CN114554441A - Direct connection communication authentication method and device - Google Patents
Direct connection communication authentication method and device Download PDFInfo
- Publication number
- CN114554441A CN114554441A CN202011254163.4A CN202011254163A CN114554441A CN 114554441 A CN114554441 A CN 114554441A CN 202011254163 A CN202011254163 A CN 202011254163A CN 114554441 A CN114554441 A CN 114554441A
- Authority
- CN
- China
- Prior art keywords
- edge computing
- vehicle
- computing node
- authentication
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/30—Services specially adapted for particular environments, situations or purposes
- H04W4/40—Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/30—Services specially adapted for particular environments, situations or purposes
- H04W4/40—Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
- H04W4/46—Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P] for vehicle-to-vehicle communication [V2V]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Mobile Radio Communication Systems (AREA)
- Traffic Control Systems (AREA)
Abstract
The invention provides a direct connection communication authentication method and device, and belongs to the technical field of communication. The direct communication authentication method is applied to an edge computing node, and comprises the following steps: receiving an authentication application sent by a vehicle-mounted unit, wherein the authentication application requests to verify the identity of a vehicle carrying the vehicle-mounted unit; and after the vehicle passes the identity authentication, issuing M-ID identifications and key Kd lists of the vehicle and other edge computing nodes in topological relation with the vehicle to the vehicle-mounted unit. The technical scheme of the invention can ensure the continuity of the service, reduce the frequent authentication in the running process of the vehicle, and realize the direct communication between vehicles without multiple authentications for the vehicles in the coverage range of the adjacent heterogeneous edge computing nodes.
Description
Technical Field
The invention relates to the technical field of Internet of vehicles, in particular to a direct communication authentication method and device.
Background
Currently, direct communication authentication mechanisms of the internet of vehicles mainly include two types:
1. secure authentication and secure communication are achieved using Public Key certificate based PKI (Public Key Infrastructure) mechanisms. In the process of direct connection communication, the terminal of the internet of vehicles adopts a public key of a Certificate Authority (CA) to digitally sign the transmitted message, so as to realize the safety Certification of the legal identity of the terminal and the safety Certification of the message content.
The technology is independent of a cellular network, but the realization of the technology depends on a public key infrastructure of the PKI, is limited by solving the problems of deployment, management, operation, maintenance and the like of the PKI infrastructure, and is difficult to deploy and apply. On the other hand, the car networking terminal has the problems of CA certificate initial installation, destruction and the like, and the complexity of the business process is increased. And asymmetric cryptographic operation and the like in the authentication process have high requirements on the processing and computing capabilities of the terminal, and challenges are brought to the time delay of messages and the increase of the cost of the terminal.
2. And using the edge computing node to realize regional authentication, performing mutual identity authentication between the terminal in the service coverage range of the edge computing node and the edge computing node, and after the identity authentication is successful, obtaining the M-ID identification and the session key Kd of the region by the terminal. The M-ID is an identification of the authentication service area of the edge computing node of the Internet of vehicles service, can be used as a direct communication identification of the Internet of vehicles terminal, and is used for hiding identification information of the Internet of vehicles terminal and protecting user identification privacy. Is short for MEC-ID. And the Kd is a session key for directly connecting communication of the vehicle networking terminals in the vehicle networking service edge computing node authentication service area, and is used for protecting directly connected communication messages. Kd may take the form of a symmetric or asymmetric key.
And then, in the process of direct communication between the terminals of the Internet of vehicles, the M-ID identification message can be used, and integrity protection or digital signature can be carried out on the sent message by using Kd, so that the authentication of the message source is realized.
The technology uses a network architecture of edge computing, uses existing password resources in a USIM (Universal Subscriber Identity Module) of a terminal to complete authentication, does not need to be based on PKI public key infrastructure, does not need to adopt CA certificate, and saves system construction cost. However, due to the limitation of the coverage range and the coverage capability of the edge computing service, when two vehicles are close to each other but belong to different edge computing service nodes, direct communication cannot be achieved between the two vehicles due to the difference between the M-ID identifications and the session keys Kd of the two vehicles, the mechanism of the direct communication with the safe and efficient internet of vehicles is deviated, and the full coverage implementation of the V2V application scenario is seriously affected. In addition, when the vehicle leaves the coverage of the current edge computing service node and enters the coverage of another edge computing service node, the authentication needs to be initiated again. The vehicle faces the problem of frequently initiating authentication application in the process of high-speed running.
Disclosure of Invention
The technical problem to be solved by the invention is to provide a direct communication authentication method and device, which can ensure the continuity of service, reduce the frequent authentication in the vehicle driving process, and realize the direct communication between vehicles without multiple authentications for vehicles in the coverage range of adjacent heterogeneous edge computing nodes.
To solve the above technical problem, embodiments of the present invention provide the following technical solutions:
in one aspect, a direct communication authentication method is provided, which is applied to an edge computing node, and the method includes:
receiving an authentication application sent by a vehicle-mounted unit, wherein the authentication application requests to verify the identity of a vehicle carrying the vehicle-mounted unit;
and after the vehicle passes the identity authentication, issuing M-ID identifications and key Kd lists of the vehicle and other edge computing nodes in topological relation with the vehicle to the vehicle-mounted unit.
In some embodiments, before receiving the authentication application sent by the vehicle-mounted unit, the method further includes:
uploading position information of the mobile terminal to a central computing platform;
and receiving M-ID identifications and key Kd lists of the central computing platform and other edge computing nodes having topological relations with the central computing platform.
The embodiment of the invention also provides a direct communication authentication method, which is applied to a vehicle-mounted unit and comprises the following steps:
sending an authentication application to an edge computing node, wherein the vehicle-mounted unit is positioned in the coverage range of the edge computing node;
and receiving M-ID identifications and key Kd lists of the edge computing nodes and other edge computing nodes having topological relations with the edge computing nodes, wherein the M-ID identifications and the key Kd lists are issued by the edge computing nodes.
The embodiment of the invention also provides a direct communication authentication device, which is applied to the edge computing node and comprises the following components:
the authentication application receiving module is used for receiving an authentication application sent by a vehicle-mounted unit, and the authentication application request verifies the identity of a vehicle carrying the vehicle-mounted unit;
and the sending module is used for issuing M-ID identifications and key Kd lists of the vehicle-mounted unit and other edge computing nodes having topological relation with the vehicle-mounted unit after the vehicle passes the identity verification.
In some embodiments, further comprising:
the uploading module is used for uploading the position information of the central computing platform;
and the receiving module is used for receiving the M-ID identification and the key Kd list of the central computing platform and other edge computing nodes which have topological relation with the central computing platform.
The embodiment of the invention also provides a direct communication authentication device, which is applied to a vehicle-mounted unit, and comprises the following components:
the authentication module is used for sending an authentication application to an edge computing node, and the vehicle-mounted unit is positioned in the coverage range of the edge computing node;
and the receiving module is used for receiving the M-ID identifications and the key Kd lists of the edge computing nodes and other edge computing nodes having a topological relation with the edge computing nodes, which are sent by the edge computing nodes.
The embodiment of the invention also provides a direct communication authentication system, which comprises:
the edge computing node is used for receiving an authentication application sent by a vehicle-mounted unit, the authentication application requests to verify the identity of a vehicle carrying the vehicle-mounted unit, and after the identity of the vehicle passes the verification, the edge computing node issues M-ID identifications and key Kd lists of the edge computing node and other edge computing nodes having a topological relation with the edge computing node to the vehicle-mounted unit;
and the vehicle-mounted unit is used for sending an authentication application to the edge computing node, is positioned in the coverage range of the edge computing node, and receives the M-ID identifications and the key Kd lists of the edge computing node and other edge computing nodes having a topological relation with the edge computing node, which are sent by the edge computing node.
In some embodiments, further comprising:
the central computing platform is used for receiving the position information reported by the edge computing nodes, constructing the topological relation among the edge computing nodes according to the position information reported by the edge computing nodes, and issuing M-ID (identity) and a key Kd (Kd) list of the edge computing node and other edge computing nodes having the topological relation with the edge computing node to each edge computing node;
the edge computing node is specifically configured to upload position information of the edge computing node to the central computing platform, and receive M-ID identifiers and key Kd lists of the edge computing node and other edge computing nodes having a topological relationship with the edge computing node, where the M-ID identifiers and the key Kd lists are issued by the central computing platform.
The embodiment of the invention also provides a direct communication authentication device, which comprises a memory, a processor and a computer program which is stored on the memory and can run on the processor; the processor, when executing the program, implements the direct communication authentication method as described above.
An embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps in the direct communication authentication method described above.
The embodiment of the invention has the following beneficial effects:
in the scheme, the central computing platform constructs the topological relation among the edge computing nodes according to the position information reported by the edge computing nodes, and issues the M-ID identification and the key Kd list of each edge computing node and the nodes having the topological relation with the edge computing node to the corresponding edge computing node. When a vehicle drives into the coverage range of the edge calculation node, the M-ID identification and the key Kd list of the current edge calculation node and the edge calculation node having a topological relation with the current edge calculation node are acquired through authentication, and two adjacent vehicles can immediately analyze peripheral vehicle information acquired through the PC5 even if the two adjacent vehicles belong to two different edge calculation nodes, so that the authentication of a new edge calculation node is not required to be completed, the real-time effective communication of the vehicle and the continuity of V2X service are ensured, the frequent authentication in the driving process of the vehicle is reduced, and the direct communication between the vehicles can be realized without multiple authentications on the vehicles in the coverage range of the adjacent edge calculation nodes.
Drawings
FIG. 1 is a schematic diagram of an architecture of an Internet of vehicles direct communication authentication system;
FIG. 2 is a schematic view of a topological relationship of edge compute nodes;
FIG. 3 is a flowchart illustrating a direct communication authentication method applied to a central computing platform according to an embodiment of the present invention;
fig. 4 is a schematic flowchart of a direct communication authentication method applied to an edge computing node according to an embodiment of the present invention;
fig. 5 is a flowchart illustrating a direct communication authentication method applied to a vehicle-mounted unit according to an embodiment of the present invention;
fig. 6 is a flowchart illustrating a direct communication authentication method according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of a direct communication authentication apparatus applied to a central computing platform according to an embodiment of the present invention;
fig. 8 is a schematic structural diagram of a direct communication authentication apparatus applied to an edge computing node according to an embodiment of the present invention;
fig. 9 is a schematic structural diagram of a direct communication authentication device applied to an on-board unit according to an embodiment of the present invention;
fig. 10 is a schematic diagram illustrating a configuration of a direct communication authentication apparatus according to an embodiment of the present invention.
Detailed Description
In order to make the technical problems, technical solutions and advantages to be solved by the embodiments of the present invention clearer, the following detailed description will be given with reference to the accompanying drawings and specific embodiments.
As shown in fig. 1, the technical solution of the present embodiment relates to the following devices:
an On Board Unit (OBU), that is, an OBU installed On a vehicle (e.g., an intelligent rearview mirror, an intelligent car machine, etc.), supports Uu communication and PC5 communication, and On one hand, acquires a certificate from an edge computing node through Uu communication, and On the other hand, acquires early warning prompt information such as traffic light information and road events by monitoring a PC5 broadcast, and performs signature verification of data through the acquired certificate.
With the popularization of the application of the internet of things, the edge computing node, namely the V2X edge computing node, puts higher requirements on the data processing performance of mass vehicle terminals, so that the service logic of the vehicle needing to process feedback in real time can be released, the data processing performance is provided by the edge computing node, and the time delay is reduced. The edge computing node is responsible for identity authentication of vehicles and issuing of key information, and the deployment position can be a base station side, an access ring, a convergence ring, a core network and the like.
The central computing platform is responsible for integrally operating and managing each V2X edge computing node and storing the basic information of each V2X edge computing node; timely scheduling the cooperation of each V2X edge computing node; providing basic information authentication capability; regularly notifying each edge computing node of updating the private key information of each application; and uniformly managing the executable third-party applications.
The topology of the edge computing nodes based on distance is shown in fig. 2, wherein the edge computing nodes are replaced by MECs for short. The topological structure of the edge computing nodes is established based on the deployed position information, for example, the distance of 500 meters is used as the basis for establishing the connection relationship, and when the distance between two edge computing nodes is less than or equal to 500 meters, the connection relationship is established. Wherein, the topological connection relation between MEC (III) and MEC (III) is MEC (III), MEC (V) and MEC (V). The reason why the connection relationship is established at a distance of 500 meters is suggested to be adopted is that the coverage range of the PC5 communication is 500 meters at most, namely, the direct communication distance between the RSU (Road side unit) and the OBU is 500 meters at most, and the direct communication distance between the OBU and the OBU exceeds 500 meters, so that the reliability of data transmission cannot be ensured.
Where V2X is meant as Vehicle to X, where X represents Infrastructure (Infrastructure), Vehicle (Vehicle), person (Pedestrian), etc., and X may be any possible "person or thing" (everting). The V2X is mainly used for improving road safety and improving wireless technology of traffic management, is a key technology of a future Intelligent Transportation System (ITS), and can implement mutual communication between vehicles, between vehicles and roadside facilities, and between vehicles and the internet.
The RSU is the meaning of Road Site Unit, is established at the roadside and can acquire Road infrastructure information and information sent by a V2X platform, and early warning prompt of Road, vehicle and pedestrian information is broadcasted to vehicles in a range in a PC5 broadcasting mode, so that driving safety is improved, congestion is reduced, and traffic efficiency is improved. Has the advantages of short time delay and wide range.
The PC5 broadcast is based on the D2D (Device-To-Device, inter-Device) proximity communication service (ProSe) in the LTE standard. The PC5 interface established by the latest standard can realize high-speed and high-density direct communication of 250Kph, and meets the communication requirements of V2X on low time delay and high density of messages.
The embodiment of the invention provides a direct communication authentication method and device, which can ensure the continuity of services, reduce the frequent authentication in the driving process of vehicles, and realize the direct communication between vehicles without multiple authentications for the vehicles in the coverage range of adjacent heterogeneous edge computing nodes.
An embodiment of the present invention provides a direct communication authentication method, which is applied to a central computing platform, and as shown in fig. 3, the method includes:
step 101: receiving position information reported by a plurality of edge computing nodes;
step 102: constructing a topological relation among the edge computing nodes according to the position information reported by the edge computing nodes;
step 103: and issuing the M-ID identification and the key Kd list of the edge computing node and other edge computing nodes in topological relation to the edge computing node to each edge computing node.
In this embodiment, the central computing platform constructs a topological relation between edge computing nodes according to the position information reported by the edge computing nodes, and issues the M-ID identifier and the key Kd list of each edge computing node and the node having the topological relation with the edge computing node to the corresponding edge computing node.
In some embodiments, the method further comprises:
and storing the topological relation among the edge computing nodes.
In some embodiments, the constructing a topological relationship between the edge computing nodes according to the location information reported by the edge computing nodes includes:
determining the distance between the edge computing nodes according to the position information reported by the edge computing nodes;
and constructing a topological relation among the edge calculation nodes according to the distance among the edge calculation nodes.
The embodiment of the invention also provides a direct communication authentication method, which is applied to the edge computing node, and as shown in fig. 4, the method comprises the following steps:
step 203: receiving an authentication application sent by a vehicle-mounted unit, wherein the authentication application request verifies the identity of a vehicle carrying the vehicle-mounted unit;
step 204: and after the vehicle passes the identity verification, issuing M-ID identifications and key Kd lists of the vehicle and other edge computing nodes in topological relation with the vehicle to the vehicle-mounted unit.
In some embodiments, as shown in fig. 4, before step 203, the method further comprises:
step 201: uploading position information of the mobile terminal to a central computing platform;
step 202: and receiving M-ID identifications and key Kd lists of the central computing platform and other edge computing nodes having topological relations with the central computing platform.
In this embodiment, when a vehicle travels into the coverage area of an edge computing node, the M-ID identifier and the key Kd list of the current edge computing node and the edge computing node having a topological relationship with the current edge computing node are obtained through authentication, and two adjacent vehicles, even if they belong to two different edge computing nodes, can immediately analyze the peripheral vehicle information obtained through the PC5 without waiting for the authentication of the new edge computing node to complete, thereby ensuring the real-time effective communication of the vehicle and the continuity of the V2X service, reducing the frequent authentication during the traveling of the vehicle, and enabling the direct communication between the vehicles without multiple authentications in the coverage area of the adjacent edge computing node.
An embodiment of the present invention further provides a direct communication authentication method, which is applied to a vehicle-mounted unit, and as shown in fig. 5, the method includes:
step 301: sending an authentication application to an edge computing node, wherein the vehicle-mounted unit is positioned in the coverage range of the edge computing node;
step 302: and receiving M-ID identifications and key Kd lists of the edge computing nodes and other edge computing nodes having topological relations with the edge computing nodes, wherein the M-ID identifications and the key Kd lists are issued by the edge computing nodes.
In this embodiment, when a vehicle travels into the coverage area of an edge computing node, the M-ID identifier and the key Kd list of the current edge computing node and the edge computing node having a topological relationship with the current edge computing node are obtained through authentication, and two adjacent vehicles, even if they belong to two different edge computing nodes, can immediately analyze the peripheral vehicle information obtained through the PC5 without waiting for the authentication of the new edge computing node to complete, thereby ensuring the real-time effective communication of the vehicle and the continuity of the V2X service, reducing the frequent authentication during the traveling of the vehicle, and enabling the direct communication between the vehicles without multiple authentications in the coverage area of the adjacent edge computing node.
The embodiment of the invention also provides a direct communication authentication system, which comprises:
the edge computing node is used for receiving an authentication application sent by a vehicle-mounted unit, the authentication application requests to verify the identity of a vehicle carrying the vehicle-mounted unit, and after the identity of the vehicle passes the verification, the edge computing node issues M-ID identifications and key Kd lists of the edge computing node and other edge computing nodes having a topological relation with the edge computing node to the vehicle-mounted unit;
and the vehicle-mounted unit is positioned in the coverage range of the edge computing node and receives the M-ID identifications and the key Kd lists of the edge computing node and other edge computing nodes having a topological relation with the edge computing node, wherein the M-ID identifications and the key Kd lists are issued by the edge computing node.
The direct communication authentication system further comprises:
the central computing platform is used for receiving the position information reported by the edge computing nodes, constructing a topological relation among the edge computing nodes according to the position information reported by the edge computing nodes, and issuing M-ID (identity) and a key Kd (Kd) list of the edge computing node and other edge computing nodes having the topological relation with the edge computing node to each edge computing node;
the edge computing node is specifically configured to upload position information of the edge computing node to the central computing platform, and receive M-ID identifiers and key Kd lists of the edge computing node and other edge computing nodes having a topological relationship with the edge computing node, where the M-ID identifiers and the key Kd lists are issued by the central computing platform.
In this embodiment, the central computing platform constructs a topological relation between edge computing nodes according to the position information reported by the edge computing nodes, and issues the M-ID identifier and the key Kd list of each edge computing node and the node having the topological relation with the edge computing node to the corresponding edge computing node. When a vehicle drives into the coverage range of the edge calculation node, the M-ID identification and the key Kd list of the current edge calculation node and the edge calculation node having a topological relation with the current edge calculation node are acquired through authentication, and two adjacent vehicles can immediately analyze peripheral vehicle information acquired through the PC5 even if the two adjacent vehicles belong to two different edge calculation nodes, so that the authentication of a new edge calculation node is not required to be completed, the real-time effective communication of the vehicle and the continuity of V2X service are ensured, the frequent authentication in the driving process of the vehicle is reduced, and the direct communication between the vehicles can be realized without multiple authentications on the vehicles in the coverage range of the adjacent edge calculation nodes.
In a specific example, as shown in fig. 6, the direct communication authentication includes the following steps:
step 1, uploading own position information to a V2X central computing platform by an edge computing node 1 and an edge computing node 2;
step 2, the V2X center computing platform constructs the topological relation between the edge computing nodes according to the distance between the edge computing nodes;
step 3, the V2X center computing platform issues M-ID identification and a key Kd list of the edge computing node and the edge computing node having a topological relation with the edge computing node to each edge computing node;
step 4, when the vehicle loaded with the OBU sends an authentication application to the current edge computing node, the edge computing node verifies the identity of the vehicle;
and 5, after the vehicle identity authentication is passed, the edge computing node sends the M-ID identification and the key Kd list of the local node and the nodes having the topological relation with the local node to the vehicle.
As shown in fig. 6, the V2X central computing platform constructs a topological relationship between edge computing nodes according to the position information reported by the edge computing nodes, and issues the M-ID and key Kd lists of each edge computing node and the node having the topological relationship with the edge computing node to the corresponding edge computing node. When a vehicle drives into the coverage range of the edge computing node, the M-ID identification and the key Kd list of the current edge computing node and the node having the topological relation with the current edge computing node are obtained through authentication, and two adjacent vehicles can immediately analyze the information of the peripheral vehicle obtained through the PC5 even if the two adjacent vehicles belong to two different edge computing nodes, so that the authentication of a new edge computing node is not required to be finished, the real-time effective communication of the vehicle and the continuity of V2X service are ensured, the frequent authentication in the driving process of the vehicle is reduced, and the direct communication between the vehicles can be realized without multiple authentications on the vehicles in the coverage range of the adjacent edge computing nodes.
In a V2X scenario, the vehicle-mounted OBU wants to parse PC5 messages broadcasted by surrounding vehicles, and needs to apply for authentication acquisition identification and key information to the edge computing node, but in this embodiment, the vehicle-mounted OBU can acquire an identification and key information list of the edge computing node matched with the vehicle-mounted OBU and its topological relation, and when the vehicle-mounted OBU runs between nodes in the same edge computing node topological relation, the M-ID identification and key Kd information do not need to be repeatedly applied, thereby ensuring the continuity of the service of the vehicle V2X, and avoiding repeated or frequent application for authentication to the V2X platform.
An embodiment of the present invention further provides a direct communication authentication apparatus, which is applied to a central computing platform, and as shown in fig. 7, the apparatus includes:
a receiving module 41, configured to receive location information reported by multiple edge computing nodes;
a building module 42, configured to build a topological relation between the edge computing nodes according to the location information reported by the edge computing nodes;
and a sending module 43, configured to send, to each edge computing node, an M-ID identifier and a key Kd list of the edge computing node and other edge computing nodes having a topological relationship with the edge computing node.
In this embodiment, the central computing platform constructs a topological relation between edge computing nodes according to the position information reported by the edge computing nodes, and issues the M-ID identifier and the key Kd list of each edge computing node and the node having the topological relation with the edge computing node to the corresponding edge computing node.
In some embodiments, further comprising:
and the storage module is used for storing the topological relation among the edge computing nodes.
In some embodiments, the building module comprises:
the processing unit is used for determining the distance between the edge computing nodes according to the position information reported by the edge computing nodes;
and the constructing unit is used for constructing the topological relation among the edge computing nodes according to the distance among the edge computing nodes.
An embodiment of the present invention further provides a direct communication authentication apparatus, which is applied to an edge computing node, and as shown in fig. 8, the apparatus includes:
an authentication application receiving module 53, configured to receive an authentication application sent by an onboard unit, where the authentication application request verifies an identity of a vehicle on which the onboard unit is mounted;
and the sending module 54 is configured to issue, to the vehicle-mounted unit, the M-ID identifier and the key Kd list of the vehicle and other edge computing nodes having a topological relationship with the vehicle after the vehicle passes the authentication.
For some embodiments, as shown in fig. 8, the apparatus further comprises:
the uploading module 51 is used for uploading the position information of the user to the central computing platform;
a receiving module 52, configured to receive the M-ID identifier and the key Kd list of the edge computing node itself and other edge computing nodes having a topological relationship with itself, where the M-ID identifier and the key Kd list are issued by the central computing platform.
In this embodiment, when a vehicle travels into the coverage area of an edge computing node, the M-ID identifier and the key Kd list of the current edge computing node and the edge computing node having a topological relationship with the current edge computing node are obtained through authentication, and two adjacent vehicles, even if they belong to two different edge computing nodes, can immediately analyze the peripheral vehicle information obtained through the PC5 without waiting for the authentication of the new edge computing node to complete, thereby ensuring the real-time effective communication of the vehicle and the continuity of the V2X service, reducing the frequent authentication during the traveling of the vehicle, and enabling the direct communication between the vehicles without multiple authentications in the coverage area of the adjacent edge computing node.
An embodiment of the present invention further provides a direct communication authentication apparatus, which is applied to a vehicle-mounted unit, and as shown in fig. 9, the apparatus includes:
the authentication module 61 is used for sending an authentication application to an edge computing node, and the vehicle-mounted unit is located in the coverage range of the edge computing node;
a receiving module 62, configured to receive M-ID identifiers and key Kd lists of the edge computing nodes and other edge computing nodes having a topological relationship with the edge computing nodes, where the M-ID identifiers and the key Kd lists are sent by the edge computing nodes.
In this embodiment, when a vehicle enters the coverage area of the edge computing node, the M-ID identifier and the key Kd list of the current edge computing node and the edge computing node having a topological relation with the current edge computing node are obtained through authentication, and two adjacent vehicles can immediately analyze peripheral vehicle information obtained through the PC5 even if the two vehicles belong to two different edge computing nodes, so that the authentication of a new edge computing node is not required to be completed, the real-time effective communication of the vehicle and the continuity of the V2X service are ensured, the frequent authentication during the vehicle running process is reduced, and the direct communication between the vehicles can be realized without multiple authentications for the vehicles in the coverage area of the adjacent edge computing node.
An embodiment of the present invention further provides a direct communication authentication apparatus, as shown in fig. 10, including a memory 71, a processor 72, and a computer program stored on the memory 71 and operable on the processor 72; the processor 72, when executing the program, implements the direct communication authentication method as described above.
The direct communication authentication device may be applied to a central computing platform, and the processor 72 is configured to receive location information reported by a plurality of edge computing nodes; constructing a topological relation among the edge computing nodes according to the position information reported by the edge computing nodes; and issuing the M-ID identification and the key Kd list of the edge computing node and other edge computing nodes in topological relation to the edge computing node to each edge computing node.
The processor 72 is also configured to store the topological relationships between the edge computing nodes.
The processor 72 is further configured to determine distances between the edge computing nodes according to the position information reported by the edge computing nodes; and constructing a topological relation among the edge computing nodes according to the distance among the edge computing nodes.
The direct communication authentication device may be applied to an edge computing node, and the processor 72 is configured to upload location information of itself to the central computing platform; receiving M-ID identifications and key Kd lists of the central computing platform and other edge computing nodes having topological relations with the central computing platform; receiving an authentication application sent by a vehicle-mounted unit, wherein the authentication application requests to verify the identity of a vehicle carrying the vehicle-mounted unit; and after the vehicle passes the identity verification, issuing M-ID identifications and key Kd lists of the vehicle and other edge computing nodes to the vehicle-mounted unit.
The direct communication authentication device may be applied to an on-board unit, and the processor 72 is configured to send an authentication application to an edge computing node, where the on-board unit is located in a coverage area of the edge computing node; and receiving M-ID identifications and key Kd lists of the edge computing nodes and other edge computing nodes having topological relation with the edge computing nodes, wherein the M-ID identifications and the key Kd lists are issued by the edge computing nodes.
Embodiments of the present invention also provide a computer-readable storage medium, on which a computer program is stored, which when executed by a processor, implements the steps in the direct communication authentication method as described above.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technologies, compact disc read only memory (CD-ROM), Digital Versatile Disc (DVD) or other optical storage, magnetic cassettes, magnetic tape disk storage or other magnetic storage terminal devices to be detected, or any other non-transmission medium that can be used to store information that can be accessed by a computer terminal device to be detected. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
While the foregoing is directed to the preferred embodiment of the present invention, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention as defined in the appended claims.
Claims (10)
1. A direct communication authentication method is applied to an edge computing node, and comprises the following steps:
receiving an authentication application sent by a vehicle-mounted unit, wherein the authentication application requests to verify the identity of a vehicle carrying the vehicle-mounted unit;
and after the vehicle passes the identity authentication, issuing M-ID identifications and key Kd lists of the vehicle and other edge computing nodes in topological relation with the vehicle to the vehicle-mounted unit.
2. The direct communication authentication method according to claim 1, wherein before receiving an authentication application sent by a vehicle-mounted unit, the method further comprises:
uploading position information of the mobile terminal to a central computing platform;
and receiving M-ID identifications and key Kd lists of the central computing platform and other edge computing nodes having topological relation with the central computing platform.
3. A direct communication authentication method is applied to an on-board unit, and comprises the following steps:
sending an authentication application to an edge computing node, wherein the vehicle-mounted unit is positioned in the coverage range of the edge computing node;
and receiving M-ID identifications and key Kd lists of the edge computing nodes and other edge computing nodes having topological relations with the edge computing nodes, wherein the M-ID identifications and the key Kd lists are issued by the edge computing nodes.
4. A direct communication authentication apparatus, applied to an edge computing node, the apparatus comprising:
the system comprises an authentication application receiving module, a vehicle-mounted unit and a verification module, wherein the authentication application receiving module is used for receiving an authentication application sent by the vehicle-mounted unit, and the authentication application request verifies the identity of a vehicle carrying the vehicle-mounted unit;
and the sending module is used for issuing M-ID identifications and key Kd lists of the vehicle-mounted unit and other edge computing nodes having topological relation with the vehicle-mounted unit to the vehicle-mounted unit after the vehicle passes the identity verification.
5. The direct communication authentication device of claim 4, further comprising:
the uploading module is used for uploading the position information of the central computing platform;
and the receiving module is used for receiving the M-ID identification and the key Kd list of the central computing platform and other edge computing nodes which have topological relation with the central computing platform.
6. A direct communication authentication apparatus, applied to an on-board unit, the apparatus comprising:
the authentication module is used for sending an authentication application to an edge computing node, and the vehicle-mounted unit is positioned in the coverage range of the edge computing node;
and the receiving module is used for receiving the M-ID identifications and the key Kd lists of the edge computing nodes and other edge computing nodes having a topological relation with the edge computing nodes, which are sent by the edge computing nodes.
7. A direct communication authentication system, comprising:
the edge computing node is used for receiving an authentication application sent by a vehicle-mounted unit, the authentication application requests to verify the identity of a vehicle carrying the vehicle-mounted unit, and after the identity of the vehicle passes the verification, the edge computing node issues M-ID identifications and key Kd lists of the edge computing node and other edge computing nodes having a topological relation with the edge computing node to the vehicle-mounted unit;
and the vehicle-mounted unit is used for sending an authentication application to the edge computing node, is positioned in the coverage range of the edge computing node, and receives the M-ID identifications and the key Kd lists of the edge computing node and other edge computing nodes having a topological relation with the edge computing node, which are sent by the edge computing node.
8. The direct communication authentication system of claim 7, further comprising:
the central computing platform is used for receiving the position information reported by the edge computing nodes, constructing a topological relation among the edge computing nodes according to the position information reported by the edge computing nodes, and issuing M-ID (identity) and a key Kd (Kd) list of the edge computing node and other edge computing nodes having the topological relation with the edge computing node to each edge computing node;
the edge computing node is specifically configured to upload position information of the edge computing node to the central computing platform, and receive M-ID identifiers and key Kd lists of the edge computing node and other edge computing nodes having a topological relationship with the edge computing node, where the M-ID identifiers and the key Kd lists are issued by the central computing platform.
9. A direct communication authentication apparatus comprising a memory, a processor and a computer program stored on the memory and executable on the processor; characterized in that the processor, when executing the program, implements the direct communication authentication method of claim 1 or 2 or implements the direct communication authentication method of claim 3.
10. A computer-readable storage medium, on which a computer program is stored, which program, when being executed by a processor, carries out the direct communication authentication method as claimed in claim 1 or 2 or carries out the steps of the direct communication authentication method as claimed in claim 3.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011254163.4A CN114554441A (en) | 2020-11-11 | 2020-11-11 | Direct connection communication authentication method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011254163.4A CN114554441A (en) | 2020-11-11 | 2020-11-11 | Direct connection communication authentication method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114554441A true CN114554441A (en) | 2022-05-27 |
Family
ID=81660228
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011254163.4A Pending CN114554441A (en) | 2020-11-11 | 2020-11-11 | Direct connection communication authentication method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114554441A (en) |
-
2020
- 2020-11-11 CN CN202011254163.4A patent/CN114554441A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110679168B (en) | V2X communication device and data communication method thereof | |
| Zhou et al. | Evolutionary V2X technologies toward the Internet of vehicles: Challenges and opportunities | |
| US10863356B2 (en) | Communications method, apparatus, and system | |
| WO2017071137A1 (en) | Information transmission method and road side unit | |
| WO2016197622A1 (en) | Internet of vehicle architecture and service implementation method and device therein | |
| US20230043268A1 (en) | Vehicle communication method and apparatus based on etc system, medium, and electronic device | |
| EP3442159B1 (en) | Certificate notification method and device | |
| CN107005844B (en) | Communication method and related device | |
| KR102217144B1 (en) | Authorization of user equipment to mobile communication networks previously licensed by a reliable transportation authority | |
| CN106790700A (en) | The method of sending and receiving of road environment information, apparatus and system | |
| CN114554441A (en) | Direct connection communication authentication method and device | |
| CN116761148A (en) | V2X identity management system and authentication method based on blockchain | |
| CN111653008A (en) | Intelligent networking automobile identity information configuration and use method | |
| CN113472541B (en) | Certificate switching method and device | |
| JP6715998B2 (en) | Communication method and related device | |
| Xu et al. | Internet Access in Vehicular Networks | |
| CN104980923A (en) | Transmission method of authentication information and terminal | |
| CN115002145B (en) | Vehicle information sharing system and method based on block chain | |
| Kato et al. | Link Setup Time Reduction by FILS on IEEE 802.11-Based Inter-Vehicular Communications | |
| Whaiduzzaman et al. | Towards Latency Aware Emerging Technology for Internet of Vehicles | |
| CN112804638B (en) | Networking method and device for roadside units, computer equipment and storage medium | |
| WO2022210063A1 (en) | Communication system for vehicles, relay server, and communication instrument for vehicles | |
| JP2020145693A (en) | Method and device for data transmission in vehicle-to-vehicle and road-to-vehicle communication system | |
| CN115623481A (en) | System message verification method and device | |
| CN116189418A (en) | Vehicle-road cooperative system, control method thereof and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |