CN112187459B - Credible authentication method and system among modules in intelligent network networking - Google Patents

Credible authentication method and system among modules in intelligent network networking Download PDF

Info

Publication number
CN112187459B
CN112187459B CN202011072995.4A CN202011072995A CN112187459B CN 112187459 B CN112187459 B CN 112187459B CN 202011072995 A CN202011072995 A CN 202011072995A CN 112187459 B CN112187459 B CN 112187459B
Authority
CN
China
Prior art keywords
module
vehicle
vcu
certificate
tpm
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011072995.4A
Other languages
Chinese (zh)
Other versions
CN112187459A (en
Inventor
仲红
操文文
杨明
崔杰
张庆阳
张静
许艳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Anhui University
Original Assignee
Anhui University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Anhui University filed Critical Anhui University
Priority to CN202011072995.4A priority Critical patent/CN112187459B/en
Publication of CN112187459A publication Critical patent/CN112187459A/en
Application granted granted Critical
Publication of CN112187459B publication Critical patent/CN112187459B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • H04L9/0897Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Health & Medical Sciences (AREA)
  • Power Engineering (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a security authentication method between modules in an intelligent networked vehicle based on trusted computing, which comprises the processes of system initialization, certificate generation and verification, mutual authentication and key agreement between the modules, rapid message authentication, revocation of a change module and the like. The invention uses the trusted computing technology to ensure the safety and the credibility of the module, uses the remote certification to verify the safety state of the module, and adopts the high-efficiency message authentication. The intelligent internet vehicle communication model can realize module authentication and quick message authentication. Whether the module is safe or not only needs to be verified regularly, and the quick message authentication of the module can meet the verification of a large amount of real-time data in the intelligent internet vehicle.

Description

Credible authentication method and system among modules in intelligent network networking
Technical Field
The invention belongs to the intelligent internet vehicle communication safety technology, and particularly relates to a credible authentication method and system among modules in an intelligent internet vehicle.
Background
With the development of computer control technology, intelligent internet vehicles are also gradually a research focus. The intelligent internet vehicle mainly depends on an in-vehicle computer system to realize unmanned driving. The intelligent internet vehicle mainly comprises three parts of data sensing, data processing and control execution. Various sensors equipped in the vehicle are responsible for acquiring real-time data, and a vehicle-mounted computing and communication unit (VCU) is responsible for processing data received from the sensors, making timely decisions and finally sending the decisions to an actuator. The actuators are responsible for receiving commands collected from the VCU to perform further operations, including controlling steering and acceleration and deceleration of the vehicle. All actions are completed by the vehicle, and no human participation is needed.
Although the internet vehicle has great potential, the safety problem of the internet vehicle still needs to be solved. The secure data transmission between the internal modules is short of an effective mechanism for guaranteeing, and an attacker can modify, delete and replay messages in the transmission process. If the receiver acquires wrong data, wrong actions may be generated, for example, the vehicle-mounted computing and communication unit acquires modified camera data, and a front obstacle is not detected, so that a traffic accident is caused. Message authentication is therefore required to secure the secure data transfer of the internal modules. Meanwhile, the safety inside the intelligent internet vehicle cannot be guaranteed only by message authentication. The internal module may be malicious or attacked, and if the malicious internal module continuously issues wrong information, even if the message authentication guarantee message is not tampered in the transmission process, wrong data wastes vehicle computing resources and can cause a decision without errors.
In summary, the main purpose of the security certification protocol research based on the trusted execution environment in the intelligent internet vehicle is to realize the mutual certification and the rapid message certification among the modules in the intelligent internet vehicle. Considering that an attacker may initiate attacks on the intelligent network online module and attacks on messages in the transmission process, currently, the related authentication of the module is lack of credibility, but the security protection of the module is particularly critical. Therefore, module safety and data safety protection are achieved based on the research of the intelligent internet vehicle system safety certification protocol of the trusted execution environment.
Disclosure of Invention
The invention aims to: the invention aims to solve the problem of safe communication in the existing intelligent networked car, provides a method for realizing authentication between modules and quick message authentication, combines the module authentication and the message authentication, and provides an authentication method in the intelligent networked car based on a trusted computing technology, namely, a trusted execution environment is constructed based on a TPM in trusted computing, so that the safe credibility of the modules is realized, and the quick authentication of the messages is realized on the basis.
The technical scheme is as follows: the invention discloses a credible authentication method among modules in an intelligent online vehicle, which comprises the following steps of:
s1, initialization of trusted authority TA: trusted authority TA Generation Master Key sk TA And a corresponding public key P pub
S2, module initialization: module i in the vehicle is based on corresponding trusted platform module TPM i The endorsement key AIK generates its own public and private key sk i And pk i And broadcasts its own public key pk i (ii) a The vehicle-mounted computing processing unit VCU generates a self private key sk by using the endorsement key AIK v Generating public and private keys pk v
S3, the in-vehicle module i safely sends the state information to a trusted authority TA, the TA verifies the state information, and if the state information passes the verification, a certificate is generated for the TA; after receiving the certificate sent by the TA, the in-vehicle module i firstly verifies the certificate;
and S4, mutual authentication is carried out among the in-vehicle module i and the vehicle calculation processing unit VCU, and a signature is generated and sent to the opposite side based on the certificate processed by the private key and the TA method. After the signature verification of the two parties passes, generating a session and key, and storing the session and key in a TPM module;
s5, when data are transmitted between the in-vehicle module i and the vehicle calculation processing unit VCU, a message verification code HMAC is generated by utilizing the generated session key to realize message verification;
and S6, if the TA detects that a certain in-vehicle module is changed section, the TA cancels the in-vehicle module.
Further, the trusted authority TA selects
Figure BDA0002715755790000021
As master key sk TA And calculates the corresponding public key P pub ,P pub =(X,Y,Z),X=g x ,Y=g y ,Z=g z Wherein G is the generator of group G; TA selects two safe collision-free one-way hash functions: h: {0,1} * →Z q ,H:{0,1} * →Z q TA selects two q-th order groups: g 1 =<g 1 >,G T =<g T >, bilinear mapping as e: g 1 *G 1 =G T Wherein q is a prime number; the TA then broadcasts the common parameter g 1 ,g T ,G 1 ,G T ,P pub ,h,H}。
Further, the specific process of generating the certificate and the in-vehicle module verification certificate by the trusted authority TA in step S3 is as follows:
S3.1、TPM i collecting status information cs of in-vehicle module i i And sending the information to an in-vehicle module i, and then the in-vehicle module calculates and sends the identity, configuration information and a public key of the in-vehicle module
Figure BDA0002715755790000022
Sending the certificate to a trusted authority TA to acquire the certificate; likewise, the VCU calls the TPM v To collect status information cs v Finally, the ID of the user is sent v Configuration information (attribute cs) v ) And the public key pk v By passing
Figure BDA0002715755790000023
Feeding TA;
s3.2, the trusted authority TA utilizes the master key sk TA Decryption obtains (ID) respectively i ,cs i ||pk i And (ID) v ,cs v ||pk v ) The TA judges whether the state of the in-vehicle module i is normal or not according to the state standard ps; if the result is normal, the TA generates a corresponding certificate and sends the corresponding certificate to a response in-vehicle module i;
TA selection a i ∈G 1 And calculate A i =a i z ,b i =a i y ,B i =A i y
Figure BDA0002715755790000031
And sends a certificate sigma i =(a i ,A i ,b i ,B i ,c i ) Giving module i in vehicle, TA selects a v E G1, and calculating A v =a z z ,b v =a v y ,B v =A v y
Figure BDA0002715755790000032
Thereby generating a certificate sigma v =(a v ,A v ,b v ,B v ,c v ) And sending to the VCU; wherein
Figure BDA0002715755790000033
A private key that is TA;
s3.3, certificate verification
When the module i in the vehicle receives the certificate sigma sent by the TA i =(a i ,A i ,b i ,B i ,c i ) Then, the certificate sigma is first checked i Verification is performed by determining whether the following equation holds:
e(a i ,Z)=e(g,A i ),
Figure BDA0002715755790000034
e(A,Y i )=e(g,B i );
likewise, the VCU receives the certificate σ sent by the TA v =(a v ,A v ,b v ,B v ,c v ) Then, the certificate sigma is first checked v Verification is performed by determining whether the following equation holds:
e(a v ,Z)=e(g,A v ),
Figure BDA0002715755790000035
e(A,Y v )=e(g,B v );
if both the verification succeeds, executing the step S3.4;
s3.4, pair of in-vehicle module i and VCU
Certificate sigma i And σ v Carrying out treatment;
TPMi is first selected
Figure BDA0002715755790000036
Calculating r i1 -1 And send r i1 -1 ,r i2 For in-vehicle module i, in-vehicle module i calculates
Figure BDA0002715755790000037
σ i =(a′ i ,A′ i ,b′ i ,B′ i ,c′ i ) As a certificate for the final in-vehicle module i;
likewise, TPM in a VCU i Selecting
Figure BDA0002715755790000038
Calculating r v1 -1 And send r v1 -1 ,r v2 To the VCU; VCU calculation
Figure BDA0002715755790000039
Further, the detailed method of step S4 is as follows:
s4.1, TPM in VCU v Selecting
Figure BDA0002715755790000041
Calculate g n Sending N v ,g n To the VCU; VCU transmitting N v ,g n Giving the in-vehicle module i to communicate with the in-vehicle module i;
s4.2, signature generation
First, TPM i Upon receiving N v ,g n Then sign it
Figure BDA0002715755790000042
And sending the PBA signature to an in-vehicle module i to further generate a PBA signature; the in-vehicle module i performs the following operations:
selecting
Figure BDA0002715755790000043
Calculating u ix =e(X,a′ i ),u ixy =e(X,b′ i ),u is =e(g,c′ i ),u ixyz =e(X,B′ i ),
Figure BDA0002715755790000044
s i1 =w i1 -c Hi cs i modq,s i2 =w i2 -c Hi r i1 modq, wherein c Hi =H(σ′ i ,u ix ,u ixy ,u ixyz ,u is ,T i ,N v ,g n ) Simultaneous TPM i Selecting
Figure BDA0002715755790000045
Calculate g m Sending N via in-vehicle module i i ,g m To the VCU; the final in-vehicle module i generates a final PBA signature sigma PBAi =(σ′ i ,c Hi ,δ i ,s i1 ,s i2 ,T i ,N i );
The VCU generates a signature;
when receiving N sent by the in-vehicle module i i ,g m First, TPM v Generate a signature thereon
Figure BDA0002715755790000046
And send delta v To the VCU; the VCU generates the PBA signature by:
u vx =e(X,a″ v ),u vxy =e(X,b′ v ),u vs =e(g,c′ v ),u vxyz =e(X,B′ v ),
selecting
Figure BDA0002715755790000047
c Hv =H(σ′ v ,u vx ,u vxy ,u vxyz ,u vs ,T v ,N i ,g m ),
Figure BDA0002715755790000048
Figure BDA0002715755790000049
And calculate s v1 =w v1 -c Hv cs v modq,s v2 =w v2 -c Hv r v1 modq;
Figure BDA00027157557900000410
Finally generating the PBA signature sigma PBAv =(σ′ v ,c Hv ,δ v ,s v1 ,s v2 ,T v ,N v );
S4.3, signature verification stage
When the in-vehicle module i receives the signature sigma of the PBA PBAv First, the in-vehicle module i verifies the equation
Figure BDA00027157557900000411
Figure BDA00027157557900000412
If the result is true, continuing to obtain the result if the result is verified;
in-vehicle module i verifies certificate σ 'by verifying whether the following equation stands' v
e(a″ v ,Z)=e(g,A′ v ),
e(a′ v ,Y)=e(g,b′ v ),
e(A′ i ,Y)=e(g,B′ v )
Then by calculating and verifying the followingC 'is judged by equation' Hv =c Hv Whether or not:
u′ vx =e(X,a′ v ),
u′ vxy =e(X,b′ v ),
u′ vs =e(g,c′ v ),
u′ vxyz =e(X,B′ v ),
Figure BDA0002715755790000051
c′ Hv =H(σ′ v ,u′ vx ,u′ vxy ,u′ vxy z,u′ vs ,T′ v ,N i ,g m );
if the above equation is established, the VCU passes the verification of the in-vehicle module i;
the VCU verifies the signature of the in-vehicle module i in the same way;
s4.4, generating root key based on Diffie-Hellman key agreement protocol
TPM i Using its own secret value m and received g n To calculate k iv =g nnm (ii) a At the same time, TPM v Using its own secret value n and received g m To calculate k vi =g mn (ii) a Then the root key is stored in TPM i And TPM v Performing the following steps; the session key in the t times of communication is subjected to hash operation on the root key: k is a radical of i+1 =h(k i )。
Further, the detailed method of the inter-vehicle module message authentication in S5 is as follows:
the TPM in the in-vehicle module generates the message at the same time i Generating a responsive key k d ,k d-1 ,k d-2 ,...,k d And successively sent to an in-vehicle module i which calculates
Figure BDA0002715755790000052
And transmit
Figure BDA0002715755790000053
To the VCU;
VCU calls TPM v Generating a secret key k' d ,k′ d-1 ,k′ d-2 ,...,k′ d (ii) a VCU calculation
Figure BDA0002715755790000054
Finally, the VCU passes the judgment
Figure BDA0002715755790000055
Whether to stand for full message authentication.
Further, the detailed method of revoking management in step S6 is as follows:
when the VCU finds that the module i in the vehicle sends an error message, the VCU locally stores the error message record, and when the record value of the error message reaches the threshold value, the VCU sends the error message record
Figure BDA0002715755790000056
Feeding TA; TA verification Using private Key sk TA Obtaining ID v M, and finding out the certificate of the related in-vehicle module i;
the TA then sends a revocation command to the TPM in the in-vehicle module i i ;TPM i Verifying the received command, and deleting the certificate sigma after the verification is passed i =(a i ,A i ,b i ,B i ,c i ) And cs i (ii) a Verification of the in-vehicle module i requires generation of a PBA signature based on the certificate σ i The absence of a certificate does not allow the generation of a correct signature;
in the above process, in order to ensure that the TPM in the in-vehicle module i correctly receives the message sent by the TA, a "heartbeat" mechanism is adopted, that is, the TA periodically sends a random message to the TPM, and determines whether the TPM correctly receives the message according to feedback received by the TA. The invention also discloses a system for realizing the credible authentication method among the modules in the intelligent internet vehicle, which comprises a credible institution TA, a vehicle processing unit VCU equipped with a credible platform module TPM and an in-vehicle module i equipped with the credible platform module TPM; in the participation of the trusted authority TA, the in-vehicle module i and the vehicle processing unit VCU perform mutual authentication and secure communication, and the in-vehicle VCU and the module are both equipped with TPMs to implement trusted authentication and save private keys.
Has the advantages that: compared with the prior art, the invention has the following advantages and disadvantages:
(1) the invention uses the trusted platform module TPM of trusted computing to ensure the module state safety, the TPM can provide protection for sensitive data and can judge whether the module state is safe;
(2) aiming at the interior of the intelligent networked vehicle, the invention not only considers the safety in the module data transmission process, but also adopts the remote certification technology to realize the mutual authentication between the modules, thereby avoiding the attack to the modules and further improving the interior safety of the intelligent networked vehicle;
(3) the invention combines module authentication and message authentication, wherein the mutual authentication of the module authentication only needs to be verified at regular intervals, and the message authentication is realized by using HMAC, so that the calculation and transmission costs are lower, and the overall message authentication efficiency is improved.
Drawings
FIG. 1 is a schematic diagram of the system of the present invention;
FIG. 2 is a block flow diagram of the system of the present invention;
FIG. 3 is a specific flowchart of mutual module authentication according to the present invention;
FIG. 4 is a diagram illustrating an exemplary process for performing module revocation in accordance with the present invention;
FIG. 5 is a diagram illustrating a comparison between the time when the TA issues the certificate and the time when the in-vehicle module verifies the certificate in the embodiment;
FIG. 6 is a diagram illustrating the time overhead of PBA signatures in an embodiment;
FIG. 7 is a diagram illustrating message authentication time in an embodiment.
Detailed Description
The technical solution of the present invention is described in detail below, but the scope of the present invention is not limited to the embodiments.
As shown in fig. 1, the system of the present invention includes the following participants: a trusted authority TA, a vehicle computing processing unit VCU, an in-vehicle module i (e.g. sensors and actuators, etc.) equipped with a trusted platform module TPM. By means of the safety storage capacity provided by the TPM, the module can safely store data such as a private key.
As shown in fig. 2, the method for authenticating trust between modules in an intelligent internet vehicle of the present invention includes the following steps:
(1) a preparation process, namely initializing the TA and generating a public and private key of the in-vehicle module i;
(2) and in the communication process, mutual authentication, message authentication and revocation of malicious modules among modules in the intelligent internet vehicle (CAV).
The specific steps of the step (1) are as follows:
initialization of TA: TA selection
Figure BDA0002715755790000071
As master key and calculates the corresponding public key X ═ g x ,Y=g y ,Z=g z ,P pub TA selects two safe collision-free one-way hash functions: h: {0,1} * →Z q ,H:{0,1} * →Z q TA selects two q-th order groups G 1 =<g 1 >,G T =<g T G is a bilinear mapping of e 1 *G 1 =G T Wherein q is a prime number. TA broadcast common parameter g 1 ,g T ,G 1 ,G T ,P pub ,h,H};
Module initialization: module i in vehicle is based on TPM i The endorsement key AIK generates its own public and private key sk i ,pk i And broadcasts its own public key pk i . The vehicle-mounted computing unit VCU executes the same operation to generate a public key and a private key;
the process of the step (2) comprises the following steps: the module requests a certificate, the TA verifies the state of the module and signs the certificate, the module verifies the certificate and signs in combination with a private key and attributes, and mutual authentication, key agreement and message authentication among the modules are carried out. If a variant module exists, the TA queries and deactivates the module.
The specific processes of requesting and generating certificates are described as follows:
1)TPM i collecting status information cs of in-vehicle module i i And transmits cs i Sending the data to an in-vehicle module i, and then calculating and sending the data to the in-vehicle module i
Figure BDA0002715755790000072
Sent to the TA to obtain the certificate. Likewise, the VCU performs the same operations, ultimately transmitting
Figure BDA0002715755790000073
Feeding TA;
2) TA decryption obtains (ID) i ,cs i ||pk i And (ID) v ,cs v ||pk v ). And the TA judges whether the state of the in-vehicle module i is normal or not according to the state standard ps. And if the response is normal, the TA generates a corresponding certificate and sends the corresponding certificate to the response in-vehicle module i. TA selection a i E.g. G, and calculate A i =a i z ,b i =a i y ,B i =A i y ,
Figure BDA0002715755790000074
And sends a certificate sigma i =(a i ,A i ,b i ,B i ,c i ) Giving the in-vehicle module i, and meanwhile, generating the certificate sigma by the TA in the same way v =(a v ,A v ,b v ,B v ,c v ) And sent to the VCU.
3) A certificate verification phase. When the module i in the vehicle receives sigma i =(a i ,A i ,b i ,B i ,c i ) Then, the certificate is first required to be verified to pass judgment e (a) i ,Z)=e(g,A i ),
Figure BDA00027157557900000812
e(A,Y i )=e(g,B i ) Whether or not this is true. Likewise, the VCU verifies the received certificate in the same manner.
Subsequently, the in-vehicle module i and the VCU need to process the received certificate. TPM i First, selecting
Figure BDA0002715755790000081
Calculating r i1 -1 And send r i1 -1 ,r i2 And (5) giving an in-vehicle module i. In-vehicle module i calculation
Figure BDA0002715755790000082
σ′ i =(a′ i ,A′ i ,b′ i ,B′ i ,c′ i ) As a certificate for the final in-vehicle module i. Likewise, TPM in a VCU i Selecting
Figure BDA0002715755790000083
Calculating r v1 -1 And send r v1 -1 ,r v2 To the VCU. VCU calculation
Figure BDA0002715755790000084
Figure BDA0002715755790000085
As shown in fig. 3, the specific steps of the mutual authentication and fast message authentication process between the modules are as follows:
1) TPM in VCU v Selecting
Figure BDA0002715755790000086
Calculate g n Sending N v ,g n To the VCU. VCU transmitting N v ,g n Giving the in-vehicle module ii to communicate with it.
2) And a signature generation stage. First, TPM i Upon receiving N v ,g n Then sign it
Figure BDA0002715755790000087
And sent to the in-vehicle module i for further generation of PBA signatures. The in-vehicle module i needs to perform the following operations: selecting
Figure BDA0002715755790000088
Calculating u ix =e(X,a′ i ),u ixy =e(X,b′ i ),u is =e(g,c′ i ),u ixyz =e(X,B′ i ),
Figure BDA0002715755790000089
s i1 =w i1 -c Hi cs i modq,s i2 =w i2 -c Hi r i1 modq。
Wherein c is Hi =H(σ′ i ,u ix ,u ixy ,u ixyz ,u is ,T i ,N v ,g n ) Simultaneous TPM i Selecting
Figure BDA00027157557900000810
Calculate g m Sending N via module i i ,g m To the VCU. The final in-vehicle module i generates a final PBA signature sigma PBAi =(σ′ i ,c Hi ,δ i ,s i1 ,s i2 ,T i ,N i );
The VCU generates a signature. When receiving N sent by the in-vehicle module i i ,g m First, TPM v Generate a signature thereon
Figure BDA00027157557900000811
And send delta v To the VCU. The VCU generates the PBA signature by: u. of vx =e(X,a′ v ),u vxy =e(X,b′ v ),u vs =e(g,c′ v ),u vxyz =e(X,B′ v ) Selecting
Figure BDA0002715755790000091
Figure BDA0002715755790000092
And calculate s v1 =w v1 -c Hv cs v modq,s v2 =w v2 -c Hv r v1 modq,
Figure BDA0002715755790000093
Finally generating the PBA signature sigma PBAv =(σ′ v ,c Hv ,δ v ,s v1 ,s v2 ,T v ,N v )
3) And (5) signature verification stage. When the in-vehicle module i receives the signature of the PBA, firstly, the in-vehicle module i verifies
Figure BDA0002715755790000094
If the verification is passed, the process continues.
In-vehicle Module i verifies σ' v By: e '(a' v ,Z)=e(g,A′ v ),e(a′ v ,Y)=e(g,b′ v ),e(A′ i ,Y)=e(g,B′ v ) And the module i in the module vehicle verifies that the signature passes: u' vx =e(X,a′ v ),u′ vxy =e(X,b′ v ),u′ vs =e(g,c′ v ),u′ vxyz =e(X,B′ v ),
Figure BDA0002715755790000095
Figure BDA0002715755790000096
And calculates and verifies c' Hv =H(σ′ v ,u′ vx ,u′ vxy ,u′ vxy z,u′ vs ,T′ v ,N i ,g m ),c′ Hv =c Hv And if the determination result is positive, the VCU passes the verification of the in-vehicle module i. The VCU verifies the signature of the in-vehicle module i in the same way.
The root key is generated based on the Diffie-Hellman key agreement protocol. TPM i Using its own secret value m and received g n Calculating k iv =g nm . At the same time, TPM v Using its own secret value n and received g m Calculating k vi =g mn
Root Key preservation in TPM i And TPM v In (1). the session key in the t times of communication is subjected to hash operation on the root key: k is a radical of i+1 =h(k i )。
4) And a message authentication phase. The module i in the vehicle generates a message and the TPM in the module i Generating a responsive key k d ,k d-1 ,k d-2 ,...,k d And successively sent to module i. In-vehicle module i calculation
Figure BDA0002715755790000097
And transmit
Figure BDA0002715755790000098
To the VCU. VCU calls TPM v Generating a secret key k' d ,k′ d-1 ,k′ d-2 ,...,k′ d . VCU calculation
Figure BDA0002715755790000099
VCU authentication message passing computation
Figure BDA00027157557900000910
Whether or not this is true.
As shown in fig. 4, the specific process of module revocation is as follows:
when the VCU finds that the module i in the vehicle sends an error message, the VCU locally stores the record, and when the record value reaches the threshold value, the VCU sends the record value
Figure BDA0002715755790000101
To TA. TA verification Using private Key to obtain ID v M and finds the certificate of the relevant module i. Finally, TA sends cancel command to TPM in module i in vehicle i 。TPM i Verifying the received revocation command, and deleting the certificate sigma after the verification is passed i =(a i ,A i ,b i ,B i ,c i ) And cs i . Verification of a module requires generation of a PBA signature, which is based on a certificate σ i The absence of a certificate does not allow the generation of a correct signature. Meanwhile, in order to ensure that the TPM in the module correctly receives the message sent by the TA, a 'heartbeat' mechanism is adopted, namely the TA regularly sends a random message to the TPM, and whether the TPM correctly receives the message is judged according to feedback received by the TA.
Example (b):
the embodiment performs related experiments in linux system, wherein the calculation related to trusted platform module TPM is implemented in Intel SGX (Software Guard Extensions). Fig. 5 shows the time at which the TA issues the certificate and the in-vehicle module verifies the certificate. In fig. 6, the present embodiment illustrates the time overhead of the relevant PBA signatures. The message authentication time for messages of different lengths, with message lengths from 1KB-2MB, is shown in fig. 7.

Claims (7)

1. A credible authentication method between modules in an intelligent internet vehicle is characterized by comprising the following steps: the method comprises the following steps:
s1, initialization of trusted authority TA: trusted authority TA generates master key sk TA And a corresponding public key P pub
S2, module initialization: module i in the vehicle is based on corresponding trusted platform module TPM i The endorsement key AIK generates its own private key sk i And the public key pk i And broadcasts its own public key pk i (ii) a The vehicle-mounted computing processing unit VCU generates a self private key sk by using the endorsement key AIK v Generating public and private keys pk v (ii) a i represents the ith in-vehicle module;
s3, the in-vehicle module i sends the state information to the trusted authority TA safely, the TA verifies the state information, and if the state information passes the verification, a certificate is generated for the TA; after receiving the certificate sent by the TA, the in-vehicle module i firstly verifies the certificate and processes the certificate;
s4, mutual authentication is carried out among the in-vehicle module i and the vehicle calculation processing unit VCU, a signature is generated and sent to the opposite side based on a certificate processed by a private key of the user and a TA method, and a session key is generated and stored in each TPM module after the signature verification of the user and the TA method is passed;
s5, when data are transmitted between the in-vehicle module i and the vehicle calculation processing unit VCU, generating a message authentication code HMAC by using the session key generated in the step S4 to realize the authentication of the message;
and S6, if the TA detects that a certain in-vehicle module is changed section, the TA cancels the in-vehicle module.
2. The method for credible authentication among modules in the intelligent internet vehicle according to claim 1, wherein the method comprises the following steps:
the trusted authority TA selects the x, y,
Figure FDA0003739322450000011
as the master key sk TA And calculates the corresponding public key P pub ,P pub =(X,Y,Z),X=g x ,Y=g y ,Z=g z Wherein G is the generator in G; TA selects two safe collision-free one-way hash functions: h: {0,1} * →Z q ,H:{0,1} * →Z q TA selects two q-th order groups: g 1 =<g 1 >,G T =<g T >, bilinear mapping as e: g 1 *G 1 =G T Wherein q is a prime number; the TA then broadcasts the common parameter g 1 ,g T ,G 1 ,G T ,P pub ,h,H}。
3. The inter-module credible authentication method in the intelligent internet vehicle as claimed in claim 1, wherein: the specific process of generating the certificate and the in-vehicle module verification certificate by the trusted authority TA in step S3 is as follows:
S3.1、TPM i collecting status information cs of in-vehicle module i i And sent to the in-vehicle module i, and then the in-vehicle module i calculates
Figure FDA0003739322450000012
Sending the certificate to a trusted authority TA to acquire the certificate; likewise, the VCU calls TPM v Performing the same operation as above and finally sending the ID v Attribute cs v And the public key pk v By passing
Figure FDA0003739322450000013
Feeding TA;
s3.2, the trusted authority TA utilizes the master key sk TA Decryption obtains (ID) respectively i ,cs i ||pk i And (ID) v ,cs v ||pk v ) The TA judges whether the state of the in-vehicle module i is normal or not according to the state standard ps; if the result is normal, the TA generates a corresponding certificate and sends the corresponding certificate to a response in-vehicle module i;
TA selection a i E G1, and calculating A i =a i z ,b i =a i y ,B i =A i y
Figure FDA0003739322450000021
And sends a certificate sigma i =(a i ,A i ,b i ,B i ,c i ) Giving module i in vehicle, TA selects a v E G1, and calculating A v =a v z ,b v =a v y ,B v =A v y
Figure FDA0003739322450000022
Thereby generating a certificate sigma v =(a v ,A v ,b v ,B v ,c v ) And sending to the VCU;
s3.3, certificate verification
When the module i in the vehicle receives the certificate sigma sent by the TA i =(a i ,A i ,b i ,B i ,c i ) Then, the certificate sigma is first checked i Verification is performed by determining whether the following equation holds:
e(a i ,Z)=e(g,A i ),
Figure FDA0003739322450000023
e(A,Y i )=e(g,B i )
likewise, the VCU receives the certificate σ sent by the TA v =(a v ,A v ,b v ,B v ,c v ) Then, the certificate sigma is first checked v Verification is performed by determining whether the following equation holds:
e(a v ,Z)=e(g,A v ),
Figure FDA0003739322450000024
e(A,Y v )=e(g,B v );
if both the verification succeeds, executing the step S3.4;
s3.4, pair of in-vehicle module i and VCU
Certificate sigma i And σ v Carrying out treatment;
TPM i firstly, select r i1
Figure FDA0003739322450000025
Calculating r i1 -1 And send r i1 -1 ,r i2 For in-vehicle module i, in-vehicle module i calculates
Figure FDA0003739322450000026
σ′ i =(a′ i ,A′ i ,b′ i ,B′ i ,c′ i ) As a certificate for the final in-vehicle module i;
likewise, TPM in a VCU v Selection of r v1
Figure FDA0003739322450000027
Calculating r v1 -1 And send r v1 -1 ,r v2 To the VCU; VCU calculation
Figure FDA0003739322450000028
4. The method for credible authentication among modules in the intelligent internet vehicle according to claim 1, wherein the method comprises the following steps: the detailed method of the step S4 is as follows:
s4.1, TPM in VCU v Selection of N v
Figure FDA0003739322450000029
Calculate g n Sending N v ,g n To the VCU; VCU transmitting N v ,g n Giving the in-vehicle module i to communicate with the in-vehicle module i;
s4.2, signature generation
First, TPM i Upon receiving N v ,g n Then, sign it
Figure FDA0003739322450000031
And sending the PBA signature to an in-vehicle module i for further generating a PBA signature; the in-vehicle module i performs the following operations:
selection of w i1
Figure FDA0003739322450000032
Calculating u ix =e(X,a′ i ),u ixy =e(X,b′ i ),u is =e(g,c′ i ),u ixyz =e(X,B′ i ),
Figure FDA0003739322450000033
s i1 =w i1 -c Hi cs i modq,s i2 =w i2 -C Hi r i1 modq, wherein c Hi =H(σ′ i ,u ix ,u ixy ,u ixyz ,u is ,T i ,N v ,g n ) Simultaneous TPM i Selection of N i
Figure FDA0003739322450000034
Calculate g m ViaIn-vehicle module i sends N i ,g m To the VCU; the final in-vehicle module i generates a final PBA signature sigma PBAi =(σ′ i ,c Hi ,δ i ,s i1 ,s i2 ,T i ,N i );
The VCU generates a signature;
when receiving N sent by the in-vehicle module i i ,g m First, TPM v Generate a signature thereon
Figure FDA0003739322450000035
And send delta v To the VCU; the VCU generates the PBA signature by:
u vx =e(X,a″ v ),u vxy =e(X,b′ v ),u vs =e(g,c′ v ),u vxyz =e(X,B′ v ),
selection of w v1
Figure FDA0003739322450000036
c Hv =H(σ′ v ,u vx ,u vxy ,u vxyz ,u vs ,T v ,N i ,g m ),
Figure FDA0003739322450000037
Figure FDA0003739322450000038
And calculate s v1 =w v1 -c Hv cs v modq,s v2 =w v2 -C Hv r v1 modq;
Figure FDA0003739322450000039
Finally generating PBA signature sigma PBAv =(σ′ v ,c Hv ,δ v ,s v1 ,s v2 ,T v ,N v );
S4.3, signature verification stage
When the in-vehicle module i receives the signature sigma of the PBA PBAv First, the in-vehicle module i verifies the equation
Figure FDA00037393224500000310
Figure FDA00037393224500000311
g m If the result is true, continuing to obtain the result if the result is verified;
in-vehicle module i verifies certificate σ 'by verifying whether the following equation stands' v
e(a″ v ,Z)=e(g,A′ v ),
e(a′ v ,Y)=e(g,b′ v ),
e(A′ i ,Y)=e(g,B′ v )
C 'is then judged by calculating and verifying the following equation' Hv =c Hv Whether or not:
u′ vx =e(X,a′ v ),
u′ vxy =e(X,b′ v ),
u′ vs =e(g,c′ v ),
u′ vxyz =e(X,B′ v ),
Figure FDA0003739322450000041
c′ Hv =H(σ′ v ,u′ vx ,u′ vxy ,u′ vxyz ,u′ vs ,T′ v ,N i ,g m );
if the above equation is established, the VCU passes the verification of the in-vehicle module i;
the VCU verifies the signature of the in-vehicle module i in the same way;
s4.4, generating root key based on Diffie-Hellman key agreement protocol
TPM i Using its own secret value m and received g n To calculate k iv =g nm (ii) a At the same time, TPM v Using its own secret value n and the received g m To calculate k vi =g mn (ii) a Then respectively storing the root keys in the TPM i And TPM v Performing the following steps; the session key in the mu-time communication is obtained by carrying out hash operation on the root key: k is a radical of μ+1 =h(k μ )。
5. The inter-module credible authentication method in the intelligent internet vehicle as claimed in claim 1, wherein: the detailed method for message authentication between the vehicle interior modules in the S5 is as follows:
the TPM in the in-vehicle module generates the message at the same time i Generating a responsive key k d ,k d-1 ,k d-2 ,...,k d And successively sending the data to an in-vehicle module i which calculates
Figure FDA0003739322450000042
And sends m μ ,μ,
Figure FDA0003739322450000043
To the VCU;
VCU calls TPM v Generating a secret key k' d ,k′ d-1 ,k′ d-2 ,...,k′ d (ii) a VCU calculation
Figure FDA0003739322450000044
Finally, the VCU passes the judgment
Figure FDA0003739322450000045
Whether to stand for full message authentication.
6. The inter-module credible authentication method in the intelligent internet vehicle as claimed in claim 1, wherein: the detailed method of revocation management in step S6 is as follows:
when VCU findsThe module i in the vehicle sends an error message, the error message record is stored locally, and when the record value of the error message reaches the threshold value, the VCU sends the error message
Figure FDA0003739322450000046
Feeding TA; TA verification Using Master Key sk TA Obtaining ID v M, and finding out the certificate of the related in-vehicle module i;
then TA sends cancel command to TPM in module i in vehicle i ;TPM i Verifying the received command, and deleting the certificate sigma after the verification is passed i =(a i ,A i ,b i ,B i ,c i ) And cs i (ii) a Verification of the in-vehicle module i requires generation of a PBA signature based on the certificate σ i The absence of a certificate does not allow the generation of a correct signature;
in the above process, in order to ensure that the TPM in the in-vehicle module i correctly receives the message sent by the TA, a "heartbeat" mechanism is adopted, that is, the TA periodically sends a random message to the TPM, and determines whether the TPM correctly receives the message according to feedback received by the TA.
7. A system for realizing the credible authentication method between the modules in the intelligent internet vehicle as claimed in any one of claims 1 to 6, characterized in that: the system comprises a trusted authority TA, a vehicle processing unit VCU equipped with a trusted platform module TPM and an in-vehicle module i equipped with the trusted platform module TPM; in the participation of the trusted authority TA, mutual authentication and secure communication between the in-vehicle module i and the vehicle processing unit VCU are performed, and the vehicle processing unit VCU and the in-vehicle module i are both equipped with a trusted platform module to realize trusted authentication and save a private key.
CN202011072995.4A 2020-10-09 2020-10-09 Credible authentication method and system among modules in intelligent network networking Active CN112187459B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011072995.4A CN112187459B (en) 2020-10-09 2020-10-09 Credible authentication method and system among modules in intelligent network networking

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011072995.4A CN112187459B (en) 2020-10-09 2020-10-09 Credible authentication method and system among modules in intelligent network networking

Publications (2)

Publication Number Publication Date
CN112187459A CN112187459A (en) 2021-01-05
CN112187459B true CN112187459B (en) 2022-08-16

Family

ID=73947861

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011072995.4A Active CN112187459B (en) 2020-10-09 2020-10-09 Credible authentication method and system among modules in intelligent network networking

Country Status (1)

Country Link
CN (1) CN112187459B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113115317A (en) * 2021-03-05 2021-07-13 暨南大学 Privacy protection method for vehicle trust score in Internet of vehicles

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105847235A (en) * 2016-03-14 2016-08-10 安徽大学 Identity based efficient anonymous batch authentication method in IOV (Internet of Vehicles) environment
CN106713326A (en) * 2016-12-28 2017-05-24 上海电机学院 Vehicle-mounted network message authentication protocol
CN108259465A (en) * 2017-12-08 2018-07-06 清华大学 A kind of authentication encryption method of intelligent automobile internal network
CN109067525A (en) * 2018-08-01 2018-12-21 安徽大学 Message authentication method based on half credible administrative center in car networking
CN109391631A (en) * 2018-11-28 2019-02-26 重庆邮电大学 It is a kind of with the car networking anonymous authentication system and method controllably linked
CN109891416A (en) * 2016-10-27 2019-06-14 株式会社电装 For authenticating and the system and method for authorization device

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP6173411B2 (en) * 2014-12-12 2017-08-02 Kddi株式会社 Management device, vehicle, management system, management method, and computer program
CN107437993A (en) * 2016-05-26 2017-12-05 中兴通讯股份有限公司 One kind is based on without the side's authentication key agreement method of certificate two and device
CN109788482B (en) * 2019-02-26 2021-09-03 武汉大学 Method and system for anonymous authentication of messages between vehicles in Internet of vehicles environment

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105847235A (en) * 2016-03-14 2016-08-10 安徽大学 Identity based efficient anonymous batch authentication method in IOV (Internet of Vehicles) environment
CN109891416A (en) * 2016-10-27 2019-06-14 株式会社电装 For authenticating and the system and method for authorization device
CN106713326A (en) * 2016-12-28 2017-05-24 上海电机学院 Vehicle-mounted network message authentication protocol
CN108259465A (en) * 2017-12-08 2018-07-06 清华大学 A kind of authentication encryption method of intelligent automobile internal network
CN109067525A (en) * 2018-08-01 2018-12-21 安徽大学 Message authentication method based on half credible administrative center in car networking
CN109391631A (en) * 2018-11-28 2019-02-26 重庆邮电大学 It is a kind of with the car networking anonymous authentication system and method controllably linked

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
An Extensible and Effective Anonymous Batch Authentication Scheme for Smart Vehicular Networks;Jing Zhang,etc;《IEEE》;20200203;全文 *
Anonymous Key-Agreement Protocol for V2G Environment Within Social Internet of Vehicles;Shafiq Ahmed,etc;《IEEE》;20200618;全文 *
Full Session Key Agreement Scheme Based on Chaotic Map in Vehicular Ad Hoc Networks;Jie Cui,etc;《IEEE》;20200526;全文 *
基于分布式密钥共享的UWSN安全分簇方案;仲红等;《通信学报》;20150525;全文 *
基于可信计算的车载网认证方案;文松等;《湖北文理学院学报》;20170815(第08期);全文 *

Also Published As

Publication number Publication date
CN112187459A (en) 2021-01-05

Similar Documents

Publication Publication Date Title
CN105847235B (en) The efficient anonymous batch of authentication method of identity-based under a kind of car networking environment
CN106330910A (en) Strong privacy protection dual authentication method based on node identities and reputations in Internet of vehicles
CN111371744B (en) Byzantine fault-tolerant consensus method based on distributed key
CN108270573B (en) Privacy protection method for unmanned automobile
CN109076078A (en) Method to establish and update the key of the In-vehicle networking communication for safety
CN108964919A (en) The lightweight anonymous authentication method with secret protection based on car networking
CN114205091B (en) Network authentication and key negotiation method for automatic driving vehicle based on chaotic mapping
EP3462747A1 (en) Security device for providing security function for image, camera device including the same, and system on chip for controlling the camera device
CN105763558A (en) Distributed aggregation authentication method having privacy protection function for vehicle-mounted self-organizing network
CN110086622A (en) In-vehicle network security architecture designs under a kind of intelligent network connection environment
CN104394000A (en) Batched certification method based on pseudonym verification public key in vehicle-mounted network
CN108401243B (en) Vehicular ad hoc network message authentication method and system
US9286485B2 (en) Using trust points to provide services
CN113852632B (en) SM9 algorithm-based vehicle identity authentication method, system, device and storage medium
WO2017008829A1 (en) A method and a system for reliable computation of a program
CN111885545B (en) Method for tracking selfish node based on V2V cooperative transmission authentication
CN113268542A (en) Block chain rewriting method and system based on multi-party authorization
CN111147594A (en) Internet of things data transmission system, key generation method and data transmission method thereof
CN114286332A (en) Dynamic and efficient vehicle-mounted cloud management method with privacy protection function
CN112187459B (en) Credible authentication method and system among modules in intelligent network networking
CN112733179A (en) Lightweight non-interactive privacy protection data aggregation method
JP2022552554A (en) Issuing Offline PKI Certificates in Decentralized V2X Networks
Jiang et al. An anonymous communication scheme based on ring signature in VANETs
CN116321154A (en) Efficient message authentication method based on zero knowledge proof in Internet of vehicles environment
CN116707854A (en) Robust cloud storage access control method based on attribute encryption

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant