CN113064725A - Virtual resource transfer method, vehicle-mounted unit, storage medium, and electronic apparatus - Google Patents
Virtual resource transfer method, vehicle-mounted unit, storage medium, and electronic apparatus Download PDFInfo
- Publication number
- CN113064725A CN113064725A CN202110342526.8A CN202110342526A CN113064725A CN 113064725 A CN113064725 A CN 113064725A CN 202110342526 A CN202110342526 A CN 202110342526A CN 113064725 A CN113064725 A CN 113064725A
- Authority
- CN
- China
- Prior art keywords
- module
- esam
- target
- card module
- card
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 52
- 238000012546 transfer Methods 0.000 title claims abstract description 49
- 102100038591 Endothelial cell-selective adhesion molecule Human genes 0.000 claims abstract 61
- 101000882622 Homo sapiens Endothelial cell-selective adhesion molecule Proteins 0.000 claims abstract 61
- 230000002457 bidirectional effect Effects 0.000 claims description 19
- 230000008569 process Effects 0.000 claims description 19
- 238000004590 computer program Methods 0.000 claims description 11
- 230000003993 interaction Effects 0.000 abstract description 19
- 238000005516 engineering process Methods 0.000 abstract description 4
- 238000012795 verification Methods 0.000 description 5
- 238000013475 authorization Methods 0.000 description 3
- 238000004891 communication Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000004904 shortening Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/50—Allocation of resources, e.g. of the central processing unit [CPU]
- G06F9/5061—Partitioning or combining of resources
- G06F9/5077—Logical partitioning of resources; Management or configuration of virtualized resources
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Devices For Checking Fares Or Tickets At Control Points (AREA)
Abstract
The invention provides a virtual resource transfer method, a vehicle-mounted unit, a storage medium and an electronic device, wherein the method comprises the following steps: under the condition that the embedded safety access ESAM module in the target road side unit and the embedded safety access ESAM module in the vehicle-mounted unit are successfully authenticated, the target authority is obtained through the ESAM module; under the condition that the IC card module is positioned in the ESAM module, transferring the virtual resources through the IC card module; and under the condition that the IC card module is not positioned in the ESAM module, the ESAM module is authenticated through the IC card module, and under the condition that the ESAM module is successfully authenticated through the IC card module, the virtual resources are transferred through the IC card module. By the method and the device, the technical problem of virtual resource transfer failure caused by long air interaction time of the vehicle-mounted unit and the road side unit in the related technology can be solved.
Description
Technical Field
The invention relates to the field of communication, in particular to a virtual resource transfer method, a vehicle-mounted unit, a storage medium and an electronic device.
Background
In the related art, in the process of transferring a virtual resource corresponding to a vehicle through an On Board Unit (OBU), authentication of the OBU through a Road Side Unit (RSU) is required, where two stages of interaction between the RSU and the OBU are involved, specifically, authentication of an embedded security access ESAM module in the OBU by the RSU is performed through the first stage of interaction, and authentication of an integrated circuit IC card module in the OBU by the RSU is performed through the second stage of interaction. Because the two stages of interaction process need to be carried out between the vehicle-mounted unit and the road side unit, the air interaction time between the vehicle-mounted unit and the road side unit is long, and the risk of failure in transferring virtual resources by the vehicle-mounted unit can be caused.
Particularly, as the plurality of RSU antennas of the same portal are all set to be used in a time-sharing mode, and the plurality of RSU antennas are only used as one RSU antenna at the same moment, the risk that the transaction between the portal RSU antenna and the OBU fails is easily caused when the portal RSU antenna region passes through a plurality of vehicles at one time, and further the abnormal sectional charging is caused, so that the service experience of the high-speed passing charging of the vehicles is reduced.
Aiming at the technical problem of virtual resource transfer failure caused by long air interaction time of the vehicle-mounted unit and the road side unit in the related technology, an effective technical scheme is not provided yet.
Disclosure of Invention
An optional embodiment provides a virtual resource transfer method, an on-board unit, a storage medium and an electronic device, so as to at least solve the technical problem of virtual resource transfer failure caused by long air interaction time between the on-board unit and the road side unit in the related art.
According to an embodiment of the present invention, there is provided a virtual resource transfer method including: under the condition that bidirectional authentication between a target road side unit and an embedded secure access ESAM module in an on-board unit is successful, obtaining a target authority through the ESAM module, wherein the target authority indicates that the ESAM module obtaining the target authority can replace the target road side unit in the process of transferring a target quantity of virtual resources by an integrated circuit IC card module in the on-board unit; transferring the target number of virtual resources through the IC card module under the condition that the IC card module is positioned in the ESAM module; and under the condition that the IC card module is not positioned in the ESAM module, the ESAM module is authenticated through the IC card module, and under the condition that the ESAM module is successfully authenticated through the IC card module, the target number of virtual resources are transferred through the IC card module.
Optionally, the transferring, by the IC card module, the target number of virtual resources in a case where the IC card module is located in the ESAM module includes: the ESAM module is not authenticated through the IC card module, and the target number of virtual resources are transferred through the IC card module; or, the IC card module authenticates the ESAM module, and the IC card module transfers the target amount of virtual resources when the IC card module successfully authenticates the ESAM module.
Optionally, the obtaining of the target right through the ESAM module includes: obtaining, by the ESAM module, a usage right for a first key stored in the ESAM module, wherein the usage right indicates that a module having the usage right obtains the target right; after the target authority is obtained through the ESAM module, the using times corresponding to the first secret key stored in the ESAM module are updated to a first preset value through the ESAM module.
Optionally, the authenticating the ESAM module by the IC card module includes: encrypting first data by using the first key through the ESAM module to obtain second data, and sending the second data to the IC card module to request the IC card module to authenticate the ESAM module; encrypting the first data by using a second key through the IC card module to obtain third data, wherein the second key is stored in the IC card module and is a key matched with the first key; and determining that the IC card module successfully authenticates the ESAM module when the second data and the third data are consistent.
Optionally, the method further comprises: storing the first key in the ESAM module during one issuance or two issuance of the on-board unit before the target roadside unit and the ESAM module perform mutual authentication.
Optionally, after the transferring of the target number of virtual resources by the IC card module, the method further includes: and authenticating the IC card module by using the first key through the ESAM module, and updating the use times corresponding to the first key stored in the ESAM module to a second preset value through the ESAM module after the authentication is successful, wherein the ESAM module does not have the target permission under the condition that the use times corresponding to the first key is the second preset value.
According to another alternative embodiment of the present invention, there is provided an on-board unit including: the system comprises an embedded safe access ESAM module and an integrated circuit IC card module, wherein the embedded safe access ESAM module is used for obtaining a target authority under the condition that bidirectional authentication between a target road side unit and the ESAM module is successful, wherein the target authority indicates that the ESAM module obtaining the target authority can replace the target road side unit in the process that the integrated circuit card IC module in the vehicle-mounted unit transfers a target number of virtual resources; the IC card module is used for: transferring the target number of virtual resources if the IC card module is located within the ESAM module; the IC card module is further configured to: and under the condition that the IC card module is not positioned in the ESAM module, authenticating the ESAM module, and under the condition that the ESAM module is successfully authenticated, transferring the target number of virtual resources.
Optionally, in a case that the IC card module is located in the ESAM module, the IC card module is further configured to not authenticate the ESAM module and transfer the target number of virtual resources; or, the ESAM module is authenticated, and the target number of virtual resources are transferred under the condition that the authentication of the ESAM module is successful.
Optionally, the ESAM module is further configured to obtain the target right by: obtaining a usage right for a first key stored in the ESAM module, wherein the usage right indicates that a module with the usage right obtains the target right; wherein the ESAM module is further configured to: and after the ESAM module obtains the target authority, updating the use times corresponding to the first secret key stored in the ESAM module to a first preset value.
Optionally, in a case that the IC card module is not located in the ESAM module, the ESAM module is further configured to: encrypting first data by using the first key to obtain second data, and sending the second data to the IC card module to request the IC card module to authenticate the ESAM module; wherein the IC card module is further configured to: encrypting the first data by using a second key to obtain third data, wherein the second key is stored in the IC card module and is a key matched with the first key; and determining that the IC card module successfully authenticates the ESAM module if the second data and the third data are consistent.
Optionally, the ESAM module is further configured to: storing the first key written to the on-board unit during one or two issuance of the on-board unit before the target roadside unit and the ESAM module are bidirectionally authenticated.
Optionally, after the transferring of the target number of virtual resources by the IC card module, the ESAM module is further configured to: and authenticating the IC card module by using the first key, and updating the use times corresponding to the first key stored in the ESAM module to a second preset value after the authentication is successful, wherein the ESAM module does not have the target authority under the condition that the use times corresponding to the first key is the second preset value.
Alternatively, according to another embodiment of the present invention, a storage medium is provided, in which a computer program is stored, wherein the computer program is arranged to perform the above-mentioned method when executed.
Alternatively, according to another embodiment of the present invention, there is provided an electronic apparatus, including a memory in which a computer program is stored and a processor configured to execute the computer program to perform the above method.
According to the invention, under the condition that the bidirectional authentication between the target road side unit and the embedded safe access ESAM module in the vehicle-mounted unit is successful, the target authority is obtained through the ESAM module, wherein the target authority indicates the ESAM module which obtains the target authority, and the integrated circuit IC card module in the vehicle-mounted unit can replace the target road side unit in the process of transferring the target quantity of virtual resources; transferring the target number of virtual resources through the IC card module under the condition that the IC card module is positioned in the ESAM module; and under the condition that the IC card module is not positioned in the ESAM module, the ESAM module is authenticated through the IC card module, and under the condition that the ESAM module is successfully authenticated through the IC card module, the target number of virtual resources are transferred through the IC card module. After the road side unit successfully authenticates the ESAM module in the vehicle-mounted unit, the ESAM in the vehicle-mounted unit replaces the target road side unit, so that air interaction with the target road side unit through the IC card module of the vehicle-mounted unit is not needed any more, the air interaction time of the vehicle-mounted unit and the road side unit is shortened, the technical problem of virtual resource transfer failure caused by long air interaction time of the vehicle-mounted unit and the road side unit in the related technology can be solved, and the transfer success rate of the virtual resources of the vehicle-mounted unit is improved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:
FIG. 1 is a flow diagram of a virtual resource transfer method in accordance with an alternative embodiment;
fig. 2 is a block diagram of the structure of an on-board unit according to an alternative embodiment.
Detailed Description
The invention will be described in detail hereinafter with reference to the accompanying drawings in conjunction with embodiments. It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order.
An alternative embodiment provides a virtual resource transfer method, and fig. 1 is a flowchart of the virtual resource transfer method according to the alternative embodiment, as shown in fig. 1, the method includes:
step S102, under the condition that bidirectional authentication between a target road side unit and an embedded secure access ESAM module in a vehicle-mounted unit is successful, a target authority is obtained through the ESAM module, wherein the target authority indicates the ESAM module which obtains the target authority, and the integrated circuit IC card module in the vehicle-mounted unit can replace the target road side unit in the process of transferring a target number of virtual resources;
step S104, under the condition that the IC card module is positioned in the ESAM module, transferring the virtual resources with the target quantity through the IC card module;
and step S106, under the condition that the IC card module is not positioned in the ESAM module, the ESAM module is authenticated through the IC card module, and under the condition that the ESAM module is successfully authenticated through the IC card module, the target quantity of virtual resources are transferred through the IC card module.
According to the invention, under the condition that the bidirectional authentication between the target road side unit and the embedded safe access ESAM module in the vehicle-mounted unit is successful, the target authority is obtained through the ESAM module, wherein the target authority indicates the ESAM module which obtains the target authority, and the integrated circuit IC card module in the vehicle-mounted unit can replace the target road side unit in the process of transferring the target quantity of virtual resources; transferring the target number of virtual resources through the IC card module under the condition that the IC card module is positioned in the ESAM module; and under the condition that the IC card module is not positioned in the ESAM module, the ESAM module is authenticated through the IC card module, and under the condition that the ESAM module is successfully authenticated through the IC card module, the target number of virtual resources are transferred through the IC card module. After the road side unit successfully authenticates the ESAM module in the vehicle-mounted unit, the ESAM in the vehicle-mounted unit replaces the target road side unit, so that air interaction with the target road side unit through the vehicle-mounted unit is not needed any more, the air interaction time of the vehicle-mounted unit and the road side unit is shortened, the technical problem of virtual resource transfer failure caused by long air interaction time of the vehicle-mounted unit and the road side unit in the related technology can be solved, and the transfer success rate of the virtual resource of the vehicle-mounted unit is improved.
Optionally, the transferring, by the IC card module, the target number of virtual resources in a case where the IC card module is located in the ESAM module includes: the ESAM module is not authenticated through the IC card module, and the target number of virtual resources are transferred through the IC card module; or, the IC card module authenticates the ESAM module, and the IC card module transfers the target amount of virtual resources when the IC card module successfully authenticates the ESAM module.
In the above embodiment, when the IC card module is located in the ESAM module, the ESAM module may be authenticated by the IC card module, and the virtual resource transfer of the target amount is executed after the authentication is successful; or the ESAM is not authenticated by the IC card module, namely the transfer of the target amount of virtual resources is directly carried out by the IC card module.
Optionally, the obtaining of the target right through the ESAM module includes: obtaining, by the ESAM module, a usage right for a first key stored in the ESAM module, wherein the usage right indicates that a module having the usage right obtains the target right; after the target authority is obtained through the ESAM module, the using times corresponding to the first secret key stored in the ESAM module are updated to a first preset value through the ESAM module.
In the above embodiment, under the condition that the bidirectional authentication between the target road side unit and the ESAM module is successful, the ESAM module automatically obtains the target authority, so that the ESAM module replaces the target road side unit, thereby shortening the air interaction time between the vehicle-mounted unit and the target road side unit, and accelerating the processing efficiency of the virtual resource transfer process.
And under the condition that the IC card module is not positioned in the ESAM module, authenticating the ESAM module through the IC card module, wherein a first secret key is required to be used in the authentication process, namely the ESAM module is required to use the first secret key in the authentication process of the IC card module, the IC card module is also used for authenticating the ESAM module, and after the authentication is successful, the IC card module carries out virtual resource transfer operation, so that the air interaction time of the vehicle-mounted unit and the target road side unit is shortened, and the processing efficiency of the virtual resource transfer process is accelerated.
Optionally, the authenticating the ESAM module by the IC card module includes: encrypting first data by using the first key through the ESAM module to obtain second data, and sending the second data to the IC card module to request the IC card module to authenticate the ESAM module; encrypting the first data by using a second key through the IC card module to obtain third data, wherein the second key is stored in the IC card module and is a key matched with the first key; and determining that the IC card module successfully authenticates the ESAM module when the second data and the third data are consistent.
In the above embodiment, the IC card module authenticates the ESAM module, including but not limited to authenticating the target authority obtained by the ESAM module, and after the authentication is successful, it is determined that the transfer operation of the target virtual resource can be performed. The IC card module authenticates the target authority obtained by the ESAM module, and the IC card module authenticates the first key in the ESAM module, namely if the IC card module successfully authenticates the ESAM, the IC card module successfully authenticates the target authority of the ESAM module, and meanwhile, the IC card module successfully authenticates the first key in the ESAM module.
Optionally, the method further comprises: storing the first key in the ESAM module during one issuance or two issuance of the on-board unit before the target roadside unit and the ESAM module perform mutual authentication.
In the above-described embodiment, the first key to be authenticated before the IC card module performs the virtual resource transfer operation is written in advance into the ESAM module of the in-vehicle unit before the in-vehicle unit is mounted in the vehicle, for example, in the primary issuance, the secondary issuance process of the in-vehicle unit.
In the above embodiment, after the transferring of the target number of virtual resources by the IC card module, the method further includes: authenticating the IC card module by using the first key through the ESAM module, wherein the third data is acquired through the ESAM; and determining that the ESAM module successfully authenticates the IC card module under the condition that the second data is consistent with the third data.
The IC card module is authenticated by using the first key through the ESAM module, specifically, the second key in the IC card module is authenticated by using the first key through the ESAM module.
Wherein the first data includes but is not limited to: after the ESAM module acquires the target authority, reading data from the IC card module; or data pre-negotiated by the ESAM module and the IC module.
Optionally, after the transferring of the target number of virtual resources by the IC card module, the method further includes: and updating the use times corresponding to the first secret key stored in the ESAM module to a second preset value through the ESAM module, wherein the ESAM module does not have the target authority under the condition that the use times corresponding to the first secret key is the second preset value.
In an alternative embodiment, the first preset value includes, but is not limited to, being equal to 1, and the second preset value includes, but is not limited to, being equal to 0.
Optionally, the target number is determined according to a virtual resource transfer instruction received by the on-board unit from the target road side unit, or the target number is determined according to a virtual resource transfer instruction received by the on-board unit from a smart terminal such as a mobile phone or a tablet computer.
In the above embodiment, the self-deduction is completed by means of authorization of the internal key of the OBU, so that the air interaction time of the OBU and the RSU is greatly reduced while the authentication security is ensured, and the transaction success rate of the portal free stream charging RSU antenna and the OBU is improved.
Through the above description of the embodiments, those skilled in the art can clearly understand that the method according to the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but the former is a better implementation mode in many cases. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, or a network device) to execute the method according to the embodiments of the present invention.
According to another embodiment of the present invention, an on-board unit is provided, which is used for implementing the above-mentioned embodiments and preferred embodiments, and the description of the on-board unit is omitted. As used below, the term "module" may be a combination of software and/or hardware that implements a predetermined function. Although the means described in the embodiments below are preferably implemented in software, an implementation in hardware, or a combination of software and hardware is also possible and contemplated.
Fig. 2 is a block diagram showing the structure of an on-board unit according to an alternative embodiment, as shown in fig. 2, the on-board unit including: an embedded secure access ESAM module 201 and an integrated circuit IC card module 202, wherein,
the ESAM module 201 is configured to obtain a target permission under the condition that bidirectional authentication between a target road side unit and the ESAM module 201 is successful, where the target permission indicates that the ESAM module that has obtained the target permission can replace the target road side unit in a process of transferring a target number of virtual resources by the IC card module 202;
the IC card module 202 is configured to: transferring the target number of virtual resources if the IC card module 202 is located within the ESAM module 201;
the IC card module 202 is further configured to: authenticating the ESAM module 201 if the IC card module 202 is not located in the ESAM module 201, and transferring the target number of virtual resources if the authentication of the ESAM module 201 is successful.
Optionally, in a case that the IC card module 202 is located in the ESAM module 201, the IC card module 202 is further configured to not authenticate the ESAM module 201 and transfer the target number of virtual resources; or, the ESAM module 201 is authenticated, and the target number of virtual resources are transferred if the ESAM module is successfully authenticated.
Optionally, the ESAM module 201 is further configured to obtain the target right by: obtaining a usage right for a first key stored in the ESAM module 201, wherein the usage right indicates that a module having the usage right obtains the target right; wherein, the ESAM module 201 is further configured to: after the ESAM module 201 obtains the target authority, the number of times of use corresponding to the first key stored in the ESAM module 201 is updated to a first preset value.
Optionally, in a case that the IC card module 202 is not located in the ESAM module 201, the ESAM module 201 is further configured to: encrypting the first data by using the first key to obtain second data, and sending the second data to the IC card module 202 to request the IC card module 202 to authenticate the ESAM module 201; wherein, the IC card module 202 is further configured to: encrypting the first data by using a second key to obtain third data, wherein the second key is stored in the IC card module 202, and the second key is a key paired with the first key; and for determining that the IC card module 202 successfully authenticates the ESAM module 201 if the second data and the third data are identical.
Optionally, the ESAM module 201 is further configured to: the first key written to the on-board unit during one or two issuance of the on-board unit is stored before the target roadside unit is bidirectionally authenticated with the ESAM module 201.
Optionally, after the transferring the target number of virtual resources by the IC card module 202, the ESAM module 201 is further configured to: and authenticating the IC card module by using the first key, and updating the number of times of use corresponding to the first key stored in the ESAM module 201 to a second preset value after the authentication is successful, wherein the ESAM module 201 does not have the target permission when the number of times of use corresponding to the first key is the second preset value.
In an alternative embodiment, the on-board unit includes, but is not limited to, a two-piece OBU. As shown in fig. 2, the on-board Unit further includes a power supply module 203, a Micro Controller Unit (MCU) module 204, and a Dedicated Short Range Communication (DSRC) rf module 205, wherein,
the power supply module 203 is respectively connected with the MCU module 204, the DSRC radio frequency module 205, the ESAM module 201 and the IC card module 202, and is used for providing power supply voltage for the modules;
the MCU module 204 is connected with the DSRC radio frequency module 205 and used for receiving and replying the DSRC signal sent by the RSU antenna through the DSRC radio frequency module 205;
the MCU module 204 is also connected with the ESAM module 201; the MCU module 204 may access the ESAM module 201 through an Application Protocol Data Unit (APDU) command;
the MCU module 204 is further connected to the IC card module 202, and is further configured to access the IC card module 202;
in the above embodiment, the IC card module 202 may be an external IC card module 202, or may be a built-in IC card module 202. When the IC card module 202 is the built-in IC card module 202, the built-in IC card module 202 and the ESAM module 201 may be a two-in-one dual-Chip Operating System (COS) module, a single COS module, or two independent modules respectively connected to the MCU module 204. In which the OBU having the built-in IC card module 202 is smaller in size than the OBU having the external IC card module 202.
Wherein, under the condition that the ESAM module 201 and the IC card module 202 are two independent modules respectively connected to the MCU module 204, or the IC card module 202 is an external-plug IC card module 202, the MCU module 204 is further configured to read a third key stored in the ESAM module 201, and perform bidirectional authentication with the roadside unit by using the third key; and also for reading the first key stored in the ESAM module 201 and for performing authentication of the IC module using the first key. In an optional embodiment, the authentication between the ESAM module 201 and the IC card module 202 is bidirectional authentication, that is, after the IC card module completes the transfer of the target number of virtual resources, the ESAM module 201 authenticates the IC card module using the first key, and after the ESAM module 201 and the IC card module 202 successfully authenticate each other, the number of times of use corresponding to the first key stored in the ESAM module 201 is updated to the second preset value. The virtual resource transfer includes, but is not limited to, transferring a target amount of virtual resources from the virtual resource account bound to the vehicle-mounted unit, that is, the virtual resource transfer operation includes, but is not limited to, performing a fee deduction operation, wherein the virtual resources include, but are not limited to, resources in the form of money, credits, and the like.
The double-chip OBU and the RSU antenna perform information interaction through 5.8G signals, and the double-chip OBU performs bidirectional authentication with the RSU antenna or the background encryption machine through the third secret key stored in the ESAM module 201; after the bidirectional authentication is successful, the ESAM module 201 automatically obtains the usage authorization of the first secret key stored in the ESAM module 201, and then the ESAM module 201 may request the IC card module 202 to authenticate the ESAM module (for example, in the case that the IC card module is an external-plug type IC card module, or the IC card module is a built-in type IC card module, and the IC card module and the ESAM module are two independent modules, the IC card module authenticates the ESAM module), and after the authentication is successful, transfers the virtual resources according to the virtual resource transfer instruction (including but not limited to the fee deduction instruction) received by the OBU.
In the above embodiment, the virtual resource transfer process includes two parts, where the first part is that the RSU and the OBU complete 5.8G over-the-air information interaction. The OBU receives a virtual resource transfer request issued by the RSU antenna, the OBU completes bidirectional authentication between the RSU and an ESAM module 201 inside the OBU by using a third key, and after the bidirectional authentication is successful, the ESAM module 201 acquires the use permission of the first key.
The second part is that the IC card module 202 completes authentication and virtual resource transfer of ESAM inside the OBU, or the second part is that the IC card module inside the OBU executes virtual resource transfer. For the case that the ESAM module 201 and the IC card module 202 are combined into one, the specific steps are as follows: the IC card module 202 performs a fee deduction operation; for the case that the ESAM module 201 and the IC card module 202 are two independent modules respectively connected to the MCU module 204, or the IC card module 202 is an external-plug type IC card module 202, the following specific steps are performed: the MCU 204 is used as a data communication bridge between the ESAM module 201 and the IC card module 202, and performs data transfer through the MCU 204, thereby completing authentication of the ESAM module 201 by the IC card module 202, and performing a fee deduction operation after the authentication is successful.
In an alternative embodiment, the IC card module 202 stores a second key, the ESAM module stores a first key paired with the second key, and the ESAM module 201 also stores the number of times of availability (i.e., the number of times of use in the above-described embodiment) of the first key.
After the ESAM module 201 completes the key issuance (i.e., writes the first key to the ESAM module 201 during one or two issuance of the on-board unit), the number of times the first key is available is initially set to 0 times by default. After the ESAM module 201 completes the mutual authentication with the roadside unit by using the third key stored in the ESAM module 201, the ESAM module 201 may automatically obtain the one-time usage right of the first key, that is, the available times becomes 1, so that the ESAM module 201 may request the IC card module 202 to authenticate it by using the first key, and then the IC card module performs the fee deduction operation. After the fee deduction operation is completed, the MCU module 204 writes the transaction fee deduction record into the ESAM module 201 and/or the IC card module 202.
In the above embodiment, the bidirectional authentication process between the target road side unit and the ESAM module 201 in the OBU includes the following steps:
the target road side unit authenticates an ESAM (electronic service access module) 201 in the OBU, and under the condition of successful authentication, the target road side unit issues a verification request containing a deduction instruction to the OBU;
after the OBU receives the verification request containing the deduction instruction, the MCU module 204 in the OBU sends the data containing the verification request to the ESAM module 201;
the ESAM module 201 authenticates the data in the verification request through the internally stored third key, and if the authentication is successful, the ESAM module 201 and the RSU complete the bidirectional authentication;
when the ESAM module 201 and the RSU complete the mutual authentication, the ESAM module 201 obtains a usage authorization for the first key, and meanwhile, in order to ensure the security of the required deduction amount, the ESAM module 201 stores the deduction amount value (i.e. the target amount in the above embodiment) in the deduction instruction in a FLASH Memory FLASH or a Random-Only Memory (ROM) inside the ESAM module 201;
in the case that the ESAM module 201 and the IC card module 202 are integrated into one, that is, the ESAM module 201 has two COS that can be operated simultaneously, one COS is used for executing the function corresponding to the ESAM module 201, and the other COS is used for executing the function corresponding to the IC card module 202. Self-verification for the IC card module 202 is completed in the ESAM module 201.
An embodiment of the present invention further provides a storage medium including a stored program, wherein the program executes any one of the methods described above.
Alternatively, in the present embodiment, the storage medium may be configured to store program codes for performing the following steps:
s1, under the condition that bidirectional authentication between a target road side unit and an embedded secure access ESAM module in a vehicle-mounted unit is successful, a target authority is obtained through the ESAM module, wherein the target authority indicates the ESAM module which obtains the target authority, and the integrated circuit IC card module in the vehicle-mounted unit can replace the target road side unit in the process of transferring a target number of virtual resources;
s2, under the condition that the IC card module is positioned in the ESAM module, transferring the virtual resources with the target quantity through the IC card module;
s3, under the condition that the IC card module is not located in the ESAM module, the ESAM module is authenticated through the IC card module, and under the condition that the ESAM module is successfully authenticated through the IC card module, the target quantity of virtual resources are transferred through the IC card module.
Optionally, in this embodiment, the storage medium may include, but is not limited to: various media capable of storing program codes, such as a usb disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic disk, or an optical disk.
Optionally, the specific examples in this embodiment may refer to the examples described in the above embodiments and optional implementation manners, and this embodiment is not described herein again.
Embodiments of the present invention also provide an electronic device comprising a memory having a computer program stored therein and a processor arranged to run the computer program to perform the steps of any of the above method embodiments.
Optionally, the electronic apparatus may further include a transmission device and an input/output device, wherein the transmission device is connected to the processor, and the input/output device is connected to the processor.
Optionally, in this embodiment, the processor may be configured to execute the following steps by a computer program:
s1, under the condition that bidirectional authentication between a target road side unit and an embedded secure access ESAM module in a vehicle-mounted unit is successful, a target authority is obtained through the ESAM module, wherein the target authority indicates the ESAM module which obtains the target authority, and the integrated circuit IC card module in the vehicle-mounted unit can replace the target road side unit in the process of transferring a target number of virtual resources;
s2, under the condition that the IC card module is positioned in the ESAM module, transferring the virtual resources with the target quantity through the IC card module;
s3, under the condition that the IC card module is not located in the ESAM module, the ESAM module is authenticated through the IC card module, and under the condition that the ESAM module is successfully authenticated through the IC card module, the target quantity of virtual resources are transferred through the IC card module.
Optionally, the specific examples in this embodiment may refer to the examples described in the above embodiments and optional implementation manners, and this embodiment is not described herein again.
It will be apparent to those skilled in the art that the modules or steps of the present invention described above may be implemented by a general purpose computing device, they may be centralized on a single computing device or distributed across a network of multiple computing devices, and alternatively, they may be implemented by program code executable by a computing device, such that they may be stored in a storage device and executed by a computing device, and in some cases, the steps shown or described may be performed in an order different than that described herein, or they may be separately fabricated into individual integrated circuit modules, or multiple ones of them may be fabricated into a single integrated circuit module. Thus, the present invention is not limited to any specific combination of hardware and software.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the principle of the present invention should be included in the protection scope of the present invention.
Claims (14)
1. A virtual resource transfer method, comprising:
under the condition that bidirectional authentication between a target road side unit and an embedded secure access ESAM module in an on-board unit is successful, a target authority is obtained through the ESAM module, wherein the target authority indicates the ESAM module which obtains the target authority, and the target road side unit can be replaced in the process of transferring a target number of virtual resources by an integrated circuit IC card module in the on-board unit;
transferring the target number of virtual resources through the IC card module under the condition that the IC card module is positioned in the ESAM module;
and under the condition that the IC card module is not positioned in the ESAM module, the ESAM module is authenticated through the IC card module, and under the condition that the ESAM module is successfully authenticated through the IC card module, the target number of virtual resources are transferred through the IC card module.
2. The virtual resource transfer method according to claim 1, wherein said transferring the target number of virtual resources by the IC card module in a case where the IC card module is located within the ESAM module includes:
the ESAM module is not authenticated through the IC card module, and the target number of virtual resources are transferred through the IC card module; alternatively, the first and second electrodes may be,
and authenticating the ESAM module through the IC card module, and transferring the target number of virtual resources through the IC card module under the condition that the authentication of the ESAM module through the IC card module is successful.
3. The virtual resource transfer method of claim 2, wherein said obtaining target permissions through the ESAM module comprises:
obtaining, by the ESAM module, a usage right for a first key stored in the ESAM module, wherein the usage right indicates that a module having the usage right obtains the target right;
after the target authority is obtained through the ESAM module, the using times corresponding to the first secret key stored in the ESAM module are updated to a first preset value through the ESAM module.
4. The virtual resource transfer method according to claim 3, wherein the authenticating the ESAM module by the IC card module includes:
encrypting first data by using the first key through the ESAM module to obtain second data, and sending the second data to the IC card module to request the IC card module to authenticate the ESAM module;
encrypting the first data by using a second key through the IC card module to obtain third data, wherein the second key is stored in the IC card module and is a key matched with the first key;
and determining that the IC card module successfully authenticates the ESAM module when the second data and the third data are consistent.
5. The virtual resource transfer method of claim 3, wherein the method further comprises:
storing the first key in the ESAM module during one issuance or two issuance of the on-board unit before the target roadside unit and the ESAM module perform mutual authentication.
6. The virtual resource transfer method according to claim 3, wherein after the transfer of the target number of virtual resources by the IC card module, the method further comprises:
and authenticating the IC card module by using the first key through the ESAM module, and updating the use times corresponding to the first key stored in the ESAM module to a second preset value through the ESAM module after the authentication is successful, wherein the ESAM module does not have the target permission under the condition that the use times corresponding to the first key is the second preset value.
7. An on-board unit, comprising: an embedded secure access ESAM module and an integrated circuit IC card module, wherein,
the ESAM module is used for obtaining a target authority under the condition that bidirectional authentication between a target road side unit and the ESAM module is successful, wherein the target authority indicates the ESAM module which obtains the target authority, and the ESAM module can replace the target road side unit in the process that the IC card module transfers the target quantity of virtual resources;
the IC card module is used for: transferring the target number of virtual resources if the IC card module is located within the ESAM module;
the IC card module is further configured to: and under the condition that the IC card module is not positioned in the ESAM module, authenticating the ESAM module, and under the condition that the ESAM module is successfully authenticated, transferring the target number of virtual resources.
8. The on-board unit of claim 7, wherein with the IC card module located within the ESAM module, the IC card module is further configured to:
not authenticating the ESAM module, and transferring the virtual resources with the target quantity; alternatively, the first and second electrodes may be,
and authenticating the ESAM module, and transferring the target number of virtual resources under the condition that the authentication of the ESAM module is successful.
9. The on-board unit of claim 8, wherein the ESAM module is further configured to obtain the target permission by:
obtaining a usage right for a first key stored in the ESAM module, wherein the usage right indicates that a module with the usage right obtains the target right;
wherein the ESAM module is further configured to: and after the ESAM module obtains the target authority, updating the use times corresponding to the first secret key stored in the ESAM module to a first preset value.
10. The on-board unit of claim 9, wherein in the event that the IC card module is not located within the ESAM module, the ESAM module is further configured to:
encrypting first data by using the first key to obtain second data, and sending the second data to the IC card module to request the IC card module to authenticate the ESAM module;
wherein the IC card module is further configured to: encrypting the first data by using a second key to obtain third data, wherein the second key is stored in the IC card module and is a key matched with the first key; and determining that the IC card module successfully authenticates the ESAM module if the second data and the third data are consistent.
11. The on-board unit of claim 9, wherein the ESAM module is further configured to:
storing the first key written to the on-board unit during one or two issuance of the on-board unit before the target roadside unit and the ESAM module are bidirectionally authenticated.
12. The on-board unit of claim 9, wherein after the transfer of the target number of virtual resources by the IC card module, the ESAM module is further configured to:
and authenticating the IC card module by using the first key, and updating the use times corresponding to the first key stored in the ESAM module to a second preset value after the authentication is successful, wherein the ESAM module does not have the target authority under the condition that the use times corresponding to the first key is the second preset value.
13. A storage medium, in which a computer program is stored, wherein the computer program is arranged to perform the method of any of claims 1 to 6 when executed.
14. An electronic device comprising a memory and a processor, characterized in that the memory has stored therein a computer program, the processor being arranged to execute the method of any of claims 1 to 6 by means of the computer program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110342526.8A CN113064725B (en) | 2021-03-30 | 2021-03-30 | Virtual resource transfer method, vehicle-mounted unit, storage medium and electronic device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110342526.8A CN113064725B (en) | 2021-03-30 | 2021-03-30 | Virtual resource transfer method, vehicle-mounted unit, storage medium and electronic device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113064725A true CN113064725A (en) | 2021-07-02 |
| CN113064725B CN113064725B (en) | 2023-11-03 |
Family
ID=76564694
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110342526.8A Active CN113064725B (en) | 2021-03-30 | 2021-03-30 | Virtual resource transfer method, vehicle-mounted unit, storage medium and electronic device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113064725B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPH10143695A (en) * | 1996-11-15 | 1998-05-29 | Toshiba Corp | Mutual authentication system, toll receiving system of toll road and mutual authentication method of toll receiving system |
| CN201402475Y (en) * | 2008-11-18 | 2010-02-10 | 上海东海电脑股份有限公司 | Electronic charging on-vehicle unit with independent safety control module |
| WO2017197689A1 (en) * | 2016-05-18 | 2017-11-23 | 中兴通讯股份有限公司 | Sim card processing method and apparatus, terminal, and esam chip |
| CN109011583A (en) * | 2018-05-28 | 2018-12-18 | 腾讯科技(深圳)有限公司 | virtual resource transfer method and device, storage medium and electronic device |
| CN111932224A (en) * | 2020-07-03 | 2020-11-13 | 深圳市万集科技有限公司 | Virtual resource transfer method, device, system, storage medium and electronic device |
-
2021
- 2021-03-30 CN CN202110342526.8A patent/CN113064725B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPH10143695A (en) * | 1996-11-15 | 1998-05-29 | Toshiba Corp | Mutual authentication system, toll receiving system of toll road and mutual authentication method of toll receiving system |
| CN201402475Y (en) * | 2008-11-18 | 2010-02-10 | 上海东海电脑股份有限公司 | Electronic charging on-vehicle unit with independent safety control module |
| WO2017197689A1 (en) * | 2016-05-18 | 2017-11-23 | 中兴通讯股份有限公司 | Sim card processing method and apparatus, terminal, and esam chip |
| CN109011583A (en) * | 2018-05-28 | 2018-12-18 | 腾讯科技(深圳)有限公司 | virtual resource transfer method and device, storage medium and electronic device |
| CN111932224A (en) * | 2020-07-03 | 2020-11-13 | 深圳市万集科技有限公司 | Virtual resource transfer method, device, system, storage medium and electronic device |
Non-Patent Citations (3)
| Title |
|---|
| 文松;王敏;胡春阳;徐德刚;: "基于可信计算的车载网认证方案", 湖北文理学院学报, no. 08 * |
| 梁贞;邓必栋;何增镇;: "高速公路ETC密钥管理系统研究", 西部交通科技, no. 07 * |
| 陈宋宋;王丽丽;项彬;于亮亮;: "ESAM在电动汽车充电桩中的应用", 电力系统通信, no. 04 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113064725B (en) | 2023-11-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2988470B1 (en) | Automatic purposed-application creation | |
| US8215547B2 (en) | Data communicating apparatus and method for managing memory of data communicating apparatus | |
| US20220224548A1 (en) | Verifying vehicular identity | |
| US6749115B2 (en) | Dual processor trusted computing environment | |
| CN101136069A (en) | Issuing method of ETC electronic label | |
| US11063747B2 (en) | Secure monitoring using block chain | |
| US10491600B2 (en) | Method of controlling access to a reserve zone with control of the validity of an access entitlement installed in the memory of a mobile terminal | |
| US11863688B2 (en) | Secure emergency vehicular communication | |
| US9298949B2 (en) | Method for programming a mobile end device chip | |
| CN105743651A (en) | Method and apparatus for utilizing card application in chip security domain, and application terminal | |
| CN113064725B (en) | Virtual resource transfer method, vehicle-mounted unit, storage medium and electronic device | |
| CN114445922B (en) | Secondary issuing method, device, equipment and storage medium of charging equipment | |
| US20230385418A1 (en) | Information processing device, information processing method, program, mobile terminal, and information processing system | |
| CN112422281B (en) | Method and system for changing secret key in security module | |
| CN105103180B (en) | Method for handling the distribution of mobile credit card | |
| CN114756827A (en) | License file management method, device and equipment | |
| EP2993608A1 (en) | A method for changing the ownership of a secure element | |
| JP6160544B2 (en) | OBE | |
| US12022294B2 (en) | Access control for Near Field Communication functions | |
| KR101886807B1 (en) | Payment System for HCE Mobile Advance Payment Type Traffic Card using minimum balance and Payment Method thereof | |
| US20240211579A1 (en) | Protection of an electronic device | |
| CN116740829A (en) | Control method, road network center, vehicle and readable storage medium | |
| KR20200031026A (en) | Apparatus and Method for Processing Signal | |
| CN111028372A (en) | ETC fee deduction method and system, storage medium and electronic device | |
| CN118246039A (en) | Protection of electronic devices |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20230926 Address after: Room 020, 2001, Ant Innovation Base, Building 1, Zhejiang Chamber of Commerce Building, No. 299 Pinglan Road, Yingfeng Street, Xiaoshan District, Hangzhou City, Zhejiang Province, 311215 Applicant after: Sanchuan Online (Hangzhou) Information Technology Co.,Ltd. Address before: Wanji space, building 12, Zhongguancun Software Park, yard 8, Dongbei Wangxi Road, Haidian District, Beijing 100193 Applicant before: BEIJING WANJI TECHNOLOGY Co.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |