificate, and at this time, the car networking terminal device (receiver) performs the following steps:

201. and the vehicle networking terminal equipment sends a certificate verification inquiry request to the vehicle networking network equipment.

The certificate verification inquiry request comprises the identification information of the certificate verification in the registration certificate and the unknown pseudonymous certificate of the vehicle networking terminal equipment. Specifically, the terminal device in the internet of vehicles may extract the identification information from the unknown pseudonymous certificate, and encapsulate the identification information and the registration certificate in the certificate verification query request. Then, the certificate of authenticity inquiry request includes the identification information and does not include the unknown pseudonymous certificate. At this time, the vehicle networking network device may obtain the registration certificate and the identification information from the received certificate of authenticity query request.

However, in some possible embodiments, the terminal device may also encapsulate the registration certificate and the unknown pseudonymous certificate together in the certificate of authenticity query request. Thus, the certificate of authenticity query request includes both the unknown pseudonymous certificate and the identification information. At this time, the vehicle networking network device may obtain the registration certificate, the unknown pseudonymous certificate, and the identification information from the received certificate of authenticity query, where the identification information is extracted from the unknown pseudonymous certificate by the vehicle networking network device.

In practical applications, any one of the above manners for encapsulating the identification information may be selected, and is not limited herein. However, it should be noted that when the registration certificate and the unknown pseudonymous certificate are included in the certificate authority request, the network device will perform step 209 when performing the subsequent steps. When the certificate of registration and the identification information are included in the certificate of authenticity query request, the network device will not perform step 209 when performing the subsequent steps.

In addition, in this embodiment, the certificate authority query request is configured to query the network device for a first certificate authority, where the first certificate authority is a certificate authority corresponding to the identification information in the unknown pseudonymous certificate, that is, if the first certificate authority exists, the first certificate authority is an upper-level issuing certificate of the unknown pseudonymous certificate.

In this embodiment, since the car networking device does not determine whether the car networking terminal device that sent the certificate verifying request is legal or not when receiving the certificate verifying request, the car networking device will execute step 202.

202. The vehicle networking network device verifies the validity of the registration certificate.

In this embodiment, the car networking network device obtains the registration certificate from the certificate authority request, where the registration certificate is used to indicate the identity of the car networking terminal device. The vehicle networking network device then verifies the validity of the registration certificate, wherein verifying the validity of the registration certificate refers to verifying whether the digital signature in the registration certificate is correct and whether the content in the registration certificate is correct. In particular, the digital signature being correct may ensure that the registration certificate is not forged or tampered with; the content in the registration certificate indicates whether the parameters of time validity, area validity, authority validity and the like in the registration certificate are correct or not. Therefore, when the digital signature in the registration certificate and the content in the registration certificate are both correct, the vehicle networking network device determines that the registration certificate is a legitimate digital certificate.

In this embodiment, when the car networking network device determines that the registration certificate is a legal digital certificate instead of a counterfeit digital certificate, the car networking network device determines that the car networking terminal device is a legal car networking terminal device. Since the car networking device only processes the information sent by the legal car networking terminal device, after the car networking device determines that the car networking terminal device is a legal car networking terminal device, the car networking device executes step 203.

In addition, when the vehicle networking network device determines that the vehicle networking terminal device is an illegal vehicle networking terminal device, the vehicle networking network device refuses to process the authentication certificate inquiry request. Optionally, the vehicle networking network device sends an error code to the vehicle networking terminal device, where the error code is used to indicate that the vehicle networking terminal device is an illegal vehicle networking terminal device.

203. The Internet of vehicles network equipment inquires the first certificate of authentication according to the identification information.

In this embodiment, when the network device determines that the registration certificate is a legal certificate of the network device, the network device queries the first certificate according to the identification information. Specifically, when the registration certificate and the identification information are encapsulated in the certificate authority request, the internet of vehicles network device may directly obtain the identification information from the certificate authority request; when the registration certificate and the unknown pseudonymous certificate are encapsulated in the certificate of authenticity query request, the internet-of-vehicles network device needs to extract the identification information from the unknown pseudonymous certificate.

In the process of inquiring the first certificate of authenticity, the vehicle networking network device may inquire the first certificate of authenticity from a database of the vehicle networking network device according to the identification information, and the vehicle networking network device may also inquire the first certificate of authenticity from the certificate issuing device according to the identification information.

It should be noted that, in practical applications, the network device will first query the database of the network device for the first certificate of authenticity. If the first certificate of authenticity is not queried in the database of the internet of vehicles network device by the internet of vehicles network device, the internet of vehicles network device sends a query request to the certificate issuing device to query the first certificate of authenticity.

When the vehicle networking network device determines that the first certificate of authenticity exists in the database of the vehicle networking network device or determines that the first certificate of authenticity exists in the certificate issuing device, the vehicle networking network device executes step 204 and step 208, and it should be noted that there is no chronological restriction between step 204 and step 208.

When the vehicle networking network device determines that the first verification certificate does not exist in the certificate issuing device, the vehicle networking network device sends a prompt message to the vehicle networking terminal device, and the prompt message is used for prompting that the first verification certificate does not exist in the vehicle networking terminal device. The end-of-vehicle networking device would then determine that the PC5 message is from an unreliable sender, and the end-of-vehicle networking device would then discard the PC5 message.

204. The vehicle networking network device sends a certificate update notification to the vehicle networking terminal device.

In this embodiment, when the network device determines that the first certificate of authenticity exists, the network device sends a certificate update notification to the terminal device.

It should be noted that the certificate update notification only plays a role of prompting, and is intended to prompt that the terminal device in the internet of vehicles can send a certificate update request to the network device in the internet of vehicles, and the certificate update notification does not carry a target verification certificate. Since the car networking network device at this time does not know the details of the certificate in the car networking terminal device, the target certificate of authenticity cannot be carried in the certificate update notification.

205. The terminal equipment of the internet of vehicles sends a certificate updating request to the network equipment of the internet of vehicles.

In this embodiment, after the terminal device in the internet of vehicles receives the certificate update notification, the terminal device in the internet of vehicles sends a certificate update request to the network device in the internet of vehicles, where the certificate update request is used to request the network device in the internet of vehicles to send the target verification certificate to the terminal device in the internet of vehicles.

The certificate update request includes first version information of the certificate of the terminal device in the internet of vehicles, where the first version information may indicate which certificates of the terminal device in the internet of vehicles are available, for example, the first version information is a certificate list of IDs of all certificates of the terminal device in the internet of vehicles. The vehicle networking network device may then determine a target certificate of authenticity from the list of certificates. In another possible embodiment, the first version information may be a version number, i.e., a number indicating a certificate list formed by all the certificate certificates currently in the terminal device of the internet of vehicles. Therefore, the vehicle networking network device can search a certificate list corresponding to the version number in a database of the vehicle networking network device according to the version number, and the certificate list records the ID of the authentication certificate of the vehicle networking terminal device. In practical applications, any one of the above embodiments may be selected, and is not limited herein.

206. The Internet of vehicles network equipment determines a target certificate of authenticity according to the first version information.

The target certificate of authenticity may be one certificate of authenticity or a plurality of certificates of authenticity.

Specifically, the vehicle networking network device may determine the target certificate of authenticity in several ways.

The first method is as follows:

in this embodiment, the network device of the internet of vehicles may determine, according to the first version information, a second certificate of authenticity corresponding to the first version information, where the second certificate of authenticity is different from the first certificate of authenticity. The second certificate of authenticity may be one certificate of authenticity or multiple certificates of authenticity, which is not limited herein. In this embodiment, the network device determines a certificate of authenticity different from the second certificate of authenticity in the network device as a target certificate of authenticity, where the target certificate of authenticity includes at least one certificate of authenticity. For ease of understanding, the process by which the vehicle networking device determines the target certificate of authenticity is described below in connection with specific examples. It is assumed that the certificate of authenticity corresponding to the first version of information, i.e. the second certificate of authenticity, is: the vehicle networking network equipment comprises a certificate A, a certificate B and a certificate C, wherein the certificate A, the certificate B and the certificate C are as follows: and the verification certificate A, the verification certificate B and the verification certificate D are the target verification certificate D, and the verification certificate D is also the first verification certificate. Assume that the certificate of authentication in the network device of the internet of vehicles is: and if the target certificate is the certificate A, the certificate B, the certificate D and the certificate E, the target certificate is the certificate D and the certificate E, wherein the certificate D or the certificate E is the first certificate.

The second method comprises the following steps:

in this embodiment, the network device compares the latest version information of the certificate of authenticity with the first version information; when the first version information is inconsistent with the latest version information, the internet of vehicles network equipment determines that the certificate of authenticity corresponding to the latest version information is a target certificate of authenticity, and the target certificate of authenticity comprises at least one certificate of authenticity.

Specifically, when the first version information is the certificate list introduced in step 205, the network device compares the ID of the certificate in the certificate list with the ID of the certificate in the certificate list corresponding to the latest version information. And when the ID of the certificate in the certificate list corresponding to the first version information is inconsistent with the ID of the certificate in the certificate list corresponding to the latest version information, determining that the certificate in the certificate list corresponding to the latest version information is the target certificate. For ease of understanding, reference is made to the following description in connection with specific examples. It is assumed that the first version information contains the ID of the certificate of authenticity a, the ID of the certificate of authenticity B, and the ID of the certificate of authenticity C, and the latest version information contains the ID of the certificate of authenticity a, the ID of the certificate of authenticity B, and the ID of the certificate of authenticity D. At this time, since the ID of the certificate of authenticity C and the ID of the certificate of authenticity D are not the same, the network device of the internet of vehicles determines that the target certificate of authenticity is certificate a, certificate of authenticity B and certificate of authenticity D.

In another possible implementation manner, when the first version information is the version number introduced in step 205, the network device compares the version number corresponding to the first version information with the version number corresponding to the latest version information. And when the version number corresponding to the latest version information is inconsistent with the version number corresponding to the first version information, determining that the certificate corresponding to the version number corresponding to the latest version information is the target certificate. For ease of understanding, reference is made to the following description in connection with specific examples. If the version number corresponding to the first version information is 1001001, and the version number corresponding to the latest version information is 1001002, the network device determines 1001002 that the corresponding certificate is the target certificate.

In this embodiment, after the network device determines the target certificate of authenticity according to the first version information, the network device will execute step 207.

207. And the Internet of vehicles network equipment sends the target verification certificate to the Internet of vehicles terminal equipment.

In this embodiment, the target certificate of authentication sent by the network device of internet of vehicles to the terminal device of internet of vehicles may be sent in the form of a certificate chain, or may be sent in the form of multiple independent certificates of authentication, which is not limited herein. When the target certificate of authenticity is sent in the form of a certificate chain, the target certificate of authenticity may be a certificate chain or a plurality of certificate chains.

208. The vehicle networking network equipment sends the first certificate of authentication to the vehicle networking terminal equipment.

It should be noted that there is no exact chronological restriction between step 208 and the foregoing steps 204 to 206, and step 208 only needs to be executed after step 203 and before step 207.

209. When the vehicle networking network equipment determines that the first verification certificate exists, the vehicle networking network equipment adopts the first verification certificate to verify the unknown pseudonymous certificate, obtains a verification result of the unknown pseudonymous certificate, and sends the verification result of the unknown pseudonymous certificate to the vehicle networking terminal equipment.

Wherein the verification result is used for indicating the validity of the unknown pseudonymous certificate, and specifically, the verification result may be that the pseudonymous certificate is valid or that the pseudonymous certificate is not valid.

It should be noted that step 209 is an optional step, when the registration certificate and the unknown pseudonymous certificate are included in the certificate authority request, and the unknown pseudonymous certificate carries the identification information, and when the network device queries the first certificate according to the identification information, the network device may verify the unknown pseudonymous certificate and send the verification result to the network device, so that the network device does not need to verify the unknown pseudonymous certificate with the first certificate after receiving the first certificate. In such an embodiment, the computational overhead of the terminal device in the vehicle networking system may be reduced, so that after receiving the first certificate of authenticity and the verification result, the terminal device in the vehicle networking system may perform other business processes directly according to the first certificate of authenticity and the verification result. Therefore, timely updating of the first certificate can be guaranteed, and the probability of service processing delay or service processing failure of the terminal equipment of the internet of vehicles caused by the fact that the first certificate is not updated timely is reduced.

It should be noted that there is no exact chronological restriction between step 209 and the foregoing steps 204 to 206 and 208, and step 209 only needs to be executed after step 203 and before step 207.

210. The Internet of vehicles network equipment acquires the target verification certificate from the certificate issuing equipment.

In this embodiment, the car networking network device may acquire the target certificate of authenticity in the following two ways. In various embodiments, the timing at which the target certificate of authenticity is obtained by the vehicle networking device will vary.

Specifically, in a possible implementation, after performing step 206, the vehicle networking network device may send a target certificate authority request to the certificate issuing device, where the target certificate authority request is used to request the certificate issuing device to send the target certificate authority to the vehicle networking network device. Then, when the certificate issuing apparatus receives the target certificate verification request, the internet-of-vehicles network apparatus may receive the target certificate verification transmitted by the certificate issuing apparatus. The Internet of vehicles network device will then perform step 207.

In another possible implementation, the car networking device subscribes to the certificate issuing device for certificate change information of the certificate issuing device. Specifically, the car networking network device may send a certificate change subscription request to the certificate issuing device before executing step 201, and then, when a certificate in the certificate issuing device is changed, the car networking network device may receive information about the changed certificate sent by the certificate issuing device. For the convenience of the following description, the related information of the certificate in which the change occurs is referred to as certificate change information, and the certificate change information is used to indicate a certificate of authenticity newly issued by the certificate issuing apparatus or a certificate of authenticity modified by the certificate issuing apparatus. It should be appreciated that the internet of vehicles network device may receive the credential change information multiple times. Therefore, the number of times the network device receives the certificate change information is different, and the target certificate of authenticity determined in step 206 by the network device will be different, which is not limited herein.

In this embodiment, when the terminal device in the internet of vehicles does not inquire the first certificate of authenticity corresponding to the unknown pseudonymous certificate in the database of the terminal device in the internet of vehicles, the terminal device in the internet of vehicles sends a certificate of authenticity inquiry request to the network device in the internet of vehicles to inquire the first certificate of authenticity; and if the vehicle networking network device can determine that the first authentication certificate exists, it indicates that the vehicle networking network device can acquire the first authentication certificate. Therefore, the vehicle networking network device can determine that the digital certificate in the vehicle networking network device is inconsistent with the digital certificate in the vehicle networking terminal device, and then the vehicle networking network device sends a certificate updating notification to the vehicle networking terminal device, so that the vehicle networking terminal device sends a certificate updating request to the vehicle networking network device, and a target verification certificate in the vehicle networking network device is acquired. Therefore, timely updating of the certificate can be guaranteed between the terminal equipment of the internet of vehicles and the network equipment of the internet of vehicles, and the probability of service processing delay or service processing failure of the terminal equipment of the internet of vehicles caused by untimely updating of the certificate is further reduced.

Another certificate updating method in an application scenario is described below based on the system architecture shown in fig. 1. Specifically, as shown in fig. 3, the terminal device and the network device will perform the following steps:

301. the vehicle networking network equipment acquires the first target verification certificate from the certificate issuing equipment.

In this embodiment, in order to ensure that the certificate of authenticity in the database of the network device of the internet of vehicles can be updated in time, the network device of the internet of vehicles acquires the first target certificate of authenticity from the certificate issuing device.

Wherein the first target certificate of authenticity refers to a certificate of authenticity that existed in the certificate issuing device but did not exist in the internet of vehicles network device prior to performing step 301. For example, the certificate issuing device has just issued a certificate of authenticity that has not yet been sent to the internet-of-vehicles network device, and the certificate issuing device has just modified a certificate of authenticity that has not yet been sent to the internet-of-vehicles network device. For ease of understanding, reference is made to the following description in connection with specific examples. Supposing that a certificate a, a certificate B and a certificate C are in a database of the internet of vehicles network device, and a certificate a, a certificate B, a certificate C and a certificate D are in the certificate issuing device, wherein the certificate D is a certificate newly issued by the certificate issuing device, and the first target certificate is the certificate D.

Specifically, the first target certificate of authenticity may be obtained by the network device in the following two ways.

In a possible implementation manner, the vehicle networking network device may send a target certificate authority request to the certificate issuing device more frequently, where the target certificate authority request is used to request the certificate issuing device to send the first target certificate authority to the vehicle networking network device. Then, when the certificate issuing apparatus receives the target certificate verification request, the vehicle networking network apparatus may receive the first target certificate verification transmitted by the certificate issuing apparatus. The vehicle networking network device will then perform step 302.

In another possible implementation, the car networking device subscribes to the certificate issuing device for certificate change information of the certificate issuing device. Specifically, the car networking network device may send a certificate change subscription request to the certificate issuing device, and then, when a certificate in the certificate issuing device is changed, the car networking network device may receive information about the changed certificate sent by the certificate issuing device. For the convenience of the following description, the related information of the certificate in which the change occurs is referred to as certificate change information, and the certificate change information is used to indicate a certificate of authenticity newly issued by the certificate issuing apparatus or a certificate of authenticity modified by the certificate issuing apparatus. It should be appreciated that the internet of vehicles network device may receive the credential change information multiple times. Therefore, the times of receiving the certificate change information by the network device are different, and the first target certificate of authentication determined by the network device will be different, which is not limited herein.

In practical applications, the network device may execute step 302 after receiving the certificate change information sent by the certificate issuing device for the first time. The number of times of receiving the certificate change information may also be set, and when the number of times of receiving the certificate change information by the network device of the internet of vehicles reaches a preset number, step 302 is executed. Specifically, the difference may be caused by different application scenarios, and is not limited herein.

302. The vehicle networking network device sends a certificate update notification to the vehicle networking terminal device.

In this embodiment, since the terminal device in the internet of vehicles cannot directly obtain the target certificate of authenticity from the certificate issuing device, the terminal device in the internet of vehicles needs to obtain the target certificate of authenticity from the network device in the internet of vehicles. Therefore, for the car networking network device, if a certificate of authenticity never appears in the database of the car networking network device, the certificate of authenticity will not exist in the database of the car networking terminal device. Therefore, when the vehicle networking network device receives the target verification certificate, the vehicle networking network device sends a certificate update notification to the vehicle networking terminal device, and prompts the vehicle networking terminal device that a certificate update request can be sent to the vehicle networking network device.

303. And the terminal equipment of the Internet of vehicles sends a certificate updating request to the network equipment of the Internet of vehicles.

In this embodiment, after the terminal device in the internet of vehicles receives the certificate update notification, the terminal device in the internet of vehicles sends a certificate update request to the terminal device in the internet of vehicles, where the certificate update request includes the first version information of the certificate of authentication of the terminal device in the internet of vehicles. Specifically, reference may be made to the related description in step 205 for description of the first version information, and details are not described here again.

304. The Internet of vehicles network equipment determines a second target certificate of authentication according to the first version information.

The second target certificate of authenticity may be one certificate of authenticity or a plurality of certificates of authenticity.

In a possible implementation manner, the internet of vehicles device determines a second certificate of authenticity corresponding to the first version information, and determines a certificate in the internet of vehicles device, which is different from the second certificate of authenticity, as a second target certificate of authenticity. In another possible implementation, the internet of vehicles network device compares the latest version information of the certificate of authenticity with the first version information; when the first version information is inconsistent with the latest version information, the vehicle networking network equipment determines that the certificate corresponding to the latest version information is a second target certificate.

Specifically, the implementation manner of determining the second target certificate by the network device is similar to the implementation manner of determining the target certificate by the network device in step 206, which may specifically refer to the related description in step 206, and details of this description are not repeated here.

305. And the Internet of vehicles network equipment sends the second target verification certificate to the Internet of vehicles terminal equipment.

In this embodiment, the second target certificate of authenticity sent by the network device to the network device may be sent in the form of a certificate chain, or may be sent in the form of multiple independent certificates of authenticity, which is not limited herein. When the target certificate of authenticity is sent in the form of a certificate chain, the target certificate of authenticity may be a certificate chain or a plurality of certificate chains.

In practical applications, there may also be application scenarios, as shown in fig. 4 in particular. In this scenario, the terminal device and the network device will perform the following steps:

401. the vehicle networking network equipment acquires the first target verification certificate from the certificate issuing equipment.

Specifically, step 401 is similar to step 301, and is not described herein again.

402. And the vehicle networking terminal equipment sends a pseudonymous name certificate inquiry request to the vehicle networking network equipment.

In this embodiment, the terminal device of the internet of vehicles may obtain the remaining time limit of the pseudonymous name certificate in the database of the terminal device of the internet of vehicles, and when the terminal device of the internet of vehicles determines that the remaining time limit of one or more pseudonymous name certificates in the database is less than the preset remaining time limit, the terminal device of the internet of vehicles sends a pseudonymous name certificate query request to the terminal device of the internet of vehicles, where the pseudonymous name certificate query request includes a registration certificate of the terminal device of the internet of vehicles, and the registration certificate is used to indicate an identity of the terminal device of the internet of vehicles. The pseudonymous name certificate query request is used for prompting that the vehicle networking network equipment needs to update the pseudonymous name certificate.

At this time, after the network device receives the pseudonymous certificate query request, the network device will execute step 403.

403. The vehicle networking network device verifies the validity of the registration certificate.

In this embodiment, the car networking device obtains the registration certificate from the pseudonymous certificate query request, and checks the validity of the registration certificate. Specifically, similar to the manner in which the registration certificate is checked by the car networking network device in step 202, the detailed description is omitted here.

In this embodiment, when the car networking network device determines that the registration certificate is a legal digital certificate, the car networking network device determines that the car networking terminal device is a legal car networking terminal device. At this point, the Internet of vehicles network device will perform step 404.

In addition, when the vehicle networking network device determines that the registration certificate is an illegal digital certificate, the vehicle networking network device determines that the vehicle networking terminal device is an illegal vehicle networking terminal device. At this point, the Internet of vehicles network device will refuse to process the pseudonymous certificate query request. Optionally, the vehicle networking network device sends an error code to the vehicle networking terminal device, where the error code is used to indicate that the vehicle networking terminal device is an illegal vehicle networking terminal device.

404. The Internet of vehicles network equipment inquires a first pseudonymous name certificate of the Internet of vehicles terminal equipment according to the registration certificate of the Internet of vehicles terminal equipment, and obtains the remaining period of the first pseudonymous name certificate.

In this embodiment, the vehicle networking network device receives the pseudonymous certificate query request, where the pseudonymous certificate query request is to prompt the vehicle networking network device that the vehicle networking terminal device has a need to update the pseudonymous certificate. Therefore, when the vehicle networking network device determines that the vehicle networking terminal device is a legal vehicle networking terminal device, the vehicle networking network device needs to know the remaining time limit of the pseudonymous certificate in the vehicle networking terminal device so as to determine whether the pseudonymous certificate in the vehicle networking terminal device needs to be updated.

Specifically, because the update record of the pseudonymous name certificate of the car networking terminal device is stored in the car networking network device, the car networking network device can query the first pseudonymous name certificate of the car networking terminal device according to the registration certificate of the car networking terminal device, and obtain the remaining time limit of the first pseudonymous name certificate, and then the car networking network device can judge whether the first pseudonymous name certificate needs to be updated. The first pseudonymous certificate is a pseudonymous certificate of the terminal device in the internet of vehicles, and the first pseudonymous certificate may be one pseudonymous certificate or multiple pseudonymous certificates, which is not limited herein. In this embodiment and the following embodiments, for convenience of description, the first pseudonymous certificate is used to refer to a pseudonymous certificate that can be queried according to the registration certificate in the network device.

After the vehicle networking network device determines the remaining duration of the first pseudonymous certificate, the vehicle networking network device may compare the remaining duration of the first pseudonymous certificate with a preset duration. And when the vehicle networking network device determines that the remaining duration of the first pseudonymous name certificate is less than the preset duration, executing the step 405a and the step 405b, wherein the step 405a and the step 405b are not limited in time sequence.

It should be understood that the preset time limit may be different according to application scenarios. Specifically, the present application is not limited.

405a, the vehicle networking network device sends a certificate update notification to the vehicle networking terminal device.

In this embodiment, since the certificate issuing device may frequently push the first target certificate to the car networking network device, in order to save network overhead, the car networking network device may send a certificate update notification to the car networking terminal device when determining that the remaining duration of the first pseudonymous certificate is less than the preset duration. Specifically, since the car networking network device may infer that the certificate of authenticity in the car networking terminal device may also have not been updated for a long time, the car networking network device sends a certificate update notification to the car networking terminal device, where the certificate update notification is intended to prompt that the car networking terminal device may send a certificate update request to the car networking network device, and the certificate update notification does not carry the first target certificate of authenticity. Specifically, similar to the foregoing step 204, the detailed description is omitted here.

405b, the vehicle networking network equipment sends the target pseudonymous name certificate to the vehicle networking terminal equipment.

In this embodiment, the network device sends a target pseudonymous name certificate to the network device, where the target pseudonymous name certificate refers to a pseudonymous name certificate whose remaining deadline is greater than the preset deadline. Therefore, the situation that the terminal equipment of the Internet of vehicles cannot perform related services due to the fact that the pseudonymous certificate expires can be avoided.

406. And the terminal equipment of the Internet of vehicles sends a certificate updating request to the network equipment of the Internet of vehicles.

In this embodiment, after the network device sends the certificate update notification to the network device, the network device sends a certificate update request to the network device, where the certificate update request includes the first version information of the certificate of authentication of the network device. Specifically, similar to the foregoing step 205, the detailed description is omitted here.

407. The vehicle networking network equipment determines a second target certificate of authenticity according to the first version information.

Wherein the second target certificate of authenticity comprises the first target certificate of authenticity. The second target certificate of authenticity may be one certificate of authenticity or may be a plurality of certificates of authenticity. In particular, the vehicle networking network device may determine the second target certificate of authenticity in a variety of ways. Specifically, the detailed description of step 304 is omitted here.

408. And the Internet of vehicles network equipment sends the second target verification certificate to the Internet of vehicles terminal equipment.

Specifically, step 408 is similar to step 207, and is not described herein again.

In some possible embodiments, the foregoing step 404 may be replaced by the following steps:

the vehicle networking network equipment inquires a target pseudonymous name certificate of the vehicle networking terminal equipment according to the registration certificate of the vehicle networking terminal equipment, wherein the target pseudonymous name certificate refers to a pseudonymous name certificate of which the remaining time limit is greater than the preset time limit.

In such an embodiment, the request for querying the pseudonymous name certificate is to prompt the network device that the network device has a need to update the pseudonymous name certificate. Therefore, the vehicle networking network device may not need to determine whether the remaining time limit of the pseudonymous name certificate currently used by the vehicle networking terminal device is less than the preset time limit, and the vehicle networking network device may directly query the target pseudonymous name certificate in the database of the vehicle networking network device according to the registration certificate. In such an embodiment, the computational overhead of the vehicle networking network device may be reduced, simplifying the step of the vehicle networking network device sending the target pseudonymous certificate.

After the network device queries the target pseudonymous certificate, the network device executes step 405a and step 405b, wherein there is no time sequence between step 405a and step 405 b.

In this embodiment, after the car networking network device acquires the first target certificate of authenticity from the certificate issuing device, and the car networking network device determines that the remaining time limit of the first pseudonymous certificate is smaller than the preset time limit, the car networking network device may determine that the digital certificate in the car networking network device is inconsistent with the digital certificate in the car networking terminal device, and then the car networking network device sends a certificate update notification to the car networking terminal device, so that the car networking terminal device sends a certificate update request to the car networking network device, thereby acquiring the second target certificate of authenticity in the car networking network device. Therefore, timely updating of the certificate can be guaranteed between the terminal equipment of the internet of vehicles and the network equipment of the internet of vehicles, and the probability of service processing delay or service processing failure of the terminal equipment of the internet of vehicles caused by untimely updating of the certificate is further reduced.

It should be understood by those skilled in the art that the method or the functions performed by the terminal device in the car networking system in the above embodiments may be implemented by a functional unit or an apparatus integrated in the terminal device in the car networking system. For example, when the terminal device of the car networking is a vehicle, the method in the above embodiment may be implemented by any device integrated in the vehicle, such as a vehicle mounted BOX (Telematics BOX, T-BOX), or a Domain Controller (DC), or a multi-domain controller (MDC), or an On Board Unit (OBU), and the like, which is not limited herein.

The certificate updating method in the present embodiment is described above, and the communication device in the present embodiment is described below.

As shown in fig. 5, the present embodiment provides a schematic structural diagram of a network device 50. The network device 50 may be the aforementioned car networking network device or V2X management platform, or may be a chip or system on a chip located on the car networking network device or V2X management platform.

Network device 50 includes a processor 501 and a memory 502. The memory 502 is used for storing programs, and the processor 501 is used for executing the programs in the memory 502 to realize functions of the internet-of-vehicles network device or the V2X management platform in the method embodiments of the present application, for example, sending a certificate update notification to the internet-of-vehicles terminal device, receiving a certificate update request sent by the internet-of-vehicles terminal device, and sending the target verification certificate to the internet-of-vehicles terminal device.

Where processor 501 may include one or more processors, memory 502 may include one or more storage media (e.g., one or more mass storage devices).

Optionally, the network device 50 further comprises an input/output interface 503, and the input/output interface 503 may be used for the network device 50 to communicate with other devices.

Optionally, the network device 50 may also include one or more power supplies 504, and/or one or more operating systems, such as Windows Server, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM, etc.

It should also be understood that, in the method embodiments corresponding to fig. 2 to 4, the steps performed by the car networking network device or V2X management platform may be based on the network device 50 structure shown in fig. 5.

As shown in fig. 6, the present embodiment provides a schematic structural diagram of a terminal device 60.

The terminal device 60 includes a processor 601 and a memory 602. The memory 602 is used for storing programs, and the processor 601 is used for executing the programs in the memory 602 to realize the functions of the car networking terminal device in the embodiments of the methods of the present application.

Where processor 601 may include one or more processors, memory 602 may include one or more storage media (e.g., one or more mass storage devices).

Optionally, the terminal device 60 further comprises an input/output interface 603, and the input/output interface 603 may be used for the terminal device 60 to communicate with other devices.

The terminal device 60 may be the aforementioned terminal device for car networking, or may be a chip or a system on a chip located on the aforementioned terminal device for car networking. In practical applications, the terminal device of the internet of vehicles may be a vehicle, a non-motor vehicle, a Road Side Unit (RSU), a portable device, or a wearable device, and is not limited herein. When the terminal device is a vehicle, the terminal device 60 may be a functional unit integrated in the terminal device. In particular, the terminal 60 may be a vehicle-mounted Box T-Box integrated in a vehicle, or a domain controller DC, or a multi-domain controller MDC, or a vehicle-mounted unit OBU, which is not limited herein.

It should also be understood that, in the method embodiments corresponding to fig. 2 to fig. 4, the steps performed by the terminal device in the internet of vehicles may be based on the structure of the terminal device 60 shown in fig. 6.

As shown in fig. 7, the present embodiment provides a schematic structural diagram of a communication system 70. The communication system includes a vehicle networking network device 701, a vehicle networking terminal device 702, and a certificate issuing device 703.

In a possible implementation, the car networking device 701 is configured to send a certificate update notification to the car networking terminal device 702, and send a target verification certificate to the car networking terminal device 702; the terminal device 702 in the internet of vehicles is configured to send a certificate update request to the network device 701 in the internet of vehicles, and receive a target verification certificate sent by the network device 701 in the internet of vehicles; the certificate issuing apparatus 703 is configured to issue the target authentication certificate.

In another possible embodiment, the certificate issuing apparatus 703 is configured to issue a first target verification certificate; the internet of vehicles network device 701 is configured to obtain the first target verification certificate from the certificate issuing device 703; the internet of vehicles network device 701 is further configured to send a certificate update notification to the internet of vehicles terminal device 702, and send a second target verification certificate to the internet of vehicles terminal device 702; the terminal device 702 is configured to send a certificate update request to the network device 701, and receive a second target verification certificate sent by the network device 701.

Optionally, the network device 701 may further perform all or part of the steps performed by the network device 701 in the method embodiments corresponding to fig. 2 to fig. 4. Specifically, the car networking network device 701 may refer to the specific structure of the embodiment corresponding to fig. 5, which is not described herein again specifically.

Optionally, the terminal device 702 may also perform all or part of the steps performed by the terminal device 702 in the foregoing method embodiments corresponding to fig. 2 to fig. 4. Specifically, the car networking terminal device 702 may refer to the specific structure of the foregoing embodiment corresponding to fig. 6, and details are not repeated here.

It should also be understood that the car networking network device 701 in this embodiment may be based on the structure of the network device 50 shown in fig. 5 described above. The terminal device 702 in this embodiment may be based on the structure of the terminal device 60 shown in fig. 6.

As shown in fig. 8, this embodiment provides a schematic structural diagram of another network device 80. The network device 80 may be a car networking network device, or may be a chip or system on a chip located on a car networking network device. Specifically, the network device 80 includes:

a receiving module 801, configured to receive a certificate authority request sent by a terminal device in an internet of vehicles, where the certificate authority request is used to inquire a first certificate;

a sending module 802, configured to send a certificate update notification to the car networking terminal device when the car networking network device determines that the first certificate of authenticity exists;

the receiving module 801 is further configured to receive a certificate update request sent by the terminal device in the internet of vehicles;

the sending module 802 is further configured to send the target certificate of authenticity to the car networking terminal device, where the target certificate of authenticity includes the first certificate of authenticity.

In a possible implementation, the network device 80 further includes:

a checking module 803, configured to check the validity of the registration certificate. The querying module 804 is configured to query the first certificate of authenticity according to the identification information when the network device determines that the registration certificate is a valid certificate of the network device, where the first certificate of authenticity is a superior signed certificate of the unknown pseudonymous certificate. At this time, when the vehicle networking network device determines that the first certificate of authenticity exists, a step of sending a certificate update notification to the vehicle networking terminal device will be triggered.

In this embodiment, the certificate authority request includes identification information of a certificate authority in the registration certificate and the unknown pseudonymous certificate of the terminal device in the internet of vehicles. In this embodiment, the network device in the internet of vehicles can only inquire the first certificate of authenticity for the legal terminal device in the internet of vehicles. Therefore, before querying the first certificate of authenticity, the network device of the internet of vehicles needs to determine the validity of the terminal device of the internet of vehicles that sent the request for querying the certificate of authenticity. When the vehicle networking terminal device determines that the vehicle networking terminal device is a legal vehicle networking terminal device, the vehicle networking terminal device may query the first certificate of authenticity by using the identification information, and when it is determined that the first certificate of authenticity exists, trigger a step of sending a certificate update notification to the vehicle networking terminal device. In such an embodiment, since the vehicle networking device may know that the first certificate of authenticity does not exist in the vehicle networking terminal device by querying the first certificate of authenticity. The vehicle networking network device may then determine that the certificate of authenticity in the vehicle networking terminal device is inconsistent with the certificate of authenticity in the vehicle networking network device, and may then trigger the step of sending a certificate update notification to the vehicle networking terminal device.

In another possible implementation, the network device 80 further includes:

a checking module 803, configured to check the validity of the registration certificate. The querying module 804 is configured to query the first certificate of authenticity according to the identification information when the network device determines that the registration certificate is a valid certificate of the network device, where the first certificate of authenticity is a superior signed certificate of the unknown pseudonymous certificate. When the network device determines that the first certificate exists, the step of sending a certificate update notification to the network device is triggered, and the verifying module 803 is further configured to verify the unknown pseudonymous certificate by using the first certificate, to obtain a verification result of the unknown pseudonymous certificate, where the verification result is used to indicate the validity of the unknown pseudonymous certificate. The sending module 802 is further configured to send the verification result of the unknown pseudonymous certificate to the terminal device in the internet of vehicles. In this embodiment, the certificate verification query request includes a registration certificate of the terminal device in the internet of vehicles and an unknown pseudonymous certificate, where the unknown pseudonymous certificate carries identification information of the certificate verification.

Optionally, the sending module 802 is further configured to send the first certificate of authenticity to the car networking terminal device.

Optionally, the querying module 804 is specifically configured to query the first certificate of authenticity from the database of the car networking device according to the identification information, or query the first certificate of authenticity from the certificate issuing device according to the identification information.

Optionally, the sending module 802 is further configured to send a prompt message to the car networking terminal device, where the prompt message is used to prompt that the car networking terminal device does not have the first certificate of authenticity.

Optionally, the network device 80 further includes an obtaining module 805. The obtaining module 805 is configured to obtain the target verification certificate from the certificate issuing apparatus.

Optionally, the network device 80 further comprises a determining module 806.

In a possible implementation, the determining module 806 is configured to determine a second certificate of authenticity corresponding to the first version of information, where the second certificate of authenticity is different from the first certificate of authenticity, and determine a certificate of authenticity in the internet-of-vehicles network device that is different from the second certificate of authenticity as a target certificate of authenticity, where the target certificate of authenticity includes at least one certificate of authenticity.

In another possible embodiment, the determining module 806 is configured to compare latest version information of the certificate of authenticity with the first version information, and determine, when the first version information is inconsistent with the latest version information, that the certificate of authenticity corresponding to the latest version information is a target certificate of authenticity, where the target certificate of authenticity includes at least one certificate of authenticity.

As shown in fig. 9, the present embodiment provides a schematic structural diagram of another terminal device 90. The terminal device 90 may be a terminal device of a car networking, or may be a chip or a system on a chip located on the terminal device of the car networking. Specifically, the terminal device 90 includes: a sending module 901, configured to send a certificate verification query request to the network device in the internet of vehicles, where the certificate verification query request is used to query a first certificate verification; a receiving module 902, configured to receive a certificate update notification sent by the network device when the network device determines that the first certificate of authentication exists; the sending module 901 is further configured to send a certificate update request to the network device in the internet of vehicles; the receiving module 902 is further configured to receive the target certificate of authenticity sent by the network device of internet of vehicles, where the target certificate of authenticity includes the first certificate of authenticity.

In this embodiment, since the terminal device in the internet of vehicles sends the certificate authority request to the network device in the internet of vehicles to inquire the first certificate, it indicates that the first certificate is not stored in the terminal device in the internet of vehicles; and if the vehicle networking network device can determine that the first authentication certificate exists, it indicates that the vehicle networking network device can acquire the first authentication certificate. Therefore, the vehicle networking network device can determine that the certificate of authenticity in the vehicle networking network device is inconsistent with the certificate of authenticity in the vehicle networking terminal device, and then the vehicle networking network device sends a certificate updating notification to the vehicle networking terminal device, so that the vehicle networking terminal device sends a certificate updating request to the vehicle networking network device, and a target certificate of authenticity in the vehicle networking network device is obtained. Therefore, timely updating of the certificate can be guaranteed between the terminal equipment of the internet of vehicles and the network equipment of the internet of vehicles, and the probability of service processing delay or service processing failure of the terminal equipment of the internet of vehicles caused by untimely updating of the certificate is further reduced.

Optionally, the receiving module 902 is further configured to receive, when the vehicle networking network device determines that a first certificate of authenticity exists, the first certificate of authenticity sent by the vehicle networking network device, where the first certificate of authenticity corresponds to the identification information, and the first certificate of authenticity is a superior issuance certificate of the unknown pseudonymous certificate. In such an embodiment, since the terminal device needs the first certificate of authenticity to authenticate the PC5 message received by the terminal device, the terminal device will send the first certificate of authenticity to the terminal device upon determining that the first certificate of authenticity exists, so that the terminal device can perform other services according to the first certificate of authenticity.

Optionally, the receiving module 902 is further configured to receive a verification result sent by the network device, where the verification result is used to indicate the validity of the unknown pseudonymous certificate. In such an embodiment, after querying the first certificate of authenticity, the network device may verify the unknown pseudonymous certificate with the first certificate of authenticity and send the result of the verification to the network device. Therefore, the vehicle networking terminal device does not need to adopt the first certificate of authenticity to verify the unknown pseudonymous certificate after receiving the first certificate of authenticity. In such an embodiment, the computational overhead of the terminal device in the vehicle networking system may be reduced, so that after receiving the first certificate of authenticity and the verification result, the terminal device in the vehicle networking system may perform other business processes directly according to the first certificate of authenticity and the verification result. Therefore, timely updating of the first certificate can be guaranteed, and the probability of service processing delay or service processing failure of the terminal equipment of the internet of vehicles caused by the fact that the first certificate is not updated timely is reduced.

Optionally, the receiving module 902 is further configured to receive a prompt message sent by the car networking network device when the car networking network device determines that the first certificate does not exist, where the prompt message is used to prompt that the car networking terminal device does not exist the first certificate.

Optionally, the receiving module 902 is further configured to receive the unknown pseudonymous certificate, where the unknown pseudonymous certificate carries the identification information. The terminal device 90 further comprises a determining module 903, and the determining module 903 is further configured to determine that the first certificate of authenticity does not exist in the database of the terminal device in the internet of vehicles according to the identification information.

As shown in fig. 10, the present embodiment provides a schematic structural diagram of another network device 100. The network device 100 may be a car networking network device, or may be a chip or a system on a chip located on a car networking network device. Specifically, the network device 100 includes:

an obtaining module 1001 configured to obtain a first target certificate of authenticity from a certificate issuing apparatus; a sending module 1002, configured to send a certificate update notification to the terminal device in the internet of vehicles; a receiving module 1003, configured to receive a certificate update request sent by the terminal device in the internet of vehicles; the sending module 1002 is further configured to send a second target certificate of authenticity to the terminal device in the internet of vehicles, where the second target certificate of authenticity includes the first target certificate of authenticity.

In this embodiment, the network device in the internet of vehicles may obtain the first target certificate of authenticity from the certificate issuing device, where the first target certificate of authenticity is a certificate of authenticity newly issued by the certificate issuing device or a certificate of authenticity newly modified by the certificate issuing device. Therefore, the internet of vehicles network device may determine that the first target certificate of authentication that the internet of vehicles network device just obtained does not appear in the internet of vehicles terminal device, that is, the certificate of authentication in the internet of vehicles network device is inconsistent with the certificate of authentication in the internet of vehicles terminal device, and then the internet of vehicles network device sends a certificate update notification to the internet of vehicles terminal device, so that the internet of vehicles terminal device sends a certificate update request to the internet of vehicles network device, thereby obtaining the second target certificate of authentication in the internet of vehicles network device. Therefore, timely updating of the certificate can be guaranteed between the terminal equipment of the internet of vehicles and the network equipment of the internet of vehicles, and the probability of service processing delay or service processing failure of the terminal equipment of the internet of vehicles caused by untimely updating of the certificate is further reduced.

In a possible implementation manner, the receiving module 1003 is further configured to receive a pseudonymous certificate query request sent by a terminal device in the internet of vehicles, where the pseudonymous certificate query request includes a registration certificate of the terminal device in the internet of vehicles;

the network device 100 further includes an inquiring module 1004, when determining that the registration certificate is a legal certificate of the terminal device in the internet of vehicles, inquiring a first pseudonymous certificate of the terminal device in the internet of vehicles according to the registration certificate of the terminal device in the internet of vehicles, and acquiring a remaining time limit of the first pseudonymous certificate, and when determining that the remaining time limit of the first pseudonymous certificate is less than a preset time limit, triggering a step of sending a certificate update notification to the terminal device in the internet of vehicles. In such an embodiment, another scenario is provided that triggers the internet of vehicles network device to send a certificate update notification to the internet of vehicles terminal device. Because, the vehicle networking network device can acquire the first target verification certificate from the certificate issuing device more frequently. However, if the vehicle networking network device sends a certificate update notification to the vehicle networking terminal device each time the first target certificate of authenticity is acquired, the execution of other services of the vehicle networking network device and the vehicle networking terminal device may be affected. Therefore, the network device may trigger the step of sending the certificate update notification to the terminal device of the network device of the vehicle upon receiving the pseudonymous certificate query request sent by the terminal device of the network device of the vehicle. Such an embodiment may reduce the flow of information between the end devices of the internet of vehicles and the internet of vehicles network device, thereby reducing the chance of affecting the execution of other traffic of the internet of vehicles network device and the internet of vehicles network device.

Optionally, the sending module 1002 is further configured to send a target pseudonymous certificate to the car networking terminal device, where a remaining duration of the target pseudonymous certificate is greater than the preset duration.

Optionally, the network device 100 further includes a query module 1004, and the query module 1004 is further configured to determine a second certificate of authenticity corresponding to the first version information, and determine a certificate in the network device of vehicles that is different from the second certificate of authenticity as a second target certificate of authenticity, where the second target certificate of authenticity includes at least one certificate of authenticity.

Optionally, the network device 100 further includes a determining module 1005, where the determining module 1005 is further configured to compare latest version information of the certificate of authenticity with the first version information, and determine, when the first version information is inconsistent with the latest version information, that the certificate of authenticity corresponding to the latest version information is a second target certificate of authenticity, where the second target certificate of authenticity includes at least one certificate of authenticity.

As shown in fig. 11, this embodiment provides a schematic structural diagram of another terminal device 110. The terminal device 110 may be a car networking terminal device, or may be a chip or a system on a chip located on the car networking terminal device. Specifically, the terminal device 110 includes: a receiving module 1101, configured to receive a certificate update notification sent by a network device in the internet of vehicles; a sending module 1102, configured to send a certificate update request to the network device in the internet of vehicles; the receiving module 1101 is further configured to receive a second target certificate of authenticity sent by the network device, where the second target certificate of authenticity includes a first target certificate of authenticity, and the first target certificate of authenticity is a certificate of authenticity obtained by the network device from a certificate issuing device.

In a possible implementation manner, the sending module 1102 is further configured to send a pseudonymous certificate query request to the car networking network device, where the pseudonymous certificate query request includes the registration certificate of the car networking terminal device and remaining term information of a first pseudonymous certificate, and the remaining term information of the first pseudonymous certificate is used to indicate that the remaining term of the first pseudonymous certificate is less than a preset term. The receiving module 1101 is further configured to receive a target pseudonymous name certificate sent by the network device when the network device determines that the registration certificate is a legal certificate of the network device, where a remaining term of the target pseudonymous name certificate is greater than the preset term. In such an embodiment, another scenario is provided that triggers the internet of vehicles network device to send a certificate update notification to the internet of vehicles terminal device. Because, the vehicle networking network device can acquire the first target verification certificate from the certificate issuing device more frequently. However, if the vehicle networking network device sends a certificate update notification to the vehicle networking terminal device each time the first target certificate of authenticity is acquired, the execution of other services of the vehicle networking network device and the vehicle networking terminal device may be affected. Therefore, the network device may trigger the step of sending the certificate update notification to the terminal device of the network device of the vehicle upon receiving the pseudonymous certificate query request sent by the terminal device of the network device of the vehicle. Such an embodiment may reduce the flow of information between the end devices of the internet of vehicles and the internet of vehicles network device, thereby reducing the chance of affecting the execution of other traffic of the internet of vehicles network device and the internet of vehicles network device.

Embodiments of the present application also provide a computer program product containing instructions, which when executed on a computer, cause the computer to perform the functions of the various communication devices as described above.

In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product.

The embodiment of the present application provides a computer-readable storage medium, which is used for storing the aforementioned instructions, so that the computer can execute the instructions to realize the functions of the aforementioned various communication devices.

It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above described systems, devices, modules or units may refer to the corresponding processes in the foregoing method embodiments, and detailed descriptions thereof are omitted here.

The above embodiments are only used to illustrate the technical solutions of the present application, and not to limit the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions in the embodiments of the present application.

Claims

1. A certificate update method, comprising:

the method comprises the steps that a vehicle networking network device receives a certificate verification query request sent by a vehicle networking terminal device, wherein the certificate verification query request is used for querying a first certificate verification, the certificate verification query request comprises a registration certificate and identification information of the vehicle networking terminal device, and the identification information is used for identifying a certificate verification in an unknown pseudonymous certificate;

the vehicle networking network equipment checks the legality of the registration certificate;

when the Internet of vehicles equipment determines that the registration certificate is a legal certificate of the Internet of vehicles terminal equipment, the Internet of vehicles equipment queries the first verification certificate according to the identification information, wherein the first verification certificate is an upper-level signing certificate of the unknown pseudonymous certificate;

when the Internet of vehicles network equipment determines that the first authentication certificate exists, the Internet of vehicles network equipment sends a certificate updating notice to the Internet of vehicles terminal equipment;

the Internet of vehicles network equipment receives a certificate updating request sent by the Internet of vehicles terminal equipment;

the Internet of vehicles network equipment sends a target certificate of authenticity to the Internet of vehicles terminal equipment, wherein the target certificate of authenticity comprises the first certificate of authenticity.

2. The method according to claim 1, wherein the certificate of authenticity query request further comprises the unknown pseudonymous certificate, and the unknown pseudonymous certificate carries the identification information of the certificate of authenticity;

the method further comprises the following steps:

the Internet of vehicles network equipment adopts the first verification certificate to verify the unknown pseudonymous certificate to obtain a verification result of the unknown pseudonymous certificate, and the verification result is used for indicating the validity of the unknown pseudonymous certificate;

and the Internet of vehicles network equipment sends the inspection result of the unknown pseudonymous name certificate to the Internet of vehicles terminal equipment.

3. The method of claim 2, wherein after the vehicle networking network device determines that the first certificate of authenticity exists, before the vehicle networking network device sends the target certificate of authenticity to the vehicle networking terminal device, the method further comprises:

and the Internet of vehicles network equipment sends the first certificate of authentication to the Internet of vehicles terminal equipment.

4. The method according to any one of claims 1 to 3, wherein the querying the first certificate of authenticity by the Internet of vehicles network device based on the identification information comprises:

the Internet of vehicles network equipment inquires a first certificate of authenticity from a database of the Internet of vehicles network equipment according to the identification information;

alternatively, the first and second electrodes may be,

and the Internet of vehicles network equipment inquires a first verification certificate from the certificate issuing equipment according to the identification information.

5. The method of claim 1, wherein when the Internet of vehicles network device determines that the first certificate of authenticity is not present, the method further comprises:

and the Internet of vehicles network equipment sends a prompt message to the Internet of vehicles terminal equipment, wherein the prompt message is used for prompting that the Internet of vehicles terminal equipment does not have the first certificate of authenticity.

6. The method according to any one of claims 1 to 3, wherein before the vehicle networking network device sends the certificate update notification to the vehicle networking terminal device, the method further comprises:

and the Internet of vehicles network equipment acquires the target verification certificate from the certificate issuing equipment.

7. The method according to any one of claims 1 to 3, wherein the certificate update request includes first version information of a certificate of authenticity of the terminal device of the Internet of vehicles;

before the vehicle networking network device sends the target verification certificate to the vehicle networking terminal device, the method further comprises:

the Internet of vehicles network equipment determines a second certificate of authentication corresponding to the first version information, wherein the second certificate of authentication is different from the first certificate of authentication;

the vehicle networking network equipment determines a certificate in the vehicle networking network equipment, which is different from the second certificate of authenticity, as a target certificate of authenticity, wherein the target certificate of authenticity comprises at least one certificate of authenticity.

8. The method according to any one of claims 1 to 3, wherein the certificate update request includes first version information of a certificate of authenticity of the terminal device of the Internet of vehicles;

the Internet of vehicles network equipment compares the latest version information of the certificate of authenticity with the first version information;

when the first version information is inconsistent with the latest version information, the Internet of vehicles network equipment determines that the certificate of authenticity corresponding to the latest version information is a target certificate of authenticity, and the target certificate of authenticity comprises at least one certificate of authenticity.

9. A certificate update method, comprising:

the method comprises the steps that the terminal equipment of the Internet of vehicles sends a certificate verification query request to the network equipment of the Internet of vehicles, wherein the certificate verification query request is used for querying a first certificate verification, the certificate verification query request comprises a registration certificate and identification information of the terminal equipment of the Internet of vehicles, and the identification information is used for identifying the certificate verification in an unknown pseudonymous certificate;

when the Internet of vehicles network equipment determines that the first authentication certificate exists, the Internet of vehicles terminal equipment receives a certificate updating notice sent by the Internet of vehicles network equipment;

the terminal equipment of the Internet of vehicles sends a certificate updating request to the network equipment of the Internet of vehicles;

the terminal equipment of the Internet of vehicles receives a target certificate of authenticity sent by the network equipment of the Internet of vehicles, wherein the target certificate of authenticity comprises the first certificate of authenticity, the first certificate of authenticity corresponds to the identification information, and the first certificate of authenticity is a superior issuing certificate of the unknown pseudonymous certificate.

10. The method according to claim 9, wherein the certificate of authenticity query request further comprises the unknown pseudonymous certificate, the unknown pseudonymous certificate carrying the identification information of the certificate of authenticity;

before the terminal device of the internet of vehicles receives the certificate update notification sent by the network device of the internet of vehicles, the method further comprises:

and the vehicle networking terminal equipment receives a detection result sent by the vehicle networking network equipment, wherein the detection result is used for indicating the validity of the unknown pseudonymous certificate.

11. The method of claim 9, wherein before the vehicle networking end device receives the certificate update notification sent by the vehicle networking network device, the method further comprises:

when the vehicle networking network equipment determines that the first verification certificate does not exist, the vehicle networking terminal equipment receives a prompt message sent by the vehicle networking network equipment, wherein the prompt message is used for prompting that the vehicle networking terminal equipment does not exist the first verification certificate.

12. The method according to any one of claims 9 to 11, wherein before the terminal device sends the request for certificate of authenticity to the network device, the method further comprises:

the Internet of vehicles terminal equipment receives the unknown pseudonymous certificate, and the unknown pseudonymous certificate carries the identification information;

and the vehicle networking terminal equipment determines that the first certificate of authentication does not exist in a database of the vehicle networking terminal equipment according to the identification information.

13. A certificate update method, comprising:

the method comprises the steps that the Internet of vehicles network equipment obtains a first target verification certificate from certificate issuing equipment;

the Internet of vehicles network equipment sends a certificate updating notice to the Internet of vehicles terminal equipment;

the Internet of vehicles network equipment sends a second target certificate of authenticity to the Internet of vehicles terminal equipment, wherein the second target certificate of authenticity comprises the first target certificate of authenticity;

before the car networking network device sends the certificate update notification to the car networking terminal device, the method further comprises:

the method comprises the steps that a vehicle networking network device receives a pseudonymous certificate query request sent by a vehicle networking terminal device, wherein the pseudonymous certificate query request comprises a registration certificate of the vehicle networking terminal device;

when the Internet of vehicles network equipment determines that the registration certificate is a legal certificate of the Internet of vehicles terminal equipment, the Internet of vehicles network equipment inquires a first pseudonymous certificate of the Internet of vehicles terminal equipment according to the registration certificate of the Internet of vehicles terminal equipment and acquires the remaining time limit of the first pseudonymous certificate;

and when the vehicle networking network equipment determines that the remaining time limit of the first pseudonymous name certificate is smaller than a preset time limit, the vehicle networking network equipment triggers a step of sending a certificate updating notification to the vehicle networking terminal equipment.

14. The method of claim 13, wherein when the internet of vehicles network device determines that the remaining duration of the first pseudonymous certificate is less than a preset duration, the method further comprises:

and the Internet of vehicles network equipment sends a target pseudonymous name certificate to the Internet of vehicles terminal equipment, wherein the remaining time limit of the target pseudonymous name certificate is greater than the preset time limit.

15. The method according to claim 13 or 14, wherein the certificate update request includes first version information of a certificate of authentication of the terminal device of the internet of vehicles;

before the vehicle networking network device sends the second target verification certificate to the vehicle networking terminal device, the method further comprises:

the Internet of vehicles network equipment determines a second certificate of authentication corresponding to the first version information;

the vehicle networking network device determines a certificate in the vehicle networking network device different from the second certificate of authenticity as a second target certificate of authenticity, wherein the second target certificate of authenticity comprises at least one certificate of authenticity.

16. The method according to claim 13 or 14, characterized in that the certificate update request comprises first version information of the certificate of the end device of the internet of vehicles;

when the first version information is inconsistent with the latest version information, the Internet of vehicles network equipment determines that the certificate corresponding to the latest version information is a second target certificate, and the second target certificate includes at least one certificate.

17. A certificate update method, comprising:

the terminal equipment of the Internet of vehicles receives a certificate updating notice sent by the network equipment of the Internet of vehicles;

the terminal equipment of the Internet of vehicles receives a second target certificate of authenticity sent by the network equipment of the Internet of vehicles, wherein the second target certificate of authenticity comprises a first target certificate of authenticity, and the first target certificate of authenticity is obtained by the network equipment of the Internet of vehicles from certificate issuing equipment;

the method comprises the steps that a vehicle networking terminal device sends a pseudonymous name certificate inquiry request to a vehicle networking network device, wherein the pseudonymous name certificate inquiry request comprises a registration certificate of the vehicle networking terminal device and the remaining term information of a first pseudonymous name certificate, and the remaining term information of the first pseudonymous name certificate is used for indicating that the remaining term of the first pseudonymous name certificate is smaller than a preset term;

when the vehicle networking network equipment determines that the registration certificate is a legal certificate of the vehicle networking terminal equipment, the vehicle networking terminal equipment receives a target pseudonymous name certificate sent by the vehicle networking network equipment, and the remaining time limit of the target pseudonymous name certificate is greater than the preset time limit.

18. The network equipment is characterized in that the network equipment is vehicle networking network equipment or a chip or a functional unit in the vehicle networking network equipment;

the network device includes:

a processor and a memory;

the memory is used for storing programs;

the processor is configured to execute the program to implement the method of any one of claims 1 to 8.

19. The terminal equipment is characterized in that the terminal equipment is vehicle networking terminal equipment or a chip or a functional unit in the vehicle networking terminal equipment;

the terminal device includes:

a processor and a memory;

the memory is used for storing programs;

the processor is configured to execute the program to implement the method of any one of claims 9 to 12.

20. The network equipment is characterized in that the network equipment is vehicle networking network equipment or a chip or a functional unit in the vehicle networking network equipment;

the network device includes:

a processor and a memory;

the memory is used for storing programs;

the processor is configured to execute the program to implement the method of any one of claims 13 to 16.

21. The terminal equipment is characterized in that the terminal equipment is vehicle networking terminal equipment or a chip or a functional unit in the vehicle networking terminal equipment;

the terminal device includes:

a processor and a memory;

the memory is used for storing programs;

the processor is configured to execute the program to implement the method of claim 17.

22. A communication system, the communication system comprising:

a network device according to claim 18 or 20 and a terminal device according to claim 19 or 21.

23. The communication system of claim 22,

the communication system further comprises: a certificate issuing apparatus;

the certificate issuing apparatus for sending the authentication certificate, the pseudonymous certificate, or the registration certificate referred to in any one of claims 1 to 17 to the network apparatus.

24. A computer-readable storage medium comprising instructions that, when executed on a computer, cause the computer to perform the method of any of claims 1 to 17.