CN113612852A - Communication method, device, equipment and storage medium based on vehicle-mounted terminal - Google Patents

Communication method, device, equipment and storage medium based on vehicle-mounted terminal Download PDF

Info

Publication number
CN113612852A
CN113612852A CN202110920689.XA CN202110920689A CN113612852A CN 113612852 A CN113612852 A CN 113612852A CN 202110920689 A CN202110920689 A CN 202110920689A CN 113612852 A CN113612852 A CN 113612852A
Authority
CN
China
Prior art keywords
vehicle
random number
key
server
mounted terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110920689.XA
Other languages
Chinese (zh)
Inventor
杨坤
徐辉
齐伟华
鲍文光
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong Edbang Intelligent Technology Co ltd
Original Assignee
Shandong Edbang Intelligent Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong Edbang Intelligent Technology Co ltd filed Critical Shandong Edbang Intelligent Technology Co ltd
Priority to CN202110920689.XA priority Critical patent/CN113612852A/en
Publication of CN113612852A publication Critical patent/CN113612852A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a communication method, a device, equipment and a storage medium based on a vehicle-mounted terminal; in the scheme, when the vehicle-mounted terminal and the server execute a handshake process, communication needs to be carried out in a symmetric encryption and decryption mode and an asymmetric encryption and decryption mode, so that the communication safety is improved; in addition, when the handshake process is executed, the session key does not need to be transmitted, and the session key can be independently generated at two ends, so that the session key is prevented from being leaked in the transmission process, and the communication safety between the vehicle-mounted terminal and the server is further improved.

Description

Communication method, device, equipment and storage medium based on vehicle-mounted terminal
Technical Field
The invention relates to the technical field of vehicle networking communication, in particular to a communication method, a device, equipment and a storage medium based on a vehicle-mounted terminal.
Background
The communication safety between the vehicle-mounted terminal and the server mainly has the problems of data theft prevention, tampering prevention, counterfeit prevention and the like. The anti-counterfeiting is that the identity is verified, if the vehicle-mounted terminal communicates with the illegal server, the vehicle can be illegally started, the vehicle is stolen, and the identity verification at the service end is particularly important. At present, when identity authentication is carried out, a symmetric encryption mode is used between a vehicle-mounted terminal and a server for data transmission, after keys of the symmetric encryption mode are randomly generated, the subsequent transmission process needs to be carried out through encryption transmission of the fixed symmetric keys, and the symmetric keys are easy to leak; in addition, at present, in the handshake process, the session key needs to be transmitted in a symmetric encryption manner, and the transmitted session key is easy to steal due to the fact that the symmetric key is easy to leak, and the security is low.
Disclosure of Invention
The invention aims to provide a communication method, a communication device, communication equipment and a storage medium based on a vehicle-mounted terminal so as to improve the safety of communication between the vehicle-mounted terminal and a server.
In order to achieve the above object, the present invention provides a communication method based on a vehicle-mounted terminal, including:
the vehicle-mounted terminal doubly encrypts the first vehicle random number by using the prefabricated secret key and the public key and sends a generated first encryption result to the server so that the server doubly decrypts the first encryption result by using the private key and the prefabricated secret key of the vehicle-mounted terminal to generate a second vehicle random number;
receiving a second encryption result sent by the server, wherein the second encryption result comprises: the server encrypts a first platform random number by using a first session key to obtain first encrypted data, and encrypts a second platform random number by using a second session key to obtain second encrypted data; the first session key is generated by the server by using the second vehicle random number and the first platform random number;
the public key and the prefabricated secret key are used for carrying out double decryption on the first encrypted data to generate a second platform random number; decrypting the second encrypted data by using a second session key to generate a third vehicle random number; the second session key is generated by the vehicle-mounted terminal by using the second platform random number and the first vehicle random number;
judging whether the third vehicle random number is the same as the first vehicle random number or not; if yes, successfully verifying the server; and if not, the server fails to be verified.
In order to achieve the above object, the present invention further provides a communication device based on a vehicle-mounted terminal, comprising:
the first encryption module is used for carrying out double encryption on the first vehicle random number by utilizing the prefabricated secret key and the public key to generate a first encryption result;
the first sending module is used for sending the first encryption result to a server so that the server can carry out double decryption on the first encryption result by using a private key and a prefabricated secret key of the vehicle-mounted terminal to generate a second vehicle random number;
a first receiving module, configured to receive a second encryption result sent by the server, where the second encryption result includes: the server encrypts a first platform random number by using a first session key to obtain first encrypted data, and encrypts a second platform random number by using a second session key to obtain second encrypted data; the first session key is generated by the server by using the second vehicle random number and the first platform random number;
the first decryption module is used for carrying out double decryption on the first encrypted data by using the public key and the prefabricated secret key to generate a second platform random number;
the second decryption module is used for decrypting the second encrypted data by using a second session key to generate a third vehicle random number; the second session key is generated by the vehicle-mounted terminal by using the second platform random number and the first vehicle random number;
the judging module is used for judging whether the third vehicle random number is the same as the first vehicle random number or not; if yes, successfully verifying the server; and if not, the server fails to be verified.
To achieve the above object, the present invention further provides an electronic device comprising:
a memory for storing a computer program;
and the processor is used for realizing the steps of the communication method based on the vehicle-mounted terminal when executing the computer program.
To achieve the above object, the present invention further provides a computer-readable storage medium having a computer program stored thereon, which, when being executed by a processor, implements the steps of the above-mentioned vehicle-mounted terminal-based communication method.
According to the scheme, the communication method, the device, the equipment and the storage medium based on the vehicle-mounted terminal are provided by the embodiment of the invention; in the scheme, when the vehicle-mounted terminal and the server execute a handshake process, communication needs to be carried out in a symmetric encryption and decryption mode and an asymmetric encryption and decryption mode, so that the communication safety is improved; in addition, when the handshake process is executed, the initial key and the session key do not need to be transmitted, and the session key can be independently generated at two ends, so that the session key is prevented from being leaked in the transmission process, and the communication safety between the vehicle-mounted terminal and the server is further improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic flow chart of a communication method based on a vehicle-mounted terminal according to an embodiment of the present invention;
fig. 2 is a schematic flow chart of another communication method based on a vehicle-mounted terminal according to the embodiment of the invention;
fig. 3 is a schematic structural diagram of a communication device based on a vehicle-mounted terminal according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The embodiment of the invention discloses a communication method, a device, equipment and a storage medium based on a vehicle-mounted terminal, which are used for improving the safety of communication between the vehicle-mounted terminal and a server.
Referring to fig. 1, a schematic flow chart of a communication method based on a vehicle-mounted terminal provided in an embodiment of the present invention specifically includes:
s101, the vehicle-mounted terminal conducts double encryption on a first vehicle random number by using a prefabricated secret key and a public key and sends a generated first encryption result to the server, so that the server conducts double decryption on the first encryption result by using the private key and the prefabricated secret key of the vehicle-mounted terminal to generate a second vehicle random number;
it should be noted that, the server needs to generate an asymmetric encrypted key pair, where the key pair includes: a public key and a private key. Before the vehicle-mounted terminal leaves a factory, a random terminal prefabricated secret key needs to be generated, and the vehicle-mounted terminal stores the prefabricated secret key and a public key generated by a server, such as: the pre-formed key is written into the memory space of the terminal together with the public key. Further, the terminal identification and the prefabricated secret key of the vehicle-mounted terminal are required to be stored in the server; the terminal identifier of the vehicle-mounted terminal may be an Integrated Circuit Card Identifier (ICCID), i.e., a unique identifier number of a Subscriber Identity Module (SIM) card, and has a unique corresponding relationship with the vehicle-mounted terminal, and after storing the association relationship between the ICCID and the pre-manufactured key of the vehicle-mounted terminal in the server database, the server may search the corresponding pre-manufactured key from the database through the terminal identifier for decryption.
In addition, the dual encryption and the dual decryption described in this embodiment are two processes corresponding to each other, the dual encryption may be performed twice in a symmetric encryption manner and an asymmetric encryption manner, and the dual decryption may be performed twice in an asymmetric decryption manner and a symmetric decryption manner. In the embodiment, the random number generated by the vehicle-mounted terminal is referred to as a vehicle random number, in order to distinguish different vehicle random data in the transmission process, the vehicle random number generated by the vehicle-mounted terminal is referred to as a first vehicle random number, the vehicle random number sent to the server is referred to as a second vehicle random number, and the vehicle random number sent to the vehicle-mounted terminal by the server is referred to as a third vehicle random number.
Specifically, in this embodiment, the vehicle-mounted terminal needs to symmetrically encrypt the first vehicle random number by using the pre-established key according to an encryption algorithm agreed with the server, asymmetrically encrypt the encryption result by using the public key, and send the twice encrypted vehicle random number and the unencrypted ICCID to the server together. The server receives the ICCID and the first vehicle random number after twice encryption, queries a database according to the ICCID to obtain a related prefabricated secret key, decrypts the first vehicle random number after twice encryption by using a private key, and then symmetrically decrypts the first vehicle random number by using the prefabricated secret key to obtain a second vehicle random number after decryption. Therefore, in the handshaking process, only the ICCID of the vehicle-mounted terminal needs to be transmitted, the prefabricated secret key does not need to be transmitted, and the server can inquire the corresponding prefabricated secret key in the database through the ICCID, so that the safety of the prefabricated secret key is improved.
S102, receiving a second encryption result sent by the server, wherein the second encryption result comprises: the server encrypts a first platform random number by using a preset secret key and a private key to generate first encrypted data and encrypts a second vehicle random number by using a first session secret key to generate second encrypted data; the first session key is generated by the server by using the second vehicle random number and the first platform random number;
it should be noted that, in this embodiment, the random number generated by the server needs to be referred to as a platform random number, the platform random number is symmetrically encrypted by using a pre-established key according to an encryption algorithm agreed with the vehicle-mounted terminal, and the encrypted result is asymmetrically encrypted by using a private key to obtain the twice-encrypted platform random number. After the server decrypts the second vehicle random number, it needs to generate a session key according to a PRF (Pseudo-random Function) algorithm of a TLS (Transport Layer protocol) protocol using three parameters, i.e., the second vehicle random number + the first platform random number, the ICCID, and the terminal pre-established key. Each session key comprises six groups of key values, namely an encryption key value, a random vector and a Hash operation message authentication code algorithm key of the platform, and an encryption key value, a random vector and a Hash operation message authentication code algorithm key of the vehicle. The server needs to send the first platform random number after twice encryption and the second vehicle random number encrypted by the platform hash operation message authentication code algorithm key to the vehicle-mounted terminal.
S103, doubly decrypting the first encrypted data by using the public key and the prefabricated secret key to generate a second platform random number; decrypting the second encrypted data by using the second session key to generate a third vehicle random number; the second session key is generated by the vehicle-mounted terminal by using a second platform random number and the first vehicle random number;
s104, judging whether the third vehicle random number is the same as the first vehicle random number or not;
if yes, executing S105; if not, executing S106;
s105, successfully verifying the server;
and S106, failing to verify the server.
In this embodiment, after receiving the platform random number (first encrypted data) encrypted twice and the vehicle random number (second encrypted data) encrypted by the platform hash operation message authentication code algorithm key, the vehicle-mounted terminal decrypts the encrypted first encrypted data by using the public key, and symmetrically decrypts the decryption result by using the pre-established key to obtain the decrypted second platform random number. Then, using the same method as the platform, a second session key is generated, which also contains the six keys described above. And then decrypting the second encrypted data by using a platform Hash operation message authentication code algorithm key in the second session key to obtain a third vehicle random number, comparing the third vehicle random number with the first vehicle random number generated by the vehicle-mounted terminal, if the third vehicle random number is consistent with the first vehicle random number, considering that the server is reliable, performing a subsequent process, and if the third vehicle random number is inconsistent with the first vehicle random number, considering that the server is unreliable, and immediately interrupting the connection.
In conclusion, in the scheme, when the vehicle-mounted terminal and the server execute the handshake process, communication needs to be performed in a symmetric encryption and decryption mode and an asymmetric encryption and decryption mode, so that the communication safety is improved; in addition, when the handshake process is executed, the initial key and the session key do not need to be transmitted, and the session key can be independently generated at two ends, so that the session key is prevented from being leaked in the transmission process, and the communication safety between the vehicle-mounted terminal and the server is further improved. In addition, in the handshake process, the server can inquire the corresponding prefabricated secret key in the database through the ICCID only by transmitting the ICCID of the vehicle-mounted terminal and not by transmitting the prefabricated secret key, so that the safety of the prefabricated secret key is improved.
Referring to fig. 2, a schematic flow chart of another communication method based on a vehicle-mounted terminal according to an embodiment of the present invention includes:
s201, the vehicle-mounted terminal symmetrically encrypts a first vehicle random number by using a prefabricated secret key, and asymmetrically encrypts a generated encryption result through a public key to generate a first encryption result;
s202, sending the first encryption result and the terminal identification of the vehicle-mounted terminal to a server so that the server can determine the prefabricated secret key of the vehicle-mounted terminal by using the terminal identification, asymmetrically decrypting the first encryption result by using a private key, symmetrically decrypting the generated decryption result by using the prefabricated secret key of the vehicle-mounted terminal, and generating a second vehicle random number;
s203, receiving a second encryption result sent by the server, where the second encryption result includes: first encrypted data and second encrypted data; the server symmetrically encrypts the first platform random number by using a prefabricated secret key, and asymmetrically encrypts a generated encryption result by using a private key to generate first encrypted data; the server generates a first session key according to the first platform random number, the second vehicle random number, the terminal identification and the prefabricated key; and the server encrypts the second vehicle random number by using the platform Hash operation message authentication code algorithm key in the first session key to generate second encrypted data.
S204, the vehicle-mounted terminal carries out asymmetric decryption on the first encrypted data by using the public key, and carries out symmetric decryption on a generated decryption result through a prefabricated secret key to generate a second platform random number;
s205, the vehicle-mounted terminal generates a second session key according to the second platform random number, the first vehicle random number, the terminal identification and the prefabricated key, decrypts the second encrypted data by using a platform Hash operation message authentication code algorithm key in the second session key, and generates a third vehicle random number;
s206, judging whether the third vehicle random number is the same as the first vehicle random number or not;
if yes, executing S207; if not, executing S208;
s207, the server is successfully verified, and S209 is continuously executed; s208, the server fails to be verified;
s209, the vehicle-mounted terminal encrypts the second platform random number by using a vehicle Hash operation message authentication code algorithm key in the second session key to generate a third encryption result;
s210, sending the third encryption result to a server so that the server can decrypt the third encryption result to obtain a third platform random number by using the vehicle Hash operation message authentication code algorithm key in the first session key; judging whether the third platform random number is the same as the first platform random number or not; if yes, the vehicle-mounted terminal is successfully verified; if not, the vehicle-mounted terminal is failed to be verified.
In this embodiment, after the vehicle-mounted terminal authenticates the server, the data may be sent to the server, so that the server may authenticate the vehicle-mounted terminal. Specifically, the in-vehicle terminal encrypts the second platform random number by using the vehicle hash operation message authentication code algorithm key in the second session key, generates third encrypted data, and transmits the third encrypted data to the server. And after receiving the third encryption result, the server symmetrically decrypts the vehicle Hash operation message authentication code algorithm key in the first session key generated by the platform, compares the symmetric decryption key with the first platform random number generated by the server, if the symmetric decryption key is consistent with the first platform random number, the vehicle-mounted terminal is considered to be reliable, and if the symmetric decryption key is inconsistent with the first platform random number generated by the server, the vehicle-mounted terminal is considered to be unreliable, and the vehicle-mounted terminal is immediately disconnected. And at this moment, the handshake is completed, and the vehicle-mounted terminal and the platform can upload data according to the protocol and issue an instruction.
Further, if the private key of the server is leaked, the risk may be increased, and therefore, in this embodiment, the server may regenerate a new key pair, such as: the target public key and the target private key, and then updating the key of the online vehicle. The process specifically comprises the following steps: encrypting the target public key through the platform encryption key value in the first session key, generating public key updating information, and then issuing the public key updating information to the vehicle-mounted terminal, wherein the vehicle-mounted terminal receives the public key updating information sent by the server, and decrypts the public key through the vehicle encryption key value in the second session key to obtain an updated target public key; then, the target public key is utilized to execute the handshake process again; if the handshake is successful, replacing the original public key by the target public key; and if the handshake fails, executing a handshake process by using the original public key. The handshake flow is S101 to S106 or S201 to S210 described above.
That is, after receiving the new target public key issued by the server, the vehicle-mounted terminal needs to disconnect the original connection and reconnect the platform with the new target public key to perform the handshake process. If the handshake is successful, the new public key is substituted for the old public key. If the handshake fails, the new public key is discarded and the platform is reconnected with the old public key. On the server side, if the connection of the vehicle-mounted terminal is received, the version of the public key of the vehicle-mounted terminal needs to be checked, if the vehicle-mounted terminal does not use the public key of the latest version, the old public key is used for executing a handshake process, and after the handshake is successful, a new public key is issued. If the handshake fails after the secret key is updated, the old public key is used for communication, at the moment, the vehicle-mounted terminal and the server can generate alarm information for reminding, and the alarm reminding mode can be as follows: and reminding the platform operation and maintenance personnel by sending mails or short messages.
In summary, in the present solution, the data transmission encryption adopts a symmetric encryption manner, the symmetric encrypted pre-key is randomly generated by adopting a key exchange manner, the data verification adopts a MAC (Message authentication code) Message verification code manner to perform verification, and the authentication is performed by performing a handshake process before the data transmission. In addition, when the scheme is used for identity authentication, a digital certificate mode is adopted for authentication. The server side authentication is necessary, and the client side authentication is optional. The verification of the digital certificate generally adopts an asymmetric encryption mode, the certificate needs to be applied to a trusted certificate authority, and the certificate applied by the website can be verified only by pre-installing the certificate of the trusted certificate authority in the system, which is a mode of trust chain transmission. Because the Internet of vehicles system generally only has one service (the same owner) and only needs one secret key, the certificate link can be simplified into a certificate of only one trusted authority and also can be simplified into an asymmetric secret key pair. Therefore, when the server identity is verified, on the basis that the safety is not reduced, the server-side-based identity authentication method is simplified based on the characteristic that the Internet of vehicles platform is provided with only one server side, the transmission safety is improved in the handshaking process of the client-side identity verification through a double encryption and decryption mode, in addition, the initial prefabricated secret key and the session secret key do not need to be transmitted in the handshaking process, and the safety level is higher.
The following describes a communication apparatus, a device, and a storage medium according to embodiments of the present invention, and the communication apparatus, the device, and the storage medium described below and the communication method described above may be referred to each other.
Referring to fig. 3, a schematic structural diagram of a communication device based on a vehicle-mounted terminal according to an embodiment of the present invention is shown in fig. 3, where the device includes:
the first encryption module 11 is configured to perform double encryption on the first vehicle random number by using the pre-manufactured secret key and the public key to generate a first encryption result;
the first sending module 12 is configured to send the first encryption result to a server, so that the server performs double decryption on the first encryption result by using a private key and a pre-established key of the vehicle-mounted terminal to generate a second vehicle random number;
a first receiving module 13, configured to receive a second encryption result sent by the server, where the second encryption result includes: the server encrypts a first platform random number by using a first session key to obtain first encrypted data, and encrypts a second platform random number by using a second session key to obtain second encrypted data; the first session key is generated by the server by using the second vehicle random number and the first platform random number;
the first decryption module 14 is configured to perform double decryption on the first encrypted data by using the public key and the pre-made secret key to generate a second platform random number;
the second decryption module 15 is configured to decrypt the second encrypted data with a second session key to generate a third vehicle random number; the second session key is generated by the vehicle-mounted terminal by using the second platform random number and the first vehicle random number;
a judging module 16, configured to judge whether the third vehicle random number is the same as the first vehicle random number; if yes, successfully verifying the server; and if not, the server fails to be verified.
Wherein the communication device further comprises:
and the storage module is used for storing the prefabricated secret key and the public key generated by the server and storing the terminal identification of the vehicle-mounted terminal and the prefabricated secret key to the server.
Wherein the first encryption module is specifically configured to: symmetrically encrypting the first vehicle random number by using the prefabricated secret key, and asymmetrically encrypting a generated encryption result through the public key to generate a first encryption result;
the first sending module is specifically configured to: and sending the first encryption result and the terminal identification of the vehicle-mounted terminal to the server so that the server can determine the prefabricated secret key of the vehicle-mounted terminal by using the terminal identification, asymmetrically decrypt the first encryption result by using the private key, symmetrically decrypt the generated decryption result by using the prefabricated secret key of the vehicle-mounted terminal, and generate the second vehicle random number.
Wherein the first receiving module is specifically configured to: receiving a second encryption result sent by the server, wherein the second encryption result comprises: first encrypted data and second encrypted data;
the server symmetrically encrypts the first platform random number by using the pre-manufactured secret key, and asymmetrically encrypts a generated encryption result by using the private key to generate first encrypted data; the server generates a first session key according to the first platform random number, the second vehicle random number, the terminal identification and the prefabricated key; and the server encrypts the second vehicle random number by using a platform Hash operation message authentication code algorithm key in the first session key to generate second encrypted data.
Wherein the first decryption module is specifically configured to: the public key is used for asymmetrically decrypting the first encrypted data, and the generated decryption result is symmetrically decrypted through the prefabricated secret key to generate the second platform random number;
the session key generation module is used for generating a second session key according to the second platform random number, the first vehicle random number, the terminal identification and the prefabricated key;
the second decryption module is configured to decrypt the second encrypted data by using a platform hash operation message authentication code algorithm key in a second session key to generate the third vehicle random number.
Wherein the communication device further comprises:
the second encryption module is used for encrypting the second platform random number by using a vehicle Hash operation message authentication code algorithm key in the second session key to generate a third encryption result;
the second sending module is used for sending the third encryption result to the server so that the server can decrypt the third encryption result by using the vehicle hash operation message authentication code algorithm key in the first session key to obtain a third platform random number; judging whether the third platform random number is the same as the first platform random number or not; if yes, the vehicle-mounted terminal is successfully verified; and if not, the vehicle-mounted terminal is failed to be verified.
Wherein the communication device further comprises:
the second receiving module is used for receiving the public key updating information sent by the server by the vehicle-mounted terminal after the server updates the original public key and the original private key; the public key updating information comprises an updated target public key;
the execution module is used for re-executing the handshake process by utilizing the target public key; if the handshake is successful, replacing the original public key by the target public key; and if the handshake fails, executing a handshake process by using the original public key.
Referring to fig. 4, an embodiment of the present invention further provides a structural schematic diagram of an electronic device, including:
a memory for storing a computer program;
and a processor configured to implement the steps of the vehicle-mounted terminal-based communication method according to any of the above-mentioned method embodiments when executing the computer program.
In this embodiment, the device may be a PC (Personal Computer), or may be a terminal device such as a smart phone, a tablet Computer, a palmtop Computer, or a portable Computer.
The device may include a memory 21, a processor 22, and a bus 23.
The memory 21 includes at least one type of readable storage medium, which includes a flash memory, a hard disk, a multimedia card, a card type memory (e.g., SD or DX memory, etc.), a magnetic memory, a magnetic disk, an optical disk, and the like. The memory 21 may in some embodiments be an internal storage unit of the device, for example a hard disk of the device. The memory 21 may also be an external storage device of the device in other embodiments, such as a plug-in hard disk, Smart Media Card (SMC), Secure Digital (SD) Card, Flash memory Card (Flash Card), etc. provided on the device. Further, the memory 21 may also include both an internal storage unit of the device and an external storage device. The memory 21 may be used not only to store application software installed in the device and various types of data such as program codes for executing a communication method, etc., but also to temporarily store data that has been output or is to be output.
Processor 22, which in some embodiments may be a Central Processing Unit (CPU), controller, microcontroller, microprocessor or other data Processing chip, executes program code stored in memory 21 or processes data, such as program code for performing communication methods.
The bus 23 may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 4, but this does not indicate only one bus or one type of bus.
Further, the device may further include a network interface 24, and the network interface 24 may optionally include a wired interface and/or a wireless interface (e.g., WI-FI interface, bluetooth interface, etc.), which are generally used to establish a communication connection between the device and other electronic devices.
Optionally, the device may further comprise a user interface 25, the user interface 25 may comprise a Display (Display), an input unit such as a Keyboard (Keyboard), and the optional user interface 25 may also comprise a standard wired interface, a wireless interface. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch device, or the like. The display, which may also be referred to as a display screen or display unit, is suitable for displaying information processed in the device and for displaying a visualized user interface.
Fig. 4 shows only the device with the components 21-25, and it will be understood by those skilled in the art that the structure shown in fig. 4 does not constitute a limitation of the device, and may comprise fewer or more components than those shown, or some components may be combined, or a different arrangement of components.
The embodiment of the present invention further provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the steps of the communication method based on the vehicle-mounted terminal according to any of the above-mentioned method embodiments are implemented.
Wherein the storage medium may include: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (10)

1. A communication method based on a vehicle-mounted terminal is characterized by comprising the following steps:
the vehicle-mounted terminal doubly encrypts the first vehicle random number by using the prefabricated secret key and the public key and sends a generated first encryption result to the server so that the server doubly decrypts the first encryption result by using the private key and the prefabricated secret key of the vehicle-mounted terminal to generate a second vehicle random number;
receiving a second encryption result sent by the server, wherein the second encryption result comprises: the server encrypts a first platform random number by using a first session key to obtain first encrypted data, and encrypts a second platform random number by using a second session key to obtain second encrypted data; the first session key is generated by the server by using the second vehicle random number and the first platform random number;
the public key and the prefabricated secret key are used for carrying out double decryption on the first encrypted data to generate a second platform random number; decrypting the second encrypted data by using a second session key to generate a third vehicle random number; the second session key is generated by the vehicle-mounted terminal by using the second platform random number and the first vehicle random number;
judging whether the third vehicle random number is the same as the first vehicle random number or not; if yes, successfully verifying the server; and if not, the server fails to be verified.
2. The communication method according to claim 1, wherein before the vehicle-mounted terminal doubly encrypts the first vehicle random number by using the pre-established key and the public key, the method further comprises:
and the vehicle-mounted terminal stores the prefabricated secret key and the public key generated by the server, and stores the terminal identification of the vehicle-mounted terminal and the prefabricated secret key to the server.
3. The communication method according to claim 1, wherein the in-vehicle terminal doubly encrypts the first vehicle random number using the pre-established key and the public key and transmits the generated first encrypted result to the server, so that the server doubly decrypts the first encrypted result using the private key and the pre-established key of the in-vehicle terminal to generate the second vehicle random number, comprising:
the vehicle-mounted terminal symmetrically encrypts the first vehicle random number by using the prefabricated secret key, and asymmetrically encrypts a generated encryption result through the public key to generate a first encryption result;
and sending the first encryption result and the terminal identification of the vehicle-mounted terminal to the server so that the server can determine the prefabricated secret key of the vehicle-mounted terminal by using the terminal identification, asymmetrically decrypt the first encryption result by using the private key, symmetrically decrypt the generated decryption result by using the prefabricated secret key of the vehicle-mounted terminal, and generate the second vehicle random number.
4. The communication method according to claim 3, wherein the receiving of the second encryption result sent by the server includes: the server encrypts a first platform random number by using a first session key to obtain first encrypted data, and encrypts a second platform random number by using a second session key to obtain second encrypted data; the first session key is generated for the server by using the second vehicle random number and the first platform random number, and includes:
receiving a second encryption result sent by the server, wherein the second encryption result comprises: first encrypted data and second encrypted data;
the server symmetrically encrypts the first platform random number by using the pre-manufactured secret key, and asymmetrically encrypts a generated encryption result by using the private key to generate first encrypted data; the server generates a first session key according to the first platform random number, the second vehicle random number, the terminal identification and the prefabricated key; and the server encrypts the second vehicle random number by using a platform Hash operation message authentication code algorithm key in the first session key to generate second encrypted data.
5. The communication method according to claim 4, wherein the first encrypted data is doubly decrypted by using the public key and the pre-formed key to generate a second platform random number; decrypting the second encrypted data by using a second session key to generate a third vehicle random number; the second session key is generated by the vehicle-mounted terminal by using the second platform random number and the first vehicle random number, and includes:
the vehicle-mounted terminal carries out asymmetric decryption on the first encrypted data by using the public key, and carries out symmetric decryption on a generated decryption result through the prefabricated secret key to generate a second platform random number;
the vehicle-mounted terminal generates a second session key according to the second platform random number, the first vehicle random number, the terminal identification and the prefabricated key;
and the vehicle-mounted terminal decrypts the second encrypted data by using a platform Hash operation message authentication code algorithm key in a second session key to generate the third vehicle random number.
6. The communication method according to claim 1, wherein after the authentication of the server is successful, the communication method further comprises:
the vehicle-mounted terminal encrypts the second platform random number by using a vehicle Hash operation message authentication code algorithm key in the second session key to generate a third encryption result;
sending the third encryption result to the server so that the server decrypts the third encryption result by using the vehicle hash operation message authentication code algorithm key in the first session key to obtain a third platform random number; judging whether the third platform random number is the same as the first platform random number or not; if yes, the vehicle-mounted terminal is successfully verified; and if not, the vehicle-mounted terminal is failed to be verified.
7. The communication method according to any one of claims 1 to 6, further comprising:
after the server updates the original public key and the original private key, the vehicle-mounted terminal receives public key updating information sent by the server; the public key updating information comprises an updated target public key;
re-executing the handshake flow by using the target public key; if the handshake is successful, replacing the original public key by the target public key; and if the handshake fails, executing a handshake process by using the original public key.
8. A communication device based on a vehicle-mounted terminal is characterized by comprising:
the first encryption module is used for carrying out double encryption on the first vehicle random number by utilizing the prefabricated secret key and the public key to generate a first encryption result;
the first sending module is used for sending the first encryption result to a server so that the server can carry out double decryption on the first encryption result by using a private key and a prefabricated secret key of the vehicle-mounted terminal to generate a second vehicle random number;
a first receiving module, configured to receive a second encryption result sent by the server, where the second encryption result includes: the server encrypts a first platform random number by using a first session key to obtain first encrypted data, and encrypts a second platform random number by using a second session key to obtain second encrypted data; the first session key is generated by the server by using the second vehicle random number and the first platform random number;
the first decryption module is used for carrying out double decryption on the first encrypted data by using the public key and the prefabricated secret key to generate a second platform random number;
the second decryption module is used for decrypting the second encrypted data by using a second session key to generate a third vehicle random number; the second session key is generated by the vehicle-mounted terminal by using the second platform random number and the first vehicle random number;
the judging module is used for judging whether the third vehicle random number is the same as the first vehicle random number or not; if yes, successfully verifying the server; and if not, the server fails to be verified.
9. An electronic device, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the in-vehicle terminal-based communication method according to any one of claims 1 to 7 when executing the computer program.
10. A computer-readable storage medium, characterized in that the computer-readable storage medium has stored thereon a computer program which, when executed by a processor, implements the steps of the in-vehicle terminal-based communication method according to any one of claims 1 to 7.
CN202110920689.XA 2021-08-11 2021-08-11 Communication method, device, equipment and storage medium based on vehicle-mounted terminal Pending CN113612852A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110920689.XA CN113612852A (en) 2021-08-11 2021-08-11 Communication method, device, equipment and storage medium based on vehicle-mounted terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110920689.XA CN113612852A (en) 2021-08-11 2021-08-11 Communication method, device, equipment and storage medium based on vehicle-mounted terminal

Publications (1)

Publication Number Publication Date
CN113612852A true CN113612852A (en) 2021-11-05

Family

ID=78340337

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110920689.XA Pending CN113612852A (en) 2021-08-11 2021-08-11 Communication method, device, equipment and storage medium based on vehicle-mounted terminal

Country Status (1)

Country Link
CN (1) CN113612852A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114039793A (en) * 2021-11-24 2022-02-11 杭州安恒信息技术股份有限公司 Encryption communication method, system and storage medium
CN114615048A (en) * 2022-03-09 2022-06-10 中国农业银行股份有限公司 Method and device for processing submission data
CN115361230A (en) * 2022-10-18 2022-11-18 江苏智能无人装备产业创新中心有限公司 In-vehicle safety information communication method, system and medium of vehicle-mounted Ethernet

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105656941A (en) * 2016-03-14 2016-06-08 美的集团股份有限公司 Identity authentication device and method
CN108809643A (en) * 2018-07-11 2018-11-13 飞天诚信科技股份有限公司 A kind of method, system and the equipment of equipment and high in the clouds arranging key
CN110166242A (en) * 2019-05-22 2019-08-23 吉林亿联银行股份有限公司 Message transmitting method and device
CN110266480A (en) * 2019-06-13 2019-09-20 腾讯科技(深圳)有限公司 Data transmission method, device and storage medium
CN112702318A (en) * 2020-12-09 2021-04-23 江苏通付盾信息安全技术有限公司 Communication encryption method, decryption method, client and server

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105656941A (en) * 2016-03-14 2016-06-08 美的集团股份有限公司 Identity authentication device and method
CN108809643A (en) * 2018-07-11 2018-11-13 飞天诚信科技股份有限公司 A kind of method, system and the equipment of equipment and high in the clouds arranging key
CN110166242A (en) * 2019-05-22 2019-08-23 吉林亿联银行股份有限公司 Message transmitting method and device
CN110266480A (en) * 2019-06-13 2019-09-20 腾讯科技(深圳)有限公司 Data transmission method, device and storage medium
CN112702318A (en) * 2020-12-09 2021-04-23 江苏通付盾信息安全技术有限公司 Communication encryption method, decryption method, client and server

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
周典玉: "中小企业电子商务系统数据安全技术与方法研究", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114039793A (en) * 2021-11-24 2022-02-11 杭州安恒信息技术股份有限公司 Encryption communication method, system and storage medium
CN114615048A (en) * 2022-03-09 2022-06-10 中国农业银行股份有限公司 Method and device for processing submission data
CN114615048B (en) * 2022-03-09 2024-06-07 中国农业银行股份有限公司 Method and device for processing report data
CN115361230A (en) * 2022-10-18 2022-11-18 江苏智能无人装备产业创新中心有限公司 In-vehicle safety information communication method, system and medium of vehicle-mounted Ethernet

Similar Documents

Publication Publication Date Title
CN109347835B (en) Information transmission method, client, server, and computer-readable storage medium
CN109728909B (en) Identity authentication method and system based on USBKey
US10708062B2 (en) In-vehicle information communication system and authentication method
CN111131313B (en) Safety guarantee method and system for replacing ECU (electronic control Unit) of intelligent networked automobile
CN101404576B (en) Network resource query method and system
CN108243176B (en) Data transmission method and device
CN113612852A (en) Communication method, device, equipment and storage medium based on vehicle-mounted terminal
CN107733636B (en) Authentication method and authentication system
CN107920052B (en) Encryption method and intelligent device
CN115396121B (en) Security authentication method for security chip OTA data packet and security chip device
CN102946392A (en) URL (Uniform Resource Locator) data encrypted transmission method and system
CN112565265B (en) Authentication method, authentication system and communication method between terminal devices of Internet of things
CN113806772A (en) Information encryption transmission method and device based on block chain
CN111814132B (en) Security authentication method and device, security authentication chip and storage medium
CN113392401A (en) Authentication system
CN113905359B (en) Bluetooth safety communication method, device, equipment and medium for bank peripheral equipment
CN110611679A (en) Data transmission method, device, equipment and system
US20240106633A1 (en) Account opening methods, systems, and apparatuses
CN114978751B (en) Service certificate acquisition method and device and electronic equipment
CN111274570A (en) Encryption authentication method and device, server, readable storage medium and air conditioner
CN114554485B (en) Asynchronous session key negotiation and application method, system, electronic equipment and medium
KR101256114B1 (en) Message authentication code test method and system of many mac testserver
CN112995213B (en) Security authentication method and application device thereof
CN116073989A (en) Authentication data processing method, device, system, equipment and medium
CN114065170A (en) Method and device for acquiring platform identity certificate and server

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20211105