CN113193959A

CN113193959A - Authentication method, device and system for vehicle-mounted sensor

Info

Publication number: CN113193959A
Application number: CN202010037875.4A
Authority: CN
Inventors: 皇甫仁杰
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2020-01-14
Filing date: 2020-01-14
Publication date: 2021-07-30
Anticipated expiration: 2040-01-14
Also published as: CN113193959B; WO2021143178A1

Abstract

The embodiment of the application discloses an authentication method, an authentication device and an authentication system of a vehicle-mounted sensor, which are applied to the technical field of automobiles and used for improving the authentication efficiency and accuracy of the vehicle-mounted sensor, reducing the authentication cost and ensuring the safe driving of an intelligent driving vehicle. The method comprises the following steps: when the vehicle-mounted sensor is authenticated, the vehicle-mounted controller firstly acquires public key information of the vehicle-mounted sensor to be authenticated from a vehicle cloud server and then receives a signature to be authenticated sent by the vehicle-mounted sensor to be authenticated; and then the vehicle-mounted controller can authenticate the signature to be authenticated by using the acquired public key information according to the BLS signature algorithm so as to obtain an authentication result.

Description

Authentication method, device and system for vehicle-mounted sensor

Technical Field

The application relates to the technical field of automobiles, in particular to an authentication method, device and system of a vehicle-mounted sensor.

Background

With the development of intelligent driving technology, more and more vehicles are provided with various types of perception sensors, such as cameras, millimeter wave radars, laser radars, ultrasonic radars and the like, so as to assist in realizing the intelligent driving function of the vehicles.

However, as the vehicle is used, various vehicle-mounted sensors are damaged and consumed to different degrees, so that the situation of replacing the vehicle-mounted sensors is unavoidable, and as the amount of maintenance is increased, besides a regular supplier, a large number of "emulational" version sensors are continuously generated, and since the vehicle-mounted sensors are usually connected to a vehicle-mounted controller by means of a Controller Area Network (CAN) bus or an ethernet network, and the vehicle-mounted sensors and the vehicle-mounted controller communicate with each other through plaintext, the sensors are easily cracked, in this case, if the "emulational" version sensors are installed in the vehicle to replace the damaged or consumed regular sensors, very serious consequences are caused, and even the life of a user is threatened to be complete. Therefore, it is important to be able to accurately authenticate the authenticity of each in-vehicle sensor device.

At present, there are two general authentication methods for vehicle-mounted sensors: one method is to authenticate the sensor equipment by using an electromagnetic security chip attached to the sensor equipment, but the method needs a special security chip, and the security chip and the controller need to be arranged in a matched manner, so that the hardware cost is too high, and the method is not suitable for authenticating the vehicle-mounted sensors with more and more quantity; the other common authentication method is a key-based authentication method, which can authenticate the authenticity of the vehicle-mounted device to a certain extent, but the method usually depends on the fact that two communication parties share the same key, so the method is more suitable for mutual authentication between two devices, but each vehicle needs many sensors for authentication, and is not suitable for authentication with a vehicle-mounted controller one by one, and the response time is too long. It can be seen that the authentication methods of two common vehicle-mounted sensors at present have low authentication efficiency and high cost, and cannot realize the rapid and accurate authentication of a large number of vehicle-mounted sensors on a vehicle at the same time, so that the safe driving of an intelligent driving vehicle cannot be ensured.

Disclosure of Invention

The embodiment of the application provides an authentication method and device of a vehicle-mounted sensor, which are used for improving the authentication efficiency and accuracy of the vehicle-mounted sensor, reducing the authentication cost and further ensuring the safe driving of an intelligent driving vehicle.

In a first aspect, the present application provides an authentication method for an onboard sensor, the method including: when the vehicle-mounted sensor is authenticated, a vehicle-mounted controller (such as the vehicle-mounted controller 103 in fig. 1) firstly acquires public key information of a vehicle-mounted sensor to be authenticated (such as the vehicle-mounted sensor 102 to be authenticated in fig. 1) from a vehicle cloud server (such as the vehicle cloud server 101 in fig. 1), and then receives a signature to be authenticated sent by the vehicle-mounted sensor to be authenticated (such as the vehicle-mounted sensor 102 to be authenticated in fig. 1); further, the onboard controller (e.g., the onboard controller 103 in fig. 1) may authenticate the signature to be authenticated by using the obtained public key information according to the BLS signature algorithm to obtain an authentication result.

Compared with the prior art, the vehicle-mounted controller in the embodiment of the application authenticates the signature to be authenticated by using the public key acquired from the vehicle cloud server according to the mature BLS signature algorithm to accurately identify the authenticity of the vehicle-mounted sensor to be authenticated, so that compared with the conventional method for authenticating the sensor equipment by using the electromagnetic security chip attached to the sensor equipment and the method for authenticating the sensor by relying on the same secret key shared by both communication parties, the vehicle-mounted controller can realize the rapid and accurate authentication of a large number of vehicle-mounted sensors on a vehicle without adding any hardware, thereby not only reducing the authentication cost, but also improving the authentication efficiency and accuracy and further ensuring the safe driving of the intelligent driving vehicle.

In one possible implementation manner, obtaining public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server includes: and inquiring the public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server according to the information to be signed of the vehicle-mounted sensor to be authenticated.

Therefore, if the vehicle-mounted controller or the vehicle-mounted sensor to be authenticated is an updated sensor and the vehicle-mounted controller does not store the public key information sent by the vehicle cloud server in advance, the public key information associated with the information to be signed can be inquired from the vehicle cloud server according to the information to be signed sent by the vehicle-mounted sensor to be authenticated, and the authentication efficiency and accuracy are further improved.

In one possible implementation manner, the public key information is associated with batch information of the sensors to be authenticated, so that the public key information can be subsequently used for authenticating the batch of sensors to be authenticated, and the authentication accuracy is improved.

In one possible implementation mode, the signature to be authenticated is generated by the sensor to be authenticated according to a BLS signature algorithm, information to be signed and private key information of the sensor to be authenticated; and the private key information is generated by the vehicle cloud server according to a BLS signature algorithm. The vehicle-mounted controller can conveniently use the public key information to process the signature to be authenticated, and accurately judge the authenticity of the vehicle-mounted sensor equipment to be authenticated according to the authentication result.

In one possible implementation manner, receiving a signature to be authenticated sent by an on-board sensor to be authenticated includes: receiving respective signatures to be authenticated sent by a plurality of vehicle-mounted sensors to be authenticated; according to the BLS signature algorithm, the public key information is utilized to authenticate the signature to be authenticated and obtain an authentication result, and the method comprises the following steps: aggregating the plurality of signatures to be authenticated to obtain aggregated signature results to be authenticated; and authenticating the aggregated signature result to be authenticated by using the public key information according to the BLS signature algorithm to obtain an authentication result. Therefore, the aggregation authentication of the plurality of vehicle-mounted sensors to be authenticated can be realized simultaneously, and the authentication efficiency is greatly improved.

In one possible implementation manner, receiving a signature to be authenticated sent by an on-board sensor to be authenticated includes: receiving respective signatures to be authenticated sent by a plurality of vehicle-mounted sensors to be authenticated; according to the BLS signature algorithm, the public key information is utilized to authenticate the signature to be authenticated and obtain an authentication result, and the method comprises the following steps: aggregating all the signatures to be authenticated in the first group to obtain a first group of aggregated signature results to be authenticated; according to the BLS signature algorithm, the public key information is utilized to authenticate the signature result to be authenticated after the first group of aggregation, and an authentication result is obtained; the number of the signatures to be authenticated contained in the first group is smaller than the total number of the received signatures to be authenticated sent by the plurality of vehicle-mounted sensors to be authenticated.

Therefore, the synchronous authentication can be carried out on the signature result to be authenticated of each group of aggregation through the authentication mode of grouping aggregation, and when the authentication fails, the sensor to be authenticated with faults can be quickly and accurately positioned according to the type and the label of the grouping. Therefore, the authentication efficiency and accuracy of the vehicle-mounted sensor can be improved, the authentication cost is reduced, and the safe driving of the intelligent driving vehicle is further ensured.

In a second aspect, the present application further provides an authentication method for an onboard sensor, including: when the vehicle-mounted sensor is authenticated, a vehicle cloud server (such as the vehicle cloud server 101 in fig. 1) firstly acquires information to be signed of a vehicle-mounted sensor to be authenticated (such as the vehicle-mounted sensor 102 to be authenticated in fig. 1), and then generates private key information and public key information of the vehicle-mounted sensor to be authenticated (such as the vehicle-mounted sensor 102 to be authenticated in fig. 1) according to a BLS signature algorithm; sending the acquired information to be signed and the generated private key information to an on-board sensor to be authenticated (such as the on-board sensor 102 to be authenticated in fig. 1), so that the on-board sensor to be authenticated (such as the on-board sensor 102 to be authenticated in fig. 1) can generate a signature to be authenticated according to a mature BLS signature algorithm, the information to be signed and the private key information and send the signature to be authenticated to an on-board controller (such as the on-board controller 103 in fig. 1); meanwhile, the vehicle cloud server (e.g., the vehicle cloud server 101 in fig. 1) may further send public key information to the vehicle-mounted controller (e.g., the vehicle-mounted controller 103 in fig. 1), so that the vehicle-mounted controller (e.g., the vehicle-mounted controller 103 in fig. 1) may authenticate the signature to be authenticated according to the mature BLS signature algorithm and the public key information, and obtain an authentication result. Therefore, the generated private key information can be directly preset in the vehicle-mounted sensor to be authenticated by performing authentication through a mature BLS signature algorithm, and the generated public key information is sent to the vehicle-mounted controller in advance, so that the problem of leakage of each link of the secret key is not needed to be worried about, the management is convenient, the secret key management is performed according to the batch information of the sensor, and the cost is reduced.

In a possible implementation, the method further includes: the public key information inquiry interface is opened, so that the vehicle-mounted controller inquires the public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server according to the information to be signed of the vehicle-mounted sensor to be authenticated, the public key information is disclosed and inquired, so that the vehicle-mounted controller can directly inquire the public key information through the public key information inquiry interface, the inquiry is convenient, and special processing is not needed after the device is updated.

In a third aspect, the present application further provides an authentication method for an on-board sensor, where the method includes: when the vehicle-mounted sensor is authenticated, the vehicle-mounted sensor to be authenticated (such as the vehicle-mounted sensor 102 to be authenticated in fig. 1) first acquires the private key information and the information with the signature, then generates the signature to be authenticated according to the mature BLS signature algorithm, the information to be signed and the private key information, and further sends the signature to be authenticated to the vehicle-mounted controller (such as the vehicle-mounted controller 103 in fig. 1), so that the vehicle-mounted controller (such as the vehicle-mounted controller 103 in fig. 1) can authenticate the signature to be authenticated according to the mature BLS signature algorithm to obtain the authentication result, thus compared with the current method of authenticating the sensor device by using the electromagnetic security chip attached to the sensor device, the method can realize the rapid and accurate authentication of a large number of vehicle-mounted sensors on the vehicle without adding any hardware, thereby not only reducing the authentication cost, but also improving the authentication efficiency and accuracy, and further, the safe driving of the intelligent driving vehicle is ensured.

In one possible implementation manner, obtaining private key information of an on-vehicle sensor to be authenticated includes: and obtaining private key information of the vehicle-mounted sensor to be authenticated, which is sent by the vehicle cloud server, wherein the private key information is generated by the vehicle cloud server according to a BLS signature algorithm.

In one possible implementation manner, generating a signature to be authenticated according to a BLS signature algorithm, information to be signed, and private key information includes: generating a hash abstract according to the information to be signed; generating a curve hash value of the hash abstract according to a BLS signature algorithm; and generating a signature to be authenticated according to the curve hash value and the private key information. The vehicle-mounted controller can conveniently use the public key information to carry out the signature to be authenticated, and accurately judges the authenticity of the vehicle-mounted sensor equipment to be authenticated according to the authentication result.

In a fourth aspect, the present application further provides an authentication system for an onboard sensor, the system including: the system comprises a vehicle cloud server, a vehicle-mounted sensor to be authenticated and a vehicle-mounted controller; the vehicle cloud server is used for acquiring information to be signed; generating private key information and public key information of the vehicle-mounted sensor to be authenticated according to a BLS signature algorithm; sending public key information to a controller to be mounted on the vehicle; sending information to be signed and the private key information to a vehicle-mounted sensor to be authenticated; the to-be-authenticated vehicle-mounted sensor is used for generating a to-be-authenticated signature according to the BLS signature algorithm, the to-be-signed information and the private key information; sending a signature to be authenticated to a vehicle-mounted controller; and the vehicle-mounted controller is used for authenticating the signature to be authenticated by using the public key information according to the BLS signature algorithm to obtain an authentication result.

In one possible implementation, the vehicle cloud server is further configured to: and opening a public key information query interface so that the vehicle-mounted controller queries the public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server according to the information to be signed of the vehicle-mounted sensor to be authenticated.

In one possible implementation, the to-be-authenticated vehicle-mounted sensor is specifically configured to: generating a hash abstract according to the information to be signed; generating a curve hash value of the hash abstract according to a BLS signature algorithm; and generating a signature to be authenticated according to the curve hash value and the private key information.

In one possible implementation, the in-vehicle controller is specifically configured to: and inquiring the public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server according to the information to be signed of the vehicle-mounted sensor to be authenticated.

In one possible implementation, the in-vehicle controller is specifically configured to: receiving respective signatures to be authenticated sent by a plurality of vehicle-mounted sensors to be authenticated; aggregating the plurality of signatures to be authenticated to obtain aggregated signature results to be authenticated; and authenticating the aggregated signature result to be authenticated by using the public key information according to the BLS signature algorithm to obtain an authentication result.

In one possible implementation, the in-vehicle controller is specifically configured to: receiving respective signatures to be authenticated sent by a plurality of vehicle-mounted sensors to be authenticated; aggregating all the signatures to be authenticated in the first group to obtain a first group of aggregated signature results to be authenticated; according to the BLS signature algorithm, the public key information is utilized to authenticate the signature result to be authenticated after the first group of aggregation, and an authentication result is obtained; the number of the signatures to be authenticated contained in the first group is smaller than the total number of the received signatures to be authenticated sent by the plurality of vehicle-mounted sensors to be authenticated.

In a fifth aspect, the present application further provides an authentication system for an onboard sensor, the system including: the vehicle-mounted sensor to be authenticated and the vehicle-mounted controller are used for authenticating the vehicle-mounted sensor to be authenticated; the system comprises a vehicle-mounted sensor to be authenticated, a signature server and a server, wherein the vehicle-mounted sensor to be authenticated is used for acquiring private key information and information to be signed; generating a signature to be authenticated according to the BLS signature algorithm, the information to be signed and the private key information; sending a signature to be authenticated to a vehicle-mounted controller; the vehicle-mounted controller is used for acquiring public key information of the vehicle-mounted sensor to be authenticated; and authenticating the signature to be authenticated by using the public key information according to the BLS signature algorithm to obtain an authentication result.

In one possible implementation, the in-vehicle controller is specifically configured to: receiving respective signatures to be authenticated sent by a plurality of vehicle-mounted sensors to be authenticated; aggregating all the signatures to be authenticated in the first group to obtain a first group of aggregated signature results to be authenticated; according to the BLS signature algorithm, the public key information is utilized to authenticate the signature result to be authenticated after the first group of aggregation, and an authentication result is obtained; the number of the signatures to be authenticated contained in the first group is smaller than the total number of the received signatures to be authenticated sent by the vehicle-mounted sensors to be authenticated.

In a sixth aspect, the present application further provides an authentication device for an onboard sensor, the device including: the acquisition unit is used for acquiring public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server; the receiving unit is used for receiving a signature to be authenticated sent by the vehicle-mounted sensor to be authenticated; and the authentication unit is used for authenticating the signature to be authenticated by using the public key information according to the BLS signature algorithm to obtain an authentication result.

In a possible implementation manner, the obtaining unit is specifically configured to: and inquiring the public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server according to the information to be signed of the vehicle-mounted sensor to be authenticated.

In one possible implementation, the public key information is associated with batch information of the sensor to be authenticated.

In one possible implementation mode, the signature to be authenticated is generated by the sensor to be authenticated according to a BLS signature algorithm, information to be signed and private key information of the sensor to be authenticated; and the private key information is generated by the vehicle cloud server according to a BLS signature algorithm.

In a possible implementation manner, the receiving unit is specifically configured to: receiving respective signatures to be authenticated sent by a plurality of vehicle-mounted sensors to be authenticated; the authentication unit includes: the first aggregation subunit is used for aggregating the plurality of signatures to be authenticated to obtain aggregated signature results to be authenticated; and the first authentication subunit is used for authenticating the aggregated signature result to be authenticated by using the public key information according to the BLS signature algorithm to obtain an authentication result.

In a possible implementation manner, the receiving unit is specifically configured to: receiving respective signatures to be authenticated sent by a plurality of vehicle-mounted sensors to be authenticated; the authentication unit includes: the second aggregation subunit is configured to aggregate all the signatures to be authenticated in the first group to obtain a first group of aggregated signatures to be authenticated; the second authentication subunit is used for authenticating the first group of aggregated signature results to be authenticated by using the public key information according to the BLS signature algorithm to obtain an authentication result; the number of the signatures to be authenticated contained in the first group is smaller than the total number of the received signatures to be authenticated sent by the plurality of vehicle-mounted sensors to be authenticated.

In a seventh aspect, the present application further provides an authentication device for an onboard sensor, the device including: the acquisition unit is used for acquiring information to be signed of the vehicle-mounted sensor to be authenticated; the generating unit is used for generating private key information and public key information of the vehicle-mounted sensor to be authenticated according to the BLS signature algorithm; the system comprises a first sending unit, a second sending unit and a third sending unit, wherein the first sending unit is used for sending information to be signed and private key information to the vehicle-mounted sensor to be authenticated so that the vehicle-mounted sensor to be authenticated can generate a signature to be authenticated according to a BLS signature algorithm, the information to be signed and the private key information and send the signature to be authenticated to a vehicle-mounted controller; and the second sending unit is used for sending the public key information to the vehicle-mounted controller so that the vehicle-mounted controller can authenticate the signature to be authenticated according to the BLS signature algorithm and the public key information to obtain an authentication result.

In a possible implementation manner, the apparatus further includes: and the opening unit is used for opening the public key information inquiry interface so that the vehicle-mounted controller can inquire the public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server according to the information to be signed of the vehicle-mounted sensor to be authenticated.

In an eighth aspect, the present application further provides an authentication device for an onboard sensor, the device including: the acquisition unit is used for acquiring private key information and information to be signed of the vehicle-mounted sensor to be authenticated; the generating unit is used for generating a signature to be authenticated according to the BLS signature algorithm, the information to be signed and the private key information; and the sending unit is used for sending the signature to be authenticated to the vehicle-mounted controller so that the vehicle-mounted controller authenticates the signature to be authenticated according to the BLS signature algorithm to obtain an authentication result.

In a possible implementation manner, the obtaining unit is specifically configured to: and obtaining private key information of the vehicle-mounted sensor to be authenticated, which is sent by the vehicle cloud server, wherein the private key information is generated by the vehicle cloud server according to a BLS signature algorithm.

In one possible implementation, the generating unit includes: the first generation subunit is used for generating a hash abstract according to the information to be signed; the second generation subunit is used for generating a curve hash value of the hash abstract according to the BLS signature algorithm; and the third generation subunit is used for generating the signature to be authenticated according to the curve hash value and the private key information.

In a ninth aspect, the present application further provides an authentication device for an in-vehicle sensor, the device including a memory and a processor;

a memory to store instructions; a processor configured to execute the instructions in the memory to perform any of the methods of the first aspect.

In a tenth aspect, the present application further provides an authentication device for an in-vehicle sensor, the device including a memory and a processor;

a memory to store instructions; a processor for executing instructions in the memory to perform any of the methods of the second aspect.

In an eleventh aspect, the present application further provides an authentication device for an in-vehicle sensor, the device including a memory, a processor;

a memory to store instructions; a processor configured to execute the instructions in the memory to perform any of the methods of the third aspect.

In a twelfth aspect, the present application also provides a computer-readable storage medium comprising instructions that, when executed on a computer, cause the computer to perform any of the methods described above.

According to the technical scheme, the embodiment of the application has the following advantages:

when the vehicle-mounted sensor is authenticated, the vehicle-mounted controller firstly acquires public key information of the vehicle-mounted sensor to be authenticated from a vehicle cloud server, and then receives a signature to be authenticated sent by the vehicle-mounted sensor to be authenticated; and then the vehicle-mounted controller can authenticate the signature to be authenticated by using the acquired public key information according to the BLS signature algorithm so as to obtain an authentication result. Therefore, compared with the method for authenticating the sensor equipment by using the electromagnetic security chip attached to the sensor equipment and the method for authenticating the sensor by relying on the same secret key shared by both communication parties, the vehicle-mounted controller can realize the rapid and accurate authentication of a large number of vehicle-mounted sensors on the vehicle without adding any hardware, thereby not only reducing the authentication cost, but also improving the authentication efficiency and accuracy and further ensuring the safe driving of the intelligent driving vehicle.

Drawings

Fig. 1 is a block diagram illustrating an authentication system of an in-vehicle sensor according to an embodiment of the present disclosure;

fig. 2 is a flowchart of an authentication method for an in-vehicle sensor according to an embodiment of the present disclosure;

fig. 3 is a schematic diagram illustrating authentication of a to-be-authenticated signature of a to-be-authenticated vehicle-mounted sensor according to an embodiment of the present application;

FIG. 4 is a flowchart of another authentication method for a vehicle-mounted sensor according to an embodiment of the present disclosure;

FIG. 5 is a flowchart of a method for authenticating a vehicle-mounted sensor according to an embodiment of the present disclosure;

fig. 6 is a schematic diagram illustrating generation of a hash value of a curve according to an embodiment of the present disclosure;

fig. 7 is a schematic diagram illustrating generation of a signature to be authenticated according to an embodiment of the present application;

FIG. 8 is an interaction flowchart of an authentication method for a vehicle-mounted sensor according to an embodiment of the present disclosure;

fig. 9 is a block diagram illustrating a structure of an authentication system of another vehicle-mounted sensor according to an embodiment of the present application;

fig. 10 is a block diagram illustrating a structure of an authentication apparatus for an in-vehicle sensor according to an embodiment of the present disclosure;

fig. 11 is a block diagram illustrating a structure of another authentication apparatus for an in-vehicle sensor according to an embodiment of the present disclosure;

fig. 12 is a block diagram illustrating a structure of an authentication apparatus for a vehicle-mounted sensor according to an embodiment of the present disclosure;

fig. 13 is a schematic structural diagram of an authentication device of an in-vehicle sensor according to an embodiment of the present disclosure;

fig. 14 is a schematic structural diagram of another authentication device for an in-vehicle sensor according to an embodiment of the present application;

fig. 15 is a schematic structural diagram of an authentication device of another vehicle-mounted sensor according to an embodiment of the present application.

Detailed Description

The embodiment of the application provides an authentication method, an authentication device and an authentication system of a vehicle-mounted sensor, which are used for improving the authentication efficiency and accuracy of the vehicle-mounted sensor, reducing the authentication cost and further ensuring the safe driving of an intelligent driving vehicle.

Embodiments of the present application are described below with reference to the accompanying drawings.

Referring to fig. 1, a block diagram of an authentication system of an on-board sensor provided in an embodiment of the present application is shown, and the authentication system includes an on-board cloud server 101, an on-board sensor 102 to be authenticated, and an on-board controller 103. The vehicle cloud server 101 is connected with the vehicle-mounted sensor 102 to be authenticated, the vehicle cloud server 101 is connected with the vehicle-mounted controller 103, and the vehicle-mounted sensor 102 to be authenticated is connected with the vehicle-mounted controller 103. The above "connection" may be a direct connection or an indirect connection. In particular, the connection between the vehicle cloud server 101 and the vehicle-mounted sensor 102 to be authenticated, and there may be other vendor servers between the vehicle cloud server 101 and the vehicle-mounted sensor 102 to be authenticated.

In terms of hardware implementation, the vehicle cloud server 101 refers to a service device which has a storage function, can communicate with the vehicle-mounted controller 103 and the vehicle-mounted sensor 102 to be authenticated, and provides data support for the vehicle-mounted sensor 102 to be authenticated and the vehicle-mounted controller 103. The car cloud server 101 may be, for example, a simple, efficient, safe, reliable computing service with elastically scalable processing capability, and a car factory may adopt an independent device or a cluster server to implement when actually deploying the car cloud server 101.

The vehicle-mounted sensor 102 to be authenticated refers to various sensing sensors mounted on the vehicle, and may be, for example, an Inertial Measurement Unit (IMU), a lidar sensor, a camera sensor, a millimeter-wave radar sensor, or the like. The on-vehicle controller 103 is a control device for controlling the electric system of the vehicle body, and may be, for example, an Electronic Control Unit (ECU).

In this embodiment of the application, the vehicle cloud server 101 is first configured to obtain vehicle information sent by a vehicle manufacturer or sensor batch information sent by a sensor provider, and the like, as information to be signed, then generate private key information and public key information of the vehicle-mounted sensor 102 to be authenticated according to a mature BLS (Boneh-Lynn-Shacham) signature algorithm, send the generated private key information and the generated information to be signed to the corresponding vehicle-mounted sensor 102 to be authenticated, and send the generated public key information to the vehicle-mounted controller 103. And the to-be-authenticated vehicle-mounted sensor 102 is configured to generate a to-be-authenticated signature according to the BLS signature algorithm, the to-be-signed information, and the private key information after receiving the private key information and the to-be-signed information sent by the vehicle cloud server 101, and then send the to-be-authenticated signature to the vehicle-mounted controller 103. On this basis, the vehicle-mounted controller 103 is configured to authenticate the signature to be authenticated sent by the vehicle-mounted sensor 102 to be authenticated by using the received public key information according to a mature BLS signature algorithm, so as to obtain an authentication result of the vehicle-mounted sensor 102 to be authenticated.

It should be noted that the above application scenarios are only shown for the convenience of understanding the present application, and the embodiments of the present application are not limited in any way in this respect. Rather, embodiments of the present application may be applied to any scenario where applicable.

Based on the application scenario, the embodiment of the present application provides an authentication method for a vehicle-mounted sensor, and the method is introduced below.

S201: and obtaining public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server.

In the embodiment of the application, in order to realize accurate authentication of the vehicle-mounted sensor to be authenticated, the vehicle-mounted controller first needs to acquire public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server, where the public key information is defined as pk. The public key information pk is associated with the batch information of the sensor to be authenticated. The batch information of the sensor to be authenticated refers to identification information representing the uniqueness of the sensor to be authenticated, and may include, for example, Identity (ID) information of the sensor to be authenticated or group information of the sensor to be authenticated.

Specifically, public key information pk of the to-be-authenticated vehicle-mounted sensor, which is acquired by the vehicle-mounted controller from the vehicle cloud server, is generated in advance by the vehicle cloud server according to a BLS signature algorithm, each piece of public key information pk corresponds to one piece of private key information (here, the private key information is defined as sk), and the public key information pk and the private key information form a public and private key pair, and a specific calculation formula is as follows:

pk＝sk*G (1)

wherein pk represents public key information; g represents a generator in the bilinear curve mapping G ', and G' is a prime number r factorial group; sk represents private key information, and the value range is [0, r-1 ].

On this basis, after receiving the sensor batch information (which may also include vehicle information sent by the vehicle manufacturer) sent by the sensor supplier, the vehicle cloud server may use the sensor batch information as the information to be signed, where the information to be signed is defined as m. The method includes the steps that a correlation relation is established between pre-generated public key information pk and corresponding private key information sk and information to be signed, the private key information sk and the information to be signed m are sent to a sensor to be authenticated, and it needs to be explained that the car cloud server can also send the private key information sk and the information to be signed m to a sensor supplier server, and then the private key information sk and the information to be signed m are preset in the same batch of sensors to be authenticated in a production line burning mode through the sensor supplier.

Meanwhile, the vehicle cloud server also sends the pre-generated public key information pk corresponding to the private key information sk to the vehicle-mounted controller. It should be noted that, if the current vehicle-mounted controller is a replaced vehicle-mounted controller, for example, if the previous vehicle-mounted controller is damaged and is updated to a new vehicle-mounted controller, at this time, the public key information pk sent by the vehicle cloud server is not stored in the current vehicle-mounted controller, in this case, after receiving the information m to be signed (such as sensor batch information) sent by the sensor to be authenticated, the current vehicle-mounted controller needs to query the public key information pk of the vehicle-mounted sensor to be authenticated from the vehicle cloud server according to the information m to be signed, that is, the public key information pk associated with the information m to be signed is queried.

Or, if the to-be-authenticated vehicle-mounted sensor is a replaced sensor, for example, if the previous vehicle-mounted sensor is damaged and is updated to be a new vehicle-mounted sensor as the to-be-authenticated vehicle-mounted sensor, at this time, the vehicle-mounted controller does not store the public key information pk corresponding to the to-be-authenticated vehicle-mounted sensor, and in this case, after receiving the to-be-signed information m (such as sensor batch information) sent by the to-be-authenticated sensor, the vehicle-mounted controller needs to query the public key information pk associated with the to-be-signed information m from the vehicle cloud server according to the to-be-signed information m.

In a possible implementation manner of this embodiment, the vehicle-mounted controller may establish a secure link channel with the vehicle cloud server in advance through a Telematics Box (TBOX), and then may link to a query interface reserved by the vehicle cloud server through the secure link channel to query the public key information associated with the information m to be signed. Or, the vehicle-mounted controller may also query, from the vehicle cloud server, public key information corresponding to the vehicle-mounted sensor to be authenticated through other secure channels, which is not described herein again in the embodiments of the present application.

S202: and receiving a signature to be authenticated sent by the vehicle-mounted sensor to be authenticated.

In the embodiment of the present application, in order to achieve accurate authentication of the to-be-authenticated vehicle-mounted sensor, the vehicle-mounted controller further needs to receive a to-be-authenticated signature sent by the to-be-authenticated vehicle-mounted sensor, where the to-be-authenticated signature is defined as S, so as to execute the subsequent step S203.

The signature S to be authenticated is generated by the sensor to be authenticated according to the BLS signature algorithm, the information m to be signed and the private key information sk of the sensor to be authenticated, and the specific calculation formula is as follows:

S＝sk*H(m) (2)

wherein S represents a signature to be authenticated generated by a sensor to be authenticated; sk represents private key information of the sensor to be authenticated; h (m) represents a curve hash value generated according to the information m to be signed, and please refer to the description of the following embodiments for the specific generation process.

S203: and authenticating the signature to be authenticated by using the public key information according to the BLS signature algorithm to obtain an authentication result.

In this embodiment of the application, after the public key information pk of the to-be-authenticated vehicle-mounted sensor is acquired in step S201 and the to-be-authenticated signature S sent by the to-be-authenticated vehicle-mounted sensor is received in step S202, the received to-be-authenticated signature S may be further authenticated by using the acquired public key information pk according to the BLS signature algorithm, so as to obtain an authentication result.

Specifically, since the BLS signature algorithm has a special pairing function, two points P and Q on the bilinear curve can be mapped to a number n, i.e. e (P, Q) → n, and the pairing function has the following characteristics: the unknown number x is substituted into the pairing function, and the result obtained by multiplying the unknown number x by P and Q on the curve is the same (mapped to the same number), i.e., e (x × P, Q) ═ e (P, x × Q). Further, based on the equation, it can be ensured that the equation shown in the following formula (3) is established, and the specific calculation process is consistent with the existing method and is not described herein again.

e(a×P,b×Q)＝e(P,a×b×Q)＝e(a×b×P,Q)＝e(P,Q)×(a,b) (3)

Therefore, in order to authenticate the signature S to be authenticated of the vehicle-mounted sensor to be authenticated, based on the above equations (1), (2) and (3), the public key information pk, the curve hash value h (m) and the signature S to be authenticated of the acquired vehicle-mounted sensor to be authenticated may be used to determine whether the calculation results on the two sides of the medium number in the following equation (4) are equal to each other:

e(pk,H(m))＝e(sk×G,H(m))＝e(G,sk×H(m))＝e(G,S) (4)

if the calculation results on both sides of the equal sign in the above formula (4) are equal, it indicates that the number of the point mapping corresponding to the public key information pk on the bilinear curve and the point mapping corresponding to the curve hash value h (m), and the number of the point mapping corresponding to the curve generator G on the bilinear curve and the point mapping corresponding to the signature S to be authenticated are the same number, as shown in fig. 3, all the arrows in the figure point to the same point. At this time, it indicates that the sensor to be authenticated passes the authentication, and the vehicle-mounted controller can normally communicate with the sensor.

If the calculation results on the two sides of the equal sign in the formula (4) are not equal, it indicates that the number of the point mapping corresponding to the public key information pk on the bilinear curve and the point mapping corresponding to the curve hash value h (m), and the number of the point mapping corresponding to the curve generating element G on the bilinear curve and the point mapping corresponding to the signature S to be authenticated are not the same number, that is, all the arrow directions in fig. 3 are not the same point. At this time, it is indicated that the sensor to be authenticated fails to authenticate, that is, the sensor to be authenticated may have a fault, and the vehicle-mounted controller cannot normally communicate with the sensor.

In a possible implementation manner of this embodiment, if in step S202, the onboard controller receives signatures to be authenticated sent by a plurality of onboard sensors to be authenticated, a specific implementation procedure of step S203 may include the following steps a1-a 2:

step A1: and aggregating the plurality of signatures to be authenticated to obtain an aggregated signature result to be authenticated.

In this implementation manner, if the onboard controller receives signatures to be authenticated sent by the onboard sensors to be authenticated, in order to improve the authentication efficiency, the received signatures to be authenticated may be aggregated to obtain an aggregated signature result to be authenticated. For example, the signatures to be authenticated may be added to obtain an added signature result to be authenticated, so as to perform the subsequent step a 2.

For example, the following steps are carried out: it is assumed that the vehicle-mounted controller receives n signatures to be authenticated, which are S1, S2, … and Sn, respectively, and the n signatures to be authenticated are the respective signatures to be authenticated sent by the n vehicle-mounted sensors to be authenticated. At this time, the n signatures to be authenticated may be added to obtain an added signature result S to be authenticated, that is, S1+ S2+ … + Sn, for performing the subsequent step a2, so as to implement authentication on the n vehicle-mounted sensors to be authenticated.

Step A2: and authenticating the aggregated signature result to be authenticated by using the public key information according to the BLS signature algorithm to obtain an authentication result.

In this implementation, after the aggregated signature results to be authenticated are obtained in step a1, the signature results may be substituted into the above equation (4) to determine whether equation (4) is satisfied, and if so, it indicates that the authentication of the plurality of vehicle-mounted sensors to be authenticated is passed, otherwise, it indicates that the authentication is not passed.

Specifically, if the aggregated signature to be authenticated result obtained in step a1 is S, and S is S1+ S2+ … + Sn, then S is substituted into the above equation (4) according to the aggregation authentication principle, and based on the above equations (1), (2), and (3), the following calculation result can be obtained:

if the formula (5) is satisfied by the calculation result obtained by calculation, it indicates that the n to-be-authenticated vehicle-mounted sensors pass authentication, and the vehicle-mounted controller can normally communicate with the n sensors. Otherwise, it indicates that the n to-be-authenticated vehicle-mounted sensors fail to authenticate, the vehicle-mounted controller cannot normally communicate with the n sensors, and fault processing needs to be performed on the sensors as early as possible to ensure safe driving of the intelligent driving vehicle.

In a possible implementation manner of this embodiment, if in step S202, the onboard controller receives signatures to be authenticated sent by a plurality of onboard sensors to be authenticated, the specific implementation process of step S203 may further include the following steps B1-B2:

step B1: and aggregating all the signatures to be authenticated in the first group to obtain the aggregated signature result to be authenticated of the first group.

In this implementation manner, if the onboard controller receives signatures to be authenticated sent by a plurality of onboard sensors to be authenticated, in order to improve the authentication efficiency, the received signatures to be authenticated may be grouped first, and in order to accurately locate the type of the sensor that has a fault, the signatures to be authenticated may be grouped according to the type of the sensor to be authenticated to which each signature to be authenticated belongs, and each signature to be authenticated is labeled, for example, all radar sensors to be authenticated may be grouped into one group, and signatures to be authenticated generated by all radar sensors to be authenticated in the group may be labeled, for example, 5 signatures to be authenticated generated by 5 radar sensors to be authenticated included in the group may be labeled as 1, 2, 3, 4, and 5, respectively.

Further, all signatures to be authenticated in each group may be aggregated to obtain a result of the aggregated signatures to be authenticated in each group, the specific process is similar to step a1, and please refer to step a1 for related content.

Taking the first group in each group as an example, the number of the signatures to be authenticated included in the first group is smaller than the total number of the received signatures to be authenticated sent by the multiple vehicle-mounted sensors to be authenticated, for example, if the total number of the received signatures to be authenticated sent by the multiple vehicle-mounted sensors to be authenticated is 10, the number of the signatures to be authenticated included in the first group is smaller than 10. By aggregating all signatures to be authenticated in the first group, the aggregated signature result of the first group can be obtained for performing the subsequent step B2.

Step B2: and authenticating the signature result to be authenticated after the first group of aggregation by using the public key information according to the BLS signature algorithm to obtain an authentication result.

In this implementation, after the first group of aggregated signature results to be authenticated is obtained in step B1, the signature results may be substituted into the above equation (5) to determine whether equation (5) is satisfied, and if so, it indicates that all the vehicle-mounted sensors to be authenticated included in the first group have passed authentication, and otherwise, it indicates that the authentication has not passed.

Specifically, if the first aggregated signature to be authenticated is obtained as S in step B1₍₁₎And S is₍₁₎＝S₁+S₂+…+S_iThen according to the aggregation authentication principle, S₍₁₎Substituting the above equation (5) can obtain the following calculation result:

e(G,S₍₁₎)＝e(pk₁,H(m₁))×e(pk₂,H(m₂))×…×e(pk_i,H(m_i)) (6)

if the formula (6) is satisfied by the calculation result, it indicates that i to-be-authenticated vehicle-mounted sensors in the first group pass authentication, and the vehicle-mounted controller can normally communicate with the i sensors. Otherwise, it indicates that the i to-be-authenticated vehicle-mounted sensors in the first group fail to authenticate, the vehicle-mounted controller cannot normally communicate with the i sensors, and the vehicle-mounted controller needs to perform fault processing as early as possible to ensure safe driving of the intelligent driving vehicle.

Similarly, the to-be-authenticated vehicle-mounted sensors included in other groups may be authenticated to obtain an authentication result, for example, if the to-be-authenticated signature result obtained in step B1 is S₍₂₎And S is₍₂₎＝S_i+1+S_i+2+…+S_jThen according to the aggregation authentication principle, S₍₂₎Substituting the above equation (5) can obtain the following calculation result:

e(G,S₍₂₎)＝e(pk_i+1,H(m_i+1))×e(pk_i+2,H(m_i+2))×…×e(pk_j,H(m_j)) (7)

similarly, if the formula (7) is satisfied by the calculation result obtained by the calculation, it indicates that the authentication of the j-i to-be-authenticated vehicle-mounted sensors in the second group passes, and the vehicle-mounted controller can perform normal communication with the j-i sensors. Otherwise, the authentication of the j-i to-be-authenticated vehicle-mounted sensors in the second group is not passed, the vehicle-mounted controller cannot normally communicate with the j-i sensors, and fault processing needs to be performed on the sensors as soon as possible so as to ensure safe driving of the intelligent driving vehicle.

Therefore, by the grouping and aggregating authentication mode, synchronous authentication can be carried out on the signature result to be authenticated of each group of aggregation, and when authentication fails, the sensor to be authenticated with faults can be quickly and accurately positioned according to the type and the label of the grouping. Therefore, the authentication efficiency and accuracy of the vehicle-mounted sensor can be improved, the authentication cost is reduced, and the safe driving of the intelligent driving vehicle is further ensured.

In summary, in the authentication method for the vehicle-mounted sensor provided in this embodiment, when the vehicle-mounted sensor is authenticated, the vehicle-mounted controller first obtains public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server, and then receives a signature to be authenticated, which is sent by the vehicle-mounted sensor to be authenticated; and then the vehicle-mounted controller can authenticate the signature to be authenticated by using the acquired public key information according to the BLS signature algorithm so as to obtain an authentication result. Therefore, compared with the method for authenticating the sensor equipment by using the electromagnetic security chip attached to the sensor equipment and the method for authenticating the sensor by relying on the same secret key shared by both communication parties, the vehicle-mounted controller can realize the rapid and accurate authentication of a large number of vehicle-mounted sensors on the vehicle without adding any hardware, thereby not only reducing the authentication cost, but also improving the authentication efficiency and accuracy and further ensuring the safe driving of the intelligent driving vehicle.

Referring to fig. 4, the figure is a flowchart of another authentication method for an in-vehicle sensor according to an embodiment of the present application. The method is described below.

S401: and acquiring the information to be signed of the vehicle-mounted sensor to be authenticated.

In the embodiment of the application, in order to realize accurate authentication of an on-vehicle sensor to be authenticated, a vehicle cloud server first needs to acquire sensor batch information from a sensor supplier as information to be signed, and also may acquire vehicle information from a vehicle manufacturer and generate information to be signed according to the vehicle information, for example, the vehicle information may be a Vehicle Identification Number (VIN), and further, a result obtained by adding a random number to the VIN may be used as the information to be signed.

S402: and generating private key information and public key information of the vehicle-mounted sensor to be authenticated according to the BLS signature algorithm.

In the embodiment of the present application, the implementation process of this step S402 is substantially the same as the description content of the formula (1) in the step S201, and is not repeated here, and please refer to the step S201.

S403: and sending the information to be signed and the private key information to the vehicle-mounted sensor to be authenticated.

In the embodiment of the application, after the information to be signed of the vehicle-mounted sensor to be authenticated is acquired in step S401, and the private key information of the vehicle-mounted sensor to be authenticated is generated in step S402, the information to be signed and the private key information may be further sent to the vehicle-mounted sensor to be authenticated, so that the vehicle-mounted sensor to be authenticated generates the signature to be authenticated according to the BLS signature algorithm, the information to be signed and the private key information, and sends the signature to be authenticated to the vehicle-mounted controller. For a specific implementation process of generating a signature to be authenticated, please refer to the description of the following embodiments.

S404: and sending the public key information to the vehicle-mounted controller.

In this embodiment of the application, after the public key information of the to-be-authenticated vehicle-mounted sensor is generated in step S402, the public key information may be further sent to the vehicle-mounted controller, so that the vehicle-mounted controller authenticates the to-be-authenticated signature according to the BLS signature algorithm and the public key information, and obtains an authentication result. For a specific implementation process of the vehicle-mounted controller generating the signature to be authenticated and authenticating the signature to be authenticated, please refer to the description of step S203 above, which is not described herein again.

In a possible implementation manner of this embodiment, the vehicle cloud server further needs to open a public key information query interface, so that the vehicle-mounted controller queries, according to the information to be signed of the vehicle-mounted sensor to be authenticated, the public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server.

Specifically, in this implementation manner, if the current onboard controller is a replaced onboard controller, for example, if the previous onboard controller is damaged and is updated to a new onboard controller, at this time, the current onboard controller does not store public key information sent in advance by the onboard cloud server, in this case, after receiving information to be signed sent by the sensor to be authenticated, the current onboard controller needs to query the public key information of the onboard sensor to be authenticated from the onboard cloud server through a public key information query interface opened in advance by the onboard cloud server according to the information to be signed, that is, query the public key information associated with the information to be signed.

Or, if the to-be-authenticated vehicle-mounted sensor is a replaced sensor, for example, if the previous vehicle-mounted sensor is damaged and is updated to be a new vehicle-mounted sensor serving as the to-be-authenticated vehicle-mounted sensor, at this time, the vehicle-mounted controller does not store the public key information corresponding to the to-be-authenticated vehicle-mounted sensor, and in this case, after receiving the to-be-signed information sent by the to-be-authenticated sensor, the vehicle-mounted controller needs to query, through a public key information query interface opened in advance by the vehicle cloud server, the public key information associated with the to-be-signed information from the vehicle cloud server according to the to-be-signed information.

Referring to fig. 5, the figure is a flowchart of an authentication method for a vehicle-mounted sensor according to an embodiment of the present application. The method is described below.

S501: and acquiring private key information and information to be signed of the vehicle-mounted sensor to be authenticated.

In the embodiment of the application, in order to realize accurate authentication of the to-be-authenticated vehicle-mounted sensor, the to-be-authenticated vehicle-mounted sensor first needs to obtain private key information and to-be-signed information sent by the vehicle cloud server, where the private key information is generated by the vehicle cloud server according to the BLS signature algorithm, and a specific generation process refers to the description of step S402 above, which is not described herein again.

S502: and generating a signature to be authenticated according to the BLS signature algorithm, the information to be signed and the private key information.

In the embodiment of the application, after the private key information and the information to be signed of the to-be-authenticated vehicle-mounted sensor are acquired in step S501, the to-be-authenticated signature may be generated according to the mature BLS signature algorithm, the information to be signed, and the private key information.

Specifically, in a possible implementation manner of the present embodiment, the specific implementation process of the step S502 may include the following steps C1-C3:

step C1: generating a hash abstract according to the information to be signed;

in this implementation manner, after the vehicle-mounted sensor to be authenticated acquires the information m to be signed, the vehicle-mounted sensor to be authenticated may perform data processing on the information m to be signed to generate a hash digest corresponding to the information m to be signed, for example, the vehicle-mounted sensor to be authenticated may perform data processing on the information m to be signed by using an SHA256 algorithm to generate the hash digest.

Step C2: and generating a curve hash value of the hash abstract according to the BLS signature algorithm.

In this implementation, after the hash digest is generated through step C1, the hash digest is further generatedThe hash digest can be used as an abscissa value of a point according to a BLS signature algorithm to query a corresponding point on the elliptic curve. Generally, an elliptic curve comprises 2²⁵⁶A point and the value of the SHA256 algorithm used is also exactly 256 bits. However, for a valid abscissa x, a positive ordinate y, a negative ordinate y (i.e., (x, y) and (x, -y) are respectively associated with two corresponding point coordinates) are obtained. Therefore, in the query process, there are 50% probabilities that 2 corresponding points are found on the elliptic curve, and another 50% probability that one point cannot be queried, at this time, after a random number is added behind the abscissa x, the query is performed again until two corresponding points are queried, and a point with a smaller ordinate y is selected as a final query result, so as to determine a final curve hash value.

For example, the following steps are carried out: as shown in fig. 6, with an elliptic curve y defined over a finite field of modulo 23²＝x³+7 is an example. Only half of the abscissa x finds the corresponding point on the elliptic curve. When the curve hash value of the hash digest is obtained, in order to ensure that the corresponding point can be found on the elliptic curve, a number (such as 0, 1, 2) may be added after the hash digest, and if the corresponding point is not found, the value of the attachment is replaced and the query is performed again. For example, if 0 is appended after the hash digest (hash (m | |0) as shown by the left arrow in fig. 6) and no corresponding point is found, then 1 is appended after the hash digest (i.e., hash (m | |1) as shown by the right arrow in fig. 6), 2 is appended after the hash digest (i.e., hash (m | | |2) as shown by the middle arrow in fig. 6), and so on, until two corresponding points are queried, and a point with a smaller ordinate y is selected as a final query result to determine a final curve hash value, as indicated by h (m) in fig. 6.

Step C3: and generating a signature to be authenticated according to the curve hash value and the private key information.

In this implementation manner, after the curve hash value h (m) is generated in step C2, the to-be-authenticated vehicle-mounted sensor may generate the to-be-authenticated signature S according to the curve hash value h (m) and the private key information sk, where the specific calculation formula is formula (2), that is, S ═ sk × (m), and the obtained to-be-authenticated signature S is still a point on the elliptic curve, as shown in fig. 7.

S503: and sending the signature to be authenticated to the vehicle-mounted controller so that the vehicle-mounted controller authenticates the signature to be authenticated according to the BLS signature algorithm to obtain an authentication result.

In this embodiment of the application, after the signature to be authenticated is generated in step S502, the signature to be authenticated may be further sent to the onboard controller, so that the onboard controller authenticates the signature to be authenticated according to the BLS signature algorithm and the public key information to obtain an authentication result. For a specific implementation process of the vehicle-mounted controller generating the signature to be authenticated and authenticating the signature to be authenticated, please refer to the description of step S203 above, which is not described herein again.

To facilitate understanding of the authentication method for the vehicle-mounted sensor provided by the present application, referring to fig. 8, which shows an interaction process schematic diagram of the authentication method for the vehicle-mounted sensor provided by the embodiment of the present application, the method may include the following steps:

s801: the vehicle cloud server acquires information to be signed of the vehicle-mounted sensor to be authenticated.

S802: and the vehicle cloud server generates private key information and public key information of the vehicle-mounted sensor to be authenticated according to the BLS signature algorithm.

S803: and the vehicle cloud server sends the information to be signed and the private key information to the vehicle-mounted sensor to be authenticated.

S804: and the vehicle cloud server sends the public key information to the vehicle-mounted controller.

It should be noted that steps S801 to S804 are the same as steps S401 to S404, and please refer to the description of steps S401 to S404, which is not repeated herein.

S805: and the vehicle-mounted sensor to be authenticated generates a signature to be authenticated according to the BLS signature algorithm, the information to be signed and the private key information.

S806: and the vehicle-mounted sensor to be authenticated sends a signature to be authenticated to the vehicle-mounted controller.

It should be noted that steps S805-S806 are identical to steps S502-S503, and please refer to the description of steps S502-S503, which is not repeated herein.

S807: and the vehicle-mounted controller authenticates the signature to be authenticated by using the public key information according to the BLS signature algorithm to obtain an authentication result.

It should be noted that the step S807 is the same as the step S203, and please refer to the description of the step S203, which is not repeated herein.

In this way, when the vehicle-mounted sensor is authenticated, after the vehicle cloud server acquires the information to be signed of the vehicle-mounted sensor to be authenticated, the vehicle cloud server first generates the private key information and the public key information of the vehicle-mounted sensor to be authenticated according to the BLS signature algorithm, and sends the information to be signed and the private key information of the vehicle-mounted sensor to be authenticated and the public key information to the vehicle-mounted controller; then the to-be-authenticated vehicle-mounted sensor can generate a to-be-authenticated signature according to the BLS signature algorithm, the to-be-signed information and the private key information, and sends the to-be-authenticated signature to the vehicle-mounted controller; and then the vehicle-mounted controller can authenticate the signature to be authenticated by using the acquired public key information according to the BLS signature algorithm so as to obtain an authentication result. Therefore, compared with the existing method for authenticating the sensor equipment by using an electromagnetic security chip attached to the sensor equipment and the method for authenticating the sensor by relying on the same secret key shared by both communication parties, the method can realize the rapid and accurate authentication of a large number of vehicle-mounted sensors on the vehicle without adding any hardware, thereby not only reducing the authentication cost, but also improving the authentication efficiency and accuracy, and further ensuring the safe driving of the intelligent driving vehicle

Next, an authentication system of an in-vehicle sensor according to an embodiment of the present application will be described.

Referring to fig. 1, the authentication system includes a vehicle cloud server 101, a vehicle-mounted sensor 102 to be authenticated, and a vehicle-mounted controller 103. The vehicle cloud server 101 is connected with the vehicle-mounted sensor 102 to be authenticated, the vehicle cloud server 101 is connected with the vehicle-mounted controller 103, and the vehicle-mounted sensor 102 to be authenticated is connected with the vehicle-mounted controller 103. The above "connection" may be a direct connection or an indirect connection. In particular, the connection between the vehicle cloud server 101 and the vehicle-mounted sensor 102 to be authenticated, and there may be other vendor servers between the vehicle cloud server 101 and the vehicle-mounted sensor 102 to be authenticated.

The vehicle cloud server 101 is used for acquiring information to be signed; generating private key information and public key information of the vehicle-mounted sensor to be authenticated according to a BLS signature algorithm; sending the public key information to a controller to be mounted on the vehicle; sending the information to be signed and the private key information to a vehicle-mounted sensor to be authenticated; for a specific implementation process, please refer to the descriptions of steps S401-S404 above, which are not described herein again.

The to-be-authenticated vehicle-mounted sensor 102 is used for generating a to-be-authenticated signature according to the BLS signature algorithm, the to-be-signed information and the private key information; sending the signature to be authenticated to a vehicle-mounted controller; for a specific implementation process, please refer to the descriptions of steps S501-S503 above, which are not described herein again.

And the vehicle-mounted controller 103 is used for authenticating the signature to be authenticated by using the public key information according to the BLS signature algorithm to obtain an authentication result. For a specific implementation process, please refer to the descriptions of steps S201 to S203, which are not described herein again.

In a possible implementation manner of this embodiment, the car cloud server 101 is further configured to:

and opening a public key information query interface so that the vehicle-mounted controller 103 queries the public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server 101 according to the information to be signed of the vehicle-mounted sensor 102 to be authenticated.

In a possible implementation manner of this embodiment, the to-be-authenticated vehicle-mounted sensor 102 is specifically configured to:

generating a hash abstract according to the information to be signed; generating a curve hash value of the hash abstract according to a BLS signature algorithm; and generating a signature to be authenticated according to the curve hash value and the private key information.

In a possible implementation manner of this embodiment, the vehicle-mounted controller 103 is specifically configured to:

and inquiring the public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server 101 according to the information to be signed of the vehicle-mounted sensor 102 to be authenticated.

receiving respective signatures to be authenticated sent by a plurality of vehicle-mounted sensors to be authenticated; aggregating the plurality of signatures to be authenticated to obtain aggregated signature results to be authenticated; and authenticating the aggregated signature result to be authenticated by using the public key information according to the BLS signature algorithm to obtain an authentication result.

receiving respective signatures to be authenticated sent by a plurality of vehicle-mounted sensors to be authenticated; aggregating all the signatures to be authenticated in the first group to obtain a first group of aggregated signature results to be authenticated; according to the BLS signature algorithm, the public key information is utilized to authenticate the signature result to be authenticated after the first group of aggregation, and an authentication result is obtained;

the number of the signatures to be authenticated contained in the first group is smaller than the total number of the received signatures to be authenticated sent by the plurality of vehicle-mounted sensors to be authenticated.

The embodiment of the present application further provides another authentication system for an onboard sensor, as shown in fig. 9, the authentication system includes an onboard sensor 901 to be authenticated and an onboard controller 902, which may be directly connected or indirectly connected.

The vehicle-mounted sensor to be authenticated 901 is configured to obtain private key information and information to be signed; generating a signature to be authenticated according to the BLS signature algorithm, the information to be signed and the private key information; sending the signature to be authenticated to the onboard controller 902; for a specific implementation process, please refer to the descriptions of steps S501-S503 above, which are not described herein again. The private key information and the information to be signed can also be obtained from other cloud servers, and the specific obtaining process is not repeated herein.

The vehicle-mounted controller 902 is used for acquiring public key information of the vehicle-mounted sensor to be authenticated; and authenticating the signature to be authenticated by using the public key information according to the BLS signature algorithm to obtain an authentication result. For a specific implementation process, please refer to the descriptions of steps S201 to S203, which are not described herein again. The public key information of the to-be-authenticated vehicle-mounted sensor can also be acquired from other cloud servers, and the specific acquisition process is not repeated herein.

In a possible implementation manner of this embodiment, the vehicle-mounted controller 902 is specifically configured to:

according to the information to be signed of the vehicle-mounted sensor 901 to be authenticated, the public key information of the vehicle-mounted sensor to be authenticated is inquired from the vehicle cloud server.

In a possible implementation manner of this embodiment, the to-be-authenticated vehicle-mounted sensor 901 is specifically configured to:

To facilitate better implementation of the above-described aspects of the embodiments of the present application, a related apparatus for implementing the above-described aspects is also provided below. Referring to fig. 10, an authentication device 1000 for an in-vehicle sensor according to an embodiment of the present disclosure is provided. The apparatus 1000 may include: an acquisition unit 1001, a reception unit 1002, and an authentication unit 1003. The obtaining unit 1001 is configured to execute S201 in the embodiment shown in fig. 2. The receiving unit 1002 is configured to execute S202 in the embodiment shown in fig. 2. The authentication unit 1003 is configured to execute S203 in the embodiment shown in fig. 2. In particular, the method comprises the following steps of,

an obtaining unit 1001 configured to obtain public key information of a vehicle-mounted sensor to be authenticated from a vehicle cloud server;

the receiving unit 1002 is used for receiving a signature to be authenticated sent by a vehicle-mounted sensor to be authenticated;

and an authenticating unit 1003, configured to authenticate the signature to be authenticated by using the public key information according to the BLS signature algorithm, so as to obtain an authentication result.

In an implementation manner of this embodiment, the obtaining unit 1001 is specifically configured to: and inquiring the public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server according to the information to be signed of the vehicle-mounted sensor to be authenticated.

In one implementation of this embodiment, the public key information is associated with batch information of the sensor to be authenticated.

In an implementation manner of this embodiment, the signature to be authenticated is generated by the sensor to be authenticated according to the BLS signature algorithm, the information to be signed, and the private key information of the sensor to be authenticated; and the private key information is generated by the vehicle cloud server according to a BLS signature algorithm.

In an implementation manner of this embodiment, the receiving unit 1002 is specifically configured to: receiving respective signatures to be authenticated sent by a plurality of vehicle-mounted sensors to be authenticated; the authentication unit 1003 includes:

the first aggregation subunit is used for aggregating the plurality of signatures to be authenticated to obtain aggregated signature results to be authenticated;

and the first authentication subunit is used for authenticating the aggregated signature result to be authenticated by using the public key information according to the BLS signature algorithm to obtain an authentication result.

the second aggregation subunit is configured to aggregate all the signatures to be authenticated in the first group to obtain a first group of aggregated signatures to be authenticated;

the second authentication subunit is used for authenticating the first group of aggregated signature results to be authenticated by using the public key information according to the BLS signature algorithm to obtain an authentication result;

In summary, in the authentication device for the vehicle-mounted sensor provided in this embodiment, when the vehicle-mounted sensor is authenticated, the vehicle-mounted controller first obtains public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server, and then receives a signature to be authenticated, which is sent by the vehicle-mounted sensor to be authenticated; and then the vehicle-mounted controller can authenticate the signature to be authenticated by using the acquired public key information according to the BLS signature algorithm so as to obtain an authentication result. Therefore, compared with the method for authenticating the sensor equipment by using the electromagnetic security chip attached to the sensor equipment and the method for authenticating the sensor by relying on the same secret key shared by both communication parties, the vehicle-mounted controller can realize the rapid and accurate authentication of a large number of vehicle-mounted sensors on the vehicle without adding any hardware, thereby not only reducing the authentication cost, but also improving the authentication efficiency and accuracy and further ensuring the safe driving of the intelligent driving vehicle.

To facilitate better implementation of the above-described aspects of the embodiments of the present application, another related apparatus for implementing the above-described aspects is provided below. Referring to fig. 11, an embodiment of the present application provides another authentication apparatus 1100 for an in-vehicle sensor. The apparatus 1100 may include: an acquiring unit 1101, a generating unit 1102, a first sending unit 1103 and a second sending unit 1104, wherein the acquiring unit 1101 is configured to execute S401 in the embodiment shown in fig. 4. The generating unit 1102 is configured to execute S402 in the embodiment shown in fig. 4. The first sending unit 1103 is configured to execute S403 in the embodiment shown in fig. 4. The second transmitting unit 1104 is configured to execute S404 in the embodiment shown in fig. 4. In particular, the method comprises the following steps of,

an obtaining unit 1101, configured to obtain information to be signed of a vehicle-mounted sensor to be authenticated;

the generation unit 1102 is used for generating private key information and public key information of the vehicle-mounted sensor to be authenticated according to a BLS signature algorithm;

the first sending unit 1103 is configured to send information to be signed and private key information to the vehicle-mounted sensor to be authenticated, so that the vehicle-mounted sensor to be authenticated generates a signature to be authenticated according to the BLS signature algorithm, the information to be signed and the private key information, and sends the signature to be authenticated to the vehicle-mounted controller;

and a second sending unit 1104, configured to send the public key information to the onboard controller, so that the onboard controller authenticates the signature to be authenticated according to the BLS signature algorithm and the public key information, and obtains an authentication result.

In an implementation manner of this embodiment, the apparatus further includes: and the opening unit is used for opening the public key information inquiry interface so that the vehicle-mounted controller can inquire the public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server according to the information to be signed of the vehicle-mounted sensor to be authenticated.

To facilitate better implementation of the above-described aspects of the embodiments of the present application, a further related apparatus for implementing the above-described aspects is provided below. Referring to fig. 12, an embodiment of the present application provides a further authentication apparatus 1200 for an in-vehicle sensor. The apparatus 1200 may include: an acquisition unit 1201, a generation unit 1202, and a transmission unit 1203. Wherein the obtaining unit 1201 is configured to execute S501 in the embodiment shown in fig. 5. The generation unit 1202 is configured to execute S502 in the embodiment shown in fig. 5. The transmitting unit 1203 is configured to execute S503 in the embodiment shown in fig. 5. In particular, the method comprises the following steps of,

the obtaining unit 1201 is used for obtaining private key information and information to be signed of the vehicle-mounted sensor to be authenticated;

a generating unit 1202, configured to generate a signature to be authenticated according to the BLS signature algorithm, the information to be signed, and the private key information;

the sending unit 1203 is configured to send the signature to be authenticated to the onboard controller, so that the onboard controller authenticates the signature to be authenticated according to the BLS signature algorithm to obtain an authentication result.

In an implementation manner of this embodiment, the obtaining unit 1201 is specifically configured to: and obtaining private key information of the vehicle-mounted sensor to be authenticated, which is sent by the vehicle cloud server, wherein the private key information is generated by the vehicle cloud server according to a BLS signature algorithm.

In one implementation manner of this embodiment, the generating unit 1202 includes:

the first generation subunit is used for generating a hash abstract according to the information to be signed;

the second generation subunit is used for generating a curve hash value of the hash abstract according to the BLS signature algorithm;

and the third generation subunit is used for generating the signature to be authenticated according to the curve hash value and the private key information.

Referring to fig. 13, an embodiment of the present application provides an authentication device 1300 for an in-vehicle sensor, which includes a memory 1301, a processor 1302, and a communication interface 1303,

a memory 1301 for storing instructions;

a processor 1302 for executing instructions in the memory 1301 for executing the authentication method applied to the in-vehicle sensor in the embodiment shown in fig. 2;

and a communication interface 1303 for performing communication.

The memory 1301, the processor 1302, and the communication interface 1303 are connected to each other by a bus 1304; the bus 1304 may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 13, but this is not intended to represent only one bus or type of bus.

In a specific embodiment, the processor 1302 is configured to, when the vehicle-mounted sensor is authenticated, first obtain public key information of the vehicle-mounted sensor to be authenticated from a vehicle cloud server, and then receive a signature to be authenticated, which is sent by the vehicle-mounted sensor to be authenticated; and then the vehicle-mounted controller can authenticate the signature to be authenticated by using the acquired public key information according to the BLS signature algorithm so as to obtain an authentication result. For a detailed processing procedure of the processor 1302, please refer to the detailed description of S201, S202, and S203 in the embodiment shown in fig. 2, which is not described herein again.

Referring to fig. 14, an embodiment of the present application provides another vehicle sensor authentication device 1400, which includes a memory 1401, a processor 1402 and a communication interface 1403,

a memory 1401 for storing instructions;

a processor 1402 for executing instructions in a memory 1401 for executing the above-described authentication method applied to the in-vehicle sensor in the embodiment shown in fig. 4;

a communication interface 1403 for performing communication.

The memory 1401, processor 1402, and communication interface 1403 are connected to each other by a bus 1404; the bus 1404 may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 14, but this is not intended to represent only one bus or type of bus.

In a specific embodiment, the processor 1402 is configured to, when the vehicle-mounted sensor is authenticated, first obtain information to be signed of the vehicle-mounted sensor to be authenticated, then generate private key information and public key information of the vehicle-mounted sensor to be authenticated according to a BLS signature algorithm, and further send the information to be signed and the private key information to the vehicle-mounted sensor to be authenticated, so that the vehicle-mounted sensor to be authenticated generates a signature to be authenticated according to the BLS signature algorithm, the information to be signed, and the private key information, and sends the signature to be authenticated to the vehicle-mounted controller; meanwhile, the vehicle cloud server can also send public key information to the vehicle-mounted controller, so that the vehicle-mounted controller can authenticate the signature to be authenticated according to the BLS signature algorithm and the public key information to obtain an authentication result. For a detailed processing procedure of the processor 1402, please refer to the detailed description of S401, S402, S403, and S204 in the embodiment shown in fig. 4, which is not described herein again.

Referring to fig. 15, the present embodiment provides yet another authentication device 1500 for an in-vehicle sensor, which includes a memory 1501, a processor 1502, and a communication interface 1503,

a memory 1501 for storing instructions;

a processor 1502 for executing instructions in the memory 1501 to execute the above-described authentication method applied to the in-vehicle sensor in the embodiment shown in fig. 5;

a communication interface 1503 for performing communication.

The memory 1501, processor 1502, and communication interface 1503 are interconnected by a bus 1504; the bus 1504 may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 15, but this is not intended to represent only one bus or type of bus.

In a specific embodiment, the processor 1502 is configured to, when the vehicle-mounted sensor is authenticated, first obtain the private key information and the information to be signed, then generate a signature to be authenticated according to the BLS signature algorithm, the information to be signed, and the private key information, and further send the signature to be authenticated to the vehicle-mounted controller, so that the vehicle-mounted controller authenticates the signature to be authenticated according to the BLS signature algorithm to obtain an authentication result. For a detailed processing procedure of the processor 1502, please refer to the detailed description of S501, S502, and S503 in the embodiment shown in fig. 5, which is not described herein again.

The memory 1301, the memory 1401, and the memory 1501 may be a random-access memory (RAM), a flash memory (flash), a read-only memory (ROM), an erasable programmable read-only memory (EPROM), an electrically erasable programmable read-only memory (EEPROM), a register (register), a hard disk, a removable hard disk, a CD-ROM, or any other form of storage medium known to those skilled in the art.

The processor 1302, the processor 1402, and the processor 1502 may be, for example, a Central Processing Unit (CPU), a general purpose processor, a Digital Signal Processor (DSP), an application-specific integrated circuit (ASIC), a Field Programmable Gate Array (FPGA), or other programmable logic device, a transistor logic device, a hardware component, or any combination thereof. Which may implement or perform the various illustrative logical blocks, modules, and circuits described in connection with the disclosure. A processor may also be a combination of computing functions, e.g., comprising one or more microprocessors, a DSP and a microprocessor, or the like.

The communication interfaces 1303, 1403, and 1503 may be interface cards, for example, and may be ethernet (ethernet) interfaces or Asynchronous Transfer Mode (ATM) interfaces.

The embodiment of the application also provides a computer-readable storage medium, which comprises instructions, and when the instructions run on a computer, the instructions cause the computer to execute the authentication method of the vehicle-mounted sensor.

The terms "first," "second," "third," "fourth," and the like in the description and in the claims of the present application and in the drawings described above, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It will be appreciated that the data so used may be interchanged under appropriate circumstances such that the embodiments described herein may be practiced otherwise than as specifically illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.

It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.

In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.

The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.

In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.

The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be substantially implemented or contributed to by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.

Those skilled in the art will recognize that, in one or more of the examples described above, the functions described in this invention may be implemented in hardware, software, firmware, or any combination thereof. When implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium. Computer-readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another. A storage media may be any available media that can be accessed by a general purpose or special purpose computer.

The above-described embodiments are intended to explain the objects, aspects and advantages of the present invention in further detail, and it should be understood that the above-described embodiments are merely exemplary embodiments of the present invention.

The above embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present application.

Claims

1. An authentication method of an in-vehicle sensor, the method comprising:

acquiring public key information of a vehicle-mounted sensor to be authenticated from a vehicle cloud server;

receiving a signature to be authenticated sent by the vehicle-mounted sensor to be authenticated;

and authenticating the signature to be authenticated by using the public key information according to a BLS signature algorithm to obtain an authentication result.

2. The method according to claim 1, wherein the obtaining public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server comprises:

and inquiring the public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server according to the information to be signed of the vehicle-mounted sensor to be authenticated.

3. The method of claim 1, wherein the public key information is associated with batch information of the sensor to be authenticated.

4. The method according to claim 1, wherein the signature to be authenticated is generated for the sensor to be authenticated according to the BLS signature algorithm, information to be signed, and private key information of the sensor to be authenticated; and the private key information is generated by the vehicle cloud server according to the BLS signature algorithm.

5. The method according to claim 1, wherein the receiving of the signature to be authenticated sent by the vehicle-mounted sensor to be authenticated comprises: receiving respective signatures to be authenticated sent by a plurality of vehicle-mounted sensors to be authenticated;

the authenticating the signature to be authenticated by using the public key information according to the BLS signature algorithm to obtain an authentication result comprises the following steps:

aggregating the plurality of signatures to be authenticated to obtain aggregated signature results to be authenticated;

and authenticating the aggregated signature result to be authenticated by using the public key information according to a BLS signature algorithm to obtain an authentication result.

6. The method according to claim 1, wherein the receiving of the signature to be authenticated sent by the vehicle-mounted sensor to be authenticated comprises: receiving respective signatures to be authenticated sent by a plurality of vehicle-mounted sensors to be authenticated;

aggregating all signatures to be authenticated in the first group to obtain a first group of aggregated signature results to be authenticated;

according to the BLS signature algorithm, the public key information is utilized to authenticate the signature result to be authenticated after the first group of aggregation, and an authentication result is obtained;

the number of the signatures to be authenticated contained in the first group is smaller than the total number of the received signatures to be authenticated sent by the vehicle-mounted sensors to be authenticated.

7. An authentication method of an in-vehicle sensor, the method comprising:

acquiring information to be signed of a vehicle-mounted sensor to be authenticated;

generating private key information and public key information of the vehicle-mounted sensor to be authenticated according to a BLS signature algorithm;

sending the information to be signed and the private key information to the vehicle-mounted sensor to be authenticated so that the vehicle-mounted sensor to be authenticated can generate a signature to be authenticated according to the BLS signature algorithm, the information to be signed and the private key information and send the signature to be authenticated to a vehicle-mounted controller;

and sending the public key information to the vehicle-mounted controller so that the vehicle-mounted controller authenticates the signature to be authenticated according to the BLS signature algorithm and the public key information to obtain an authentication result.

8. The method of claim 7, further comprising:

and opening a public key information query interface so that the vehicle-mounted controller can query the public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server according to the information to be signed of the vehicle-mounted sensor to be authenticated.

9. An authentication method of an in-vehicle sensor, the method comprising:

acquiring private key information and information to be signed of the vehicle-mounted sensor to be authenticated;

generating a signature to be authenticated according to a BLS signature algorithm, the information to be signed and the private key information;

and sending the signature to be authenticated to a vehicle-mounted controller so that the vehicle-mounted controller authenticates the signature to be authenticated according to the BLS signature algorithm to obtain an authentication result.

10. The method of claim 9, wherein the obtaining private key information of the vehicle-mounted sensor to be authenticated comprises:

and obtaining private key information of the vehicle-mounted sensor to be authenticated, which is sent by the vehicle cloud server, wherein the private key information is generated by the vehicle cloud server according to the BLS signature algorithm.

11. The method of claim 9, wherein generating the signature to be authenticated according to the BLS signature algorithm, the information to be signed, and the private key information comprises:

generating a hash abstract according to the information to be signed;

generating a curve hash value of the hash abstract according to a BLS signature algorithm;

and generating a signature to be authenticated according to the curve hash value and the private key information.

12. An authentication system for an in-vehicle sensor, the system comprising: the system comprises a vehicle cloud server, a vehicle-mounted sensor to be authenticated and a vehicle-mounted controller;

the vehicle cloud server is used for acquiring information to be signed; generating private key information and public key information of the vehicle-mounted sensor to be authenticated according to a BLS signature algorithm; sending the public key information to the controller to be mounted on the vehicle; sending the information to be signed and the private key information to the vehicle-mounted sensor to be authenticated;

the to-be-authenticated vehicle-mounted sensor is used for generating a to-be-authenticated signature according to a BLS signature algorithm, the to-be-signed information and the private key information; sending the signature to be authenticated to the vehicle-mounted controller;

and the vehicle-mounted controller is used for authenticating the signature to be authenticated by using the public key information according to the BLS signature algorithm to obtain an authentication result.

13. The system of claim 12, wherein the vehicle cloud server is further configured to:

14. The system according to claim 12, wherein the on-board sensor to be authenticated is specifically configured to:

generating a hash abstract according to the information to be signed; generating a curve hash value of the hash abstract according to the BLS signature algorithm; and generating a signature to be authenticated according to the curve hash value and the private key information.

15. The system of claim 12, wherein the onboard controller is specifically configured to:

16. The system of claim 12, wherein the onboard controller is specifically configured to:

17. The system of claim 12, wherein the onboard controller is specifically configured to:

receiving respective signatures to be authenticated sent by a plurality of vehicle-mounted sensors to be authenticated; aggregating all signatures to be authenticated in the first group to obtain a first group of aggregated signature results to be authenticated; according to the BLS signature algorithm, the public key information is utilized to authenticate the signature result to be authenticated after the first group of aggregation, and an authentication result is obtained;

18. An authentication system for an in-vehicle sensor, the system comprising: the vehicle-mounted sensor to be authenticated and the vehicle-mounted controller are used for authenticating the vehicle-mounted sensor to be authenticated;

the vehicle-mounted sensor to be authenticated is used for acquiring private key information and information to be signed; generating a signature to be authenticated according to a BLS signature algorithm, the information to be signed and the private key information; sending the signature to be authenticated to the vehicle-mounted controller;

the vehicle-mounted controller is used for acquiring public key information of the vehicle-mounted sensor to be authenticated; and authenticating the signature to be authenticated by using the public key information according to the BLS signature algorithm to obtain an authentication result.

19. The system of claim 18, wherein the onboard controller is specifically configured to:

20. The system according to claim 18, wherein the on-board sensor to be authenticated is specifically configured to:

21. The system of claim 18, wherein the onboard controller is specifically configured to:

22. The system of claim 18, wherein the onboard controller is specifically configured to:

23. An authentication apparatus of an in-vehicle sensor, the apparatus comprising:

the acquisition unit is used for acquiring public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server;

the receiving unit is used for receiving the signature to be authenticated sent by the vehicle-mounted sensor to be authenticated;

and the authentication unit is used for authenticating the signature to be authenticated by using the public key information according to the BLS signature algorithm to obtain an authentication result.

24. The apparatus according to claim 23, wherein the obtaining unit is specifically configured to:

25. The apparatus of claim 23, wherein the public key information is associated with batch information of the sensor to be authenticated.

26. The apparatus according to claim 23, wherein the signature to be authenticated is generated for the sensor to be authenticated according to the BLS signature algorithm, information to be signed, and private key information of the sensor to be authenticated; and the private key information is generated by the vehicle cloud server according to the BLS signature algorithm.

27. The apparatus according to claim 23, wherein the receiving unit is specifically configured to: receiving respective signatures to be authenticated sent by a plurality of vehicle-mounted sensors to be authenticated; the authentication unit includes:

and the first authentication subunit is used for authenticating the aggregated signature result to be authenticated by using the public key information according to a BLS signature algorithm to obtain an authentication result.

28. The apparatus according to claim 23, wherein the receiving unit is specifically configured to: receiving respective signatures to be authenticated sent by a plurality of vehicle-mounted sensors to be authenticated; the authentication unit includes:

the second aggregation subunit is configured to aggregate all signatures to be authenticated in the first group to obtain a signature result to be authenticated after the first group is aggregated;

the second authentication subunit is used for authenticating the signature result to be authenticated after the first group of aggregation by using the public key information according to the BLS signature algorithm to obtain an authentication result;

29. An authentication apparatus of an in-vehicle sensor, the apparatus comprising:

the acquisition unit is used for acquiring information to be signed of the vehicle-mounted sensor to be authenticated;

the generating unit is used for generating private key information and public key information of the vehicle-mounted sensor to be authenticated according to a BLS signature algorithm;

the first sending unit is used for sending the information to be signed and the private key information to the vehicle-mounted sensor to be authenticated so that the vehicle-mounted sensor to be authenticated can generate a signature to be authenticated according to the BLS signature algorithm, the information to be signed and the private key information and send the signature to be authenticated to a vehicle-mounted controller;

and the second sending unit is used for sending the public key information to the vehicle-mounted controller so that the vehicle-mounted controller can authenticate the signature to be authenticated according to the BLS signature algorithm and the public key information to obtain an authentication result.

30. The apparatus of claim 29, further comprising:

and the opening unit is used for opening a public key information query interface so that the vehicle-mounted controller can query the public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server according to the information to be signed of the vehicle-mounted sensor to be authenticated.

31. An authentication apparatus of an in-vehicle sensor, the apparatus comprising:

the acquisition unit is used for acquiring private key information and information to be signed of the vehicle-mounted sensor to be authenticated;

the generating unit is used for generating a signature to be authenticated according to a BLS signature algorithm, the information to be signed and the private key information;

and the sending unit is used for sending the signature to be authenticated to the vehicle-mounted controller so that the vehicle-mounted controller authenticates the signature to be authenticated according to the BLS signature algorithm to obtain an authentication result.

32. The apparatus according to claim 31, wherein the obtaining unit is specifically configured to:

33. The apparatus of claim 31, wherein the generating unit comprises:

the second generation subunit is used for generating a curve hash value of the hash abstract according to a BLS signature algorithm;

and the third generation subunit is used for generating a signature to be authenticated according to the curve hash value and the private key information.

34. An authentication device for an in-vehicle sensor, the device comprising a memory, a processor;

the memory to store instructions;

the processor, configured to execute the instructions in the memory, to perform the method of any of claims 1-6.

35. An authentication device for an in-vehicle sensor, the device comprising a memory, a processor;

the memory to store instructions;

the processor, configured to execute the instructions in the memory, to perform the method of any of claims 7-8.

36. An authentication device for an in-vehicle sensor, the device comprising a memory, a processor;

the memory to store instructions;

the processor, configured to execute the instructions in the memory, to perform the method of any of claims 9-11.

37. A computer-readable storage medium comprising instructions that, when executed on a computer, cause the computer to perform the method of any of claims 1-11 above.