CN113239338A - Certificate issuing method, system, electronic device and computer readable storage medium - Google Patents
Certificate issuing method, system, electronic device and computer readable storage medium Download PDFInfo
- Publication number
- CN113239338A CN113239338A CN202110650173.8A CN202110650173A CN113239338A CN 113239338 A CN113239338 A CN 113239338A CN 202110650173 A CN202110650173 A CN 202110650173A CN 113239338 A CN113239338 A CN 113239338A
- Authority
- CN
- China
- Prior art keywords
- certificate
- target
- vehicle
- target vehicle
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 50
- 238000003860 storage Methods 0.000 title claims abstract description 29
- 230000015654 memory Effects 0.000 claims description 17
- 238000012795 verification Methods 0.000 claims description 6
- 238000012216 screening Methods 0.000 claims description 4
- 239000000126 substance Substances 0.000 claims 1
- 238000004519 manufacturing process Methods 0.000 abstract description 13
- 238000003745 diagnosis Methods 0.000 abstract description 5
- 238000004891 communication Methods 0.000 description 8
- 238000010586 diagram Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 230000003993 interaction Effects 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 230000009286 beneficial effect Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000012790 confirmation Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000005429 filling process Methods 0.000 description 2
- 230000006855 networking Effects 0.000 description 2
- 238000004590 computer program Methods 0.000 description 1
- 125000004122 cyclic group Chemical group 0.000 description 1
- 230000008676 import Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 230000007723 transport mechanism Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
Abstract
The application discloses a certificate issuing method, a certificate issuing system, electronic equipment and a computer readable storage medium, and relates to the technical field of information security. The target identification information of the target vehicle waiting for certificate issuance is acquired, the target identification information is sent to the certificate server, the certificate server acquires the target certificate of the target vehicle according to the target identification information, the target certificate returned by the certificate server is acquired, the target certificate is issued to the target vehicle, one-to-one certificate filling can be performed on the vehicle by using diagnosis equipment in a vehicle production line, and the accuracy and the efficiency of the certificate filling are improved.
Description
Technical Field
The present application relates to the field of information security technologies, and in particular, to a certificate issuing method, system, electronic device, and computer-readable storage medium.
Background
At present, intelligent networking application of vehicles is increasingly popularized, communication interaction between an internal network and an external network of a whole vehicle is carried out, and confirmation of internal and external identity information needs to be concerned in an interaction process, so that identity determination needs to be carried out through a Public Key Infrastructure (PKI) certificate, and safety authentication of two parties such as vehicles and the like is carried out by two communication parties based on the PKI certificate.
However, at present, PKI certificates are generated from the background and filled in a vehicle production line, and a specific certificate reading and writing device is required in the filling process, and the certificate reading and writing device cannot be filled accurately according to vehicle information.
Disclosure of Invention
The present application is directed to solving at least one of the problems in the prior art. Therefore, the certificate issuing method can be used for performing one-to-one certificate filling on the vehicles by using the diagnostic equipment in the vehicle production line, and the accuracy and efficiency of the certificate filling are improved.
The application also provides a certificate issuing system with the certificate issuing method.
The application also provides the electronic equipment with the certificate issuing method.
The application also provides a computer readable storage medium with the certificate issuing method.
According to the certificate issuing method of the embodiment of the first aspect of the present application, target identification information of a target vehicle waiting for certificate issuing is acquired; sending the target identification information to a certificate server, and acquiring a target certificate of the target vehicle by the certificate server according to the target identification information; acquiring the target certificate returned by the certificate server; issuing the target certificate into the target vehicle.
The certificate issuing method according to the embodiment of the application has at least the following beneficial effects: the target identification information of the target vehicle waiting for certificate issuance is acquired, the target identification information is sent to the certificate server, the certificate server acquires the target certificate of the target vehicle according to the target identification information, the target certificate returned by the certificate server is acquired, the target certificate is issued to the target vehicle, one-to-one certificate filling can be performed on the vehicle by using diagnosis equipment in a vehicle production line, and the accuracy and the efficiency of the certificate filling are improved.
According to some embodiments of the application, the obtaining of the initial certificate comprises: acquiring initial identification information of a plurality of initial vehicles provided by a background of a supplier; sending the initial identification information to a PKI server, and generating initial certificates of the initial vehicles by the PKI server according to the initial identification information; sending a plurality of the initial certificates to the certificate server.
According to some embodiments of the application, said sending a plurality of said initial certificates to said certificate server comprises: screening the initial certificate generated by the PKI server; and sending the screened initial certificates to the certificate server.
According to some embodiments of the application, further comprising: and sending the certificate check code of the target certificate to the target vehicle, and checking the integrity of the target certificate by the target vehicle according to the certificate check code.
According to some embodiments of the application, further comprising: obtaining a verification result of the integrity of the target certificate returned by the target vehicle; and retransmitting the target certificate to the target vehicle according to the verification result.
According to some embodiments of the application, further comprising: unlocking an on-board system of the target vehicle; the on-board system for unlocking the target vehicle comprises: sending a key request to the target vehicle; acquiring a key seed returned by the target vehicle according to the key request; generating an unlocking key according to the key seed; and sending the unlocking key to the target vehicle so as to unlock the vehicle-mounted system of the target vehicle.
According to some embodiments of the application, further comprising: acquiring an issuing result of the target certificate returned by the target vehicle; and re-sending the target certificate to the target vehicle according to the issuing result.
A certificate issuing system according to an embodiment of a second aspect of the present application includes: the identification acquisition module is used for acquiring target identification information of a target vehicle waiting for certificate issuance; the certificate request module is used for sending the target identification information to a certificate server, and the certificate server acquires a target certificate of the target vehicle according to the target identification information; the certificate acquisition module is used for acquiring the target certificate returned by the certificate server; a certificate issuance module for issuing the target certificate to the target vehicle.
The certificate issuing system according to the embodiment of the application has at least the following beneficial effects: in the embodiment of the application, the target identification information of a target vehicle waiting for certificate issuance is acquired through the identification acquisition module, the certificate request module sends the target identification information to the certificate server, the certificate server acquires the target certificate of the target vehicle according to the target identification information, the certificate acquisition module acquires the target certificate returned by the certificate server, and the certificate issuance module issues the target certificate to the target vehicle.
An electronic device according to an embodiment of a third aspect of the present application includes: at least one processor, and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions for execution by the at least one processor to cause the at least one processor, when executing the instructions, to implement the certificate issuing method according to the first aspect.
According to the electronic equipment of this application, have at least following beneficial effect: by implementing the certificate issuing method mentioned in the first aspect of the embodiment, the vehicle can be subjected to one-to-one certificate filling by using the diagnostic equipment in the vehicle production line, and the accuracy and efficiency of the certificate filling are improved.
The computer-readable storage medium according to an embodiment of the fourth aspect of the present application stores computer-executable instructions for causing a computer to execute the certificate issuing method according to the first aspect.
The computer-readable storage medium according to the present application has at least the following advantageous effects: by implementing the certificate issuing method mentioned in the first aspect of the embodiment, the vehicle can be subjected to one-to-one certificate filling by using the diagnostic equipment in the vehicle production line, and the accuracy and efficiency of the certificate filling are improved.
Additional aspects and advantages of the present application will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the present application.
Drawings
Fig. 1 is a schematic block diagram of a certificate filling system according to an embodiment of the present application;
fig. 2 is a schematic flowchart of a certificate issuing method according to an embodiment of the present application;
fig. 3 is another specific flowchart of the certificate issuing method in the embodiment of the present application;
fig. 4 is a schematic flowchart of another specific flowchart of a certificate issuing method in an embodiment of the present application;
FIG. 5 is a diagram illustrating an exemplary implementation of a certificate issuing method according to an embodiment of the present application;
fig. 6 is a schematic block diagram of a certificate issuing system according to an embodiment of the present application.
Reference numerals:
Detailed Description
Reference will now be made in detail to embodiments of the present application, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are exemplary only for the purpose of explaining the present application and are not to be construed as limiting the present application.
It should be noted that the logical order is shown in the flowcharts, but in some cases, the steps shown or described may be performed in an order different from the flowcharts. If the term "a number" is used, it is intended to mean more than one, if the term "a number" is used, it is intended to mean more than two, and if the term "less than one" is used, it is intended to include the number. The use of any and all examples, or exemplary language ("e.g.," such as "etc.), provided herein is intended merely to better illuminate embodiments of the application and does not pose a limitation on the scope of the application unless otherwise claimed. The terms greater than, less than, more than, etc. are understood to exclude the essential numbers, and the terms greater than, less than, and the like are understood to include the essential numbers. If the first and second are described for the purpose of distinguishing technical features, they are not to be understood as indicating or implying relative importance or implicitly indicating the number of technical features indicated or implicitly indicating the precedence of the technical features indicated.
It is noted that, as used in the examples, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. Furthermore, unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art. The terminology used in the description herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used herein, the term "and/or" includes any combination of one or more of the associated listed items.
At present, intelligent networking application of vehicles is increasingly popularized, communication interaction is carried out between an internal network and an external network of the whole vehicle, confirmation of internal and external identity information needs to be concerned in the interaction process, identity determination needs to be carried out through a PKI certificate, and safety authentication of two communication parties such as vehicles and the like is carried out on the basis of the PKI certificate.
However, at present, PKI certificates are generated from the background and filled in a vehicle production line, and a specific certificate reading and writing device is required in the filling process, and the certificate reading and writing device cannot be filled accurately according to vehicle information.
Based on this, embodiments of the present application provide a certificate issuing method, system, electronic device, and computer-readable storage medium, which can perform one-to-one certificate filling on a vehicle using a diagnostic device 150 in a vehicle production line, thereby improving the accuracy and efficiency of certificate filling.
In a first aspect, an embodiment of the present application provides a certificate issuing method.
It should be noted that the certificate issuing method mentioned in the embodiment of the present application is performed based on a certificate filling System as shown in fig. 1, where the certificate filling System includes a supplier backend 110, a PKI server, an MES (Manufacturing Execution System) System, a certificate server 140, a diagnostic device 150, and a target vehicle. The supplier backend 110 is configured to collect and aggregate an ECU (Electronic Control Unit) identifier of a vehicle requiring certificate filling, where the ECU identifier is identification information that uniquely identifies the vehicle and is generated based on a part number and a serial number of the filling vehicle, and the supplier backend 110 may provide the vehicle ECU identifier requiring certificate filling to the PKI server 120 in advance; the PKI server 120 is configured to generate a corresponding PKI certificate according to the received ECU identifier, where the PKI certificate is certificate information that the vehicle needs to be filled; the MES system 130 is connected with the PKI server 120 in a communication way, and the PKI server 120 can send the generated PKI certificate to the MES system 130 for management and implementation; the MES system 130 is in communication connection with the certificate server 140, the MES system 130 can send the generated PKI certificate to the certificate server 140 for storage, and the certificate server 140 can construct an offline certificate database, that is, the PKI certificate is stored in the constructed certificate database in an offline storage manner; the diagnosis device 150 is a device that is commonly used to diagnose and check the target vehicle 160 for an electric signal, and can perform diagnosis through an OBD (On-Board Diagnostics) interface of the target vehicle 160 to read an ECU identifier of the target vehicle 160 waiting for certificate filling, and can fill the target vehicle 160 with a PKI certificate, completing the production line of the vehicle.
In some embodiments, referring to fig. 2, a flowchart of a certificate issuing method in an embodiment of the present application is shown. The method specifically comprises the following steps:
s100, acquiring target identification information of a target vehicle waiting for certificate issuance;
s200, sending the target identification information to a certificate server, and acquiring a target certificate of the target vehicle by the certificate server according to the target identification information;
s300, acquiring a target certificate returned by the certificate server;
s400, the target certificate is issued to the target vehicle.
In step S100, on the production line of filling the certificate, the diagnosis device 150 is connected to the OBD interface of the vehicle, so as to diagnose the vehicle, and obtain the target identification information of the target vehicle 160 waiting for issuing the certificate, where the target identification information is the aforementioned ECU identifier of the vehicle, including the part number of the vehicle and/or the serial number of the vehicle, and the unique identity of the target vehicle 160 can be determined by the ECU identifier. In practical applications, after the target vehicle 160 is completely assembled and taken off line, the certificate needs to be filled into an on-board system of the target vehicle 160, and a handheld device of an electrical inspection terminal, such as the diagnostic device 150, sends a diagnostic instruction for acquiring the ECU identifier to the target vehicle 160 through an OBD interface connected to the target vehicle 160, so as to read the ECU identifier of the target vehicle 160.
In some embodiments, referring to fig. 3, the embodiments of the present application specifically further include:
and step S110, unlocking the vehicle-mounted system of the target vehicle.
In step S110, the target certificate filled by the diagnostic apparatus 150 needs to be filled into the on-board system of the target vehicle 160, and in practical applications, the on-board system of the target vehicle 160 may be in a safe state, and when the on-board system is in the safe state, the diagnostic apparatus 150 cannot fill the on-board system of the target vehicle 160 with the target certificate, that is, the PKI certificate, so that the on-board system of the target vehicle 160 needs to be unlocked. The security state of the vehicle-mounted system ensures that the vehicle-mounted system is not invaded to a certain extent to steal corresponding security data, and the diagnostic device 150 needs to acquire an unlocking key capable of releasing the security state of the vehicle-mounted system from the vehicle-mounted system, and decrypts the security state of the vehicle-mounted system through the corresponding unlocking key.
Specifically, after the diagnostic device 150 enters the certificate filling mode, it needs to send a key request to the vehicle-mounted system of the target vehicle 160, the vehicle-mounted system of the target vehicle 160 can generate a corresponding key seed according to the key request, the diagnostic device 150 obtains the generated key seed, generates an unlocking key of the vehicle-mounted system according to the generated key seed, and sends the unlocking key to the target vehicle 160 to unlock the vehicle-mounted system of the target vehicle 160. Wherein the key request and an unlock key for requesting the target vehicle 160 for unlocking the secure state of the in-vehicle system; the key seed refers to seed information for providing an unlocking key for the diagnostic device 150 to generate a safe state for unlocking the in-vehicle system; after acquiring the key seed returned by the target vehicle 160, the diagnostic device 150 processes the key seed according to a correlation algorithm for key generation specified in advance, thereby generating an unlocking key for unlocking the security state of the receiving end. After the diagnostic device 150 sends the unlocking key to the target vehicle 160, the target vehicle 160 may determine whether the unlocking key is correct, and if so, unlock the vehicle-mounted system according to the unlocking key. The subsequent diagnostic device 150 can flood PKI credentials into the onboard systems of the target vehicle 160.
In the embodiment of the application, the vehicle-mounted system ensures the safety degree of the vehicle-mounted system through the safety state, and the diagnostic device 150 interacts with the vehicle-mounted system of the target vehicle 160 to obtain the unlocking key for unlocking the safety state of the vehicle-mounted system, so that the mutual trust effect is achieved, and the security of certificate filling is improved.
In steps S200 and S300, the diagnostic device 150 obtains target identification information of the target vehicle 160 waiting for sending the certificate, and sends the target identification information to the certificate server 140, where the target identification information of the target vehicle 160 obtained by the certificate server 140 may perform traversal retrieval on a pre-stored PKI certificate according to the target identification information to obtain a target certificate corresponding to the target vehicle 160, where the target certificate represents a unique PKI certificate corresponding to the target vehicle 160 in the certificate server 140. The certificate server 140, after traversing the search for the corresponding target certificate, will send the PKI certificate to the diagnostic device 150 waiting to be sent to the target vehicle 160.
In some embodiments, in the acquisition of the initial certificate in this embodiment of the application, the initial identification information of the plurality of initial vehicles provided by the provider backend 110 is acquired, and the plurality of initial information is sent to the PKI server 120, the PKI server 120 generates the initial certificate according to the received initial identification information, each initial certificate corresponds to one initial vehicle, and after the PKI server generates the initial certificate, the initial certificate is sent to the certificate server for storage. The ECU identifier of the vehicle, which is the initial identification information, is generated from the part number and serial number of the vehicle, and has uniqueness. In practical application, the supplier background 110 collects and summarizes part numbers and serial numbers of vehicles needing to be filled with certificates in advance, generates a unique ECU identifier, sends the ECU identifier to the PKI server 120, the PKI server 120 generates a unique PKI certificate, namely an initial certificate of an initial vehicle, according to the ECU identifier, the PKI server 120 sends the generated PKI server 120 to the MES system 130, the MES system 130 sends the generated PKI certificate to the certificate server 140 for storage, so that the certificate server can store a plurality of initial certificates mentioned in the embodiment of the present application, and the certificate server 140 has an offline function, can store the PKI certificate offline, namely, the PKI certificate does not need to be accessed to the MES system 130 in real time to obtain the PKI certificate, only the MES system 130 needs to send the PKI certificate needing to be filled in advance to the certificate server 140 for storage, when the diagnostic equipment 150 needs the PKI certificate, the diagnostic device 150 may obtain it from the certificate server 140.
In practical applications, the provider back office 110 sends the data to the PKI server 120 in a preset file format, such as the type of the vehicle ECU identifier, the part number of the vehicle, the serial number of the vehicle, and the information import time. It should be noted that the initial identification information of the initial vehicle may be simultaneously imported into the PKI server 120 in a large batch.
In some embodiments, the method further includes screening a PKI certificate received in the MES system 130, that is, an initial certificate generated by the PKI server 120, and sending a plurality of screened initial certificates to the certificate server 140, specifically, after the MES system 130 receives an initial certificate generated by the server, that is, a PKI certificate, the MES system 130 may screen the initial certificate, for example, screening the PKI certificate from the aspects of whether the PKI certificate is legal or not, whether the PKI certificate is a valid certificate or not, and the like.
In practical applications, the PKI certificate stored in the certificate server 140 mentioned in the embodiment of the present application is stored in the form of a preset information list, where the information list includes the ECU identifier, i.e., the part number and serial number of the vehicle, the PKI certificate, and the generation time of the PKI certificate. On the other hand, the valid time may be set by the generation time of the PKI certificate, that is, when the PKI certificate exceeds the valid time, the PKI certificate stored in the certificate server 140 is invalidated and cannot be filled into the vehicle.
It should be noted that the initial certificate and the target certificate mentioned in the embodiments of the present application are all PKI certificates mentioned in the embodiments of the present application; the initial vehicle and the target vehicle 160 are both vehicles mentioned in the embodiments of the present application, such as vehicles that require a certificate of authenticity; the initial identification information and the target identification information are both ECU identifiers of the vehicle mentioned in the embodiment of the present application, and the "initial" and the "target" mentioned in the embodiment of the present application are only distinguished from specific objects, and are not particularly limited.
In step S400, after acquiring the PKI certificate issued by the certificate server 140, the diagnostic device 150 enters a certificate filling mode to issue the PKI certificate to the target vehicle 160, thereby completing the issuance of the PKI certificate of the target vehicle 160. By the method, the certificate can be accurately filled into the vehicle, and the filling efficiency and the accuracy of the certificate are improved.
In some embodiments, referring to fig. 3, the embodiments of the present application specifically further include:
step S500, obtaining the issuing result of the target certificate returned by the target vehicle, and resending the target certificate to the target vehicle according to the issuing result.
In step S500, the diagnostic device 150 can obtain the issuing result of the target certificate returned by the target vehicle 160 through the OBD interface connected to the target vehicle 160, specifically, after the vehicle receives the PKI certificate filled in the diagnostic device 150 through the OBD interface, the vehicle determines the issuing condition of the current PKI certificate, determines whether the PKI certificate is successfully issued, generates a corresponding issuing result, and returns the issuing result to the diagnostic device 150. The diagnostic device 150 may determine whether the release is successful according to the release result, and if the PKI certificate is not successfully released, the diagnostic device 150 re-releases the PKI certificate to the target vehicle 160, thereby ensuring that the PKI certificate is correctly and successfully released to the target vehicle 160.
In practical applications, after the target vehicle 160 receives the PKI certificate, the current certificate write status flag bit can be written as a PKI certificate write success, and the certificate write status flag bit can visually indicate whether the current target vehicle 160 writes the PKI certificate.
In some embodiments, referring to fig. 4, the embodiments of the present application specifically further include:
step S600, the certificate check code of the target certificate is sent to the target vehicle, and the target vehicle checks the integrity of the target certificate according to the certificate check code.
In step S600, the diagnostic device 150 sends the target certificate, i.e., the certificate verification code of the PKI certificate, to the target vehicle 160, and after receiving the certificate verification code, the target vehicle 160 can verify the target certificate and verify whether the target certificate is a complete PKI certificate. The specific checking mode may be checking based on an MD5 information Digest Algorithm (MD5 Message-Digest Algorithm), or may be checking based on a CRC-32(cyclic redundancy Check) checking Algorithm, and a specific checking process is not limited in this embodiment.
In practical application, after receiving the PKI certificate, the vehicle-mounted system of the target vehicle 160 may extract the header ECU information in the PKI certificate, compare and determine the header ECU information with the ECU identifier of the target vehicle 160, determine whether the header ECU information is consistent with the ECU identifier, calculate according to the header ECU information to obtain a corresponding check code, compare and determine whether the check code is consistent with the data check code sent by the diagnostic device 150, and if the check code is consistent with the data check code, indicate that the PKI certificate is a complete PKI certificate.
In some embodiments, referring to fig. 4, the embodiments of the present application specifically further include:
and step S700, acquiring the integrity check result of the target certificate returned by the target vehicle, and resending the target certificate to the target vehicle according to the check result.
In step S700, after the vehicle receives the certificate check code sent by the diagnostic device 150, the integrity of the PKI certificate is checked through the certificate check code to determine whether the received PKI certificate is complete, and generate a corresponding check result, and the check result is returned to the diagnostic device 150, the diagnostic device 150 can determine whether the target certificate receives the complete PKI certificate according to the check result, and if the check result indicates that the target certificate does not receive the complete PKI certificate, the diagnostic device 150 re-issues the complete PKI certificate to the target vehicle 160.
In a possible implementation example, as shown in fig. 5, the diagnostic device 150 sends a diagnostic instruction for entering the certificate filling mode to the on-board system, and the on-board system enters the certificate filling mode according to the diagnostic instruction and informs the diagnostic device 150. The diagnostic device 150 sends a key request for requesting unlocking of the security state of the vehicle-mounted system, after receiving the key request, the vehicle-mounted system of the target vehicle 160 determines the identity of the diagnostic device 150 and the correctness of the key request according to the key request, after determining that the key request is correct, a key seed for generating an unlocking key is returned according to the key request, the key seed is sent to the diagnostic device 150, after receiving the key seed, the diagnostic device 150 generates a corresponding unlocking key according to a preset key generation algorithm and sends the unlocking key to the vehicle-mounted system of the target vehicle 160, after receiving the unlocking key, the vehicle-mounted system determines the accuracy of the unlocking key, after determining that the unlocking key is accurate, the security state can be released according to the unlocking key, and a notification of releasing the security state is sent to the diagnostic device 150. The diagnostic device 150, upon receiving notification that the security state has been released, can flood PKI certificates into the on-board systems of the target vehicle 160. The on-board system will determine the filling status of the current PKI certificate and return the issuing result to the diagnostic device 150 after filling is completed. The diagnostic device 150 determines that the PKI certificate is issued to the vehicle-mounted system of the target vehicle 160 after receiving the issuing result, at this time, the vehicle-mounted system sends a certificate check code to the vehicle-mounted system, the vehicle-mounted system performs integrity check on the PKI certificate according to the certificate check code, after determining that the PKI certificate is an integral PKI certificate, the vehicle-mounted system returns a complete PKI certificate notification to the diagnostic device 150, after receiving the integrity notification returned by the vehicle-mounted system, the diagnostic device 150 sends a diagnostic instruction for reading a local storage state of the PKI certificate in the vehicle-mounted system to the vehicle-mounted system, and the vehicle-mounted system returns information about a certificate writing state of the current PKI certificate to the diagnostic device 150, so that the diagnostic device 150 can know the PKI certificate issuing condition of the current vehicle-mounted system.
It should be noted that, in this embodiment of the present application, the diagnostic device 150 may issue the PKI certificates to the multiple target vehicles 160 at one time, that is, the PKI certificates are issued in batches, specifically, the target identification information of the multiple target vehicles 160 may be read at one time, the multiple target identification information is simultaneously sent to the certificate server 140 to obtain the PKI certificates, and then the uniqueness of the PKI certificates and the target identification information are used to issue the PKI certificates one-to-one, so that the accuracy and the efficiency of issuing the PKI certificates are improved.
In the embodiment of the present application, by obtaining the target identification information of the target vehicle 160 waiting for certificate issuance, sending the target identification information to the certificate server 140, obtaining the target certificate of the target vehicle 160 by the certificate server 140 according to the target identification information, obtaining the target certificate returned by the certificate server 140, and issuing the target certificate to the target vehicle 160, the diagnostic device 150 can be used in a vehicle production line to perform one-to-one certificate filling on the vehicle, thereby improving the accuracy and efficiency of certificate filling.
In a second aspect, the present application provides a certificate issuing system for executing the certificate issuing method mentioned in the first aspect.
In some embodiments, referring to fig. 6, a block diagram of a certificate issuing system in an embodiment of the present application is shown. The method specifically comprises the following steps: an identity acquisition module 210, a certificate request module 220, a certificate acquisition module 230, and a certificate issuance module 240.
The identification obtaining module 210 is configured to obtain target identification information of the target vehicle 160 waiting for certificate issuance;
the certificate request module 220 is configured to send the target identification information to the certificate server 140, and the certificate server 140 obtains the target certificate of the target vehicle 160 according to the target identification information;
the acquisition module is used for acquiring a target certificate returned by the certificate server 140;
the certificate issuing module 240 is used to issue the target certificate into the target vehicle 160.
It should be noted that, in the embodiment of the present application, specific functions and descriptions of the identifier obtaining module 210, the certificate requesting module 220, the certificate obtaining module 230, and the certificate issuing module 240 are described in detail in the embodiment of the first aspect, and therefore are not described herein again.
In the embodiment of the present application, the identification obtaining module 210 obtains the target identification information of the target vehicle 160 waiting for certificate issuance, the certificate requesting module 220 sends the target identification information to the certificate server 140, the certificate server 140 obtains the target certificate of the target vehicle 160 according to the target identification information, the certificate obtaining module 230 obtains the target certificate returned by the certificate server 140, and the certificate issuing module 240 issues the target certificate to the target vehicle 160, so that the diagnostic device 150 can be used in a vehicle production line to perform one-to-one certificate filling on the vehicle, thereby improving the accuracy and efficiency of certificate filling.
In a third aspect, an embodiment of the present application further provides an electronic device, including: at least one processor, and a memory communicatively coupled to the at least one processor;
wherein the processor is configured to execute the certificate issuing method in the embodiment of the first aspect by calling a computer program stored in the memory.
The memory, which is a non-transitory computer readable storage medium, may be used to store a non-transitory software program and a non-transitory computer executable program, such as the certificate issuing method in the embodiments of the first aspect of the present application. The processor implements the certificate issuing method in the above-described first embodiment by executing the non-transitory software program and the instructions stored in the memory.
The memory may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store the certificate issuing method in the embodiment of the first aspect described above. Further, the memory may include high speed random access memory, and may also include non-transitory memory, such as at least one disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, the memory optionally includes memory located remotely from the processor, and these remote memories may be connected to the terminal over a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The non-transitory software programs and instructions required to implement the certificate issuing method in the first aspect embodiment described above are stored in a memory and, when executed by one or more processors, perform the certificate issuing method in the first aspect embodiment described above.
In a fourth aspect, embodiments of the present application further provide a computer-readable storage medium storing computer-executable instructions for: executing the certificate issuing method in the embodiment of the first aspect;
in some embodiments, the computer-readable storage medium stores computer-executable instructions, which when executed by one or more control processors, for example, by one of the processors in the electronic device of the third aspect, may cause the one or more processors to perform the certificate issuing method of the first aspect.
The above described embodiments of the device are merely illustrative, wherein the units illustrated as separate components may or may not be physically separate, i.e. may be located in one place, or may also be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment.
One of ordinary skill in the art will appreciate that all or some of the steps, systems, and methods disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof. Some or all of the physical components may be implemented as software executed by a processor, such as a central processing unit, digital signal processor, or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). The term computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data, as is well known to those of ordinary skill in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, Digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can accessed by a computer. In addition, communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media as known to those skilled in the art.
In the description herein, references to the description of the terms "some embodiments," "examples," "specific examples," or "some examples," etc., mean that a particular feature or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present application. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example.
Claims (10)
1. The certificate issuing method is characterized by comprising the following steps:
acquiring target identification information of a target vehicle waiting for certificate issuance;
sending the target identification information to a certificate server, the certificate server including a plurality of initial certificates;
acquiring the target certificate returned by the certificate server, wherein the target certificate is acquired from a plurality of initial certificates by the certificate server according to the target identification information;
issuing the target certificate into the target vehicle.
2. The certificate issuing method according to claim 1, wherein the acquisition of the initial certificate includes:
acquiring initial identification information of a plurality of initial vehicles provided by a background of a supplier;
sending the initial identification information to a PKI server, and generating initial certificates of the initial vehicles by the PKI server according to the initial identification information;
sending a plurality of the initial certificates to the certificate server.
3. The certificate issuing method according to claim 2, wherein said sending a plurality of the initial certificates to the certificate server includes:
screening the initial certificate generated by the PKI server;
and sending the screened initial certificates to the certificate server.
4. The certificate issuing method according to claim 1, further comprising:
and sending the certificate check code of the target certificate to the target vehicle, and checking the integrity of the target certificate by the target vehicle according to the certificate check code.
5. The certificate issuing method according to claim 4, further comprising:
obtaining a verification result of the integrity of the target certificate returned by the target vehicle;
and retransmitting the target certificate to the target vehicle according to the verification result.
6. The certificate issuing method according to any one of claims 1 to 5, characterized by further comprising: unlocking an on-board system of the target vehicle;
the on-board system for unlocking the target vehicle comprises:
sending a key request to the target vehicle;
acquiring a key seed returned by the target vehicle according to the key request;
generating an unlocking key according to the key seed;
and sending the unlocking key to the target vehicle so as to unlock the vehicle-mounted system of the target vehicle.
7. The certificate issuing method according to any one of claims 1 to 5, characterized by further comprising:
acquiring an issuing result of the target certificate returned by the target vehicle;
and re-sending the target certificate to the target vehicle according to the issuing result.
8. A certificate issuing system, comprising:
the identification acquisition module is used for acquiring target identification information of a target vehicle waiting for certificate issuance;
the certificate request module is used for sending the target identification information to a certificate server, and the certificate server acquires a target certificate of the target vehicle according to the target identification information;
the certificate acquisition module is used for acquiring the target certificate returned by the certificate server;
a certificate issuance module for issuing the target certificate to the target vehicle.
9. An electronic device, comprising:
at least one processor, and,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions for execution by the at least one processor to cause the at least one processor, when executing the instructions, to implement the certificate issuing method according to any one of claims 1 to 7.
10. A computer-readable storage medium storing computer-executable instructions for causing a computer to perform the certificate issuing method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110650173.8A CN113239338A (en) | 2021-06-10 | 2021-06-10 | Certificate issuing method, system, electronic device and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110650173.8A CN113239338A (en) | 2021-06-10 | 2021-06-10 | Certificate issuing method, system, electronic device and computer readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113239338A true CN113239338A (en) | 2021-08-10 |
Family
ID=77139713
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110650173.8A Pending CN113239338A (en) | 2021-06-10 | 2021-06-10 | Certificate issuing method, system, electronic device and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113239338A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116094812A (en) * | 2023-01-18 | 2023-05-09 | 重庆赛力斯新能源汽车设计院有限公司 | Communication method, equipment and medium of Ethernet component in vehicle |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105313837A (en) * | 2015-09-25 | 2016-02-10 | 广州汽车集团股份有限公司 | Intelligent key matching method and system |
| CN107919955A (en) * | 2017-12-28 | 2018-04-17 | 北京奇虎科技有限公司 | A kind of vehicle network safety certifying method, system, vehicle, device and medium |
| KR20190115515A (en) * | 2018-03-16 | 2019-10-14 | 주식회사 아도스 | AUTHENTICATION METHOD AND SYSTEM OF IoT(Internet of Things) DEVICE BASED ON PUBLIC KEY INFRASTRUCTURE |
| CN110418309A (en) * | 2019-07-30 | 2019-11-05 | 深圳成谷科技有限公司 | A kind of method, apparatus, equipment and the on board unit of bus or train route collaboration certificate issued |
| CN111698255A (en) * | 2020-06-15 | 2020-09-22 | 南京领行科技股份有限公司 | Service data transmission method, device and system |
-
2021
- 2021-06-10 CN CN202110650173.8A patent/CN113239338A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105313837A (en) * | 2015-09-25 | 2016-02-10 | 广州汽车集团股份有限公司 | Intelligent key matching method and system |
| CN107919955A (en) * | 2017-12-28 | 2018-04-17 | 北京奇虎科技有限公司 | A kind of vehicle network safety certifying method, system, vehicle, device and medium |
| KR20190115515A (en) * | 2018-03-16 | 2019-10-14 | 주식회사 아도스 | AUTHENTICATION METHOD AND SYSTEM OF IoT(Internet of Things) DEVICE BASED ON PUBLIC KEY INFRASTRUCTURE |
| CN110418309A (en) * | 2019-07-30 | 2019-11-05 | 深圳成谷科技有限公司 | A kind of method, apparatus, equipment and the on board unit of bus or train route collaboration certificate issued |
| CN111698255A (en) * | 2020-06-15 | 2020-09-22 | 南京领行科技股份有限公司 | Service data transmission method, device and system |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116094812A (en) * | 2023-01-18 | 2023-05-09 | 重庆赛力斯新能源汽车设计院有限公司 | Communication method, equipment and medium of Ethernet component in vehicle |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10706646B2 (en) | Vehicle diagnostic device and method of managing certificate thereof | |
| CN104572320B (en) | Method for confirming correction program and information processing equipment | |
| CN110022298B (en) | Evidence verification method and device based on block chain and electronic equipment | |
| US10880285B2 (en) | Self-driving vehicle test authentication | |
| CN104904156B (en) | Authentication apparatus, authentication processing system and authentication method | |
| CN110503781A (en) | Vehicle leasing business data processing method and device based on block chain | |
| CN113377403A (en) | Vehicle remote software upgrading method and device | |
| CN113239338A (en) | Certificate issuing method, system, electronic device and computer readable storage medium | |
| CN112740617B (en) | Certificate list updating method and device | |
| CN113778050A (en) | Vehicle remote diagnosis method and device, storage medium and vehicle after-sale terminal | |
| CN108540335B (en) | Management method and management device for equipment analysis report | |
| CN110222085A (en) | A kind of processing method, device and storage medium for depositing card data | |
| CN112905437B (en) | Method, device and storage medium for testing cases | |
| CN110191112B (en) | Identity verification method and device, vehicle-mounted equipment and server | |
| CN113810453A (en) | Timestamp marking method and device based on consensus block chain | |
| US11374942B2 (en) | Verification terminal | |
| US20200153633A1 (en) | Data communication system, data communication method, server, and vehicle | |
| CN112003867B (en) | Communication method of vehicle-mounted T-BOX and cloud server and related equipment | |
| CN114115170A (en) | Method and device for determining vehicle configuration module and after-sale diagnostic apparatus | |
| CN116684176A (en) | Vehicle-mounted equipment registration method, system and storage medium | |
| CN113341914B (en) | Timing processing method, system and device of engine | |
| CN111131494B (en) | Vehicle data storage and verification processing method and device, electronic equipment and medium | |
| KR20240025970A (en) | Apparatus for controlling a vehicle including rxswin information, and system for controlling a vehicle having the apparatus | |
| CN113103989B (en) | Authentication information sending method, vehicle unlocking method, electronic device and storage medium | |
| CN116893660A (en) | Authentication method and system for vehicle ODB diagnosis |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20231127 Address after: 518000 Baoneng Center, No. 3008 Baoneng North Road, Luohu District, Shenzhen, Guangdong Province Applicant after: Shenzhen Shengbo Hairui Management Co.,Ltd. Address before: 510000 Building 1, Baoneng Cultural Plaza, 59 lichui street, Huangpu District, Guangzhou City, Guangdong Province Applicant before: Baoneng (Guangzhou) Automobile Research Institute Co.,Ltd. |
|
| TA01 | Transfer of patent application right |