CN113193959B

CN113193959B - Authentication method, device and system of vehicle-mounted sensor

Info

Publication number: CN113193959B
Application number: CN202010037875.4A
Authority: CN
Inventors: 皇甫仁杰
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2020-01-14
Filing date: 2020-01-14
Publication date: 2023-07-18
Anticipated expiration: 2040-01-14
Also published as: CN113193959A; WO2021143178A1

Abstract

The embodiment of the application discloses an authentication method, an authentication device and an authentication system for a vehicle-mounted sensor, which are applied to the technical field of automobiles and used for improving the authentication efficiency and the authentication accuracy of the vehicle-mounted sensor, reducing the authentication cost and ensuring the safe running of an intelligent driving vehicle. The method comprises the following steps: when the authentication of the vehicle-mounted sensor is carried out, the vehicle-mounted controller firstly acquires public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server, and then receives a signature to be authenticated sent by the vehicle-mounted sensor to be authenticated; and the vehicle-mounted controller can authenticate the signature to be authenticated by utilizing the obtained public key information according to the BLS signature algorithm so as to obtain an authentication result.

Description

Authentication method, device and system of vehicle-mounted sensor

Technical Field

The present disclosure relates to the field of automotive technologies, and in particular, to a method, an apparatus, and a system for authenticating a vehicle-mounted sensor.

Background

Along with the development of intelligent driving technology, various types of sensing sensors, such as cameras, millimeter wave radars, laser radars, ultrasonic radars and the like, are configured on more and more vehicles to assist in realizing intelligent driving functions of the vehicles.

However, as the vehicle is used, the vehicle-mounted sensors are damaged and consumed to different degrees, so that the situation that the vehicle-mounted sensors are replaced inevitably occurs, and as the maintenance amount is increased, a plurality of 'mountain-village' type sensors are continuously appeared except for a regular supplier, because the vehicle-mounted sensors are usually connected to the vehicle-mounted controller in a mode of relying on a controller local area network (controller area network, CAN) bus or Ethernet and the like, and communication is carried out between the vehicle-mounted sensors and the vehicle-mounted controller through plaintext, the vehicle-mounted sensors are very easy to crack, and in such a case, if the 'mountain-village' type sensors are used for replacing the regular sensors with damage or consumption, very serious consequences are possibly caused, and even the life of users is completely threatened. Therefore, it is important to accurately authenticate the authenticity of each in-vehicle sensor device.

Currently, there are two general authentication methods for vehicle sensors: an electromagnetic safety chip attached to sensor equipment is utilized to authenticate the sensor equipment, but the method needs a special safety chip, the safety chip and a controller need to be matched, the hardware cost is too high, and the method is not suitable for authenticating more and more vehicle-mounted sensors; the other common authentication method is a key-based authentication method, which can authenticate the authenticity of the vehicle-mounted equipment to a certain extent, but the method generally relies on the sharing of the same key by both communication parties, so the method is relatively suitable for mutual authentication between two devices, but the number of sensors required to be authenticated for each vehicle is numerous, and the method is not suitable for one-to-one authentication with the vehicle-mounted controller respectively, and has long response time. Therefore, the authentication methods of the two vehicle-mounted sensors which are common at present are low in authentication efficiency and high in cost, and can not realize rapid and accurate authentication of a large number of vehicle-mounted sensors on a vehicle at the same time, so that safe running of the intelligent driving vehicle can not be guaranteed.

Disclosure of Invention

The embodiment of the application provides an authentication method and device for a vehicle-mounted sensor, which are used for improving the authentication efficiency and accuracy of the vehicle-mounted sensor, reducing the authentication cost and further ensuring the safe running of an intelligent driving vehicle.

In a first aspect, the present application provides an authentication method of an in-vehicle sensor, the method including: when the authentication of the vehicle-mounted sensor is performed, the vehicle-mounted controller (such as the vehicle-mounted controller 103 in fig. 1) firstly acquires public key information of the vehicle-mounted sensor to be authenticated (such as the vehicle-mounted sensor 102 in fig. 1) from the vehicle cloud server (such as the vehicle cloud server 101 in fig. 1), and then receives a signature to be authenticated sent by the vehicle-mounted sensor to be authenticated (such as the vehicle-mounted sensor 102 in fig. 1); further, the vehicle-mounted controller (such as the vehicle-mounted controller 103 in fig. 1) may authenticate the signature to be authenticated by using the obtained public key information according to the BLS signature algorithm, so as to obtain an authentication result.

Compared with the prior art, the vehicle-mounted controller in the embodiment of the application authenticates the signature to be authenticated by utilizing the public key acquired from the vehicle cloud server according to the mature BLS signature algorithm to accurately identify the authenticity of the vehicle-mounted sensor to be authenticated, so that compared with the existing method for authenticating the sensor device by utilizing the electromagnetic security chip attached to the sensor device and the method for authenticating the sensor by sharing the same secret key by the two communication parties, the vehicle-mounted controller can realize the rapid and accurate authentication of a large number of vehicle-mounted sensors on the vehicle without adding any hardware, thereby not only reducing the authentication cost, but also improving the authentication efficiency and accuracy and further ensuring the safe running of the intelligent driving vehicle.

In a possible implementation manner, obtaining public key information of an on-vehicle sensor to be authenticated from a vehicle cloud server includes: and inquiring public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server according to the information to be signed of the vehicle-mounted sensor to be authenticated.

Thus, if the vehicle-mounted controller or the vehicle-mounted sensor to be authenticated is an updated sensor, and the vehicle-mounted controller does not store public key information sent in advance by the vehicle cloud server, public key information related to the information to be signed can be queried from the vehicle cloud server according to the information to be signed sent by the vehicle-mounted sensor to be authenticated, so that authentication efficiency and accuracy are improved.

In one possible implementation manner, the public key information is associated with the batch information of the to-be-authenticated sensor, so that the to-be-authenticated sensor of the batch can be authenticated by using the public key information later, and the authentication accuracy is improved.

In one possible implementation manner, the signature to be authenticated is generated by the sensor to be authenticated according to a BLS signature algorithm, the information to be signed and private key information of the sensor to be authenticated; the private key information is generated by the vehicle cloud server according to a BLS signature algorithm. The vehicle-mounted controller can conveniently conduct signature to be authenticated by utilizing public key information, and accurately judge the authenticity of the vehicle-mounted sensor equipment to be authenticated according to the authentication result.

In a possible implementation manner, receiving a signature to be authenticated sent by a sensor on a vehicle to be authenticated includes: receiving respective signatures to be authenticated sent by a plurality of vehicle-mounted sensors to be authenticated; according to the BLS signature algorithm, authenticating the signature to be authenticated by utilizing public key information to obtain an authentication result, wherein the method comprises the following steps: aggregating a plurality of signatures to be authenticated to obtain an aggregated signature result to be authenticated; and authenticating the aggregated signature result to be authenticated by utilizing public key information according to the BLS signature algorithm to obtain an authentication result. Therefore, aggregation authentication can be carried out on a plurality of vehicle-mounted sensors to be authenticated at the same time, and authentication efficiency is greatly improved.

In a possible implementation manner, receiving a signature to be authenticated sent by a sensor on a vehicle to be authenticated includes: receiving respective signatures to be authenticated sent by a plurality of vehicle-mounted sensors to be authenticated; according to the BLS signature algorithm, authenticating the signature to be authenticated by utilizing public key information to obtain an authentication result, wherein the method comprises the following steps: aggregating all the signatures to be authenticated in the first group to obtain a first group aggregated signature result to be authenticated; according to the BLS signature algorithm, authenticating the first group of aggregated signature results to be authenticated by utilizing public key information to obtain authentication results; the number of the signatures to be authenticated contained in the first group is smaller than the total number of the received signatures to be authenticated sent by the plurality of vehicle-mounted sensors to be authenticated.

Therefore, by means of the authentication mode of grouping aggregation, synchronous authentication can be carried out on the signature result to be authenticated of each group of aggregation, and when authentication fails, a sensor to be authenticated with faults can be rapidly and accurately positioned according to the type and the label of the grouping. Therefore, the authentication efficiency and accuracy of the vehicle-mounted sensor can be improved, the authentication cost is reduced, and the safe running of the intelligent driving vehicle is further ensured.

In a second aspect, the present application further provides an authentication method of an in-vehicle sensor, where the method includes: when the authentication of the vehicle-mounted sensor is performed, the vehicle cloud server (such as the vehicle cloud server 101 in fig. 1) firstly acquires the information to be signed of the vehicle-mounted sensor to be authenticated (such as the vehicle-mounted sensor 102 in fig. 1), and then generates private key information and public key information of the vehicle-mounted sensor to be authenticated (such as the vehicle-mounted sensor 102 in fig. 1) according to a BLS signature algorithm; the obtained to-be-signed information and the produced private key information are sent to the to-be-authenticated vehicle-mounted sensor (such as the to-be-authenticated vehicle-mounted sensor 102 in fig. 1), so that the to-be-authenticated vehicle-mounted sensor (such as the to-be-authenticated vehicle-mounted sensor 102 in fig. 1) can generate a to-be-authenticated signature according to a mature BLS signature algorithm, the to-be-signed information and the private key information and send the to-be-authenticated signature to a vehicle-mounted controller (such as the vehicle-mounted controller 103 in fig. 1); meanwhile, the vehicle cloud server (such as the vehicle cloud server 101 in fig. 1) may also send public key information to the vehicle-mounted controller (such as the vehicle-mounted controller 103 in fig. 1), so that the vehicle-mounted controller (such as the vehicle-mounted controller 103 in fig. 1) may authenticate the signature to be authenticated according to the mature BLS signature algorithm and the public key information, and obtain an authentication result. Therefore, the generated private key information can be directly preset in the vehicle-mounted sensor to be authenticated through the mature BLS signature algorithm for authentication, and the generated public key information is sent to the vehicle-mounted controller in advance, so that the leakage problem of each link of the secret key is not needed, the management is convenient, the secret key management is carried out according to the batch information of the sensor, and the cost is reduced.

In a possible implementation manner, the method further includes: the public key information inquiry interface is opened, so that the vehicle-mounted controller inquires public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server according to the information to be signed of the vehicle-mounted sensor to be authenticated, and thus public key information is inquired, the vehicle-mounted controller can inquire the public key information directly through the public key information inquiry interface, inquiry is convenient, and special treatment is not required after the device is updated.

In a third aspect, the present application further provides an authentication method of an in-vehicle sensor, where the method includes: when the vehicle-mounted sensor is authenticated, the vehicle-mounted sensor to be authenticated (such as the vehicle-mounted sensor 102 in fig. 1) firstly acquires private key information and signed information, then generates a signature to be authenticated according to a mature BLS signature algorithm, the information to be signed and the private key information, and further sends the signature to be authenticated to the vehicle-mounted controller (such as the vehicle-mounted controller 103 in fig. 1), so that the vehicle-mounted controller (such as the vehicle-mounted controller 103 in fig. 1) can authenticate the signature to be authenticated according to the mature BLS signature algorithm to obtain an authentication result, and compared with the current method for authenticating the sensor device by utilizing an electromagnetic security chip attached to the sensor device, the method can realize rapid and accurate authentication of a large number of vehicle-mounted sensors on a vehicle without adding any hardware, thereby not only reducing authentication cost, but also improving authentication efficiency and accuracy, and further ensuring safe running of the intelligent driving vehicle.

In a possible implementation manner, obtaining private key information of an on-vehicle sensor to be authenticated includes: and acquiring private key information of the to-be-authenticated vehicle-mounted sensor sent by the vehicle cloud server, wherein the private key information is generated by the vehicle cloud server according to a BLS signature algorithm.

In a possible implementation manner, generating a signature to be authenticated according to a BLS signature algorithm, the information to be signed, and private key information includes: generating a hash abstract according to the information to be signed; generating a curve hash value of the hash abstract according to a BLS signature algorithm; and generating a signature to be authenticated according to the curve hash value and the private key information. The vehicle-mounted controller can conveniently utilize public key information to carry out signature to be authenticated, and accurately judge the authenticity of the vehicle-mounted sensor equipment to be authenticated according to the authentication result.

In a fourth aspect, the present application further provides an authentication system of an in-vehicle sensor, the system comprising: the vehicle cloud server, the vehicle-mounted sensor to be authenticated and the vehicle-mounted controller; the vehicle cloud server is used for acquiring information to be signed; generating private key information and public key information of the vehicle-mounted sensor to be authenticated according to a BLS signature algorithm; sending public key information to a controller to be carried; sending the information to be signed and the private key information to the vehicle-mounted sensor to be authenticated; the vehicle-mounted sensor to be authenticated is used for generating a signature to be authenticated according to the BLS signature algorithm, the information to be signed and the private key information; sending a signature to be authenticated to a vehicle-mounted controller; and the vehicle-mounted controller is used for authenticating the signature to be authenticated by utilizing public key information according to the BLS signature algorithm to obtain an authentication result.

In a possible implementation manner, the vehicle cloud server is further configured to: and opening a public key information inquiry interface so that the vehicle-mounted controller inquires public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server according to the information to be signed of the vehicle-mounted sensor to be authenticated.

In one possible implementation, the vehicle-mounted sensor to be authenticated is specifically configured to: generating a hash abstract according to the information to be signed; generating a curve hash value of the hash abstract according to a BLS signature algorithm; and generating a signature to be authenticated according to the curve hash value and the private key information.

In one possible implementation manner, the vehicle-mounted controller is specifically configured to: and inquiring public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server according to the information to be signed of the vehicle-mounted sensor to be authenticated.

In one possible implementation manner, the vehicle-mounted controller is specifically configured to: receiving respective signatures to be authenticated sent by a plurality of vehicle-mounted sensors to be authenticated; aggregating a plurality of signatures to be authenticated to obtain an aggregated signature result to be authenticated; and authenticating the aggregated signature result to be authenticated by utilizing public key information according to the BLS signature algorithm to obtain an authentication result.

In one possible implementation manner, the vehicle-mounted controller is specifically configured to: receiving respective signatures to be authenticated sent by a plurality of vehicle-mounted sensors to be authenticated; aggregating all the signatures to be authenticated in the first group to obtain a first group aggregated signature result to be authenticated; according to the BLS signature algorithm, authenticating the first group of aggregated signature results to be authenticated by utilizing public key information to obtain authentication results; the number of the signatures to be authenticated contained in the first group is smaller than the total number of the received signatures to be authenticated sent by the plurality of vehicle-mounted sensors to be authenticated.

In a fifth aspect, the present application further provides an authentication system of an in-vehicle sensor, the system comprising: the vehicle-mounted sensor to be authenticated and the vehicle-mounted controller; the vehicle-mounted sensor to be authenticated is used for acquiring private key information and information to be signed; generating a signature to be authenticated according to the BLS signature algorithm, the information to be signed and the private key information; sending a signature to be authenticated to a vehicle-mounted controller; the vehicle-mounted controller is used for acquiring public key information of the vehicle-mounted sensor to be authenticated; and authenticating the signature to be authenticated by utilizing public key information according to a BLS signature algorithm to obtain an authentication result.

In a sixth aspect, the present application further provides an authentication device of an in-vehicle sensor, the device including: the acquisition unit is used for acquiring public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server; the receiving unit is used for receiving the signature to be authenticated sent by the vehicle-mounted sensor to be authenticated; and the authentication unit is used for authenticating the signature to be authenticated by utilizing public key information according to the BLS signature algorithm to obtain an authentication result.

In a possible implementation manner, the acquiring unit is specifically configured to: and inquiring public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server according to the information to be signed of the vehicle-mounted sensor to be authenticated.

In one possible implementation, the public key information is associated with batch information of the sensor to be authenticated.

In one possible implementation manner, the signature to be authenticated is generated by the sensor to be authenticated according to a BLS signature algorithm, the information to be signed and private key information of the sensor to be authenticated; the private key information is generated by the vehicle cloud server according to a BLS signature algorithm.

In a possible implementation manner, the receiving unit is specifically configured to: receiving respective signatures to be authenticated sent by a plurality of vehicle-mounted sensors to be authenticated; the authentication unit includes: the first aggregation subunit is used for aggregating the plurality of signatures to be authenticated to obtain an aggregated signature result to be authenticated; and the first authentication subunit is used for authenticating the aggregated signature result to be authenticated by utilizing public key information according to the BLS signature algorithm to obtain an authentication result.

In a possible implementation manner, the receiving unit is specifically configured to: receiving respective signatures to be authenticated sent by a plurality of vehicle-mounted sensors to be authenticated; the authentication unit includes: the second aggregation subunit is used for aggregating all the signatures to be authenticated in the first group to obtain a first group of aggregated signatures to be authenticated result; the second authentication subunit is used for authenticating the first group of aggregated signature results to be authenticated by utilizing public key information according to the BLS signature algorithm to obtain authentication results; the number of the signatures to be authenticated contained in the first group is smaller than the total number of the received signatures to be authenticated sent by the plurality of vehicle-mounted sensors to be authenticated.

In a seventh aspect, the present application further provides an authentication device of an in-vehicle sensor, the device including: the acquisition unit is used for acquiring the information to be signed of the vehicle-mounted sensor to be authenticated; the generation unit is used for generating private key information and public key information of the vehicle-mounted sensor to be authenticated according to the BLS signature algorithm; the device comprises a first sending unit, a vehicle-mounted controller and a vehicle-mounted controller, wherein the first sending unit is used for sending to-be-authenticated information and private key information to the to-be-authenticated vehicle-mounted sensor so that the to-be-authenticated vehicle-mounted sensor generates a to-be-authenticated signature according to a BLS signature algorithm, the to-be-authenticated information and the private key information and sends the to-be-authenticated signature to the vehicle-mounted controller; and the second sending unit is used for sending the public key information to the vehicle-mounted controller so that the vehicle-mounted controller can authenticate the signature to be authenticated according to the BLS signature algorithm and the public key information to obtain an authentication result.

In a possible implementation manner, the apparatus further includes: and the open unit is used for opening the public key information inquiry interface so that the vehicle-mounted controller inquires public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server according to the information to be signed of the vehicle-mounted sensor to be authenticated.

In an eighth aspect, the present application further provides an authentication device of an in-vehicle sensor, the device including: the acquisition unit is used for acquiring private key information and to-be-signed information of the to-be-authenticated vehicle-mounted sensor; the generation unit is used for generating a signature to be authenticated according to the BLS signature algorithm, the information to be signed and the private key information; and the sending unit is used for sending the signature to be authenticated to the vehicle-mounted controller so that the vehicle-mounted controller can authenticate the signature to be authenticated according to the BLS signature algorithm to obtain an authentication result.

In a possible implementation manner, the acquiring unit is specifically configured to: and obtaining private key information of the to-be-authenticated vehicle-mounted sensor sent by the vehicle cloud server, wherein the private key information is generated by the vehicle cloud server according to a BLS signature algorithm.

In a possible implementation manner, the generating unit includes: the first generation subunit is used for generating a hash abstract according to the information to be signed; the second generation subunit is used for generating a curve hash value of the hash abstract according to the BLS signature algorithm; and the third generation subunit is used for generating a signature to be authenticated according to the curve hash value and the private key information.

In a ninth aspect, the present application further provides an authentication device of an in-vehicle sensor, the device including a memory, a processor;

a memory for storing instructions; a processor for executing the instructions in memory, performing any of the methods of the first aspect above.

In a tenth aspect, the present application further provides an authentication device of an in-vehicle sensor, the device including a memory, a processor;

a memory for storing instructions; a processor for executing instructions in memory to perform any of the methods of the second aspect above.

In an eleventh aspect, the present application further provides an authentication device of the vehicle-mounted sensor, the device including a memory, a processor;

A memory for storing instructions; a processor for executing instructions in memory to perform any of the methods of the third aspect above.

In a twelfth aspect, the present application also provides a computer readable storage medium comprising instructions which, when run on a computer, cause the computer to perform any of the methods described above.

From the above technical solutions, the embodiments of the present application have the following advantages:

when the authentication of the vehicle-mounted sensor is carried out, the vehicle-mounted controller firstly acquires public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server, and then receives a signature to be authenticated sent by the vehicle-mounted sensor to be authenticated; and the vehicle-mounted controller can authenticate the signature to be authenticated by utilizing the obtained public key information according to the BLS signature algorithm so as to obtain an authentication result. Therefore, compared with the current method for authenticating the sensor equipment by using the electromagnetic security chip attached to the sensor equipment and the method for authenticating the sensor by sharing the same secret key by both communication parties, the vehicle-mounted controller can realize the rapid and accurate authentication of a large number of vehicle-mounted sensors on the vehicle without adding any hardware, thereby not only reducing the authentication cost, but also improving the authentication efficiency and accuracy and further ensuring the safe running of the intelligent driving vehicle.

Drawings

Fig. 1 is a block diagram of an authentication system of an in-vehicle sensor according to an embodiment of the present application;

fig. 2 is a flowchart of an authentication method of a vehicle-mounted sensor provided in an embodiment of the present application;

fig. 3 is a schematic diagram of signature authentication to be authenticated of an on-vehicle sensor to be authenticated according to an embodiment of the present application;

fig. 4 is a flowchart of another authentication method of an in-vehicle sensor provided in an embodiment of the present application;

fig. 5 is a flowchart of another authentication method of an in-vehicle sensor according to an embodiment of the present application;

FIG. 6 is a schematic diagram illustrating generation of a curved hash value according to an embodiment of the present disclosure;

fig. 7 is a schematic diagram of generation of a signature to be authenticated according to an embodiment of the present application;

fig. 8 is an interaction flow chart of an authentication method of an in-vehicle sensor provided in an embodiment of the present application;

FIG. 9 is a block diagram of an authentication system of another in-vehicle sensor according to an embodiment of the present application;

fig. 10 is a block diagram of an authentication device of an in-vehicle sensor according to an embodiment of the present application;

fig. 11 is a block diagram of an authentication device of another vehicle-mounted sensor according to an embodiment of the present application;

fig. 12 is a block diagram of an authentication device of another vehicle-mounted sensor according to an embodiment of the present application;

Fig. 13 is a schematic structural diagram of an authentication device of an in-vehicle sensor according to an embodiment of the present application;

fig. 14 is a schematic structural diagram of an authentication device of another vehicle-mounted sensor according to an embodiment of the present application;

fig. 15 is a schematic structural diagram of an authentication device of another vehicle-mounted sensor according to an embodiment of the present application.

Detailed Description

The embodiment of the application provides an authentication method, device and system of a vehicle-mounted sensor, which are used for improving the authentication efficiency and accuracy of the vehicle-mounted sensor, reducing the authentication cost and further ensuring the safe running of an intelligent driving vehicle.

Embodiments of the present application are described below with reference to the accompanying drawings.

Referring to fig. 1, there is shown a block diagram of an authentication system of an in-vehicle sensor provided in an embodiment of the present application, where the authentication system includes a vehicle cloud server 101, an in-vehicle sensor 102 to be authenticated, and an in-vehicle controller 103. The vehicle cloud server 101 is connected with the vehicle-mounted sensor 102 to be authenticated, the vehicle cloud server 101 is connected with the vehicle-mounted controller 103, and the vehicle-mounted sensor 102 to be authenticated is connected with the vehicle-mounted controller 103. The "connection" may be a direct connection or an indirect connection. In particular, there may be other provider servers between the cloud server 101 and the on-board sensor 102 to be authenticated, and the connection between the cloud server 101 and the on-board sensor 102 to be authenticated.

In terms of hardware implementation, the vehicle cloud server 101 refers to a service device that has a storage function, can communicate with the vehicle-mounted controller 103 and the vehicle-mounted sensor 102 to be authenticated, and provides data support for the vehicle-mounted sensor 102 to be authenticated and the vehicle-mounted controller 103. The cloud server 101 may be, for example, a simple, efficient, safe, reliable, and elastically scalable computing service, and when the cloud server 101 is actually deployed by a vehicle factory, the cloud server 101 may be implemented by an independent device or a cluster server.

While the on-vehicle sensor 102 to be authenticated refers to various sensing sensors mounted on the vehicle, which may be, for example, an inertial measurement unit (inertial measurement unit, IMU), a lidar sensor, a camera sensor, a millimeter wave radar sensor, or the like. The in-vehicle controller 103 refers to a control device for controlling an electric system of the vehicle body, and may be, for example, an electronic control unit (electronic control unit, ECU).

In this embodiment of the present application, the cloud server 101 is firstly configured to obtain vehicle information sent by a vehicle factory or sensor batch information sent by a sensor provider, and the like, as information to be signed, then generate private key information and public key information of the vehicle-mounted sensor 102 to be authenticated according to a mature BLS (Boneh-Lynn-shack) signature algorithm, and send the generated private key information and the information to be signed to the corresponding vehicle-mounted sensor 102 to be authenticated, and at the same time, send the generated public key information to the vehicle-mounted controller 103. The to-be-authenticated vehicle-mounted sensor 102 is configured to generate a to-be-authenticated signature according to the BLS signature algorithm, the to-be-signed information, and the private key information after receiving the private key information and the to-be-signed information sent by the vehicle cloud server 101, and then send the to-be-authenticated signature to the vehicle-mounted controller 103. On this basis, the vehicle-mounted controller 103 is configured to authenticate the signature to be authenticated sent by the vehicle-mounted sensor 102 to be authenticated by using the received public key information according to the mature BLS signature algorithm, so as to obtain an authentication result of the vehicle-mounted sensor 102 to be authenticated.

It should be noted that the above application scenario is only shown for the convenience of understanding the present application, and embodiments of the present application are not limited in this respect. Rather, embodiments of the present application may be applied to any scenario where applicable.

Based on the above application scenario, the embodiment of the application provides an authentication method of a vehicle-mounted sensor, and the method is described below.

S201: and obtaining public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server.

In the embodiment of the present application, in order to achieve accurate authentication of the on-vehicle sensor to be authenticated, the on-vehicle controller first needs to obtain public key information of the on-vehicle sensor to be authenticated from the vehicle cloud server, where the public key information is defined as pk. Wherein the public key information pk is associated with the batch information of the sensor to be authenticated. The batch information of the to-be-authenticated sensor refers to identification information characterizing the uniqueness of the to-be-authenticated sensor, and may include, for example, identification (Identity document, ID) information of the to-be-authenticated sensor or group information of the to-be-authenticated sensor.

Specifically, public key information pk of the vehicle-mounted sensor to be authenticated, which is obtained by the vehicle-mounted controller from the vehicle cloud server, is pre-generated by the vehicle cloud server according to a BLS signature algorithm, each public key information pk corresponds to one private key information (the private key information is defined as sk here), and the public key information pk and the private key information pk form a public-private key pair, and a specific calculation formula is as follows:

pk＝sk*G (1)

Wherein pk represents public key information; g represents a generator in bilinear curve mapping G ', and G' is a prime r factorial group; sk represents private key information, and the value range is [0, r-1].

On this basis, the cloud server, after receiving the sensor lot information (which may also include vehicle information sent by the vehicle factory) sent by the sensor vendor, may use the sensor lot information as information to be signed, which is defined as m herein. By utilizing the pre-generated public key information pk and the corresponding private key information sk, establishing an association relation with the information to be signed, and sending the private key information sk and the information m to be signed to the sensor to be authenticated, it should be noted that the vehicle cloud server can also send the private key information sk and the information m to be signed to a sensor provider server first, and then preset the private key information sk and the information m to be signed in the same batch of sensors to be authenticated in a production line burning mode through the sensor provider.

Meanwhile, the vehicle cloud server also sends public key information pk corresponding to the private key information sk generated in advance to the vehicle-mounted controller. It should be noted that, if the current vehicle-mounted controller is a replaced vehicle-mounted controller, for example, if a previous vehicle-mounted controller is damaged, and then updated to a new vehicle-mounted controller, at this time, the current vehicle-mounted controller does not store public key information pk sent in advance by the cloud server, in this case, the current vehicle-mounted controller needs to query public key information pk of the vehicle-mounted sensor to be authenticated from the cloud server according to the to-be-signed information m after receiving to-be-signed information m (e.g., sensor batch information) sent by the to-be-authenticated sensor.

Or if the vehicle-mounted sensor to be authenticated is a replaced sensor, for example, if the previous vehicle-mounted sensor is damaged, updating the sensor to be authenticated to a new vehicle-mounted sensor as the vehicle-mounted sensor to be authenticated, and then, the vehicle-mounted controller does not store the public key information pk corresponding to the vehicle-mounted sensor to be authenticated, in this case, the vehicle-mounted controller needs to query the public key information pk associated with the information m to be signed from the vehicle cloud server according to the information m to be signed after receiving the information m (such as sensor batch information) to be signed sent by the sensor to be authenticated.

In one possible implementation manner of this embodiment, the vehicle-mounted controller may pre-establish a secure link channel with the vehicle cloud server through a Telematics Box (TBOX), and may further link to a query interface reserved by the vehicle cloud server through the secure link channel, so as to query public key information associated with the information m to be signed. Or, the vehicle-mounted controller may query public key information corresponding to the vehicle-mounted sensor to be authenticated from the vehicle cloud server through other secure channels, which is not described herein.

S202: and receiving the signature to be authenticated sent by the vehicle-mounted sensor to be authenticated.

In the embodiment of the present application, in order to achieve accurate authentication of the on-vehicle sensor to be authenticated, the on-vehicle controller also needs to receive the signature to be authenticated sent by the on-vehicle sensor to be authenticated, where the signature to be authenticated is defined as S, so as to execute the subsequent step S203.

The signature to be authenticated S is generated by the sensor to be authenticated according to a BLS signature algorithm, the information m to be signed and the private key information sk of the sensor to be authenticated, and the specific calculation formula is as follows:

S＝sk*H(m) (2)

s represents a signature to be authenticated generated by a sensor to be authenticated; sk represents private key information of the sensor to be authenticated; h (m) represents a curved hash value generated according to the information m to be signed, and the specific generation process is described in the following embodiments.

S203: and authenticating the signature to be authenticated by utilizing public key information according to a BLS signature algorithm to obtain an authentication result.

In this embodiment of the present application, after the public key information pk of the vehicle-mounted sensor to be authenticated is obtained through step S201, and the signature S to be authenticated sent by the vehicle-mounted sensor to be authenticated is received through step S202, the received signature S to be authenticated may be further authenticated by using the obtained public key information pk according to the BLS signature algorithm, so as to obtain an authentication result.

Specifically, since the BLS signature algorithm has a special pairing function, two points P and Q on the bilinear curve can be mapped to a number n, i.e., e (P, Q) →n, and the pairing function has a further characteristic of: the unknown x is substituted into the pairing function, and the result obtained is the same (the same number is mapped) no matter which point P and Q on the curve are multiplied by it, that is, e (xxp, Q) =e (P, xq). Further, based on the equation, it can be ensured that the equation shown in the following equation (3) is satisfied, and the specific calculation process is consistent with the existing method, and will not be described herein.

e(a×P,b×Q)＝e(P,a×b×Q)＝e(a×b×P,Q)＝e(P,Q)×(a,b) (3)

Therefore, in order to realize the authentication of the signature S to be authenticated of the on-vehicle sensor to be authenticated, based on the above formulas (1), (2) and (3), it may be determined whether the calculation results on both sides in the following formula (4) are equal by using the obtained public key information pk, the curve hash value H (m) and the signature S to be authenticated of the on-vehicle sensor to be authenticated:

e(pk,H(m))＝e(sk×G,H(m))＝e(G,sk×H(m))＝e(G,S) (4)

if the calculation results on the two sides of the medium number in the above formula (4) are equal, the number of the point mapping corresponding to the public key information pk and the point mapping corresponding to the curve hash value H (m) on the bilinear curve is indicated, the number of the point mapping corresponding to the curve generator G and the point mapping corresponding to the signature to be authenticated S on the bilinear curve are the same, as shown in fig. 3, and all the arrows point to the same point in the figure. At this time, it indicates that the sensor to be authenticated passes authentication, and the vehicle-mounted controller can perform normal communication with the sensor.

If the calculation results on the two sides of the medium number in the above formula (4) are not equal, it indicates that the number of the point mappings corresponding to the public key information pk and the curve hash value H (m) on the bilinear curve is not the same number as the number of the point mappings corresponding to the curve generator G and the signature S to be authenticated on the bilinear curve, that is, all the arrows in fig. 3 point to different points. At this time, it is indicated that the authentication of the sensor to be authenticated is not passed, that is, the sensor to be authenticated may fail, the vehicle-mounted controller cannot normally communicate with the sensor, and further, the failure condition of the authentication sensor can be reported, so that the failure processing can be performed on the sensor as soon as possible, and the safe running of the intelligent driving vehicle is ensured.

In a possible implementation manner of this embodiment, if in step S202, the vehicle-mounted controller receives the signatures to be authenticated sent by the plurality of vehicle-mounted sensors to be authenticated, the specific implementation process of step S203 may include the following steps A1-A2:

step A1: and aggregating the plurality of signatures to be authenticated to obtain an aggregated signature result to be authenticated.

In this implementation manner, if the vehicle-mounted controller receives the signatures to be authenticated sent by the plurality of vehicle-mounted sensors to be authenticated, in order to improve the authentication efficiency, the received signatures to be authenticated may be aggregated first, so as to obtain an aggregated signature result to be authenticated. For example, the signatures to be authenticated may be added first to obtain an added signature result to be authenticated, so as to execute the subsequent step A2.

Illustrating: assume that the vehicle-mounted controller receives n to-be-authenticated signatures, respectively S1, S2, …, sn, and the n to-be-authenticated signatures are respective to-be-authenticated signatures sent by n to-be-authenticated vehicle-mounted sensors. At this time, the n to-be-authenticated signatures may be added to obtain an added to-be-authenticated signature result S, that is, s=s1+s2+ … +sn, to execute the subsequent step A2, so as to implement authentication on the n to-be-authenticated vehicle-mounted sensors.

Step A2: and authenticating the aggregated signature result to be authenticated by utilizing public key information according to the BLS signature algorithm to obtain an authentication result.

In this implementation manner, after the aggregated signature result to be authenticated is obtained in step A1, the signature result may be substituted into the above formula (4) to determine whether the formula (4) is satisfied, if so, it is indicated that the plurality of vehicle-mounted sensors to be authenticated pass the authentication, otherwise, it is indicated that the authentication does not pass.

Specifically, if the aggregated signature to be authenticated is S and s=s1+s2+ … +sn, according to the aggregation authentication principle, S is substituted into the above formula (4), and based on the above formulas (1), (2) and (3), the following calculation result can be obtained:

if the calculation result obtained through calculation enables the formula (5) to be established, the fact that the n vehicle-mounted sensors to be authenticated pass the authentication is indicated, and the vehicle-mounted controller can normally communicate with the n sensors. Otherwise, the fact that the authentication of the n vehicle-mounted sensors to be authenticated is not passed is indicated, the vehicle-mounted controller cannot normally communicate with the n sensors, and fault processing needs to be carried out on the n sensors as soon as possible so as to ensure safe running of the intelligent driving vehicle.

In a possible implementation manner of this embodiment, if in step S202, the vehicle-mounted controller receives the signatures to be authenticated sent by the plurality of vehicle-mounted sensors to be authenticated, the specific implementation process of step S203 may further include the following steps B1-B2:

step B1: and aggregating all the signatures to be authenticated in the first group to obtain a first group aggregated signature result to be authenticated.

In this implementation manner, if the vehicle-mounted controller receives to-be-authenticated signatures sent by a plurality of to-be-authenticated vehicle-mounted sensors, in order to improve authentication efficiency, the received to-be-authenticated signatures may be grouped first, and in order to accurately locate a sensor type with a fault, the to-be-authenticated signatures may be grouped according to the type of the to-be-authenticated sensor to which each belongs, and each to-be-authenticated signature is labeled, for example, all to-be-authenticated radar sensors may be grouped into a group, and to-be-authenticated signatures generated by all to-be-authenticated radar sensors in the group may be labeled, for example, 5 to-be-authenticated signatures generated by 5 to-be-authenticated radar sensors included in the group may be labeled as 1, 2, 3, 4, and 5, respectively.

Furthermore, all the signatures to be authenticated in each group can be aggregated to obtain a signature result to be authenticated after each group is aggregated, and the specific process is similar to the step A1, and the related content refers to the step A1.

Taking the first group in each group as an example, the number of the signatures to be authenticated contained in the first group is smaller than the total number of the received signatures to be authenticated sent by the plurality of vehicle sensors to be authenticated, for example, if the total number of the received signatures to be authenticated sent by the plurality of vehicle sensors to be authenticated is 10, the number of the signatures to be authenticated contained in the first group is smaller than 10. And (2) aggregating all the signatures to be authenticated in the first group to obtain a signature result to be authenticated after the first group aggregation, so as to execute the subsequent step (B2).

Step B2: and authenticating the first group of aggregated signature results to be authenticated by utilizing public key information according to the BLS signature algorithm to obtain authentication results.

In this implementation manner, after the first group of aggregated signature results to be authenticated is obtained in step B1, the signature results may be substituted into the above formula (5) to determine whether the formula (5) is satisfied, if so, it is indicated that all the vehicle-mounted sensors to be authenticated contained in the first group pass the authentication, otherwise, it is indicated that the authentication does not pass.

Specifically, if the first group of aggregated signatures to be authenticated is obtained in step B1 as S ₍₁₎ And S is ₍₁₎ ＝S ₁ +S ₂ +…+S _i Then according to the aggregation authentication principle, S ₍₁₎ Substituting the above formula (5) can obtain the following calculation result:

e(G,S ₍₁₎ )＝e(pk ₁ ,H(m ₁ ))×e(pk ₂ ,H(m ₂ ))×…×e(pk _i ,H(m _i )) (6)

if the calculation result obtained through calculation enables the formula (6) to be established, the fact that the i vehicle-mounted sensors to be authenticated in the first group pass authentication is indicated, and the vehicle-mounted controller can normally communicate with the i sensors. Otherwise, the fact that the authentication of the i vehicle-mounted sensors to be authenticated in the first group is not passed is indicated, the vehicle-mounted controller cannot normally communicate with the i sensors, and fault processing needs to be carried out on the i sensors as soon as possible so as to ensure safe running of the intelligent driving vehicle.

Similarly, the vehicle-mounted sensor to be authenticated contained in other groups can be authenticated to obtain an authentication result, for example, if the second group of aggregated signature results to be authenticated obtained in the step B1 are S ₍₂₎ And S is ₍₂₎ ＝S _i+1 +S _i+2 +…+S _j Then according to the aggregation authentication principle, S ₍₂₎ Substituting the above formula (5) can obtain the following calculation result:

e(G,S ₍₂₎ )＝e(pk _i+1 ,H(m _i+1 ))×e(pk _i+2 ,H(m _i+2 ))×…×e(pk _j ,H(m _j )) (7)

similarly, if the calculation result obtained by calculation enables the formula (7) to be established, the fact that j-i vehicle-mounted sensors to be authenticated in the second group pass authentication is indicated, and the vehicle-mounted controller can normally communicate with the j-i sensors. Otherwise, the fact that the j-i vehicle-mounted sensors to be authenticated in the second group are not authenticated is indicated, the vehicle-mounted controller cannot normally communicate with the j-i sensors, and fault processing is needed to be conducted on the j-i sensors as soon as possible so as to ensure safe running of the intelligent driving vehicle.

In this way, by the grouping aggregation authentication mode, synchronous authentication can be performed on the signature result to be authenticated of each group of aggregation, and when authentication fails, a failed sensor to be authenticated can be rapidly and accurately positioned according to the type and the label of the grouping. Therefore, the authentication efficiency and accuracy of the vehicle-mounted sensor can be improved, the authentication cost is reduced, and the safe running of the intelligent driving vehicle is further ensured.

In summary, in the authentication method of the vehicle-mounted sensor provided in the embodiment, when the vehicle-mounted sensor is authenticated, the vehicle-mounted controller firstly acquires public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server, and then receives a signature to be authenticated sent by the vehicle-mounted sensor to be authenticated; and the vehicle-mounted controller can authenticate the signature to be authenticated by utilizing the obtained public key information according to the BLS signature algorithm so as to obtain an authentication result. Therefore, compared with the current method for authenticating the sensor equipment by using the electromagnetic security chip attached to the sensor equipment and the method for authenticating the sensor by sharing the same secret key by both communication parties, the vehicle-mounted controller can realize the rapid and accurate authentication of a large number of vehicle-mounted sensors on the vehicle without adding any hardware, thereby not only reducing the authentication cost, but also improving the authentication efficiency and accuracy and further ensuring the safe running of the intelligent driving vehicle.

Referring to fig. 4, a flowchart of another authentication method of an in-vehicle sensor according to an embodiment of the present application is shown. The method is described below.

S401: and obtaining the information to be signed of the vehicle-mounted sensor to be authenticated.

In the embodiment of the application, in order to realize accurate authentication of the on-vehicle sensor to be authenticated, the vehicle cloud server first needs to acquire sensor batch information from a sensor provider as the information to be signed, and may also acquire vehicle information from a vehicle manufacturer and generate the information to be signed according to the vehicle information, for example, the vehicle information may be a vehicle identification code (vehicle identification number, VIN), and further, may use a result obtained by adding a random number and the VIN as the information to be signed.

S402: and generating private key information and public key information of the vehicle-mounted sensor to be authenticated according to the BLS signature algorithm.

In the embodiment of the present application, the implementation process of the step S402 is substantially the same as that described in the above step S201 with respect to the formula (1), and the description is omitted herein for details, and please refer to the above step S201 for relevant details.

S403: and sending the information to be signed and the private key information to the vehicle-mounted sensor to be authenticated.

In this embodiment of the present application, after obtaining the to-be-signed information of the to-be-authenticated vehicle-mounted sensor through step S401 and generating the private key information of the to-be-authenticated vehicle-mounted sensor through step S402, the to-be-signed information and the private key information may be further sent to the to-be-authenticated vehicle-mounted sensor, so that the to-be-authenticated vehicle-mounted sensor generates the to-be-authenticated signature according to the BLS signature algorithm, the to-be-signed information and the private key information and sends the to-be-authenticated signature to the vehicle-mounted controller. The specific implementation process of generating the signature to be authenticated is described in the following embodiments.

S404: and sending the public key information to the vehicle-mounted controller.

In this embodiment of the present application, after generating the public key information of the vehicle-mounted sensor to be authenticated through step S402, the public key information may be further sent to the vehicle-mounted controller, so that the vehicle-mounted controller authenticates the signature to be authenticated according to the BLS signature algorithm and the public key information, and obtains an authentication result. The specific implementation process of generating the signature to be authenticated by the vehicle-mounted controller is described in step S203, and is not described herein.

In one possible implementation manner of this embodiment, the vehicle cloud server also needs to open a public key information query interface, so that the vehicle controller queries public key information of the vehicle sensor to be authenticated from the vehicle cloud server according to the information to be signed of the vehicle sensor to be authenticated.

Specifically, in this implementation manner, if the current vehicle-mounted controller is a replaced vehicle-mounted controller, for example, if a previous vehicle-mounted controller is damaged and updated to a new vehicle-mounted controller, then the current vehicle-mounted controller does not store public key information sent in advance by the vehicle cloud server, in this case, the current vehicle-mounted controller needs to query public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server through a public key information query interface pre-opened by the vehicle cloud server according to the information to be signed after receiving the information to be signed sent by the sensor to be authenticated.

Or if the vehicle-mounted sensor to be authenticated is a replaced sensor, for example, if the previous vehicle-mounted sensor is damaged, updating the sensor to be authenticated to a new vehicle-mounted sensor, and then, the vehicle-mounted controller does not store public key information corresponding to the vehicle-mounted sensor to be authenticated, in this case, the vehicle-mounted controller needs to query public key information related to the information to be signed from the vehicle cloud server through a public key information query interface which is opened in advance by the vehicle cloud server according to the information to be signed after receiving the information to be signed sent by the sensor to be authenticated.

Referring to fig. 5, a flowchart of an authentication method of another vehicle-mounted sensor according to an embodiment of the present application is shown. The method is described below.

S501: and acquiring private key information and signature information of the vehicle-mounted sensor to be authenticated.

In the embodiment of the present application, in order to achieve accurate authentication of the vehicle-mounted sensor to be authenticated, the vehicle-mounted sensor to be authenticated needs to obtain the private key information and the information to be signed sent by the vehicle cloud server, where the private key information is generated by the vehicle cloud server according to the BLS signature algorithm, and the specific generation process is described in step S402 above, and is not repeated herein.

S502: and generating a signature to be authenticated according to the BLS signature algorithm, the information to be signed and the private key information.

In this embodiment of the present application, after the private key information and the to-be-signed information of the to-be-authenticated vehicle-mounted sensor are obtained in step S501, the to-be-authenticated signature may be generated according to the mature BLS signature algorithm, the to-be-signed information, and the private key information.

Specifically, in one possible implementation manner of the present embodiment, the specific implementation procedure of the present step S502 may include the following steps C1 to C3:

step C1: generating a hash abstract according to the information to be signed;

in this implementation manner, after the to-be-authenticated vehicle-mounted sensor acquires the to-be-signed information m, data processing may be performed on the to-be-signed information m to generate a hash digest corresponding to the to-be-signed information m, for example, the to-be-signed information m may be subjected to data processing by using an SHA256 algorithm to generate the hash digest.

Step C2: and generating a curve hash value of the hash digest according to the BLS signature algorithm.

In this implementation manner, after the hash digest is generated in step C1, the corresponding point on the elliptic curve may be further queried according to the BLS signature algorithm, with the hash digest as the abscissa value of the point. Generally, the elliptic curve comprises 2 ²⁵⁶ The value of the SHA256 algorithm employed is also exactly 256 bits. But for a valid abscissa x, one will look up a positive and negative two abscissas y (i.e., two corresponding coordinates of points are (x, y) and (x, -y), respectively). Therefore, in the query process, 2 corresponding points are found on the elliptic curve with 50% probability, and one point is not found with the other 50% probability, at this time, a random number is added after the abscissa x, and then the query is performed again until two corresponding points are found, and a point with a smaller ordinate y is selected as a final query result, so as to determine a final curve hash value.

Illustrating: as shown in FIG. 6, to define an elliptic curve y over a finite field modulo 23 ² ＝x ³ +7 is an example. Only half of the abscissa x can find the corresponding point on the elliptic curve. When the curve hash value of the hash digest is obtained, a number (e.g. 0, 1, 2) can be added after the hash digest to ensure that the corresponding point can be found on the elliptic curve, and if the corresponding point is not found, the accessory value is replaced and the query is performed again. For example, if no corresponding point is found by appending 0 (hash (m|0) shown by the left arrow in fig. 6) after the hash digest, then the attempt is continued to append 1 (hash (m|1) shown by the right arrow in fig. 6) after the hash digest, append 2 (hash (m|2) shown by the middle arrow in fig. 6) after the hash digest, etc. until two corresponding points are queried, and a point with smaller ordinate y is selected as the final query result, to determine the final curved hash value, such as H (m) indicated in fig. 6.

Step C3: and generating a signature to be authenticated according to the curve hash value and the private key information.

In this implementation manner, after generating the curve hash value H (m) through step C2, the on-vehicle sensor to be authenticated may generate the signature S to be authenticated according to the curve hash value H (m) and the private key information sk, where the specific calculation formula is the above formula (2), that is, s=sk×h (m), and the obtained signature S to be authenticated is still a point on the elliptic curve, as shown in fig. 7.

S503: and sending the signature to be authenticated to the vehicle-mounted controller so that the vehicle-mounted controller authenticates the signature to be authenticated according to the BLS signature algorithm to obtain an authentication result.

In this embodiment of the present application, after the signature to be authenticated is generated in step S502, the signature to be authenticated may be further sent to the vehicle-mounted controller, so that the vehicle-mounted controller authenticates the signature to be authenticated according to the BLS signature algorithm and public key information, and an authentication result is obtained. The specific implementation process of generating the signature to be authenticated by the vehicle-mounted controller is described in step S203, and is not described herein.

For easy understanding of the authentication method of the vehicle-mounted sensor provided in the present application, referring to fig. 8, which shows an interaction schematic diagram of the authentication method of the vehicle-mounted sensor provided in the embodiment of the present application, the method may include the following steps:

S801: and the vehicle cloud server acquires the information to be signed of the vehicle-mounted sensor to be authenticated.

S802: and the vehicle cloud server generates private key information and public key information of the vehicle-mounted sensor to be authenticated according to the BLS signature algorithm.

S803: and the vehicle cloud server sends the information to be signed and the private key information to the vehicle-mounted sensor to be authenticated.

S804: and the vehicle cloud server sends the public key information to the vehicle-mounted controller.

It should be noted that steps S801 to S804 are identical to steps S401 to S404, and the relevant points are referred to the description of steps S401 to S404, and are not repeated here.

S805: and the vehicle-mounted sensor to be authenticated generates a signature to be authenticated according to the BLS signature algorithm, the information to be signed and the private key information.

S806: the to-be-authenticated vehicle-mounted sensor sends a to-be-authenticated signature to the vehicle-mounted controller.

It should be noted that steps S805 to S806 are identical to steps S502 to S503, and the relevant points are referred to the description of steps S502 to S503, and are not repeated here.

S807: and the vehicle-mounted controller authenticates the signature to be authenticated by utilizing public key information according to a BLS signature algorithm to obtain an authentication result.

It should be noted that, in this step S807, the same as the above step S203, please refer to the description of the above step S203, and the details are not repeated here.

In this way, when the vehicle-mounted sensor is authenticated, after the vehicle cloud server acquires the to-be-signed information of the to-be-authenticated vehicle-mounted sensor, private key information and public key information of the to-be-authenticated vehicle-mounted sensor are generated according to a BLS signature algorithm, the to-be-signed information and the private key information of the to-be-authenticated vehicle-mounted sensor are sent to the vehicle-mounted controller, and the public key information is sent to the vehicle-mounted controller; then the vehicle-mounted sensor to be authenticated can generate a signature to be authenticated according to the BLS signature algorithm, the information to be signed and the private key information, and the signature to be authenticated is sent to the vehicle-mounted controller; and the vehicle-mounted controller can authenticate the signature to be authenticated by utilizing the obtained public key information according to the BLS signature algorithm so as to obtain an authentication result. As can be seen, the private key and the public key of the vehicle-mounted sensor to be authenticated and the signature to be authenticated are generated by the vehicle cloud server based on the mature BLS signature algorithm, and then the vehicle-mounted controller authenticates the signature to be authenticated generated by the sensor to be authenticated by using the public key according to the BLS signature algorithm so as to accurately identify the authenticity of the vehicle-mounted sensor to be authenticated, so that compared with the existing method for authenticating the sensor device by using the electromagnetic security chip attached to the sensor device and the method for authenticating the sensor by relying on the same secret key shared by both communication parties, the method for authenticating the sensor device on the vehicle can realize the rapid and accurate authentication of a large number of vehicle-mounted sensors on the vehicle without adding any hardware, thereby not only reducing the authentication cost, but also improving the authentication efficiency and accuracy, and further ensuring the safe running of the intelligent driving vehicle

Next, an authentication system of an in-vehicle sensor provided in an embodiment of the present application will be described.

Referring to fig. 1, the authentication system includes a vehicle cloud server 101, an in-vehicle sensor 102 to be authenticated, and an in-vehicle controller 103. The vehicle cloud server 101 is connected with the vehicle-mounted sensor 102 to be authenticated, the vehicle cloud server 101 is connected with the vehicle-mounted controller 103, and the vehicle-mounted sensor 102 to be authenticated is connected with the vehicle-mounted controller 103. The "connection" may be a direct connection or an indirect connection. In particular, there may be other provider servers between the cloud server 101 and the on-board sensor 102 to be authenticated, and the connection between the cloud server 101 and the on-board sensor 102 to be authenticated.

The vehicle cloud server 101 is used for acquiring information to be signed; generating private key information and public key information of the vehicle-mounted sensor to be authenticated according to a BLS signature algorithm; the public key information is sent to a to-be-vehicle-mounted controller; the information to be signed and the private key information are sent to an on-vehicle sensor to be authenticated; the specific implementation process is described in the above steps S401 to S404, and will not be described here again.

The to-be-authenticated vehicle-mounted sensor 102 is used for generating a to-be-authenticated signature according to a BLS signature algorithm, to-be-signed information and private key information; the signature to be authenticated is sent to a vehicle-mounted controller; the specific implementation process is described in the above steps S501-S503, and will not be described herein.

And the vehicle-mounted controller 103 is used for authenticating the signature to be authenticated by utilizing public key information according to a BLS signature algorithm to obtain an authentication result. The specific implementation process is described in the above steps S201 to S203, and will not be described here again.

In one possible implementation manner of this embodiment, the vehicle cloud server 101 is further configured to:

the public key information inquiry interface is opened so that the vehicle-mounted controller 103 inquires public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server 101 according to the information to be signed of the vehicle-mounted sensor to be authenticated 102.

In one possible implementation manner of the present embodiment, the vehicle-mounted sensor 102 to be authenticated is specifically configured to:

generating a hash abstract according to the information to be signed; generating a curve hash value of the hash abstract according to a BLS signature algorithm; and generating a signature to be authenticated according to the curve hash value and the private key information.

In one possible implementation manner of the present embodiment, the in-vehicle controller 103 is specifically configured to:

and inquiring public key information of the to-be-authenticated vehicle-mounted sensor from the vehicle cloud server 101 according to the to-be-signed information of the to-be-authenticated vehicle-mounted sensor 102.

Receiving respective signatures to be authenticated sent by a plurality of vehicle-mounted sensors to be authenticated; aggregating a plurality of signatures to be authenticated to obtain an aggregated signature result to be authenticated; and authenticating the aggregated signature result to be authenticated by utilizing public key information according to the BLS signature algorithm to obtain an authentication result.

receiving respective signatures to be authenticated sent by a plurality of vehicle-mounted sensors to be authenticated; aggregating all the signatures to be authenticated in the first group to obtain a first group aggregated signature result to be authenticated; according to the BLS signature algorithm, authenticating the first group of aggregated signature results to be authenticated by utilizing public key information to obtain authentication results;

the number of the signatures to be authenticated contained in the first group is smaller than the total number of the received signatures to be authenticated sent by the plurality of vehicle-mounted sensors to be authenticated.

The embodiment of the application also provides another authentication system of the vehicle-mounted sensor, as shown in fig. 9, the authentication system comprises the vehicle-mounted sensor 901 to be authenticated and the vehicle-mounted controller 902, and the two may be directly connected or indirectly connected.

The vehicle-mounted sensor 901 to be authenticated is used for acquiring private key information and information to be signed; generating a signature to be authenticated according to the BLS signature algorithm, the information to be signed and the private key information; sending the signature to be authenticated to the vehicle-mounted controller 902; the specific implementation process is described in the above steps S501-S503, and will not be described herein. The private key information and the information to be signed can also be obtained from other cloud servers, and the specific obtaining process is not described herein.

The vehicle-mounted controller 902 is used for acquiring public key information of a vehicle-mounted sensor to be authenticated; and authenticating the signature to be authenticated by utilizing public key information according to a BLS signature algorithm to obtain an authentication result. The specific implementation process is described in the above steps S201 to S203, and will not be described here again. The public key information of the vehicle-mounted sensor to be authenticated can also be obtained from other cloud servers, and the specific obtaining process is not described herein.

In one possible implementation manner of this embodiment, the in-vehicle controller 902 is specifically configured to:

and inquiring public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server according to the information to be signed of the vehicle-mounted sensor to be authenticated 901.

In one possible implementation manner of this embodiment, the vehicle-mounted sensor 901 to be authenticated is specifically configured to:

In order to facilitate better implementation of the above-described aspects of the embodiments of the present application, a related apparatus for implementing the above-described aspects is also provided below. Referring to fig. 10, an authentication device 1000 for an in-vehicle sensor is provided in an embodiment of the present application. The apparatus 1000 may include: an acquisition unit 1001, a reception unit 1002, and an authentication unit 1003. The obtaining unit 1001 is configured to execute S201 in the embodiment shown in fig. 2. The receiving unit 1002 is configured to perform S202 in the embodiment shown in fig. 2. The authentication unit 1003 is used to execute S203 in the embodiment shown in fig. 2. In particular, the method comprises the steps of,

an obtaining unit 1001, configured to obtain public key information of a vehicle-mounted sensor to be authenticated from a vehicle cloud server;

a receiving unit 1002, configured to receive a signature to be authenticated sent by a vehicle-mounted sensor to be authenticated;

and an authentication unit 1003, configured to authenticate the signature to be authenticated by using public key information according to the BLS signature algorithm, and obtain an authentication result.

In one implementation of this embodiment, the obtaining unit 1001 is specifically configured to: and inquiring public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server according to the information to be signed of the vehicle-mounted sensor to be authenticated.

In one implementation of this embodiment, the public key information is associated with the batch information of the sensor to be authenticated.

In one implementation of this embodiment, the signature to be authenticated is generated by the sensor to be authenticated according to the BLS signature algorithm, the information to be signed, and the private key information of the sensor to be authenticated; the private key information is generated by the vehicle cloud server according to a BLS signature algorithm.

In one implementation of this embodiment, the receiving unit 1002 is specifically configured to: receiving respective signatures to be authenticated sent by a plurality of vehicle-mounted sensors to be authenticated; the authentication unit 1003 includes:

the first aggregation subunit is used for aggregating the plurality of signatures to be authenticated to obtain an aggregated signature result to be authenticated;

and the first authentication subunit is used for authenticating the aggregated signature result to be authenticated by utilizing public key information according to the BLS signature algorithm to obtain an authentication result.

the second aggregation subunit is used for aggregating all the signatures to be authenticated in the first group to obtain a first group of aggregated signatures to be authenticated result;

the second authentication subunit is used for authenticating the first group of aggregated signature results to be authenticated by utilizing public key information according to the BLS signature algorithm to obtain authentication results;

In summary, in the authentication device for the vehicle-mounted sensor provided in this embodiment, when the vehicle-mounted sensor is authenticated, the vehicle-mounted controller firstly obtains public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server, and then receives a signature to be authenticated sent by the vehicle-mounted sensor to be authenticated; and the vehicle-mounted controller can authenticate the signature to be authenticated by utilizing the obtained public key information according to the BLS signature algorithm so as to obtain an authentication result. Therefore, compared with the current method for authenticating the sensor equipment by using the electromagnetic security chip attached to the sensor equipment and the method for authenticating the sensor by sharing the same secret key by both communication parties, the vehicle-mounted controller can realize the rapid and accurate authentication of a large number of vehicle-mounted sensors on the vehicle without adding any hardware, thereby not only reducing the authentication cost, but also improving the authentication efficiency and accuracy and further ensuring the safe running of the intelligent driving vehicle.

To facilitate better implementation of the above-described aspects of embodiments of the present application, another related apparatus for implementing the above-described aspects is provided below. Referring to fig. 11, another authentication device 1100 for an in-vehicle sensor according to an embodiment of the present application is provided. The apparatus 1100 may include: the device comprises an acquisition unit 1101, a generation unit 1102, a first transmission unit 1103 and a second transmission unit 1104, wherein the acquisition unit 1101 is used for executing S401 in the embodiment shown in fig. 4. The generating unit 1102 is configured to execute S402 in the embodiment shown in fig. 4. The first sending unit 1103 is configured to perform S403 in the embodiment shown in fig. 4. The second transmission unit 1104 is used to execute S404 in the embodiment shown in fig. 4. In particular, the method comprises the steps of,

an obtaining unit 1101, configured to obtain information to be signed of the vehicle-mounted sensor to be authenticated;

the generating unit 1102 is configured to generate private key information and public key information of the vehicle-mounted sensor to be authenticated according to a BLS signature algorithm;

the first sending unit 1103 is configured to send the to-be-authenticated vehicle-mounted sensor with to-be-signed information and private key information, so that the to-be-authenticated vehicle-mounted sensor generates a to-be-authenticated signature according to the BLS signature algorithm, the to-be-signed information and the private key information, and sends the to-be-authenticated signature to the vehicle-mounted controller;

And the second sending unit 1104 is configured to send the public key information to the vehicle-mounted controller, so that the vehicle-mounted controller authenticates the signature to be authenticated according to the BLS signature algorithm and the public key information, and obtains an authentication result.

In one implementation of this embodiment, the apparatus further includes: and the open unit is used for opening the public key information inquiry interface so that the vehicle-mounted controller inquires public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server according to the information to be signed of the vehicle-mounted sensor to be authenticated.

To facilitate better implementation of the above-described aspects of embodiments of the present application, further related devices for implementing the above-described aspects are provided below. Referring to fig. 12, an authentication device 1200 of another vehicle-mounted sensor according to an embodiment of the present application is provided. The apparatus 1200 may include: an acquisition unit 1201, a generation unit 1202, and a transmission unit 1203. The acquiring unit 1201 is configured to execute S501 in the embodiment shown in fig. 5. The generating unit 1202 is configured to execute S502 in the embodiment shown in fig. 5. The sending unit 1203 is configured to perform S503 in the embodiment shown in fig. 5. In particular, the method comprises the steps of,

an obtaining unit 1201, configured to obtain private key information and to-be-signed information of the to-be-authenticated vehicle-mounted sensor;

A generating unit 1202, configured to generate a signature to be authenticated according to the BLS signature algorithm, the information to be signed, and the private key information;

and the sending unit 1203 is configured to send the signature to be authenticated to the vehicle-mounted controller, so that the vehicle-mounted controller authenticates the signature to be authenticated according to the BLS signature algorithm, and an authentication result is obtained.

In one implementation of this embodiment, the obtaining unit 1201 is specifically configured to: and obtaining private key information of the to-be-authenticated vehicle-mounted sensor sent by the vehicle cloud server, wherein the private key information is generated by the vehicle cloud server according to a BLS signature algorithm.

In one implementation of the present embodiment, the generating unit 1202 includes:

the first generation subunit is used for generating a hash abstract according to the information to be signed;

the second generation subunit is used for generating a curve hash value of the hash abstract according to the BLS signature algorithm;

and the third generation subunit is used for generating a signature to be authenticated according to the curve hash value and the private key information.

Referring to fig. 13, an embodiment of the present application provides an authentication device 1300 for an in-vehicle sensor, the device comprising a memory 1301, a processor 1302 and a communication interface 1303,

a memory 1301 for storing instructions;

a processor 1302, configured to execute the instructions in the memory 1301 and perform the authentication method applied to the vehicle-mounted sensor in the embodiment shown in fig. 2;

A communication interface 1303 for performing communication.

The memory 1301, the processor 1302, and the communication interface 1303 are connected to each other through a bus 1304; bus 1304 may be a peripheral component interconnect standard (peripheral component interconnect, PCI) bus, or an extended industry standard architecture (extended industry standard architecture, EISA) bus, among others. The buses may be divided into address buses, data buses, control buses, etc. For ease of illustration, only one thick line is shown in fig. 13, but not only one bus or one type of bus.

In a specific embodiment, the processor 1302 is configured to, when performing authentication of the vehicle-mounted sensor, first obtain public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server, and then receive a signature to be authenticated sent by the vehicle-mounted sensor to be authenticated; and the vehicle-mounted controller can authenticate the signature to be authenticated by utilizing the obtained public key information according to the BLS signature algorithm so as to obtain an authentication result. For a detailed process of the processor 1302, please refer to the detailed descriptions of S201, S202 and S203 in the embodiment shown in fig. 2, which are not described herein.

Referring to fig. 14, an embodiment of the present application provides another vehicle sensor authentication device 1400, comprising a memory 1401, a processor 1402 and a communication interface 1403,

A memory 1401 for storing instructions;

a processor 1402 for executing instructions in the memory 1401, and performing the authentication method of the vehicle-mounted sensor applied to the embodiment shown in fig. 4 described above;

a communication interface 1403 for performing communication.

The memory 1401, the processor 1402, and the communication interface 1403 are connected to each other through a bus 1404; the bus 1404 may be a peripheral component interconnect standard (peripheral component interconnect, PCI) bus, or an extended industry standard architecture (extended industry standard architecture, EISA) bus, among others. The buses may be divided into address buses, data buses, control buses, etc. For ease of illustration, only one thick line is shown in fig. 14, but not only one bus or one type of bus.

In a specific embodiment, the processor 1402 is configured to, when performing authentication of the vehicle-mounted sensor, obtain to-be-authenticated to-be-signed information of the vehicle-mounted sensor by the vehicle cloud server, then generate private key information and public key information of the to-be-authenticated to-be-signed sensor according to a BLS signature algorithm, and further send the to-be-signed information and the private key information to the to-be-authenticated to the vehicle-mounted sensor, so that the to-be-authenticated to-be-signed sensor generates to-be-authenticated signature according to the BLS signature algorithm, the to-be-signed information and the private key information, and sends the to-be-authenticated signature to the vehicle-mounted controller; meanwhile, the vehicle cloud server can also send public key information to the vehicle-mounted controller, so that the vehicle-mounted controller can authenticate the signature to be authenticated according to the BLS signature algorithm and the public key information, and an authentication result is obtained. For a detailed process of the processor 1402, please refer to the detailed descriptions of S401, S402, S403 and S204 in the embodiment shown in fig. 4, which are not repeated here.

Referring to fig. 15, an embodiment of the present application provides yet another authentication device 1500 for an in-vehicle sensor, the device comprising a memory 1501, a processor 1502 and a communication interface 1503,

a memory 1501 for storing instructions;

a processor 1502 for executing instructions in the memory 1501, and executing the authentication method of the vehicle-mounted sensor applied to the embodiment shown in fig. 5;

a communication interface 1503 for performing communication.

The memory 1501, the processor 1502 and the communication interface 1503 are connected to each other through a bus 1504; bus 1504 may be a peripheral component interconnect standard (peripheral component interconnect, PCI) bus, or an extended industry standard architecture (extended industry standard architecture, EISA) bus, among others. The buses may be divided into address buses, data buses, control buses, etc. For ease of illustration, only one thick line is shown in fig. 15, but not only one bus or one type of bus.

In a specific embodiment, the processor 1502 is configured to, when performing authentication of the vehicle-mounted sensor, first obtain private key information and to-be-signed information, then generate to-be-authenticated signature according to the BLS signature algorithm, to-be-signed information and private key information, and then send to-be-authenticated signature to the vehicle-mounted controller, so that the vehicle-mounted controller authenticates to-be-authenticated signature according to the BLS signature algorithm, and obtains an authentication result. For a detailed process of the processor 1502, please refer to the detailed descriptions of S501, S502 and S503 in the embodiment shown in fig. 5, which are not described herein.

The memory 1301, the memory 1401, and the memory 1501 may be random-access memory (RAM), flash memory (flash), read-only memory (ROM), erasable programmable read-only memory (erasable programmable read only memory, EPROM), electrically erasable programmable read-only memory (electrically erasable programmable read only memory, EEPROM), registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known to those skilled in the art.

The processor 1302, 1402, 1502 may be, for example, a central processing unit (central processing unit, CPU), a general purpose processor, a digital signal processor (digital signal processor, DSP), an application-specific integrated circuit (ASIC), a field programmable gate array (field programmable gate array, FPGA), or other programmable logic device, transistor logic device, hardware components, or any combination thereof. Which may implement or perform the various exemplary logic blocks, modules, and circuits described in connection with this disclosure. A processor may also be a combination that performs computing functions, e.g., including one or more microprocessors, a combination of a DSP and a microprocessor, and so forth.

The communication interface 1303, 1403, and 1503 may be, for example, interface cards, ethernet interfaces, or asynchronous transfer mode (asynchronous transfer mode, ATM) interfaces.

The embodiment of the application also provides a computer readable storage medium, which comprises instructions that when run on a computer, cause the computer to execute the authentication method of the vehicle-mounted sensor.

The terms "first," "second," "third," "fourth" and the like in the description and in the claims of this application and in the above-described figures, if any, are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments described herein may be implemented in other sequences than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.

It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, which are not repeated herein.

In the several embodiments provided in this application, it should be understood that the disclosed systems, apparatuses, and methods may be implemented in other ways. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the units is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.

The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.

In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.

The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be embodied in essence or a part contributing to the prior art or all or part of the technical solution in the form of a software product stored in a storage medium, including several instructions to cause a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.

Those skilled in the art will appreciate that in one or more of the examples described above, the functions described in the present invention may be implemented in hardware, software, firmware, or any combination thereof. When implemented in software, these functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium. Computer-readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another. A storage media may be any available media that can be accessed by a general purpose or special purpose computer.

The above embodiments are further described in detail for the purpose, technical solution and advantageous effects of the present invention, and it should be understood that the above description is only an embodiment of the present invention.

The above embodiments are merely for illustrating the technical solution of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the corresponding technical solutions from the scope of the technical solutions of the embodiments of the present application.

Claims

1. An authentication method of a vehicle-mounted sensor, which is applied to a vehicle-mounted controller and used for authenticating the vehicle-mounted sensor to be authenticated, wherein the vehicle-mounted sensor is connected with the vehicle-mounted controller, and the method comprises the following steps:

obtaining public key information of the vehicle-mounted sensor to be authenticated from a vehicle cloud server;

receiving a signature to be authenticated sent by the vehicle-mounted sensor to be authenticated;

and authenticating the signature to be authenticated by utilizing the public key information according to a BLS signature algorithm to obtain an authentication result.

2. The method of claim 1, wherein the obtaining public key information of the to-be-authenticated in-vehicle sensor from a vehicle cloud server comprises:

and inquiring public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server according to the information to be signed of the vehicle-mounted sensor to be authenticated.

3. The method of claim 1, wherein the public key information is associated with batch information of the sensor to be authenticated.

4. The method of claim 1, wherein the signature to be authenticated is generated by the sensor to be authenticated according to the BLS signature algorithm, the information to be signed, and private key information of the sensor to be authenticated; the private key information is generated by the vehicle cloud server according to the BLS signature algorithm.

5. The method of claim 1, wherein the receiving the signature to be authenticated sent by the sensor onboard the vehicle to be authenticated comprises: receiving respective signatures to be authenticated sent by a plurality of vehicle-mounted sensors to be authenticated;

the step of authenticating the signature to be authenticated by using the public key information according to a BLS signature algorithm to obtain an authentication result comprises the following steps:

aggregating the plurality of signatures to be authenticated to obtain an aggregated signature result to be authenticated;

and authenticating the aggregated signature result to be authenticated by utilizing the public key information according to a BLS signature algorithm to obtain an authentication result.

6. The method of claim 1, wherein the receiving the signature to be authenticated sent by the sensor onboard the vehicle to be authenticated comprises: receiving respective signatures to be authenticated sent by a plurality of vehicle-mounted sensors to be authenticated;

aggregating all the signatures to be authenticated in the first group to obtain a signature result to be authenticated after the first group aggregation;

according to the BLS signature algorithm, the public key information is utilized to authenticate the first group of aggregated signature results to be authenticated, and an authentication result is obtained;

7. An authentication method of an in-vehicle sensor, wherein the method is applied to a vehicle cloud server, and the method comprises:

acquiring to-be-signed information of a to-be-authenticated vehicle-mounted sensor;

generating private key information and public key information of the vehicle-mounted sensor to be authenticated according to a BLS signature algorithm;

the to-be-authenticated vehicle-mounted sensor sends the to-be-signed information and the private key information to the to-be-authenticated vehicle-mounted sensor so that the to-be-authenticated vehicle-mounted sensor generates a to-be-authenticated signature according to the BLS signature algorithm, the to-be-signed information and the private key information and sends the to-be-authenticated signature to a vehicle-mounted controller;

and sending the public key information to the vehicle-mounted controller so that the vehicle-mounted controller authenticates the signature to be authenticated according to the BLS signature algorithm and the public key information to obtain an authentication result.

8. The method of claim 7, wherein the method further comprises:

and opening a public key information inquiry interface so that the vehicle-mounted controller inquires public key information of the vehicle-mounted sensor to be authenticated from a vehicle cloud server according to the information to be signed of the vehicle-mounted sensor to be authenticated.

9. An authentication method of an in-vehicle sensor, wherein the method is applied to a vehicle cloud server, and the method comprises:

acquiring private key information and signature information of a vehicle-mounted sensor to be authenticated;

generating a signature to be authenticated according to a BLS signature algorithm, the information to be signed and the private key information;

and sending the signature to be authenticated to a vehicle-mounted controller, so that the vehicle-mounted controller authenticates the signature to be authenticated according to the BLS signature algorithm to obtain an authentication result.

10. The method of claim 9, wherein the obtaining private key information of the vehicle-mounted sensor to be authenticated comprises:

and acquiring private key information of the to-be-authenticated vehicle-mounted sensor sent by a vehicle cloud server, wherein the private key information is generated by the vehicle cloud server according to the BLS signature algorithm.

11. The method of claim 9, wherein generating the signature to be authenticated based on the BLS signature algorithm, the information to be signed, and the private key information comprises:

generating a hash abstract according to the information to be signed;

generating a curve hash value of the hash abstract according to a BLS signature algorithm;

and generating a signature to be authenticated according to the curve hash value and the private key information.

12. An authentication system for an in-vehicle sensor, the system comprising: the vehicle cloud server, the vehicle-mounted sensor to be authenticated and the vehicle-mounted controller;

the vehicle cloud server is used for acquiring information to be signed; generating private key information and public key information of the vehicle-mounted sensor to be authenticated according to a BLS signature algorithm; sending the public key information to the vehicle-mounted controller; the information to be signed and the private key information are sent to the vehicle-mounted sensor to be authenticated;

the to-be-authenticated vehicle-mounted sensor is used for generating a to-be-authenticated signature according to a BLS signature algorithm, the to-be-signed information and the private key information; the signature to be authenticated is sent to the vehicle-mounted controller;

and the vehicle-mounted controller is used for authenticating the signature to be authenticated by utilizing the public key information according to the BLS signature algorithm to obtain an authentication result.

13. The system of claim 12, wherein the vehicle cloud server is further configured to:

and opening a public key information inquiry interface so that the vehicle-mounted controller inquires public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server according to the information to be signed of the vehicle-mounted sensor to be authenticated.

14. The system of claim 12, wherein the vehicle-mounted sensor to be authenticated is specifically configured to:

generating a hash abstract according to the information to be signed; generating a curve hash value of the hash digest according to the BLS signature algorithm; and generating a signature to be authenticated according to the curve hash value and the private key information.

15. The system of claim 12, wherein the onboard controller is configured to:

16. The system of claim 12, wherein the onboard controller is configured to:

receiving respective signatures to be authenticated sent by a plurality of vehicle-mounted sensors to be authenticated; aggregating the plurality of signatures to be authenticated to obtain an aggregated signature result to be authenticated; and authenticating the aggregated signature result to be authenticated by utilizing the public key information according to the BLS signature algorithm to obtain an authentication result.

17. The system of claim 12, wherein the onboard controller is configured to:

Receiving respective signatures to be authenticated sent by a plurality of vehicle-mounted sensors to be authenticated; aggregating all the signatures to be authenticated in the first group to obtain a signature result to be authenticated after the first group aggregation; according to the BLS signature algorithm, the public key information is utilized to authenticate the first group of aggregated signature results to be authenticated, and an authentication result is obtained;

18. An authentication system for an in-vehicle sensor, the system comprising: the vehicle-mounted sensor to be authenticated and the vehicle-mounted controller;

the vehicle-mounted sensor to be authenticated is used for acquiring private key information and information to be signed; generating a signature to be authenticated according to a BLS signature algorithm, the information to be signed and the private key information; the signature to be authenticated is sent to the vehicle-mounted controller;

the vehicle-mounted controller is used for acquiring public key information of the vehicle-mounted sensor to be authenticated; and authenticating the signature to be authenticated by utilizing the public key information according to the BLS signature algorithm to obtain an authentication result.

19. The system of claim 18, wherein the onboard controller is configured to:

and inquiring public key information of the vehicle-mounted sensor to be authenticated from a vehicle cloud server according to the information to be signed of the vehicle-mounted sensor to be authenticated.

20. The system of claim 18, wherein the vehicle-mounted sensor to be authenticated is specifically configured to:

21. The system of claim 18, wherein the onboard controller is configured to:

22. The system of claim 18, wherein the onboard controller is configured to:

23. An authentication apparatus of an in-vehicle sensor, the apparatus being applied to an in-vehicle controller, the apparatus comprising:

the acquisition unit is used for acquiring public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server;

the receiving unit is used for receiving the signature to be authenticated sent by the vehicle-mounted sensor to be authenticated;

and the authentication unit is used for authenticating the signature to be authenticated by utilizing the public key information according to a BLS signature algorithm to obtain an authentication result.

24. The apparatus according to claim 23, wherein the acquisition unit is specifically configured to:

25. The apparatus of claim 23, wherein the public key information is associated with batch information of the on-board sensor to be authenticated.

26. The apparatus of claim 23, wherein the signature to be authenticated is generated by the on-board sensor to be authenticated according to the BLS signature algorithm, the information to be signed, and private key information of the sensor to be authenticated; the private key information is generated by the vehicle cloud server according to the BLS signature algorithm.

27. The apparatus according to claim 23, wherein the receiving unit is specifically configured to: receiving respective signatures to be authenticated sent by a plurality of vehicle-mounted sensors to be authenticated; the authentication unit includes:

and the first authentication subunit is used for authenticating the aggregated signature result to be authenticated by utilizing the public key information according to a BLS signature algorithm to obtain an authentication result.

28. The apparatus according to claim 23, wherein the receiving unit is specifically configured to: receiving respective signatures to be authenticated sent by a plurality of vehicle-mounted sensors to be authenticated; the authentication unit includes:

the second aggregation subunit is used for aggregating all the signatures to be authenticated in the first group to obtain a signature result to be authenticated after the first group is aggregated;

the second authentication subunit is used for authenticating the first group of aggregated signature results to be authenticated by utilizing the public key information according to the BLS signature algorithm to obtain authentication results;

29. An authentication device of an in-vehicle sensor, wherein the device is applied to a vehicle cloud server, the device comprising:

the acquisition unit is used for acquiring the information to be signed of the vehicle-mounted sensor to be authenticated;

the generation unit is used for generating private key information and public key information of the vehicle-mounted sensor to be authenticated according to a BLS signature algorithm;

the first sending unit is used for sending the to-be-signed information and the private key information to the to-be-authenticated vehicle-mounted sensor so that the to-be-authenticated vehicle-mounted sensor generates a to-be-authenticated signature according to the BLS signature algorithm, the to-be-signed information and the private key information and sends the to-be-authenticated signature to a vehicle-mounted controller;

and the second sending unit is used for sending the public key information to the vehicle-mounted controller so that the vehicle-mounted controller can authenticate the signature to be authenticated according to the BLS signature algorithm and the public key information to obtain an authentication result.

30. The apparatus of claim 29, wherein the apparatus further comprises:

and the open unit is used for opening a public key information inquiry interface so that the vehicle-mounted controller inquires public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server according to the information to be signed of the vehicle-mounted sensor to be authenticated.

31. An authentication device of an in-vehicle sensor, wherein the device is applied to a vehicle cloud server, the device comprising:

the acquisition unit is used for acquiring private key information and to-be-signed information of the to-be-authenticated vehicle-mounted sensor;

the generation unit is used for generating a signature to be authenticated according to a BLS signature algorithm, the information to be signed and the private key information;

and the sending unit is used for sending the signature to be authenticated to the vehicle-mounted controller, so that the vehicle-mounted controller authenticates the signature to be authenticated according to the BLS signature algorithm to obtain an authentication result.

32. The apparatus according to claim 31, wherein the obtaining unit is specifically configured to:

33. The apparatus of claim 31, wherein the generating means comprises:

the second generation subunit is used for generating a curve hash value of the hash digest according to a BLS signature algorithm;

34. An authentication device of an in-vehicle sensor, wherein the device comprises a memory, a processor;

the memory is used for storing instructions;

the processor being configured to execute the instructions in the memory and to perform the method of any of claims 1-6.

35. An authentication device of an in-vehicle sensor, wherein the device comprises a memory, a processor;

the memory is used for storing instructions;

the processor being configured to execute the instructions in the memory and to perform the method of any of claims 7-8.

36. An authentication device of an in-vehicle sensor, wherein the device comprises a memory, a processor;

the memory is used for storing instructions;

the processor being configured to execute the instructions in the memory and to perform the method of any of claims 9-11.

37. A computer readable storage medium comprising instructions which, when run on a computer, cause the computer to perform the method of any of the preceding claims 1-11.