CN112907769A

CN112907769A - Vehicle-mounted unit management method and system based on pre-installation and step-by-step information writing

Info

Publication number: CN112907769A
Application number: CN201911118467.5A
Authority: CN
Inventors: 李东声
Original assignee: Tendyron Corp
Current assignee: Tendyron Corp
Priority date: 2019-11-15
Filing date: 2019-11-15
Publication date: 2021-06-04
Anticipated expiration: 2039-11-15
Also published as: CN112907769B

Abstract

The invention provides a vehicle-mounted unit management method and system based on pre-installation and step-by-step information writing, which support the vehicle-mounted unit to be installed during vehicle production, and users only need to write information in the vehicle-mounted unit in a distributed manner after purchasing a vehicle, so that the handling of the vehicle-mounted unit is convenient. Meanwhile, the safety scheme is utilized to ensure the safety of all application scenes of the pre-installed OBU.

Description

Vehicle-mounted unit management method and system based on pre-installation and step-by-step information writing

Technical Field

The invention relates to the technical field of electronics, in particular to a vehicle-mounted unit management method and system based on pre-installation and step-by-step information writing.

Background

An ETC (Electronic Toll Collection) system performs wireless communication and information exchange between an on-vehicle device mounted on a vehicle and an antenna mounted on a Toll gate lane. The system mainly comprises an automatic vehicle identification system, a central management system, other auxiliary facilities and the like. The automatic vehicle identification system includes an on-board unit (OBU), also called a Transponder (Transponder) or an electronic Tag (Tag), a roadside unit (RSU), a loop sensor, and the like. The OBU stores identification information of the vehicle and is typically mounted on the windshield in front of the vehicle, the RSU is mounted near the toll station, and the loop sensor is mounted under the ground of the roadway. The central management system has a large database storing information on a large number of registered vehicles and users.

The existing OBU installation process generally comprises the following steps: generally, an OBU module manufacturer injects application, establishes a file structure and the like according to the requirement of a highway, and then the OBU module with the file structure is issued step by an ITS center and key management centers at all levels, wherein the OBU module mainly replaces a factory main control key in the OBU module with a main control key in a national standard key system, and the factory main control key at least comprises a main control key, an application main control key and a next-level key. Before use, the network point updates the OBU and writes personalized information, which mainly comprises vehicle information and system information. Through the process, the OBU can be completely issued and applied to the vehicle for use after the information of the vehicle, the person and the license plate is confirmed.

Along with the nation's promotion of not parking of ETC electron and charge vigorously, the business demand volume of vehicle installation OBU increases greatly, and current OBU installation is accomplished by the site, and certain latency is generally required in preparation and installation, how to improve OBU's installation effectiveness, becomes the problem that awaits a urgent need to be solved.

Disclosure of Invention

The present invention is directed to solving the above problems.

The invention mainly aims to provide a vehicle-mounted unit management method based on pre-installation and step-by-step information writing;

another object of the present invention is to provide a system for managing on-board units based on pre-installation and step-by-step information writing.

In order to achieve the purpose, the technical scheme of the invention is realized as follows:

the invention provides a vehicle-mounted unit management method based on pre-installation and step-by-step information writing, which comprises the following steps: the method comprises the steps that a first terminal sends an equipment information acquisition instruction to a vehicle-mounted unit preset in a new vehicle leaving a factory, wherein the equipment information acquisition instruction at least comprises first terminal authentication information; the vehicle-mounted unit receives the command of obtaining the equipment information, verifies whether the first terminal authentication information is legal or not, generates a first authentication factor under the condition that the first terminal authentication information is legal, and sends obtaining response information to the first terminal, wherein the obtaining response information at least comprises the equipment information of the vehicle-mounted unit, the vehicle-mounted unit authentication information and the first authentication factor; the method comprises the steps that a first terminal obtains vehicle information of a new vehicle and sends a verification instruction to a rear trolley management system, wherein the verification instruction at least comprises the vehicle information; the first terminal receives the acquired response information and a verification response sent by the background vehicle management system respectively, wherein the verification response comprises a verification result obtained by verifying the vehicle information by the background vehicle management system; the first terminal verifies whether the vehicle-mounted unit authentication information is legal or not, generates a vehicle information writing instruction and sends the vehicle information writing instruction to the vehicle-mounted unit under the condition that the vehicle-mounted unit authentication information is legal and the verification result is that the vehicle information is verified to pass, wherein the vehicle information writing instruction at least comprises: the vehicle authentication method comprises the steps that first written information and a first check value obtained by calculating the first written information through an obtained pre-stored first encryption mechanism are obtained, and the first written information at least comprises vehicle information and a first authentication factor; the vehicle-mounted unit receives a vehicle information writing instruction, verifies the first check value by using a verification mechanism corresponding to the first encryption mechanism, writes the vehicle information into the vehicle-mounted unit under the condition that the first check value passes verification, and sends a first writing response to the first terminal; the first terminal receives the first write-in response, generates a vehicle binding record of the vehicle-mounted unit, and sends the vehicle binding record of the vehicle-mounted unit to the rear trolley management system; the second terminal sends a user information acquisition instruction to the vehicle-mounted unit; the vehicle-mounted unit receives the user information acquisition instruction, acquires the user information, generates a second authentication factor, and sends a user information acquisition response to the second terminal after receiving the user information confirmation instruction, wherein the user information acquisition response at least comprises: the device information of the vehicle-mounted unit, the authentication information of the vehicle-mounted unit, the user information and a second authentication factor, wherein the user information at least comprises identity card information; the second terminal receives the user information acquisition response, verifies whether the vehicle-mounted unit authentication information is legal, acquires the license plate information of a new vehicle under the condition of verifying that the vehicle-mounted unit authentication information is legal, generates a user information writing instruction, and sends the user information writing instruction to the vehicle-mounted unit, wherein the user information writing instruction at least comprises: the second written information and a second check value obtained by calculating the second written information through an obtained pre-stored second encryption mechanism are obtained, and the second written information at least comprises license plate information and a second authentication factor; the vehicle-mounted unit receives the user information writing instruction, verifies the second verification value by using a verification mechanism corresponding to the second encryption mechanism, writes the license plate information into the vehicle-mounted unit under the condition that the second verification value passes verification, and sends a second writing response to the second terminal; the second terminal receives the second write-in response, generates a vehicle-mounted unit license plate binding record and sends the vehicle-mounted unit license plate binding record to the rear trolley management system; the third terminal generates an activation instruction and sends the activation instruction to the vehicle-mounted unit; and the vehicle-mounted unit receives the activation instruction and activates the payment function.

In another aspect, the present invention provides a vehicle-mounted unit management system based on pre-installation and step-by-step information writing, comprising: the system comprises a first terminal, a second terminal and a third terminal, wherein the first terminal is used for sending an equipment information acquisition instruction to a vehicle-mounted unit preset in a new vehicle leaving a factory, and the equipment information acquisition instruction at least comprises first terminal authentication information; the vehicle-mounted unit is used for receiving the command of acquiring the equipment information, verifying whether the first terminal authentication information is legal or not, generating a first authentication factor under the condition that the first terminal authentication information is legal, and sending acquisition response information to the first terminal, wherein the acquisition response information at least comprises the equipment information of the vehicle-mounted unit, the vehicle-mounted unit authentication information and the first authentication factor; the first terminal is further used for acquiring vehicle information of the new vehicle and sending a verification instruction to the rear trolley management system, wherein the verification instruction at least comprises the vehicle information; respectively receiving the acquired response information and a verification response sent by the background vehicle management system, wherein the verification response comprises a verification result obtained by verifying the vehicle information by the background vehicle management system; verifying whether the vehicle-mounted unit authentication information is legal or not, generating a vehicle information writing instruction and sending the vehicle information writing instruction to the vehicle-mounted unit under the condition that the vehicle-mounted unit authentication information is legal and the verification result is that the vehicle-mounted unit authentication information passes the verification, wherein the vehicle information writing instruction at least comprises the following steps: the vehicle authentication method comprises the steps that first written information and a first check value obtained by calculating the first written information through an obtained pre-stored first encryption mechanism are obtained, and the first written information at least comprises vehicle information and a first authentication factor; the vehicle-mounted unit is also used for receiving a vehicle information writing instruction, verifying the first check value by using a verification mechanism corresponding to the first encryption mechanism, writing the vehicle information into the vehicle-mounted unit under the condition that the first check value is verified to pass, and sending a first writing response to the first terminal; the first terminal is also used for receiving the first write-in response, generating a vehicle binding record of the vehicle-mounted unit, and sending the vehicle binding record of the vehicle-mounted unit to the rear trolley management system; the second terminal is used for sending a user information acquisition instruction to the vehicle-mounted unit; the vehicle-mounted unit is further used for receiving a user information acquisition instruction, acquiring user information, generating a second authentication factor, and sending a user information acquisition response to the second terminal after receiving the user information confirmation instruction, wherein the user information acquisition response at least comprises: the device information of the vehicle-mounted unit, the authentication information of the vehicle-mounted unit, the user information and a second authentication factor, wherein the user information at least comprises identity card information; the second terminal is further used for receiving the user information acquisition response, verifying whether the vehicle-mounted unit authentication information is legal or not, acquiring license plate information of a new vehicle under the condition that the vehicle-mounted unit authentication information is legal, generating a user information writing instruction, and sending the user information writing instruction to the vehicle-mounted unit, wherein the user information writing instruction at least comprises: the second written information and a second check value obtained by calculating the second written information through an obtained pre-stored second encryption mechanism are obtained, and the second written information at least comprises license plate information and a second authentication factor; the vehicle-mounted unit is also used for receiving the user information writing instruction, verifying the second verification value by using a verification mechanism corresponding to the second encryption mechanism, writing the license plate information into the vehicle-mounted unit under the condition that the second verification value is verified to pass, and sending a second writing response to the second terminal; the second terminal is also used for receiving the second write-in response, generating a vehicle-mounted unit license plate binding record and sending the vehicle-mounted unit license plate binding record to the rear trolley management system; the third terminal is used for generating an activation instruction and sending the activation instruction to the vehicle-mounted unit; and the vehicle-mounted unit is also used for receiving the activation instruction and activating the payment function.

According to the technical scheme provided by the invention, the vehicle-mounted unit management method and the vehicle-mounted unit management system based on pre-installation and step-by-step information writing support that the vehicle-mounted unit is installed during vehicle production, and a user only needs to write information in the vehicle-mounted unit in a distributed manner after purchasing a vehicle, so that the vehicle-mounted unit can be conveniently handled.

In addition, the user can operate with the vehicle-mounted unit additionally arranged in the vehicle by himself, time and labor are saved, and the comprehensive popularization of ETC application can be promoted.

Meanwhile, the safety of all application scenes of the pre-installed OBU is guaranteed by using a safety scheme through the vehicle-mounted unit management method and system based on pre-installation and step-by-step information writing.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on the drawings without creative efforts.

FIG. 1 is a flowchart of a method for managing a vehicle-mounted unit based on pre-installation and step-by-step information writing according to an embodiment of the present invention;

fig. 2 is a schematic structural diagram of a vehicle-mounted unit management system based on pre-installation and step-by-step information writing according to an embodiment of the present invention.

Detailed Description

The technical solutions in the embodiments of the present invention are clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without making any creative effort, shall fall within the protection scope of the present invention.

In the description of the present invention, it is to be understood that the terms "center", "longitudinal", "lateral", "up", "down", "front", "back", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", and the like, indicate orientations or positional relationships based on those shown in the drawings, and are used only for convenience in describing the present invention and for simplicity in description, and do not indicate or imply that the referenced devices or elements must have a particular orientation, be constructed and operated in a particular orientation, and thus, are not to be construed as limiting the present invention. Furthermore, the terms "first," "second," and the like are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or quantity or location.

In the description of the present invention, it should be noted that, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.

Embodiments of the present invention will be described in further detail below with reference to the accompanying drawings.

Fig. 1 is a flowchart illustrating a vehicle-mounted unit management method based on pre-installation and step-by-step information writing according to an embodiment of the present invention, and referring to fig. 1, the vehicle-mounted unit management method based on pre-installation and step-by-step information writing according to an embodiment of the present invention includes:

and S1, vehicle information entry process. The process may specifically include:

s101, the first terminal sends an equipment information acquisition instruction to a vehicle-mounted unit preset in a new vehicle leaving a factory, wherein the equipment information acquisition instruction at least comprises first terminal authentication information.

Specifically, the first terminal may be a specific terminal device or a general device such as a mobile phone.

If the terminal device is a specific terminal device, the terminal device can be a device used by an automobile manufacturer, and before a new automobile leaves a factory, the specific terminal device is used for writing the information of the new automobile into an on-board unit pre-installed in the new automobile.

If the user is a universal device such as a smart phone or a tablet personal computer of the user, the user can use the universal device directly, at the moment, after the user lifts the vehicle, the user can use the first terminal of the user to download the corresponding app to write the information of the new vehicle into the vehicle-mounted unit pre-installed in the new vehicle, and then the user can use the device of the user to realize operations such as information writing, license plate binding, account binding and activation of the vehicle-mounted unit, so that the user can use the device conveniently without going to a website alone or performing the operations through specific personnel.

The vehicle-mounted unit is preassembled on a new vehicle, and is different from the existing vehicle-mounted unit.

The first terminal and the on-board unit may communicate in a wired or wireless manner, for example, through a USB interface or a bluetooth manner, which is not limited in the present invention.

And after the user successfully registers the corresponding app by downloading the corresponding app, the user can execute the corresponding operation through the corresponding function in the app. In this step, if the user does not obtain the license plate of the new vehicle, the process of vehicle information entry may be executed in advance. In the process, the first terminal sends an equipment information obtaining instruction to the vehicle-mounted unit so as to enable the vehicle-mounted unit to feed back information of the vehicle-mounted unit, wherein the equipment information obtaining instruction carries first terminal authentication information so that the vehicle-mounted unit can feed back corresponding information after authentication, and the safety of the information fed back by the vehicle-mounted unit is ensured. Specifically, the first terminal authentication information may be a first terminal certificate, or may be a unique serial number of the first terminal, or other device identifiers with an anti-counterfeiting function, as long as the first terminal can be uniquely determined, and information authenticated by the vehicle-mounted unit all belong to the protection scope of the present invention.

And S102, the vehicle-mounted unit receives the command of obtaining the equipment information, verifies whether the first terminal authentication information is legal or not, generates a first authentication factor under the condition that the first terminal authentication information is legal, and sends obtaining response information to the first terminal, wherein the obtaining response information at least comprises the equipment information of the vehicle-mounted unit, the vehicle-mounted unit authentication information and the first authentication factor.

Specifically, after receiving the device information acquisition instruction, the vehicle-mounted unit generates a first authentication factor after verifying that the first terminal authentication information is legal, where the first authentication factor may include, but is not limited to: the random number, RTC clock value, counter value, etc., which are not specifically limited in the present invention, should be within the scope of the present invention as long as the random factor can prevent replay attack.

The on-board unit transmits the device information of the on-board unit, the authentication information of the on-board unit and the first authentication factor to the first terminal so that the first terminal can authenticate the on-board unit by using the information. The device information of the on-board unit may be information such as a serial number of the on-board unit, and the authentication information of the on-board unit may be an on-board unit certificate, or may be a unique serial number of the on-board unit, or other device identifiers with an anti-counterfeiting function, as long as the on-board unit can be uniquely determined, all of which belong to the protection scope of the present invention.

S103, the first terminal obtains the vehicle information of the new vehicle and sends a verification instruction to the rear trolley management system, wherein the verification instruction at least comprises the vehicle information.

Specifically, the vehicle information of the new vehicle may be a vehicle information file in general, including but not limited to: license plate color, vehicle type, vehicle user type, vehicle size, wheel number, axle number, wheel base and the like. The first terminal may obtain the vehicle information by reading related information on the new vehicle, for example, a tag separately disposed on the new vehicle, and/or OCR recognition, or may obtain the vehicle information by manually inputting the vehicle information by the user, which is not limited in the present invention. After the first terminal obtains the vehicle information of the new vehicle, the vehicle information of the new vehicle is sent to the background vehicle management system so as to verify, bind and the like the vehicle information, and the background vehicle management system can verify and manage the vehicle information.

S104, the first terminal receives the acquired response information and a verification response sent by the background vehicle management system respectively, wherein the verification response comprises a verification result obtained by verifying the vehicle information by the background vehicle management system;

s105, the first terminal verifies whether the vehicle-mounted unit authentication information is legal or not, generates a vehicle information writing instruction and sends the vehicle information writing instruction to the vehicle-mounted unit under the condition that the vehicle-mounted unit authentication information is legal and the verification result is that the vehicle information is verified to be passed, wherein the vehicle information writing instruction at least comprises: the vehicle authentication method comprises first written information and a first check value obtained by calculating the first written information through an obtained pre-stored first encryption mechanism, wherein the first written information at least comprises vehicle information and a first authentication factor.

Specifically, the first terminal authenticates the authentication information of the vehicle-mounted unit after receiving the acquisition response information sent by the vehicle-mounted unit, and meanwhile, the first terminal can also receive a verification result obtained by verifying the vehicle information by the background vehicle management system, and only when the vehicle information passes the verification result and the vehicle information passes the verification result, the first terminal organizes to form information to be written, so that a vehicle information writing instruction is sent to the vehicle-mounted unit, and the vehicle-mounted unit is instructed to write the vehicle information.

The first encryption mechanism may write a certificate or a key for the vehicle information prestored in the first terminal, where the certificate or the key is different from other certificates or keys and may be dedicated to the vehicle information writing function, and the first written information may be calculated through the prestored vehicle information written certificate or key, for example, in a manner of signing or generating a ciphertext, so as to enable the vehicle-mounted unit to confirm that the vehicle information writing instruction is indeed sent by the legitimate first terminal.

And S106, the vehicle-mounted unit receives the vehicle information writing instruction, verifies the first verification value by using the verification mechanism corresponding to the first encryption mechanism, writes the vehicle information into the vehicle-mounted unit under the condition that the verification of the first verification value is passed, and sends a first writing response to the first terminal.

Specifically, after receiving the vehicle information writing instruction, the onboard unit verifies the first check value by using a verification mechanism corresponding to the first encryption mechanism, for example, verifies the first check value by using a signature verification or decryption manner, and meanwhile, verifies the first check value by combining the first authentication factor, so that replay attack can be prevented, and the vehicle information writing instruction can be executed only once.

By the mode, the vehicle information can be input into the vehicle-mounted unit in advance, the vehicle information is input in advance, and the problems that in the prior art, the information writing operation amount is large and the efficiency is low are solved.

And S107, the first terminal receives the first write-in response, generates a vehicle binding record of the vehicle-mounted unit, and sends the vehicle binding record of the vehicle-mounted unit to the rear trolley management system.

Specifically, after receiving the first write-in response, the first terminal sends the vehicle binding record of the vehicle-mounted unit to the background vehicle management system, so that the background vehicle management system can manage each vehicle-mounted unit and each vehicle.

S2, license plate binding process;

s201, the second terminal sends a user information acquisition instruction to the vehicle-mounted unit.

Specifically, the second terminal may also be a specific terminal device or a general-purpose device such as a mobile phone.

If the terminal device is a specific terminal device, the terminal device can be used by a license plate issuing department, and when the license plate is issued, the license plate information of a new vehicle is written into a vehicle-mounted unit pre-installed in the new vehicle by using the specific terminal device.

If the license plate is universal equipment such as a smart phone or a tablet personal computer of a user, the license plate can be directly used by the user conveniently, at the moment, the user can download corresponding app by using the second terminal after handling the license plate, and the license plate information is written into the vehicle-mounted unit pre-installed in the new vehicle, so that the user can use the license plate conveniently without going to a website alone or performing the operation through specific personnel.

When the second terminal is a general device of the user, it may be the same terminal device as the first terminal or a different device.

The second terminal and the on-board unit may communicate in a wired or wireless manner, for example, through a USB interface or a bluetooth manner, which is not limited in the present invention.

S202, the vehicle-mounted unit receives the user information acquisition command, acquires the user information, generates a second authentication factor, and sends a user information acquisition response to the second terminal after receiving the user information confirmation command, wherein the user information acquisition response at least comprises: the device information of the vehicle-mounted unit, the authentication information of the vehicle-mounted unit, the user information and the second authentication factor, wherein the user information at least comprises identity card information.

The vehicle-mounted unit receives the user information acquisition instruction, and then can acquire user information, wherein the user information can be identity card information.

The second authentication factor may include, but is not limited to: the random number, RTC clock value, counter value, etc., which are not specifically limited in the present invention, should be within the scope of the present invention as long as the random factor can prevent replay attack.

The on-board unit transmits the device information of the on-board unit, the authentication information of the on-board unit, the user information and the second authentication factor to the second terminal so that the second terminal can authenticate the on-board unit using the information. The device information of the on-board unit may be information such as a serial number of the on-board unit, and the authentication information of the on-board unit may be an on-board unit certificate, or may be a unique serial number of the on-board unit, or other device identifiers with an anti-counterfeiting function, as long as the on-board unit can be uniquely determined, all of which belong to the protection scope of the present invention.

S203, the second terminal receives the user information acquisition response, verifies whether the vehicle-mounted unit authentication information is legal, acquires the license plate information of the new vehicle under the condition of verifying that the vehicle-mounted unit authentication information is legal, generates a user information writing instruction, and sends the user information writing instruction to the vehicle-mounted unit, wherein the user information writing instruction at least comprises: and the second written information and a second check value obtained by calculating the second written information through an obtained pre-stored second encryption mechanism, wherein the second written information at least comprises license plate information and a second authentication factor.

Specifically, the second terminal authenticates the authentication information of the vehicle-mounted unit after receiving the user information acquisition response sent by the vehicle-mounted unit, and the second terminal organizes and forms information to be written only when the vehicle-mounted unit passes verification so as to send a user information writing instruction to the vehicle-mounted unit and instruct the vehicle-mounted unit to write license plate information.

The second terminal can send a license plate acquisition instruction to the background vehicle management system, wherein the license plate acquisition instruction at least comprises the user information, and receives a license plate acquisition response sent by the background vehicle management system, and the license plate acquisition response comprises license plate information of a new vehicle; the second terminal can also acquire the license plate information input by the user to acquire the license plate information; the second terminal may further obtain the license plate information by taking a picture for identification, which is not limited in the present invention.

The second encryption mechanism may write a certificate or a key for the user information prestored in the second terminal, where the certificate or the key is different from other certificates or keys and may be dedicated to the user information writing function, and the second written information may be calculated through the prestored user information written certificate or key, for example, in a manner of signing or generating a ciphertext, so as to enable the vehicle-mounted unit to confirm that the user information writing instruction is indeed sent by the legitimate second terminal.

And S204, the vehicle-mounted unit receives the user information writing instruction, verifies the second verification value by using a verification mechanism corresponding to the second encryption mechanism, writes the license plate information into the vehicle-mounted unit under the condition that the second verification value passes verification, and sends a second writing response to the second terminal.

Specifically, after receiving the user information writing instruction, the onboard unit verifies the second check value by using a verification mechanism corresponding to the second encryption mechanism, for example, verifies the second check value by using a signature verification or decryption manner, and meanwhile, verifies by combining the second authentication factor, so that replay attack can be prevented, and the user information writing instruction can be executed only once.

By the mode, the license plate information can be input into the vehicle-mounted unit, the license plate information is input in advance, and the problems that in the prior art, the information writing operation amount is large and the efficiency is low are solved.

And S205, the second terminal receives the second write-in response, generates a vehicle-mounted unit license plate binding record and sends the vehicle-mounted unit license plate binding record to the rear trolley management system.

Specifically, after receiving the second write-in response, the second terminal sends the vehicle-mounted unit license plate binding record to the background vehicle management system, so that the background vehicle management system can manage each vehicle-mounted unit and the vehicle.

S3, activating the flow;

s301, the third terminal generates an activation instruction and sends the activation instruction to the vehicle-mounted unit;

s302, the vehicle-mounted unit receives an activation instruction and activates a payment function.

Specifically, the third terminal may also be a specific terminal device or a general-purpose device such as a mobile phone.

If the terminal device is a specific terminal device, the terminal device can be a device used by a bank or a background vehicle management system, and an activation instruction is sent to the vehicle-mounted unit after account binding.

If the license plate is universal equipment such as a smart phone or a tablet personal computer of a user, the license plate can be used directly by the user conveniently, at the moment, after the user transacts the license plate and binds an account, the user can use the third terminal to download the corresponding app to generate an activation instruction, the payment function of the vehicle-mounted unit is activated, and the user can use the license plate conveniently without going to a website alone or performing the operation through a specific person.

When the third terminal is a general device of the user, it may be the same terminal device as the first terminal and/or the second terminal, or may be a different device.

The third terminal and the on-board unit may communicate in a wired or wireless manner, for example, through a USB interface or a bluetooth manner, which is not limited in the present invention.

As an optional implementation manner of the embodiment of the present invention, before the third terminal generates the activation instruction, an account binding process may be further executed, where the account binding process may include:

s3011, the third terminal sends a user account binding and obtaining instruction to the vehicle-mounted unit.

If the account number is a specific terminal device, the terminal device can be a device used by a bank and the like, and when account number binding is carried out, account number information of an owner of a new vehicle is written into an on-board unit pre-installed in the new vehicle by using the specific terminal device.

If the license plate is universal equipment such as a smart phone or a tablet personal computer of a user, the license plate can be directly used by the user conveniently, at the moment, the user can download corresponding app by using a third terminal of the user after handling the license plate, and the account information of the user is written into a vehicle-mounted unit pre-installed in a new vehicle, so that the user can use the license plate conveniently without independently going to a website or performing the operation by a specific person.

S3012, the vehicle-mounted unit receives the user account binding obtaining instruction, generates a third authentication factor, and sends a user account binding obtaining response to the third terminal, wherein the user account binding obtaining response at least comprises: device information of the on-board unit, on-board unit authentication information, and a third authentication factor.

The third authentication factor may include, but is not limited to: the random number, RTC clock value, counter value, etc., which are not specifically limited in the present invention, should be within the scope of the present invention as long as the random factor can prevent replay attack.

The on-board unit transmits the device information of the on-board unit, the authentication information of the on-board unit, and the third authentication factor to the third terminal so that the third terminal can authenticate the on-board unit using the information. The device information of the on-board unit may be information such as a serial number of the on-board unit, and the authentication information of the on-board unit may be an on-board unit certificate, or may be a unique serial number of the on-board unit, or other device identifiers with an anti-counterfeiting function, as long as the on-board unit can be uniquely determined, all of which belong to the protection scope of the present invention.

S3013, the third terminal receives a user account binding acquisition response, acquires user account information, verifies whether vehicle-mounted unit authentication information is legal, verifies whether the user account information is valid, generates a user account information writing instruction under the condition that the vehicle-mounted unit authentication information is legal and the user account information is valid, and sends the user account information writing instruction to the vehicle-mounted unit, wherein the user account information at least comprises card information, and the user account information writing instruction at least comprises: and the third written information and a third check value obtained by calculating the third written information through an acquired pre-stored third encryption mechanism, wherein the third written information at least comprises user account information and a third authentication factor.

Specifically, the third terminal authenticates the authentication information of the vehicle-mounted unit after receiving the user account binding acquisition response sent by the vehicle-mounted unit, and the third terminal organizes and forms information to be written only when the vehicle-mounted unit passes verification, so that a user account information writing instruction is sent to the vehicle-mounted unit, and the vehicle-mounted unit is instructed to write the user account information.

The third terminal can send an account acquisition instruction to the bank to acquire user account information; or after the vehicle-mounted unit receives the user account binding acquisition instruction, reading a card of a user through a card reader arranged on the vehicle-mounted unit, acquiring a response I through user account binding, and sending the response I to the third terminal; the third terminal can also acquire user account information input by the user to acquire the user account information; the third terminal may also obtain the user account information through a photographing recognition method, which is not limited in the present invention.

The user account information may include subscription information including, but not limited to: user name, card number, contract serial number, contract signing time and/or validity period, etc., which are not specifically limited in the present invention. In practical application, the user account information written into the on-board unit may only include a user name and a card number, which may be set according to actual needs.

The third encryption mechanism may write a certificate or a key for the user account information prestored in the third terminal, where the certificate or the key is different from other certificates or keys and may be dedicated to the user account information writing function, and the third written information may be calculated through the prestored user information written certificate or key, for example, in a manner of signing or generating a ciphertext, so as to enable the vehicle-mounted unit to confirm that the user information writing instruction is indeed sent by the legitimate third terminal.

And S3014, the vehicle-mounted unit receives the user account information writing instruction, verifies a third verification value by using a verification mechanism corresponding to the third encryption mechanism, writes the user account information into the vehicle-mounted unit under the condition that the third verification value passes verification, and sends a third writing response to the third terminal.

Specifically, after receiving the user account information writing instruction, the onboard unit verifies the third check value by using a verification mechanism corresponding to the third encryption mechanism, for example, verifies the third check value by using a signature verification or decryption manner, and meanwhile verifies by combining with the third authentication factor, so that replay attack can be prevented, and the user account information writing instruction can be executed only once.

By the mode, the user account information can be input into the vehicle-mounted unit, and the problems that in the prior art, the information writing operation amount is large and the efficiency is low are solved.

And S3015, the third terminal receives the third write-in response, generates an account binding record of the vehicle-mounted unit, and executes a process of generating an activation instruction.

Specifically, after receiving the third write-in response, the third terminal sends the vehicle-mounted unit account binding record to the background vehicle management system, so that the background vehicle management system can manage each vehicle-mounted unit and the vehicle; an activation instruction may then be generated to instruct the on-board unit to activate the payment function.

As an optional implementation manner of the embodiment of the present invention, the account binding process may be handled by a user through a bank, or by a user through a background vehicle management system, or through another specified channel, and the account binding record of the vehicle-mounted unit is sent to the background vehicle management system, and the background vehicle management system manages and records the account binding relationship of the vehicle-mounted unit, so that data such as account information and the like do not need to be stored in the vehicle-mounted unit, and the storage capacity of the vehicle-mounted unit is saved.

Therefore, by the vehicle-mounted unit management method based on pre-installation and step-by-step information writing, the information required by the pre-installed vehicle-mounted unit can be written step by step, and the information writing efficiency is improved.

In addition, the user can write information by himself, and the problem that the existing vehicle-mounted unit information writing is inconvenient to write to a specified website can be solved.

As an optional implementation manner of the embodiment of the present invention, the method for managing a vehicle-mounted unit based on pre-installation and step-by-step information writing according to the embodiment of the present invention further includes: and S4, the vehicle-mounted unit pays.

As an optional implementation manner of the embodiment of the present invention, in S4, the payment process of the vehicle-mounted unit includes:

s411, the road side unit sends an authentication request to the vehicle-mounted unit;

s412, the vehicle-mounted unit receives the authentication request, generates a fourth authentication factor, and sends an authentication response to the road side unit, wherein the authentication response at least comprises: a fourth authentication factor.

Specifically, the road side unit is a road side unit of an existing high-speed toll gate, and the road side unit can generate a fourth authentication factor, so that the vehicle-mounted unit can verify the road side unit, and the transaction is guaranteed to be real and effective.

The fourth authentication factor may include, but is not limited to: the random number, RTC clock value, counter value, etc., which are not specifically limited in the present invention, should be within the scope of the present invention as long as the random factor can prevent replay attack.

And S413, the road side unit receives the authentication response, calculates a fourth verification value obtained by the fourth authentication factor through an acquired pre-stored fourth encryption mechanism, and sends a vehicle information acquisition request to the vehicle-mounted unit, wherein the vehicle information acquisition request at least comprises the fourth verification value.

Specifically, the fourth encryption mechanism may be a transaction certificate or a secret key pre-stored in the road side unit, where the certificate or the secret key is dedicated for performing a transaction, and the fourth authentication factor may be calculated through the pre-stored transaction certificate or secret key, for example, by means of signing or generating a ciphertext, so as to enable the vehicle-mounted unit to confirm whether the identity of the road side unit is legal.

S413, the vehicle-mounted unit receives the vehicle information obtaining request, verifies the fourth check value by using the verification mechanism corresponding to the fourth encryption mechanism, obtains the identification information corresponding to the vehicle-mounted unit when the fourth check value is verified, reads the entry information, and sends the vehicle verification information to the road side unit, where the vehicle verification information at least includes: identification information and access & exit information, the identification information includes: the device information, the user information, the license plate information and/or the user account information of the vehicle-mounted unit.

Specifically, the onboard unit may verify the fourth check value using a verification mechanism corresponding to the fourth encryption mechanism, for example, by verifying the fourth check value using the fourth authentication factor through signature verification or decryption, which may prevent replay attacks, such that one transaction may only be performed once.

S414, the road side unit receives the vehicle verification information, performs blacklist verification on the identification information, calculates the consumption amount according to the entrance and exit information under the condition that the verification is passed, generates a transaction random factor, and sends a transaction certificate acquisition request to the vehicle-mounted unit, wherein the transaction certificate acquisition request comprises transaction information, and the transaction information at least comprises: transaction random factor, consumption amount, identification information and access information.

Specifically, after receiving the vehicle verification information, the road side unit verifies the information sent by the vehicle-mounted unit to ensure that the vehicle-mounted unit is a legal vehicle-mounted unit, and after the vehicle-mounted unit is legal, the road side unit sends transaction information to the vehicle-mounted unit so as to carry out the fee deduction.

And S415, the vehicle-mounted unit receives the transaction certificate acquisition request, writes in the entrance/exit information, acquires a pre-stored transaction certificate, signs the transaction information, generates a transaction certificate, and sends the transaction certificate to the road side unit, wherein the transaction certificate comprises the transaction information and signature information obtained by signing the transaction information.

Specifically, the vehicle-mounted unit acquires a pre-stored transaction certificate and signs transaction information, so that the transaction is approved by the vehicle-mounted unit, and repudiation is prevented.

And S416, the road side unit receives the transaction certificate, performs accounting operation according to the transaction certificate, and sends confirmation information to the vehicle-mounted unit.

Specifically, after receiving the transaction voucher, the road side unit performs accounting operation, and then requests a back-end settlement system for settlement according to information obtained by accounting.

In the payment process, the road side unit and the vehicle-mounted unit need to perform bidirectional authentication, and the security of transaction is guaranteed.

s421, the road side unit sends a vehicle information acquisition request to the vehicle-mounted unit;

s422, the vehicle-mounted unit receives the vehicle information acquisition request, acquires the identification information corresponding to the vehicle-mounted unit, reads the entrance information, and sends the vehicle verification information to the road side unit, wherein the vehicle verification information at least comprises: identification information and access & exit information, the identification information includes: the vehicle-mounted unit comprises equipment information, user information, license plate information and/or user account information of the vehicle-mounted unit;

s423, the road side unit receives the vehicle verification information, performs blacklist verification on the identification information, calculates the consumption amount according to the entrance and exit information under the condition that the verification is passed, generates a transaction random factor, and sends a transaction certificate acquisition request to the vehicle-mounted unit, wherein the transaction certificate acquisition request comprises transaction information, and the transaction information at least comprises: transaction random factor, consumption amount, identification information and entrance and exit information;

s424, the vehicle-mounted unit receives the transaction certificate acquisition request, writes in the entrance and exit information, acquires the pre-stored transaction certificate, signs the transaction information, generates the transaction certificate, and sends the transaction certificate to the road side unit, wherein the transaction certificate comprises the transaction information and signature information obtained by signing the transaction information:

and S425, the road side unit receives the transaction certificate, performs accounting operation according to the transaction certificate, and sends confirmation information to the vehicle-mounted unit.

In the payment process, the process refers to the related description of S411 to S416, which is not described herein again, in this embodiment, the roadside unit only authenticates the on-board unit, the on-board unit does not authenticate the roadside unit, and the roadside unit can be authenticated by the background settlement system, so that the efficiency of transaction data interaction is improved.

As an optional implementation manner of the embodiment of the present invention, the method for managing a vehicle-mounted unit based on pre-installation and step-by-step information writing according to the embodiment of the present invention further includes: and S5, carrying out remote upgrading process on the vehicle-mounted unit. The remote upgrade process of the vehicle-mounted unit may further include the step of judging, by the vehicle-mounted unit, whether the vehicle-mounted unit needs to execute the remote upgrade process after the road side unit receives the transaction certificate, performs the accounting operation according to the transaction certificate, and before sending the confirmation information to the vehicle-mounted unit, and if the remote upgrade process needs to be executed, executing the remote upgrade process of the vehicle-mounted unit at S5. The remote upgrading process of the vehicle-mounted unit comprises the following steps:

s501, the drive test unit sends an upgrading instruction to the vehicle-mounted unit through a 5.8GHz frequency band or a Bluetooth communication mode, wherein the upgrading instruction at least comprises the following steps: the upgrade patch information and a fifth check value obtained by calculating the upgrade check factor through an acquired pre-stored fifth encryption mechanism, wherein the upgrade patch information at least comprises: upgrade type, upgrade version, upgrade start and end sequence number, upgrade opportunity and upgrade package size.

Specifically, in this embodiment, the OBU carries out remote upgrade through the roadside unit, does not need to upgrade with special website from this, makes things convenient for the OBU to upgrade, promotes user experience.

The road side unit can upgrade to the vehicle-mounted unit through modes such as 5.8GHz frequency channel or bluetooth, compare current USB upgrading scheme, make OBU upgrade more convenient.

Upgrade check factors may include, but are not limited to: the random number, RTC clock value, counter value, etc., which are not specifically limited in the present invention, should be within the scope of the present invention as long as the random factor can prevent replay attack.

The fifth encryption mechanism may be an upgrade certificate or a secret key pre-stored in the road side unit, where the certificate or the secret key is different from other certificates or secret keys, and may be dedicated to the OBU upgrade, and the upgrade check factor may be calculated through the pre-stored upgrade certificate or secret key, for example, in a manner of signing or generating a ciphertext, so as to enable the vehicle-mounted unit to confirm that the upgrade instruction is indeed sent by the legal road side unit.

As an optional implementation manner of the embodiment of the present invention, the upgrade package information may further include upgrade package information plaintext information and a check value or upgrade package information ciphertext package and a check value, which may be set according to actual needs.

And S502, the vehicle-mounted unit receives the upgrade instruction, verifies the fifth check value by using a verification mechanism corresponding to the fifth encryption mechanism, verifies whether the upgrade package information meets the requirement or not under the condition that the verification is passed, acquires a prestored transmission key and an upgrade special key under the condition that the upgrade data package meets the requirement, encrypts the transmission key by using the upgrade special key to obtain a transmission key ciphertext, and sends the transmission key ciphertext to the road side unit.

Specifically, after receiving the upgrade instruction, the onboard unit verifies the fifth check value by using a verification mechanism corresponding to the fifth encryption mechanism, for example, verifies the fifth check value by using a signature verification or decryption method according to the upgrade check factor, so that replay attack can be prevented, and the upgrade instruction can be executed only once.

And after the fifth check value is verified to pass, the vehicle-mounted unit can verify whether the upgrade package information meets the requirement, and only when the fifth check value is verified to pass and the upgrade package information meets the requirement, the vehicle-mounted unit acquires the transmission key and the upgrade special key which are pre-stored in the vehicle-mounted unit to perform subsequent upgrade operation.

When the vehicle-mounted unit verifies whether the upgrade patch information meets the requirements, the vehicle-mounted unit can also verify the upgrade patch plaintext information and the check value or the upgrade patch information ciphertext patch and the check value so as to ensure the authenticity and reliability of the upgrade patch information.

The vehicle-mounted unit encrypts the transmission key by using the upgrade special key and sends the transmission key to the road side unit, so that the safety of the transmission key can be ensured.

S503, the road side unit receives the transmission key ciphertext, decrypts the transmission key ciphertext to obtain a transmission key, obtains the upgrade package and the upgrade package check value, encrypts the upgrade package by using the transmission key to obtain the upgrade package ciphertext, checks the upgrade package ciphertext to obtain the upgrade package ciphertext check value, and sends the upgrade package ciphertext and the upgrade package ciphertext check value to the vehicle-mounted unit.

Specifically, the roadside unit decrypts the transmission key ciphertext by using a decryption key which is pre-stored by the roadside unit and matched with the special upgrade key to obtain a transmission key, and subsequently processes the upgrade package by using the transmission key and sends the upgrade package to the vehicle-mounted unit, wherein optionally, the roadside unit encrypts the upgrade package by using an encryption key in the transmission key, and simultaneously performs check calculation on the upgrade package ciphertext by using a check key in the transmission key to obtain an upgrade package ciphertext check value, so that the transmission safety of the upgrade package is conveniently ensured, and the transmission reliability of the upgrade package is ensured on the other hand.

S504, the vehicle-mounted unit receives the upgrade package ciphertext and the upgrade package ciphertext check value, verifies the upgrade package ciphertext check value through the transmission key, decrypts the upgrade package ciphertext under the condition that the verification is passed, obtains the upgrade package and the upgrade package check value, verifies the upgrade package check value, and performs upgrade operation through the upgrade package under the condition that the verification is passed.

Specifically, after the vehicle-mounted unit receives the upgrade package ciphertext and the upgrade package ciphertext check value, the integrity of the upgrade package ciphertext transmission is ensured only after the upgrade package ciphertext is checked by using the transmission key, then the upgrade package ciphertext is decrypted by using the transmission key, the integrity and the legality of the upgrade package are checked after the upgrade package ciphertext is decrypted, and the upgrade operation by using the upgrade package is executed after the upgrade package ciphertext and the upgrade package ciphertext check value are verified. Therefore, the legal upgrade package sent by the legal road side unit is ensured, and the upgrade safety of the vehicle-mounted unit is ensured.

As an optional implementation manner of the embodiment of the present invention, the method for managing a vehicle-mounted unit based on pre-installation and step-by-step information writing according to the embodiment of the present invention further includes: and S6, updating the vehicle-mounted unit. At S6, the on-board unit update process includes:

s601, the fourth terminal sends a user updating instruction to the vehicle-mounted unit, wherein the user updating instruction at least comprises fourth terminal authentication information.

Specifically, the fourth terminal may be a specific terminal device or a general-purpose device such as a mobile phone.

If the terminal device is a specific terminal device, the terminal device can be a device used by a vehicle-related information change management department, and when the vehicle-related information is changed, the changed vehicle-related information is written into a vehicle-mounted unit pre-installed in the vehicle by using the specific terminal device.

If the mobile phone is a universal device such as a smart phone or a tablet personal computer of a user, the mobile phone can be directly used by the user, at the moment, after the automobile related information is changed, the user can use the fourth terminal to download the corresponding app to write the changed automobile related information into the vehicle-mounted unit of the automobile, and therefore the user can use the mobile phone conveniently without going to a website alone or performing the operation through a specific person.

The change of the vehicle-related information may be a change of a vehicle holder, a change of account information, a change of various types such as a change of license plate information, and the present flow may be used as long as the information stored in the in-vehicle unit is changed.

When the fourth terminal is a general device of the user, the fourth terminal may be the same terminal device as the second terminal and/or the third terminal, or may be a different device. The fourth terminal and the on-board unit may communicate in a wired or wireless manner, for example, through a USB interface or a bluetooth manner, which is not limited in the present invention.

And after the user successfully registers the corresponding app by downloading the corresponding app, the user can execute the corresponding operation through the corresponding function in the app. In this step, the fourth terminal sends a user update instruction to the on-board unit, where the user update instruction at least includes fourth terminal authentication information, so that the on-board unit verifies the fourth terminal. Specifically, the fourth terminal authentication information may be a fourth terminal certificate, or may be a unique serial number of the fourth terminal, or other device identifiers with an anti-counterfeiting function, as long as the fourth terminal can be uniquely determined, and the information authenticated by the onboard unit all belong to the protection scope of the present invention.

S602, the vehicle-mounted unit receives the user updating instruction, verifies the authentication information of the fourth terminal, deletes the current information stored in the vehicle-mounted unit and sends an updating response to the fourth terminal under the condition that the authentication information of the fourth terminal passes the verification, wherein the current information at least comprises a user information file and a key file.

Specifically, after receiving the user update instruction, the vehicle-mounted unit deletes the current information stored in the vehicle-mounted unit after verifying that the fourth terminal authentication information is valid, and the current information may be set correspondingly according to a difference of the change information, which is not limited in the present invention.

And S603, the fourth terminal receives the updating response and sends a new user information writing instruction to the vehicle-mounted unit.

S604, the vehicle-mounted unit receives a new user information writing instruction, acquires new user information, generates a fifth authentication factor, and sends a new user information writing response to the fourth terminal, wherein the new user information writing response at least comprises: new user information and a fifth authentication factor.

Specifically, after receiving the new user information writing instruction, the onboard unit may acquire the new user information and generate a fifth authentication factor, which may include, but is not limited to: the random number, RTC clock value, counter value, etc., which are not specifically limited in the present invention, should be within the scope of the present invention as long as the random factor can prevent replay attack.

The new user information can be new user identity card information, the vehicle-mounted unit has an identity card reading function in the embodiment of the invention, the new user information can be read through an identity card reader arranged on the vehicle-mounted unit, and the vehicle-mounted unit sends the read new user identity card information and the generated fifth authentication factor to the fourth terminal for subsequent processing.

And S605, the fourth terminal receives the new user information writing response, acquires the vehicle delivery information, sends the vehicle delivery information to the vehicle-mounted unit, and calculates the new vehicle delivery information and the fifth authentication factor through the acquired pre-stored sixth encryption mechanism to obtain a sixth check value, wherein the vehicle delivery information at least comprises the new license plate information.

Specifically, after receiving the new user information write-in response, the fourth terminal may obtain vehicle delivery information, where the vehicle delivery information may be, for example, vehicle owner change information, license plate change information, and/or account change information, and certainly includes a new certificate, a new key, and the like, which may be set according to actual requirements, and is not described herein again. The vehicle delivery information may include, but is not limited to: new license plate information, new user identity information, starting time, validity period and the like.

The fourth terminal can send a vehicle delivery information acquisition instruction to the background vehicle management system and receive a vehicle delivery information acquisition response sent by the background vehicle management system; the fourth terminal can also acquire vehicle delivery information input by the user; the fourth terminal may also acquire the vehicle delivery information by combining photographing recognition with OCR recognition, which is not limited in the present invention.

The sixth encryption mechanism may write a certificate or a key for new user information prestored in the fourth terminal, where the certificate or the key is different from other certificates or keys and may be dedicated to the new user information writing function, and the fifth authentication factor may be calculated by the prestored new user information written certificate or key, for example, in a manner of signing or generating a ciphertext, so as to enable the vehicle-mounted unit to confirm that the vehicle delivery information is indeed sent by the fourth terminal that is legitimate.

And S606, the vehicle-mounted unit receives the vehicle delivery information and the sixth check value, verifies the sixth check value by using a verification mechanism corresponding to the sixth encryption mechanism, and writes the vehicle delivery information into the vehicle-mounted unit under the condition that the verification of the sixth check value is passed.

Specifically, after the vehicle delivery information and the sixth check value are received by the vehicle-mounted unit, the sixth check value is verified by using a verification mechanism corresponding to the sixth encryption mechanism, for example, the sixth check value is verified by using a fifth authentication factor in a manner of signature verification or decryption, so that replay attack can be prevented, and a user information write command can be executed only once.

And S607, the fourth terminal sends the new license plate information and the new user information to the rear trolley management system.

Specifically, after the fourth terminal confirms that the writing of the vehicle-mounted unit is successful, vehicle delivery information may be sent to the back-end vehicle management system, where the vehicle delivery information may include new license plate information and new user information, and certainly may also be new account information, and the like, which is not specifically limited in the present invention, so that the back-end vehicle management system may obtain the new license plate information and the new user information, so as to perform subsequent management on the vehicle.

The following further describes, in a specific embodiment, a vehicle-mounted unit management method based on pre-installation and step-by-step information writing according to an embodiment of the present invention:

in this implementation, the OBU is preloaded in leaving the factory to support the car.

The OBU preassembly scheme is based on a key management system (the key system supports a symmetric key management system and a PKI system), and realizes the management of the OBU along with the whole life cycle of an automobile. A cycle of a vehicle comprising: production, delivery, change, resale, scrapping, etc. Wherein:

1. vehicle information entry:

firstly, when an automobile is produced, writing automobile information of the automobile into OBU equipment, generating a key certificate by the OBU based on a birth certificate, and writing the automobile information (an automobile information file, such as license plate color, automobile type, automobile user type, automobile size, wheel number, axle distance and the like);

the vehicle information is read by the identification device and confirmed by the background vehicle management system, an information input instruction is initiated, the legitimacy of the identification terminal is verified by the OBU based on the device certificate, and the vehicle information is verified based on the application key certificate, so that the safety of vehicle information input is ensured.

2. And (3) license plate information input:

when the automobile is delivered, the OBU supports reading the identity card in cooperation with terminal equipment (which can be special terminal equipment or universal equipment such as a mobile phone), completes identity and license plate binding in combination with screen display confirmation, and registers in a management background.

3. Account signing:

before the OBU is used for ETC transaction, a user is bound to a specific card account, and an application key certificate is used for protecting the safety and the legality of the whole account information binding write-in process.

4. PKI-based transaction management system:

in this embodiment, an OBU management based on a PKI system is provided, ETC transactions are realized, online and offline two situations of the RSU are supported, a blacklist check is added on the RSU side, and a legal state of the OBU device is determined.

5. Vehicle resale:

when vehicles are re-sold, license plate information and/or user information in the vehicles need to be changed, an original key file also needs to be changed, and a certificate needs to be updated.

6. When the vehicle is scrapped, the OBU needs to delete the key stored inside, makes a corresponding record in the management background, and enters a certificate revocation list.

7. The OBU remote upgrading scheme is as follows:

the OBU supports remote upgrade, and after the transaction with the road side unit, or use user terminal networking, the OBU carries out a series of legitimacy check-ups (checks the label, upgrade type, upgrade scope, upgrade serial number etc. accord with etc.) to the upgrade package, then protects the upgrade package through the transmission secret key, and the ciphertext is downloaded, decrypts again to and the installation.

Therefore, the invention ensures all application scenes of the OBU preassembly by utilizing a security scheme (a key system supports a symmetric key management system and a PKI system) aiming at the existing service requirements. OBU can accomplish when the vehicle production and install additional, the user only need after purchasing the car by oneself with vehicle OBU bind the operation can, labour saving and time saving can promote the comprehensive popularization that the ETC used again, has alleviateed OBU's the degree of difficulty of managing of carrying out.

Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps of the process, and alternate implementations are included within the scope of the preferred embodiment of the present invention in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the present invention.

It should be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.

It will be understood by those skilled in the art that all or part of the steps carried by the method for implementing the above embodiments may be implemented by hardware related to instructions of a program, which may be stored in a computer readable storage medium, and when the program is executed, the program includes one or a combination of the steps of the method embodiments.

In addition, functional units in the embodiments of the present invention may be integrated into one processing module, or each unit may exist alone physically, or two or more units are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. The integrated module, if implemented in the form of a software functional module and sold or used as a stand-alone product, may also be stored in a computer readable storage medium.

The storage medium mentioned above may be a read-only memory, a magnetic or optical disk, etc.

In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.

Although embodiments of the present invention have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present invention, and that variations, modifications, substitutions and alterations can be made in the above embodiments by those of ordinary skill in the art without departing from the principle and spirit of the present invention. The scope of the invention is defined by the appended claims and equivalents thereof.

Claims

1. A vehicle-mounted unit management method based on pre-installation and step-by-step information writing is characterized by comprising the following steps:

the method comprises the steps that a first terminal sends an equipment information acquisition instruction to a vehicle-mounted unit preset in a new vehicle leaving a factory, wherein the equipment information acquisition instruction at least comprises first terminal authentication information;

the vehicle-mounted unit receives the device information acquisition instruction, verifies whether the first terminal authentication information is legal or not, generates a first authentication factor under the condition that the first terminal authentication information is legal, and sends acquisition response information to the first terminal, wherein the acquisition response information at least comprises the device information of the vehicle-mounted unit, the vehicle-mounted unit authentication information and the first authentication factor;

the first terminal acquires the vehicle information of the new vehicle and sends a verification instruction to a rear trolley management system, wherein the verification instruction at least comprises the vehicle information;

the first terminal receives the acquired response information and a verification response sent by the background vehicle management system respectively, wherein the verification response comprises a verification result obtained by the background vehicle management system verifying the vehicle information;

the first terminal verifies whether the vehicle-mounted unit authentication information is legal or not, generates a vehicle information writing instruction and sends the vehicle information writing instruction to the vehicle-mounted unit under the condition that the vehicle-mounted unit authentication information is legal and the verification result is that the vehicle information is verified, wherein the vehicle information writing instruction at least comprises: the vehicle authentication method comprises first written information and a first check value obtained by calculating the first written information through an acquired pre-stored first encryption mechanism, wherein the first written information at least comprises the vehicle information and a first authentication factor;

the vehicle-mounted unit receives the vehicle information writing instruction, verifies the first check value by using a verification mechanism corresponding to the first encryption mechanism, writes the vehicle information into the vehicle-mounted unit under the condition that the first check value is verified, and sends a first writing response to the first terminal;

the first terminal receives the first write-in response, generates a vehicle binding record of a vehicle-mounted unit, and sends the vehicle binding record of the vehicle-mounted unit to the background vehicle management system;

the second terminal sends a user information acquisition instruction to the vehicle-mounted unit;

the vehicle-mounted unit receives the user information acquisition instruction, acquires user information, generates a second authentication factor, and sends a user information acquisition response to the second terminal after receiving a user information confirmation instruction, wherein the user information acquisition response at least comprises: the device information of the vehicle-mounted unit, the authentication information of the vehicle-mounted unit, the user information and the second authentication factor, wherein the user information at least comprises identity card information;

the second terminal receives the user information acquisition response, verifies whether the vehicle-mounted unit authentication information is legal, acquires the license plate information of the new vehicle under the condition that the vehicle-mounted unit authentication information is legal, generates a user information writing instruction, and sends the user information writing instruction to the vehicle-mounted unit, wherein the user information writing instruction at least comprises: the second written information and a second check value obtained by calculating the second written information through an obtained pre-stored second encryption mechanism are obtained, and the second written information at least comprises the license plate information and the second authentication factor;

the vehicle-mounted unit receives the user information writing instruction, verifies the second check value by using a verification mechanism corresponding to the second encryption mechanism, writes the license plate information into the vehicle-mounted unit under the condition that the second check value is verified to pass, and sends a second writing response to the second terminal;

the second terminal receives the second write-in response, generates a vehicle-mounted unit license plate binding record and sends the vehicle-mounted unit license plate binding record to the background vehicle management system;

the third terminal generates an activation instruction and sends the activation instruction to the vehicle-mounted unit;

and the vehicle-mounted unit receives the activation instruction and activates a payment function.

2. The method of claim 1, further comprising:

the road side unit sends an authentication request to the vehicle-mounted unit;

the vehicle-mounted unit receives the authentication request, generates a fourth authentication factor and sends an authentication response to the road side unit, wherein the authentication response at least comprises: the fourth authentication factor;

the road side unit receives the authentication response, calculates a fourth verification value obtained by the fourth authentication factor through an acquired pre-stored fourth encryption mechanism, and sends a vehicle information acquisition request to the vehicle-mounted unit, wherein the vehicle information acquisition request at least comprises the fourth verification value;

the vehicle-mounted unit receives the vehicle information acquisition request, verifies the fourth check value by using a verification mechanism corresponding to the fourth encryption mechanism, acquires identification information corresponding to the vehicle-mounted unit under the condition that the fourth check value is verified, reads the entrance information, and sends vehicle verification information to the road side unit, wherein the vehicle verification information at least comprises: the identification information and the access information, wherein the identification information comprises: the device information, the user information, the license plate information and/or the user account information of the vehicle-mounted unit;

the road side unit receives the vehicle verification information, performs blacklist verification on the identification information, calculates the consumption amount according to the entrance and exit information under the condition that the verification is passed, generates a transaction random factor, and sends a transaction certificate acquisition request to the vehicle-mounted unit, wherein the transaction certificate acquisition request comprises transaction information, and the transaction information at least comprises: the transaction random factor, the consumption amount, the identification information and the entrance and exit information;

the vehicle-mounted unit receives the transaction certificate acquisition request, writes in the entrance and exit information, acquires a pre-stored transaction certificate, signs the transaction information, generates a transaction certificate, and sends the transaction certificate to the road side unit, wherein the transaction certificate comprises the transaction information and signature information obtained by signing the transaction information:

and the road side unit receives the transaction voucher, performs accounting operation according to the transaction voucher and sends confirmation information to the vehicle-mounted unit.

3. The method of claim 1, further comprising:

the road side unit sends a vehicle information acquisition request to the vehicle-mounted unit;

the vehicle-mounted unit receives the vehicle information acquisition request, acquires identification information corresponding to the vehicle-mounted unit, reads the entrance information, and sends vehicle verification information to the road side unit, wherein the vehicle verification information at least comprises: the identification information and the access information, wherein the identification information comprises: the device information, the user information, the license plate information and/or the user account information of the vehicle-mounted unit;

4. The method of claim 1, further comprising:

the drive test unit sends an upgrading instruction to the vehicle-mounted unit through a 5.8GHz frequency band or a Bluetooth communication mode, wherein the upgrading instruction at least comprises: the upgrade patch information and a fifth check value obtained by calculating the upgrade check factor through an acquired pre-stored fifth encryption mechanism, wherein the upgrade patch information at least comprises: upgrading type, upgrading version, upgrading starting and ending serial number, upgrading opportunity and upgrading packet size;

the vehicle-mounted unit receives the upgrading instruction, verifies the fifth check value by using a verification mechanism corresponding to the fifth encryption mechanism, verifies whether the upgrading packet information meets the requirement or not under the condition that the verification is passed, acquires a prestored transmission key and an upgrading special key under the condition that the upgrading data packet meets the requirement, encrypts the transmission key by using the upgrading special key to obtain a transmission key ciphertext, and sends the transmission key ciphertext to the road side unit;

the road side unit receives the transmission key ciphertext, decrypts the transmission key ciphertext to obtain the transmission key, obtains an upgrade package and an upgrade package check value, encrypts the upgrade package by using the transmission key to obtain an upgrade package ciphertext, checks the upgrade package ciphertext to obtain an upgrade package ciphertext check value, and sends the upgrade package ciphertext and the upgrade package ciphertext check value to the vehicle-mounted unit;

the vehicle-mounted unit receives the upgrade package ciphertext and the upgrade package ciphertext check value, verifies the upgrade package ciphertext check value by using the transmission key, decrypts the upgrade package ciphertext under the condition that the verification is passed, obtains the upgrade package and the upgrade package check value, verifies the upgrade package check value, and performs upgrade operation by using the upgrade package under the condition that the verification is passed.

5. The method of claim 1, further comprising:

the fourth terminal sends a user updating instruction to the vehicle-mounted unit, wherein the user updating instruction at least comprises fourth terminal authentication information;

the vehicle-mounted unit receives the user updating instruction, verifies the fourth terminal authentication information, deletes the current information stored in the vehicle-mounted unit and sends an updating response to the fourth terminal under the condition that the fourth terminal authentication information is verified, wherein the current information at least comprises a user information file and a key file;

the fourth terminal receives the updating response and sends a new user information writing instruction to the vehicle-mounted unit;

the vehicle-mounted unit receives the new user information writing instruction, acquires new user information, generates a fifth authentication factor, and sends a new user information writing response to the fourth terminal, wherein the new user information writing response at least comprises: the new user information and the fifth authentication factor;

the fourth terminal receives the new user information writing response, acquires vehicle delivery information, and sends the vehicle delivery information and a sixth check value obtained by calculating the new vehicle delivery information and the fifth authentication factor through an acquired pre-stored sixth encryption mechanism to the vehicle-mounted unit, wherein the vehicle delivery information at least comprises new license plate information;

the vehicle-mounted unit receives the vehicle delivery information and the sixth check value, verifies the sixth check value by using a verification mechanism corresponding to the sixth encryption mechanism, and writes the vehicle delivery information into the vehicle-mounted unit when the verification of the sixth check value is passed;

and the fourth terminal sends the new license plate information and the new user information to the background vehicle management system.

6. A vehicle-mounted unit management system based on pre-installation and step-by-step information writing is characterized by comprising:

the system comprises a first terminal and a second terminal, wherein the first terminal is used for sending an equipment information acquisition instruction to a vehicle-mounted unit preset in a new vehicle leaving a factory, and the equipment information acquisition instruction at least comprises first terminal authentication information;

the vehicle-mounted unit is used for receiving the device information acquisition instruction, verifying whether the first terminal authentication information is legal or not, generating a first authentication factor under the condition that the first terminal authentication information is legal, and sending acquisition response information to the first terminal, wherein the acquisition response information at least comprises the device information of the vehicle-mounted unit, the vehicle-mounted unit authentication information and the first authentication factor;

the first terminal is further configured to acquire vehicle information of the new vehicle and send a verification instruction to a rear trolley management system, where the verification instruction at least includes the vehicle information; respectively receiving the acquired response information and a verification response sent by the background vehicle management system, wherein the verification response comprises a verification result obtained by the background vehicle management system verifying the vehicle information; verifying whether the vehicle-mounted unit authentication information is legal or not, generating a vehicle information writing instruction and sending the vehicle information writing instruction to the vehicle-mounted unit under the condition that the vehicle-mounted unit authentication information is legal and the verification result is that the vehicle information is verified to be passed, wherein the vehicle information writing instruction at least comprises: the vehicle authentication method comprises first written information and a first check value obtained by calculating the first written information through an acquired pre-stored first encryption mechanism, wherein the first written information at least comprises the vehicle information and a first authentication factor;

the vehicle-mounted unit is further used for receiving the vehicle information writing instruction, verifying the first check value by using a verification mechanism corresponding to the first encryption mechanism, writing the vehicle information into the vehicle-mounted unit under the condition that the first check value is verified, and sending a first writing response to the first terminal;

the first terminal is further used for receiving the first write-in response, generating a vehicle binding record of a vehicle-mounted unit, and sending the vehicle binding record of the vehicle-mounted unit to the background vehicle management system;

the second terminal is used for sending a user information acquisition instruction to the vehicle-mounted unit;

the vehicle-mounted unit is further configured to receive the user information obtaining instruction, obtain user information, generate a second authentication factor, and send a user information obtaining response to the second terminal after receiving the user information confirming instruction, where the user information obtaining response at least includes: the device information of the vehicle-mounted unit, the authentication information of the vehicle-mounted unit, the user information and the second authentication factor, wherein the user information at least comprises identity card information;

the second terminal is further configured to receive the user information obtaining response, verify whether the vehicle-mounted unit authentication information is legal, obtain license plate information of the new vehicle under the condition that the vehicle-mounted unit authentication information is legal, generate a user information writing instruction, and send the user information writing instruction to the vehicle-mounted unit, where the user information writing instruction at least includes: the second written information and a second check value obtained by calculating the second written information through an obtained pre-stored second encryption mechanism are obtained, and the second written information at least comprises the license plate information and the second authentication factor;

the vehicle-mounted unit is further configured to receive the user information writing instruction, verify the second check value by using a verification mechanism corresponding to the second encryption mechanism, write the license plate information into the vehicle-mounted unit when the second check value passes verification, and send a second writing response to the second terminal;

the second terminal is further used for receiving the second write-in response, generating a vehicle-mounted unit license plate binding record and sending the vehicle-mounted unit license plate binding record to the background vehicle management system;

the third terminal is used for generating an activation instruction and sending the activation instruction to the vehicle-mounted unit;

and the vehicle-mounted unit is also used for receiving the activation instruction and activating a payment function.

7. The system of claim 6, further comprising:

the road side unit is used for sending an authentication request to the vehicle-mounted unit;

the vehicle-mounted unit is further configured to receive the authentication request, generate a fourth authentication factor, and send an authentication response to the road side unit, where the authentication response at least includes: the fourth authentication factor;

the road side unit is further configured to receive the authentication response, calculate a fourth verification value obtained by the fourth authentication factor through an acquired pre-stored fourth encryption mechanism, and send a vehicle information acquisition request to the vehicle-mounted unit, where the vehicle information acquisition request at least includes the fourth verification value;

the vehicle-mounted unit is further configured to receive the vehicle information acquisition request, verify the fourth check value by using a verification mechanism corresponding to the fourth encryption mechanism, acquire identification information corresponding to the vehicle-mounted unit when the fourth check value is verified, read entry information, and send vehicle verification information to the roadside unit, where the vehicle verification information at least includes: the identification information and the access information, wherein the identification information comprises: the device information, the user information, the license plate information and/or the user account information of the vehicle-mounted unit;

the road side unit is further configured to receive the vehicle verification information, perform blacklist verification on the identification information, calculate a consumption amount according to the entrance/exit information under the condition that the verification is passed, generate a transaction random factor, and send a transaction certificate acquisition request to the vehicle-mounted unit, where the transaction certificate acquisition request includes transaction information, and the transaction information at least includes: the transaction random factor, the consumption amount, the identification information and the entrance and exit information;

the vehicle-mounted unit is further configured to receive the transaction certificate acquisition request, write the entrance and exit information in, acquire a pre-stored transaction certificate, sign the transaction information, generate a transaction certificate, and send the transaction certificate to the road side unit, where the transaction certificate includes the transaction information and signature information obtained by signing the transaction information:

the road side unit is also used for receiving the transaction voucher, carrying out accounting operation according to the transaction voucher and sending confirmation information to the vehicle-mounted unit.

8. The system of claim 6, further comprising:

the road side unit is also used for sending a vehicle information acquisition request to the vehicle-mounted unit;

the vehicle-mounted unit is further configured to receive the vehicle information acquisition request, acquire identification information corresponding to the vehicle-mounted unit, read entry information, and send vehicle verification information to the roadside unit, where the vehicle verification information at least includes: the identification information and the access information, wherein the identification information comprises: the device information, the user information, the license plate information and/or the user account information of the vehicle-mounted unit;

9. The system of claim 6, further comprising:

the drive test unit is used for sending an upgrading instruction to the vehicle-mounted unit through a 5.8GHz frequency band or a Bluetooth communication mode, wherein the upgrading instruction at least comprises: the upgrade patch information and a fifth check value obtained by calculating the upgrade check factor through an acquired pre-stored fifth encryption mechanism, wherein the upgrade patch information at least comprises: upgrading type, upgrading version, upgrading starting and ending serial number, upgrading opportunity and upgrading packet size;

the vehicle-mounted unit is further configured to receive the upgrade instruction, verify the fifth check value by using a verification mechanism corresponding to the fifth encryption mechanism, verify whether the upgrade package information meets the requirement under the condition that the verification is passed, acquire a pre-stored transmission key and an upgrade private key under the condition that the upgrade data package meets the requirement, encrypt the transmission key by using the upgrade private key to obtain a transmission key ciphertext, and send the transmission key ciphertext to the roadside unit;

the road side unit is further configured to receive the transmission key ciphertext, decrypt the transmission key ciphertext to obtain the transmission key, obtain an upgrade package and an upgrade package check value, encrypt the upgrade package by using the transmission key to obtain an upgrade package ciphertext, check the upgrade package ciphertext to obtain an upgrade package ciphertext check value, and send the upgrade package ciphertext and the upgrade package ciphertext check value to the vehicle-mounted unit;

the vehicle-mounted unit is further used for receiving the upgrade package ciphertext and the upgrade package ciphertext check value, verifying the upgrade package ciphertext check value by using the transmission key, decrypting the upgrade package ciphertext under the condition that verification is passed, obtaining the upgrade package and the upgrade package check value, verifying the upgrade package check value, and performing upgrade operation by using the upgrade package under the condition that verification is passed.

10. The system of claim 6, further comprising:

the fourth terminal is used for sending a user updating instruction to the vehicle-mounted unit, wherein the user updating instruction at least comprises fourth terminal authentication information;

the vehicle-mounted unit is further configured to receive the user updating instruction, verify the fourth terminal authentication information, delete current information stored in the vehicle-mounted unit and send an updating response to the fourth terminal when the fourth terminal authentication information is verified, where the current information at least includes a user information file and a key file;

the fourth terminal is used for receiving the updating response and sending a new user information writing instruction to the vehicle-mounted unit;

the vehicle-mounted unit is further configured to receive the new user information writing instruction, acquire new user information, generate a fifth authentication factor, and send a new user information writing response to the fourth terminal, where the new user information writing response at least includes: the new user information and the fifth authentication factor;

the fourth terminal is further configured to receive the new user information write response, acquire vehicle delivery information, send the vehicle delivery information to the onboard unit, and calculate the new vehicle delivery information and the fifth authentication factor through an acquired pre-stored sixth encryption mechanism to obtain a sixth check value, where the vehicle delivery information at least includes new license plate information;

the vehicle-mounted unit is further configured to receive the vehicle delivery information and the sixth check value, verify the sixth check value by using a verification mechanism corresponding to the sixth encryption mechanism, and write the vehicle delivery information into the vehicle-mounted unit when the verification of the sixth check value is passed;

and the fourth terminal is further used for sending the new license plate information and the new user information to the background vehicle management system.