CN113852632B - SM9 algorithm-based vehicle identity authentication method, system, device and storage medium - Google Patents

SM9 algorithm-based vehicle identity authentication method, system, device and storage medium Download PDF

Info

Publication number
CN113852632B
CN113852632B CN202111124163.7A CN202111124163A CN113852632B CN 113852632 B CN113852632 B CN 113852632B CN 202111124163 A CN202111124163 A CN 202111124163A CN 113852632 B CN113852632 B CN 113852632B
Authority
CN
China
Prior art keywords
vehicle end
vehicle
ciphertext
key
private key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111124163.7A
Other languages
Chinese (zh)
Other versions
CN113852632A (en
Inventor
孙亚东
谢福进
王志海
喻波
魏力
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Wondersoft Technology Co Ltd
Original Assignee
Beijing Wondersoft Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Wondersoft Technology Co Ltd filed Critical Beijing Wondersoft Technology Co Ltd
Priority to CN202111124163.7A priority Critical patent/CN113852632B/en
Publication of CN113852632A publication Critical patent/CN113852632A/en
Application granted granted Critical
Publication of CN113852632B publication Critical patent/CN113852632B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Power Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Lock And Its Accessories (AREA)

Abstract

The embodiment of the application provides a vehicle identity authentication method, a system, a device and a storage medium based on an SM9 algorithm, wherein the method comprises the following steps: generating a public key of the first vehicle end according to the identity of the first vehicle end, encrypting the verification information based on the public key of the first vehicle end, transmitting the verification information and the identity of the second vehicle end to the first vehicle end, generating a public key of the second vehicle end according to the identity of the second vehicle end, encrypting the verification information by using the public key of the second vehicle end, and transmitting the verification information to the second vehicle end; the second vehicle end decrypts the verification information according to the private key of the second vehicle end, compares the verification information with the previous verification information, and determines an authentication result. The cloud operation cost is greatly reduced because the traditional operation and maintenance PKI system is not needed in the cloud, the opposite party public key certificate is generated by adopting the opposite party identity mark based on the SM9 algorithm, the vehicle identity certificate is not required to be synchronized from the cloud, the problems of low authentication efficiency and long time delay are solved, and the risk of identity counterfeit attack caused by certificate update is avoided.

Description

SM9 algorithm-based vehicle identity authentication method, system, device and storage medium
Technical Field
The present disclosure relates to the field of internet of vehicles, and in particular, to a vehicle identity authentication method, system, device and storage medium based on SM9 algorithm.
Background
With the application of technologies such as internet, artificial intelligence, cloud computing and big data, the intelligent and networking degree of automobiles is higher and higher, and automobiles become intelligent terminal equipment in the universal interconnection era. By means of more open modes such as in-car communication, car-man communication, car-road communication, car and infrastructure communication, the intelligent network car can greatly increase information interaction in car on-road running. After intelligent network connection, new requirements are also provided for application and data security and identity authentication between each terminal and the intelligent network connection automobile operation service. Because of lack of identity authentication and encryption of transmission data, an attacker attacks a vehicle information interface and intercepts a communication line, so that vehicle information is revealed and even an automobile control system is taken over, accidents are caused, and the consequences are not considered. In the current application of the Internet of vehicles, the safety of vehicle-to-vehicle communication and vehicle-to-vehicle cloud communication is ensured through a PKI public key certificate system, the identity information of the opposite party is verified, and the communication data is encrypted
In the related technology, due to the characteristics of the SM 2/SM 3/SM 4 algorithm adopted by the PKI public key certificate system, the identity certificate verification process is low in efficiency and long in time delay, and cannot adapt to the communication requirements in the vehicle networking environment and the vehicle rapid movement process. And because the cloud needs to host and operate and maintain the identity certificate of the vehicle, the cloud operation and maintenance cost is high. And when the vehicle updates the identity certificate, the cloud end needs a certain time to finish certificate updating, and the vehicle needs a certain time to synchronize the new certificate, so that the risk of identity counterfeiting attack exists.
Disclosure of Invention
The embodiment of the application provides a vehicle identity authentication method, system, device and storage medium based on an SM9 algorithm, aiming at solving the problems in the special cases.
In order to solve the technical problems, the application is realized as follows:
in a first aspect, an embodiment of the present application provides a vehicle identity authentication method based on an SM9 algorithm, which is applied to a vehicle network, where the vehicle network includes a cloud platform and a plurality of vehicle ends communicatively connected to the cloud platform, and the vehicle ends locally store a private key generated by the cloud platform according to an identity of the vehicle ends, and the method includes: the method comprises the steps that a first vehicle end sends an identity verification request to a second vehicle end, wherein the identity verification request carries an identity mark of the first vehicle end;
the second vehicle end generates a public key of the first vehicle end according to the identity of the first vehicle end, encrypts the pre-generated verification information based on the public key of the first vehicle end, generates a first verification ciphertext and sends the first verification ciphertext and the identity of the second vehicle end to the first vehicle end;
the first vehicle end decrypts the first verification ciphertext according to the private key of the first vehicle end to obtain the verification information, generates a public key of a second vehicle end according to the identity of the second vehicle end, encrypts the verification information by utilizing the public key of the second vehicle end to generate a second verification ciphertext and sends the second verification ciphertext to the second vehicle end;
the second vehicle end decrypts the second verification ciphertext according to the private key of the second vehicle end, compares the verification information obtained after decryption with the pre-generated verification information, and determines that the authentication is successful under the condition that the verification information obtained after decryption is consistent with the pre-generated verification information.
Optionally, the vehicle end obtains the private key by the following steps:
the vehicle end sends a private key request to the cloud platform, wherein the private key request carries an identity mark of the vehicle end;
the cloud platform generates a private key of the vehicle end according to the identity of the vehicle end, encrypts the private key based on a pre-generated vehicle cloud sharing key, generates a private key ciphertext of the vehicle end and sends the private key ciphertext to the vehicle end;
and the vehicle end decrypts the private key ciphertext of the vehicle end based on the vehicle cloud shared secret key to obtain a private key of the vehicle end and stores the private key in a local place.
Optionally, encrypting the private key based on the pre-generated vehicle cloud shared key includes:
the cloud platform generates a signature master key pair and an encryption master key pair based on an SM9 algorithm, and communicates with a vehicle end through a Diffie-Hellman key exchange protocol to generate a vehicle cloud sharing key, wherein the encryption master key pair comprises an encryption master private key and an encryption master public key;
and the cloud platform encrypts the private key of the vehicle end based on an SM4 algorithm and the vehicle cloud sharing key. Optionally, the method further comprises:
under the condition that authentication is successful, the first vehicle end encrypts data to be communicated according to a public key of the second vehicle end, generates a data ciphertext to be communicated and sends the data ciphertext to the second vehicle end;
the second vehicle end decrypts the ciphertext of the data to be communicated according to the public key of the first vehicle end to generate plaintext of the data to be communicated, generates response data according to the plaintext of the data to be communicated, encrypts the response data by utilizing the public key of the first vehicle end to generate ciphertext of the response data and sends the ciphertext of the response data to the first vehicle end;
and the first vehicle end decrypts the response data ciphertext according to the public key of the second vehicle end to generate a response data plaintext.
In a second aspect, an embodiment of the present application provides a vehicle identity authentication system based on SM9 algorithm, where the system includes:
the system comprises an identity request module, a first vehicle end and a second vehicle end, wherein the identity request module is used for sending an identity verification request to the second vehicle end, and the identity verification request carries an identity mark of the first vehicle end;
the first ciphertext generation module is used for generating a public key of the first vehicle end according to the identity of the first vehicle end by the second vehicle end, encrypting the pre-generated verification information based on the public key of the first vehicle end, generating a first verification ciphertext and sending the first verification ciphertext and the identity of the second vehicle end to the first vehicle end;
the second ciphertext generating module is used for decrypting the first verification ciphertext according to the private key of the first vehicle end to obtain the verification information, generating a public key of the second vehicle end according to the identity of the second vehicle end, encrypting the verification information by utilizing the public key of the second vehicle end, generating a second verification ciphertext and sending the second verification ciphertext to the second vehicle end;
the verification module is used for decrypting the second verification ciphertext according to the private key of the second vehicle, comparing the verification information obtained after decryption with the pre-generated verification information, and determining that the authentication is successful under the condition that the verification information obtained after decryption is consistent with the pre-generated verification information.
Optionally, the system further comprises:
the vehicle-end private key request module is used for sending a private key request to the cloud platform by the vehicle-end, wherein the private key request carries an identity mark of the vehicle-end;
the cloud platform is used for generating a private key of the vehicle end according to the identity of the vehicle end, encrypting the private key based on a cloud sharing key generated in advance, generating a private key ciphertext of the vehicle end and issuing the private key ciphertext to the vehicle end;
and the vehicle end private key storage module is used for decrypting the private key ciphertext of the vehicle end based on the vehicle cloud shared secret key by the vehicle end to obtain a private key of the vehicle end and storing the private key in a local place.
Optionally, the vehicle-end private key generating module includes:
the system comprises a master key pair generation unit, a cloud platform and a cloud server, wherein the master key pair generation unit is used for generating a signature master key pair and an encryption master key pair based on an SM9 algorithm, communicating with a vehicle end through a Diffie-Hellman key exchange protocol and generating a vehicle cloud sharing key, and the encryption master key pair comprises an encryption master private key and an encryption master public key;
and the vehicle-end private key encryption unit is used for encrypting the private key of the vehicle end by the cloud platform based on an SM4 algorithm and the vehicle-cloud shared key. Optionally, the system further comprises:
the communication encryption unit is used for encrypting the data to be communicated according to the public key of the two vehicle ends by the first vehicle end under the condition that the authentication is successful, generating a data ciphertext to be communicated and sending the data ciphertext to the second vehicle end;
the communication decryption and response encryption unit is used for decrypting the ciphertext of the data to be communicated according to the public key of the first vehicle end by the second vehicle end, generating plaintext of the data to be communicated, generating response data according to the plaintext of the data to be communicated, encrypting the response data by the public key of the first vehicle end, generating ciphertext of the response data and sending the ciphertext of the response data to the first vehicle end;
the response decryption unit is used for decrypting the response data ciphertext according to the public key of the second vehicle end by the first vehicle end to generate a response data plaintext.
The third aspect of the embodiment of the application provides a device, which comprises a processor, a communication interface, a memory and a communication bus, wherein the processor and the communication interface, and the memory are communicated with each other through the communication bus;
a memory for storing a computer program;
and the processor is used for realizing the method steps provided by the first aspect of the embodiment of the application when executing the program stored in the memory.
A fourth aspect of the embodiments of the present application proposes a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements a method as proposed in the first aspect of the embodiments of the present application.
The embodiment of the application has the following advantages: when the identity authentication is carried out, the traditional operation and maintenance PKI system is not needed in the cloud, and the cloud operation cost is greatly reduced. When the identity authentication is carried out, the opposite party identity is adopted to generate the opposite party public key certificate based on the SM9 algorithm, the vehicle identity certificate is not required to be synchronized from the cloud, the problems of low authentication efficiency and long time delay are solved, and the risk of identity counterfeiting attack caused by certificate updating is avoided.
Drawings
In order to more clearly illustrate the embodiments of the application or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram of the prior art of Internet of vehicles identity authentication and encryption communication based on PKI public key certificate system;
FIG. 2 is a schematic diagram of vehicle identity authentication and encryption communication in an embodiment of the present application;
fig. 3 is a flowchart of steps for generating a vehicle end private key in a vehicle identity authentication method based on an SM9 algorithm in an embodiment of the present application;
fig. 4 is a schematic diagram of vehicle end private key generation in a vehicle identity authentication method based on SM9 algorithm in an embodiment of the present application;
fig. 5 is a flowchart of a procedure of vehicle end identity authentication in a vehicle identity authentication method based on SM9 algorithm in an embodiment of the present application;
fig. 6 is a schematic diagram of vehicle end identity authentication in a vehicle identity authentication method based on SM9 algorithm in an embodiment of the present application;
fig. 7 is a schematic diagram of a functional module of a vehicle identity authentication system based on SM9 algorithm in an embodiment of the present application;
fig. 8 is a schematic diagram of a functional module of a vehicle identity authentication device based on SM9 algorithm in an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all embodiments of the application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
Term interpretation:
the internet of vehicles refers to the organic combination of the internet of vehicles and intelligent vehicles, is a new-generation vehicle which is provided with advanced devices such as vehicle-mounted sensors, controllers and actuators, integrates modern communication and network technologies, realizes intelligent information exchange and sharing of vehicles, people, vehicles, roads, background and the like, realizes safe, comfortable, energy-saving and efficient running, and can finally replace people to operate.
PKI, public Key Infrastructure, public key infrastructure. Infrastructure that supports public key management and can support authentication, encryption, integrity, and anti-repudiation services.
LDAP, lightweight Directory Access Protocol, lightweight directory access protocol. Access control and maintenance of distributed information is provided over the IP protocol based on a subset of the x.500 standard.
Diffie-Hellman, a key exchange protocol was proposed in 1976 by Whitefield and Martin Hellman, which uses finite-field prime decomposition mathematical problems to realize the generation of shared keys in public networks
SM2, symmetric cryptographic algorithm issued by the national cryptographic administration.
SM3, a hash algorithm issued by the national password administration can calculate any binary number smaller than 264 bits and output a hash value of 256 bits.
SM4, asymmetric cryptographic algorithm issued by the national cryptographic administration.
SM9, identification cipher algorithm based on bilinear pair issued by national cipher administration. The key length is 256 bits.
Random numbers, independent of the results from the random experiments.
Plaintext, and the cryptography has no text or character string which is encrypted.
Ciphertext, encrypted text or character string in cryptography.
Encryption, which changes original information data by a certain algorithm, so that even if an unauthorized user obtains encrypted information, the content of the information cannot be known due to the unknown decryption method.
Decrypting, and restoring the encrypted data by using a certain algorithm to obtain the original content of the data.
The inventor finds that in the related art, in the existing inter-vehicle authentication process, the vehicle needs to update directory LDAP from the certificate of cloud PKI, download the identity certificate, and query the certificate revocation list OCSP to see whether the identity certificate is revoked. And verifying whether the digital certificate is signed by the vehicle private key by adopting a public key in the vehicle digital certificate. And verifying whether the identity certificate of the vehicle is generated by the cloud PKI by adopting a main signature public key of the cloud, and completing the steps and the identity verification among vehicles. As shown in fig. 1, due to the characteristics of the SM 2/SM 3/SM 4 algorithm, the identity authentication and encryption communication schematic diagram based on the PKI public key certificate system has low efficiency and long time delay in the authentication process, and cannot adapt to the communication requirement in the vehicle rapid movement process in the vehicle networking environment; the cloud end needs to host and operate and maintain the identity certificate of the vehicle, so that the cloud end operation and maintenance cost is high; when the vehicle updates the identity certificate, the cloud end needs a certain time to finish certificate updating, the vehicle needs a certain time to synchronize the new certificate, and the identity counterfeiting attack risk exists in the time period.
The embodiment of the application provides a vehicle identity authentication method based on an SM9 algorithm, based on a relation diagram shown in fig. 2, a vehicle networking comprises a cloud platform and a plurality of vehicle ends which are in communication connection with the cloud platform, and fig. 3 shows a flow chart of a generating step of a vehicle end private key in the embodiment of the application, and the method comprises the following steps:
step 301, a vehicle end sends a private key request to the cloud platform, wherein the private key request carries an identity mark of the vehicle end.
The key generation center KGC (key generation center KGC) is arranged in the cloud platform of the Internet of vehicles, the vehicle end sends a private key request to the cloud platform, the private key request carries information of an identity mark of the vehicle end, namely large-frame number information of a vehicle, the mark information is stored in a vehicle mark storage of the vehicle, so that the uniqueness of the vehicle mark information is guaranteed, in the process, supervision of a third party can be introduced, namely, in the process of request generation of the private key of the vehicle, the private key is guaranteed not to be revealed, so that the safety of the private key is guaranteed, and the KGC receives the vehicle mark sent by the vehicle through the vehicle mark receiver.
Step S302, a cloud platform generates a private key of the vehicle end according to the identity of the vehicle end, encrypts the private key based on a cloud sharing key generated in advance, generates a private key ciphertext of the vehicle end and sends the private key ciphertext to the vehicle end.
The vehicle private key generator in KGC generates a vehicle private key car_pri, i.e., car_pri=sm9 (kgc_pri, car_iden) based on the SM9 algorithm and a pre-generated encrypted master private key KG c_pri, the vehicle identification car_iden. And encrypting the vehicle private key based on an SM4 algorithm and a vehicle cloud shared key Car_Could_Pri to obtain a private key ciphertext of the vehicle end, namely SM4 (car_Could_Pri and car_Pri), and sending the vehicle private key ciphertext to the vehicle end.
And step S303, the vehicle end decrypts the private key ciphertext of the vehicle end based on the vehicle cloud shared secret key to obtain a private key of the vehicle end and stores the private key in a local place.
After receiving the private key ciphertext issued by the cloud platform, the vehicle end decrypts the private key ciphertext through the vehicle cloud sharing key to obtain the private key plaintext, and the private key plaintext is stored in a vehicle private key memory for verification between subsequent vehicles and communication between vehicles.
In this embodiment, the vehicle-end private key is generated by KGC according to the identity of the vehicle end, so that the uniqueness of the vehicle-end private key is ensured, and the safety of vehicle-end communication is ensured.
In one possible implementation, encrypting the private key based on a pre-generated vehicle cloud shared key includes:
the cloud platform generates a signature master key pair and an encryption master key pair based on an SM9 algorithm, and communicates with a vehicle end through a Diffie-Hellman key exchange protocol to generate a vehicle cloud sharing key, wherein the encryption master key pair comprises an encryption master private key and an encryption master public key;
and the cloud platform encrypts the private key of the vehicle end based on an SM4 algorithm and the vehicle cloud sharing key.
In the present embodiment, as in the vehicle-end private key generation process shown in fig. 4, KGC generates a signed master key pair by a KGC signed master key generator based on the SM9 algorithm, and encrypts the master key pair by a KGC encrypted master key generator. The main encryption private key KGC_Pri is encrypted, the main public key KGC_Pub is encrypted, and the main encryption private key is used for generating a vehicle encryption private key for a vehicle by KGC. And the main encryption public key is used for recovering communication data when the vehicle communicates with the cloud. After the signature master key pair is completed and the encryption master key pair is generated, the KGC adopts a Diffie-Hellman key exchange protocol to communicate with a vehicle end, and a vehicle cloud shared key is generated through a shared key generator, wherein the vehicle cloud shared key belongs to a symmetric key, namely, no difference between a public key and a private key exists. And the vehicle cloud shared secret key determined through negotiation is respectively stored in a vehicle end and a shared secret key memory of the cloud platform. The cloud platform encrypts a private key of the vehicle end based on an SM4 algorithm and a vehicle cloud shared secret key, and the vehicle end decrypts the private key of the vehicle end based on the SM4 algorithm and the vehicle cloud shared secret key to obtain a private key plaintext Car_Pri of the vehicle end; i.e., car_pri=sm4 (car_could_pri, car_pri_enc).
After the vehicle end completes the request of the private key of the vehicle end, the identity between the vehicle ends can be verified, and the vehicle identity authentication method based on the SM9 algorithm is shown in fig. 5, and specifically comprises the following steps:
step S501, a first vehicle end sends an identity verification request to a second vehicle end, wherein the identity verification request carries an identity of the first vehicle end.
Taking authentication between the vehicle a and the vehicle B as an example, the vehicle a initiates an authentication request to the vehicle B with its own identity (vehicle large frame number) through the authentication requester of the vehicle a.
Step S502, the second vehicle end generates a public key of the first vehicle end according to the identity of the first vehicle end, encrypts the pre-generated verification information based on the public key of the first vehicle end, generates a first verification ciphertext and sends the first verification ciphertext and the identity of the second vehicle end to the first vehicle end.
After the vehicle B receives the identity authentication request sent by the vehicle A, the public key CarA_Pub of the vehicle A is generated through the vehicle public key generator based on the SM9 algorithm service unit and the identity mark CarA_Iden of the vehicle. Namely, cara_pub=sm9 (cara_iden), the vehicle B stores the public key of the vehicle a through the vehicle public key memory, generates a set of random numbers, namely, authentication information Ran through the random number generator, encrypts the authentication based on the public key of the vehicle a and the SM9 algorithm, namely, generates a random number ciphertext (namely, a first authentication ciphertext) ran_enc, and ran_enc=sm9 (cara_pub, ran), and transmits the random number ciphertext to the vehicle a together with the identity card_iden of the vehicle B.
Step S503, the first vehicle end decrypts the first verification ciphertext according to the private key of the first vehicle end to obtain the verification information, generates a public key of the second vehicle end according to the identity of the second vehicle end, encrypts the verification information by utilizing the public key of the second vehicle end to generate a second verification ciphertext, and sends the second verification ciphertext to the second vehicle end.
After receiving the data returned by the vehicle B, the vehicle a decrypts the random number ciphertext ran_enc by using an SM9 algorithm and a vehicle a private key cara_pri to obtain a random number plaintext Ran, namely ran=sm9 (cara_pri, ran_enc), generates a public key of the vehicle B, namely carb_pub=sm9 (carb_iden) by using the SM9 algorithm and an identity of the vehicle B, and encrypts the random number Ran based on the SM9 algorithm and the public key of the vehicle B to obtain a random number ciphertext (namely a second verification ciphertext). Ran_enc=sm9 (carb_pub, ran), and is sent to the vehicle B.
Step S504, the second vehicle end decrypts the second verification ciphertext according to the private key of the second vehicle end, compares the verification information obtained after decryption with the pre-generated verification information, and determines that the authentication is successful under the condition that the verification information obtained after decryption is consistent with the pre-generated verification information.
After receiving the random number ciphertext Ran_Enc (second verification ciphertext), the vehicle B decrypts the random number ciphertext Ran_Enc by adopting an SM9 algorithm and a vehicle B private key CarB_Pri to obtain a random number plaintext Ran; ran=sm9 (carb_pri, ran_enc.) comparing the plaintext of the random number with whether the random number generated by vehicle B in the first authentication ciphertext; SM9 (carb_pri, ran_enc) = random (time), if the same, the identity authentication is successful, and the identity authentication success identification is returned; if the identity authentication is different, the identity authentication fails and no information is returned.
In this embodiment, in the KGC-based identity authentication process as shown in fig. 6, the opposite party identity is used to generate the opposite party public key certificate when the identity authentication is performed, so that the vehicle identity certificate is not required to be synchronized from the cloud, the problems of low authentication efficiency and long time delay are solved, the vehicle identity certificate is not required to be synchronized from the cloud in the authentication process, so that the risk of identity impersonation attack caused by certificate update is avoided, and the whole identity authentication process does not depend on a digital certificate, so that an operation and maintenance PKI system is not required at the cloud, and the cloud operation cost is greatly reduced.
In a possible implementation manner, after determining that the identity verification of the vehicle a and the vehicle B is successful, the vehicle a and the vehicle B may perform corresponding communication, which specifically includes:
the first vehicle end encrypts data to be communicated according to the public key of the second vehicle end, generates a data ciphertext to be communicated and sends the data ciphertext to the second vehicle end;
the second vehicle end decrypts the ciphertext of the data to be communicated according to the public key of the first vehicle end to generate plaintext of the data to be communicated, generates response data according to the plaintext of the data to be communicated, encrypts the response data by utilizing the public key of the first vehicle end to generate ciphertext of the response data and sends the ciphertext of the response data to the first vehicle end;
and the first vehicle end decrypts the response data ciphertext according to the public key of the second vehicle end to generate a response data plaintext.
In this embodiment, after the identity authentication is completed between the vehicle a and the vehicle B, the vehicle a may perform communication between the vehicles, and based on the public key of the vehicle B stored in the identity authentication process, the vehicle a encrypts the data to be communicated by using the SM9 algorithm to generate a ciphertext of the data to be communicated, where the data to be communicated may be an interaction request, an early warning message, or the like. The vehicle B receives the ciphertext of the data to be communicated, decrypts the ciphertext of the data to be communicated by adopting an SM9 algorithm and a private key of the vehicle B to obtain the plaintext of the data to be communicated, a driver of the vehicle B can know information conveyed by the driver of the vehicle A according to data of plaintext information and make corresponding response information, the response information is encrypted by adopting the SM9 algorithm and a public key of the vehicle A to generate a response data ciphertext and sent to the vehicle B, the vehicle B decrypts the response data ciphertext based on the private key of the vehicle B and the SM9 algorithm to obtain the plaintext of the response data, and the driver of the vehicle B can determine feedback information of the driver of the vehicle A according to the plaintext of the response data to finish a communication process. The above process is the data encryption communication process between vehicles.
In one possible embodiment, the vehicle further comprises: the public keys of other vehicles are stored in the vehicle public key updating clock in the communication process between vehicles. Since the vehicle identification may change, a new public key needs to be generated based on the current identification of the requesting vehicle.
The embodiment of the application also provides a vehicle identity authentication system based on the SM9 algorithm, and referring to fig. 7, a functional block diagram of a first embodiment of the vehicle identity authentication system based on the SM9 algorithm is shown, and the system can comprise the following modules:
an identity request module 701, configured to send an identity verification request to a second vehicle end by using a first vehicle end, where the identity verification request carries an identity of the first vehicle end;
the first ciphertext generating module 702 is configured to generate a public key of a first vehicle end according to the identity of the first vehicle end, encrypt the authentication information generated in advance based on the public key of the first vehicle end, generate a first authentication ciphertext, and send the first authentication ciphertext and the identity of the second vehicle end to the first vehicle end;
the second ciphertext generating module 703 is configured to decrypt the first verification ciphertext according to the private key of the first vehicle end to obtain the verification information, generate a public key of the second vehicle end according to the identity of the second vehicle end, encrypt the verification information by using the public key of the second vehicle end, generate a second verification ciphertext, and send the second verification ciphertext to the second vehicle end;
and the verification module 704 is configured to decrypt the second verification ciphertext according to the private key of the second vehicle, compare the verification information obtained after decryption with the pre-generated verification information, and determine that the authentication is successful when the comparison of the verification information obtained after decryption and the pre-generated verification information is consistent.
In a possible embodiment, the system further comprises:
the vehicle-end private key request module is used for sending a private key request to the cloud platform by the vehicle-end, wherein the private key request carries an identity mark of the vehicle-end;
the cloud platform is used for generating a private key of the vehicle end according to the identity of the vehicle end, encrypting the private key based on a cloud sharing key generated in advance, generating a private key ciphertext of the vehicle end and issuing the private key ciphertext to the vehicle end;
and the vehicle end private key storage module is used for decrypting the private key ciphertext of the vehicle end based on the vehicle cloud shared secret key by the vehicle end to obtain a private key of the vehicle end and storing the private key in a local place.
In a possible implementation manner, the vehicle-end private key generation module includes:
the system comprises a master key pair generation unit, a cloud platform and a cloud server, wherein the master key pair generation unit is used for generating a signature master key pair and an encryption master key pair based on an SM9 algorithm, communicating with a vehicle end through a Diffie-Hellman key exchange protocol and generating a vehicle cloud sharing key, and the encryption master key pair comprises an encryption master private key and an encryption master public key;
and the vehicle-end private key encryption unit is used for encrypting the private key of the vehicle end by the cloud platform based on an SM4 algorithm and the vehicle-cloud shared key. In a possible embodiment, the system further comprises:
the communication encryption unit is used for encrypting the data to be communicated according to the public key of the two vehicle ends by the first vehicle end under the condition that the authentication is successful, generating a data ciphertext to be communicated and sending the data ciphertext to the second vehicle end;
the communication decryption and response encryption unit is used for decrypting the ciphertext of the data to be communicated according to the public key of the first vehicle end by the second vehicle end, generating plaintext of the data to be communicated, generating response data according to the plaintext of the data to be communicated, encrypting the response data by the public key of the first vehicle end, generating ciphertext of the response data and sending the ciphertext of the response data to the first vehicle end;
the response decryption unit is used for decrypting the response data ciphertext according to the public key of the second vehicle end by the first vehicle end to generate a response data plaintext.
The embodiment of the application also provides a vehicle identity authentication device based on SM9 algorithm, as shown in figure 8, comprising a processor 81, a communication interface 82, a memory 83 and a communication bus 84, wherein the processor 81, the communication interface 82 and the memory 83 complete communication with each other through the communication bus 84,
a memory 83 for storing a computer program;
the processor 81 is configured to execute the program stored in the memory 83, and implement the following steps:
the method comprises the steps that a first vehicle end sends an identity verification request to a second vehicle end, wherein the identity verification request carries an identity mark of the first vehicle end;
the second vehicle end generates a public key of the first vehicle end according to the identity of the first vehicle end, encrypts the pre-generated verification information based on the public key of the first vehicle end, generates a first verification ciphertext and sends the first verification ciphertext and the identity of the second vehicle end to the first vehicle end;
the first vehicle end decrypts the first verification ciphertext according to the private key of the first vehicle end to obtain the verification information, generates a public key of a second vehicle end according to the identity of the second vehicle end, encrypts the verification information by utilizing the public key of the second vehicle end to generate a second verification ciphertext and sends the second verification ciphertext to the second vehicle end;
the second vehicle end decrypts the second verification ciphertext according to the private key of the second vehicle end, compares the verification information obtained after decryption with the pre-generated verification information, and determines that the authentication is successful under the condition that the verification information obtained after decryption is consistent with the pre-generated verification information.
The vehicle end obtains the private key by the following steps:
the vehicle end sends a private key request to the cloud platform, wherein the private key request carries an identity mark of the vehicle end;
the cloud platform generates a private key of the vehicle end according to the identity of the vehicle end, encrypts the private key based on a pre-generated vehicle cloud sharing key, generates a private key ciphertext of the vehicle end and sends the private key ciphertext to the vehicle end;
and the vehicle end decrypts the private key ciphertext of the vehicle end based on the vehicle cloud shared secret key to obtain a private key of the vehicle end and stores the private key in a local place.
Encrypting the private key based on a pre-generated vehicle cloud shared key includes:
the cloud platform generates a signature master key pair and an encryption master key pair based on an SM9 algorithm, and communicates with a vehicle end through a Diffie-Hellman key exchange protocol to generate a vehicle cloud sharing key, wherein the encryption master key pair comprises an encryption master private key and an encryption master public key;
and the cloud platform encrypts the private key of the vehicle end based on an SM4 algorithm and the vehicle cloud sharing key. Optionally, the method further comprises:
under the condition that authentication is successful, the first vehicle end encrypts data to be communicated according to a public key of the second vehicle end, generates a data ciphertext to be communicated and sends the data ciphertext to the second vehicle end;
the second vehicle end decrypts the ciphertext of the data to be communicated according to the public key of the first vehicle end to generate plaintext of the data to be communicated, generates response data according to the plaintext of the data to be communicated, encrypts the response data by utilizing the public key of the first vehicle end to generate ciphertext of the response data and sends the ciphertext of the response data to the first vehicle end;
and the first vehicle end decrypts the response data ciphertext according to the public key of the second vehicle end to generate a response data plaintext.
The communication bus mentioned by the above terminal may be a peripheral component interconnect standard (Peripheral Component Interconnect, abbreviated as PCI) bus or an extended industry standard architecture (Extended Industry Standard Architecture, abbreviated as EISA) bus, etc. The communication bus may be classified as an address bus, a data bus, a control bus, or the like. For ease of illustration, the figures are shown with only one bold line, but not with only one bus or one type of bus.
The communication interface is used for communication between the terminal and other devices.
The memory may include random access memory (Random Access Memory, RAM) or non-volatile memory (non-volatile memory), such as at least one disk memory. Optionally, the memory may also be at least one memory device located remotely from the aforementioned processor.
The processor may be a general-purpose processor, including a central processing unit (Central Processing Unit, CPU for short), a network processor (Network Processor, NP for short), etc.; but also digital signal processors (Digital Signal Processing, DSP for short), application specific integrated circuits (Application Specific Integrated Circuit, ASIC for short), field-programmable gate arrays (Field-Programmable Gate Array, FPGA for short) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components.
In yet another embodiment of the present application, there is further provided a computer readable storage medium having instructions stored therein, which when run on a computer, cause the computer to perform the method for vehicle identity authentication based on SM9 algorithm described in any one of the above embodiments.
In this specification, each embodiment is described in a progressive manner, and each embodiment is mainly described by differences from other embodiments, and identical and similar parts between the embodiments are all enough to be referred to each other.
It will be apparent to those skilled in the art that embodiments of the present application may be provided as a method, apparatus, or computer program product. Accordingly, embodiments of the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the application may take the form of a computer program product on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
Embodiments of the present application are described with reference to flowchart illustrations and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal device to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal device, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Finally, it is further noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. "and/or" means either or both of which may be selected. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or terminal device comprising the element.
The method, the system, the device and the storage medium for vehicle identity authentication based on the SM9 algorithm provided by the application are described in detail, and specific examples are applied to the description of the principle and the implementation mode of the application, and the description of the examples is only used for helping to understand the method and the core idea of the application; meanwhile, as those skilled in the art will have variations in the specific embodiments and application scope in accordance with the ideas of the present application, the present description should not be construed as limiting the present application in view of the above.

Claims (10)

1. The utility model provides a vehicle identity authentication method based on SM9 algorithm, characterized by is applied to the internet of vehicles, the internet of vehicles includes cloud platform, and with a plurality of car ends of cloud platform communication connection, car end local storage has the private key that the identity identification of car end was generated through the cloud platform, the method includes:
the method comprises the steps that a first vehicle end sends an identity verification request to a second vehicle end, wherein the identity verification request carries an identity mark of the first vehicle end;
the second vehicle end generates a public key of the first vehicle end according to the identity of the first vehicle end, encrypts the pre-generated verification information based on the public key of the first vehicle end, generates a first verification ciphertext and sends the first verification ciphertext and the identity of the second vehicle end to the first vehicle end;
the first vehicle end decrypts the first verification ciphertext according to the private key of the first vehicle end to obtain the verification information, generates a public key of a second vehicle end according to the identity of the second vehicle end, encrypts the verification information by utilizing the public key of the second vehicle end to generate a second verification ciphertext and sends the second verification ciphertext to the second vehicle end;
the second vehicle end decrypts the second verification ciphertext according to the private key of the second vehicle end, compares the verification information obtained after decryption with the pre-generated verification information, and determines that the authentication is successful under the condition that the verification information obtained after decryption is consistent with the pre-generated verification information.
2. The method of claim 1, wherein the vehicle end obtains the self-private key by:
the vehicle end sends a private key request to the cloud platform, wherein the private key request carries an identity mark of the vehicle end;
the cloud platform generates a private key of the vehicle end according to the identity of the vehicle end, encrypts the private key based on a pre-generated vehicle cloud sharing key, generates a private key ciphertext of the vehicle end and sends the private key ciphertext to the vehicle end;
and the vehicle end decrypts the private key ciphertext of the vehicle end based on the vehicle cloud shared secret key to obtain a private key of the vehicle end and stores the private key in a local place.
3. The method of claim 2, wherein encrypting the private key based on a pre-generated vehicle cloud shared key comprises:
the cloud platform generates a signature master key pair and an encryption master key pair based on an SM9 algorithm, and communicates with a vehicle end through a Diffie-Hellman key exchange protocol to generate a vehicle cloud sharing key, wherein the encryption master key pair comprises an encryption master private key and an encryption master public key;
and the cloud platform encrypts the private key of the vehicle end based on an SM4 algorithm and the vehicle cloud sharing key.
4. The method according to claim 1, wherein the method further comprises:
under the condition that authentication is successful, the first vehicle end encrypts data to be communicated according to a public key of the second vehicle end, generates a data ciphertext to be communicated and sends the data ciphertext to the second vehicle end;
the second vehicle end decrypts the ciphertext of the data to be communicated according to the public key of the first vehicle end to generate plaintext of the data to be communicated, generates response data according to the plaintext of the data to be communicated, encrypts the response data by utilizing the public key of the first vehicle end to generate ciphertext of the response data and sends the ciphertext of the response data to the first vehicle end;
and the first vehicle end decrypts the response data ciphertext according to the public key of the second vehicle end to generate a response data plaintext.
5. A vehicle identity authentication system based on SM9 algorithm, the system comprising:
the system comprises an identity request module, a first vehicle end and a second vehicle end, wherein the identity request module is used for sending an identity verification request to the second vehicle end, and the identity verification request carries an identity mark of the first vehicle end;
the first ciphertext generation module is used for generating a public key of the first vehicle end according to the identity of the first vehicle end by the second vehicle end, encrypting the pre-generated verification information based on the public key of the first vehicle end, generating a first verification ciphertext and sending the first verification ciphertext and the identity of the second vehicle end to the first vehicle end;
the second ciphertext generating module is used for decrypting the first verification ciphertext according to the private key of the first vehicle end to obtain the verification information, generating a public key of the second vehicle end according to the identity of the second vehicle end, encrypting the verification information by utilizing the public key of the second vehicle end, generating a second verification ciphertext and sending the second verification ciphertext to the second vehicle end;
the verification module is used for decrypting the second verification ciphertext according to the private key of the second vehicle, comparing the verification information obtained after decryption with the pre-generated verification information, and determining that the authentication is successful under the condition that the verification information obtained after decryption is consistent with the pre-generated verification information.
6. The system of claim 5, wherein the system further comprises:
the vehicle-end private key request module is used for sending a private key request to the cloud platform by the vehicle-end, wherein the private key request carries an identity mark of the vehicle-end;
the cloud platform is used for generating a private key of the vehicle end according to the identity of the vehicle end, encrypting the private key based on a cloud sharing key generated in advance, generating a private key ciphertext of the vehicle end and issuing the private key ciphertext to the vehicle end;
and the vehicle end private key storage module is used for decrypting the private key ciphertext of the vehicle end based on the vehicle cloud shared secret key by the vehicle end to obtain a private key of the vehicle end and storing the private key in a local place.
7. The system of claim 6, wherein the vehicle-end private key generation module comprises:
the system comprises a master key pair generation unit, a cloud platform and a cloud server, wherein the master key pair generation unit is used for generating a signature master key pair and an encryption master key pair based on an SM9 algorithm, communicating with a vehicle end through a Diffie-Hellman key exchange protocol and generating a vehicle cloud sharing key, and the encryption master key pair comprises an encryption master private key and an encryption master public key;
and the vehicle-end private key encryption unit is used for encrypting the private key of the vehicle end by the cloud platform based on an SM4 algorithm and the vehicle-cloud shared key.
8. The system of claim 5, wherein the system further comprises:
the communication encryption unit is used for encrypting the data to be communicated according to the public key of the two vehicle ends by the first vehicle end under the condition that the authentication is successful, generating a data ciphertext to be communicated and sending the data ciphertext to the second vehicle end;
the communication decryption and response encryption unit is used for decrypting the ciphertext of the data to be communicated according to the public key of the first vehicle end by the second vehicle end, generating plaintext of the data to be communicated, generating response data according to the plaintext of the data to be communicated, encrypting the response data by the public key of the first vehicle end, generating ciphertext of the response data and sending the ciphertext of the response data to the first vehicle end;
the response decryption unit is used for decrypting the response data ciphertext according to the public key of the second vehicle end by the first vehicle end to generate a response data plaintext.
9. The vehicle identity authentication device based on the SM9 algorithm is characterized by comprising a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory are in communication with each other through the communication bus;
a memory for storing a computer program;
a processor for carrying out the method steps of any one of claims 1-4 when executing a program stored on a memory.
10. A computer readable storage medium, on which a computer program is stored, characterized in that the program, when being executed by a processor, implements the method according to any of claims 1-4.
CN202111124163.7A 2021-09-24 2021-09-24 SM9 algorithm-based vehicle identity authentication method, system, device and storage medium Active CN113852632B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111124163.7A CN113852632B (en) 2021-09-24 2021-09-24 SM9 algorithm-based vehicle identity authentication method, system, device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111124163.7A CN113852632B (en) 2021-09-24 2021-09-24 SM9 algorithm-based vehicle identity authentication method, system, device and storage medium

Publications (2)

Publication Number Publication Date
CN113852632A CN113852632A (en) 2021-12-28
CN113852632B true CN113852632B (en) 2023-10-20

Family

ID=78979429

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111124163.7A Active CN113852632B (en) 2021-09-24 2021-09-24 SM9 algorithm-based vehicle identity authentication method, system, device and storage medium

Country Status (1)

Country Link
CN (1) CN113852632B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114448644B (en) * 2022-03-04 2024-06-04 芜湖雄狮汽车科技有限公司 Digital certificate realization method, device, equipment and medium based on symmetric algorithm
CN114879980B (en) * 2022-05-18 2024-07-09 一汽解放汽车有限公司 Vehicle-mounted application installation method and device, computer equipment and storage medium
CN115376226B (en) * 2022-08-23 2024-08-13 芜湖雄狮汽车科技有限公司 NFC vehicle key authentication method and device, vehicle and storage medium
CN115842632A (en) * 2022-11-15 2023-03-24 宁德时代新能源科技股份有限公司 Identity authentication method, device, equipment and medium
CN115801448A (en) * 2023-01-09 2023-03-14 北京中科网威信息技术有限公司 Data communication method and system

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110113150A (en) * 2019-04-08 2019-08-09 淮阴工学院 The encryption method and system of deniable authentication based on no certificate environment
CN110881177A (en) * 2019-10-22 2020-03-13 如般量子科技有限公司 Anti-quantum computing distributed Internet of vehicles method and system based on identity secret sharing
CN111435913A (en) * 2019-01-14 2020-07-21 海信集团有限公司 Identity authentication method and device for terminal of Internet of things and storage medium
CN112491559A (en) * 2020-12-03 2021-03-12 中国联合网络通信集团有限公司 Identity verification method and device
CN112673590A (en) * 2019-08-16 2021-04-16 华为技术有限公司 Method and equipment for data transmission between Internet of vehicles equipment
CN112671798A (en) * 2020-12-31 2021-04-16 北京明朝万达科技股份有限公司 Service request method, device and system in Internet of vehicles
CN113204757A (en) * 2021-04-30 2021-08-03 北京明朝万达科技股份有限公司 Information interaction method, device and system

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9705859B2 (en) * 2015-12-11 2017-07-11 Amazon Technologies, Inc. Key exchange through partially trusted third party
EP3474488A4 (en) * 2016-06-17 2019-11-06 KDDI Corporation System, certification authority, vehicle-mounted computer, vehicle, public key certificate issuance method, and program

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111435913A (en) * 2019-01-14 2020-07-21 海信集团有限公司 Identity authentication method and device for terminal of Internet of things and storage medium
CN110113150A (en) * 2019-04-08 2019-08-09 淮阴工学院 The encryption method and system of deniable authentication based on no certificate environment
CN112673590A (en) * 2019-08-16 2021-04-16 华为技术有限公司 Method and equipment for data transmission between Internet of vehicles equipment
CN110881177A (en) * 2019-10-22 2020-03-13 如般量子科技有限公司 Anti-quantum computing distributed Internet of vehicles method and system based on identity secret sharing
CN112491559A (en) * 2020-12-03 2021-03-12 中国联合网络通信集团有限公司 Identity verification method and device
CN112671798A (en) * 2020-12-31 2021-04-16 北京明朝万达科技股份有限公司 Service request method, device and system in Internet of vehicles
CN113204757A (en) * 2021-04-30 2021-08-03 北京明朝万达科技股份有限公司 Information interaction method, device and system

Also Published As

Publication number Publication date
CN113852632A (en) 2021-12-28

Similar Documents

Publication Publication Date Title
CN113852632B (en) SM9 algorithm-based vehicle identity authentication method, system, device and storage medium
CN111953705B (en) Internet of things identity authentication method and device and power Internet of things identity authentication system
CN106533655B (en) Method for safe communication of ECU (electronic control Unit) in vehicle interior network
Chuang et al. TEAM: Trust-extended authentication mechanism for vehicular ad hoc networks
US8526606B2 (en) On-demand secure key generation in a vehicle-to-vehicle communication network
Wang et al. NOTSA: Novel OBU with three-level security architecture for internet of vehicles
Priyadharshini et al. A secure hash message authentication code to avoid certificate revocation list checking in vehicular adhoc networks
CN111147460B (en) Block chain-based cooperative fine-grained access control method
CN112887338A (en) Identity authentication method and system based on IBC identification password
CN105141602A (en) File ownership proof method based on convergence encryption
CN113452764B (en) SM 9-based vehicle networking V2I bidirectional authentication method
CN112636923B (en) Engineering machinery CAN equipment identity authentication method and system
WO2020041499A1 (en) Systems and methods for a butterfly key exchange program
US20190044922A1 (en) Symmetric key identity systems and methods
CN112437108A (en) Decentralized identity authentication device and method for privacy protection of Internet of vehicles
Carvajal-Roca et al. A semi-centralized dynamic key management framework for in-vehicle networks
CN113472734B (en) Identity authentication method and device
CN114091009B (en) Method for establishing safety link by using distributed identity mark
CN115913521A (en) Method for identity authentication based on quantum key
US20220191045A1 (en) Implementation of a butterfly key expansion scheme
Shao et al. Blockchain-assisted certificateless signcryption for vehicle-to-vehicle communication in VANETs
US11570008B2 (en) Pseudonym credential configuration method and apparatus
CN114584385A (en) In-vehicle network safety communication method, computer equipment, medium and terminal
CN114928821A (en) Combined matrix management method and device for intelligent networked vehicle and storage medium
Zhang et al. Study on secure communication of internet of vehicles based on identity-based cryptograph

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant