CN114696998A - Identity authentication method, device and system - Google Patents
Identity authentication method, device and system Download PDFInfo
- Publication number
- CN114696998A CN114696998A CN202011563055.5A CN202011563055A CN114696998A CN 114696998 A CN114696998 A CN 114696998A CN 202011563055 A CN202011563055 A CN 202011563055A CN 114696998 A CN114696998 A CN 114696998A
- Authority
- CN
- China
- Prior art keywords
- information
- quantum key
- identity
- central server
- wireless charging
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 85
- 238000012795 verification Methods 0.000 claims description 231
- 238000004364 calculation method Methods 0.000 claims description 26
- 238000004891 communication Methods 0.000 abstract description 21
- 238000005516 engineering process Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 239000000284 extract Substances 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000005674 electromagnetic induction Effects 0.000 description 1
- 238000004134 energy conservation Methods 0.000 description 1
- 230000007613 environmental effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
-
- H—ELECTRICITY
- H02—GENERATION; CONVERSION OR DISTRIBUTION OF ELECTRIC POWER
- H02J—CIRCUIT ARRANGEMENTS OR SYSTEMS FOR SUPPLYING OR DISTRIBUTING ELECTRIC POWER; SYSTEMS FOR STORING ELECTRIC ENERGY
- H02J50/00—Circuit arrangements or systems for wireless supply or distribution of electric power
- H02J50/80—Circuit arrangements or systems for wireless supply or distribution of electric power involving the exchange of data, concerning supply or distribution of electric power, between transmitting devices and receiving devices
-
- H—ELECTRICITY
- H02—GENERATION; CONVERSION OR DISTRIBUTION OF ELECTRIC POWER
- H02J—CIRCUIT ARRANGEMENTS OR SYSTEMS FOR SUPPLYING OR DISTRIBUTING ELECTRIC POWER; SYSTEMS FOR STORING ELECTRIC ENERGY
- H02J7/00—Circuit arrangements for charging or depolarising batteries or for supplying loads from batteries
- H02J7/00032—Circuit arrangements for charging or depolarising batteries or for supplying loads from batteries characterised by data exchange
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Electromagnetism (AREA)
- Theoretical Computer Science (AREA)
- Electric Propulsion And Braking For Vehicles (AREA)
Abstract
The invention provides an identity authentication method, an identity authentication device and an identity authentication system, wherein the communication between a central server and a wireless charging management server as well as the communication between the central server and an electric automobile is based on a quantum key, the Quantum Key Distribution (QKD) process has the characteristic of quantum computing resistance, the quantum key generated in the QKD process is combined with the safe communication realized by a relevant algorithm and also has the characteristic of quantum computing resistance, the quantum key can be prevented from being obtained in a quantum computing mode, the behavior of counterfeiting the identity of the electric automobile in a key counterfeiting mode is further avoided, and the charging safety of the electric automobile is improved. Further, in the invention, the quantum key in the second quantum key set is used only once, so that the condition of key leakage caused by repeated use of the quantum key can be avoided, and the charging safety of the electric automobile can be improved.
Description
Technical Field
The invention relates to the field of quantum cryptography networks, in particular to an identity authentication method, device and system.
Background
The electric automobile is an automobile which takes a vehicle-mounted power supply as power and uses a motor to drive wheels to run, and the electric automobile is widely used due to the advantages of energy conservation, environmental protection, low noise and the like.
When the electric quantity is insufficient, the electric automobile can be charged in a wireless charging mode. Before wireless charging, the electric automobile needs to be subjected to authentication, and the electric automobile is allowed to be charged after the authentication is passed. If the identity of the electric automobile is verified wrongly, the situation that the electric automobile with the counterfeit identity is charged can occur, so that the charging reliability of the electric automobile is low, and the safe operation requirement of a wireless charging system cannot be met.
Disclosure of Invention
In view of this, the present invention provides an identity authentication method, device and system, so as to solve the problems that if the identity of the electric vehicle is verified incorrectly, the charging reliability of the electric vehicle is low, and the safe operation requirement of the wireless charging system cannot be met.
In order to solve the technical problems, the invention adopts the following technical scheme:
an identity authentication method is applied to a central server, the central server stores a first quantum key set shared by the central server and an electric vehicle and a second quantum key set shared by the central server and a wireless charging management server, and the central server communicates with the electric vehicle based on the first quantum key set and communicates with the wireless charging management server based on the second quantum key set;
the identity authentication method comprises the following steps:
acquiring first data sent by the wireless charging management server; the first data comprises first authentication information of the electric automobile and second authentication information of the wireless charging management server;
performing identity authentication on the electric automobile based on the first data, a first quantum key set and a second quantum key set saved by the central server;
if the identity authentication is passed, generating configuration verification information of the electric automobile by using key information of an unused second quantum key in a second quantum key set stored by the central server and identity information in the first identity verification information, and issuing the configuration verification information to the electric automobile through the wireless charging management server;
receiving vehicle configuration information sent by the electric vehicle; the vehicle configuration information is generated based on key information of an unused first quantum key in a first quantum key set stored in the electric vehicle and configuration information of the electric vehicle;
and verifying the vehicle configuration information by using a first quantum key which is the same as the first quantum key used by the vehicle configuration information and is collected by the first quantum key stored by the central server, and if the vehicle configuration information passes the verification, sending identity authentication passing information to the wireless charging management server.
Optionally, the first authentication information is generated by the electric vehicle based on the identity information of the electric vehicle and key information of an unused first quantum key in a first quantum key set stored in the electric vehicle; the second authentication information is generated by the wireless charging management server based on the identity information of the wireless charging management server and key information of unused second quantum keys in a second quantum key set stored in the wireless charging management server after the wireless charging management server receives the first authentication information sent by the electric vehicle;
based on the first data, the first quantum key set and the second quantum key set saved by the central server, the identity authentication of the electric vehicle is performed, and the method comprises the following steps:
determining a second quantum key in second authentication information of the wireless charging management server;
determining whether the key identification of the determined second quantum key is a preset identification; the preset identification representation key is used;
if so, determining that the identity authentication of the electric automobile does not pass;
if not, the second authentication information is verified by using the determined second quantum key;
and if the verification fails, determining that the identity verification of the electric automobile fails.
Optionally, if the determined second quantum key is used to verify the second authentication information, and the verification passes, the method further includes:
determining a first quantum key in first identity verification information of the electric automobile;
determining whether the key identifier of the determined first quantum key is a preset identifier; the preset identification representation key is used;
if so, determining that the identity authentication of the electric automobile does not pass;
if not, the first identity verification information is verified by using the determined first quantum key;
if the verification fails, determining that the identity verification of the electric automobile fails;
and if the verification is passed, determining that the identity of the electric automobile is passed.
Optionally, generating configuration verification information of the electric vehicle by using key information of an unused second quantum key in a second quantum key set saved by the central server and identity information in the first authentication information, includes:
performing hash calculation on the key information of the unused second quantum key in the second quantum key set stored by the central server and the identity information in the first identity verification information to obtain a hash calculation result;
generating configuration verification information of the electric automobile; the configuration verification information of the electric vehicle comprises the Hash calculation result, the key information of the unused second quantum key in the second quantum key set stored by the central server, and the identity information in the first identity verification information.
An identity authentication method is applied to a wireless charging management server, wherein the wireless charging management server stores a second quantum key set shared with a central server and communicates with the central server based on the second quantum key set;
the identity authentication method comprises the following steps:
under the condition of receiving first identity verification information sent by an electric automobile, generating second identity verification information of the wireless charging management server;
sending the first data to the central server, so that the central server performs identity authentication on the electric automobile based on the first data, a first quantum key set and a second quantum key set stored by the central server; the first data comprises first authentication information of the electric automobile and second authentication information of the wireless charging management server;
receiving key information of an unused second quantum key in a second quantum key set stored by the central server and identity information in the first identity verification information after the central server passes the identity authentication, and generating and sending configuration verification information of the electric vehicle;
carrying out decryption operation on the configuration verification information, and carrying out verification operation on a decryption result; if the verification is passed, forwarding the decryption result to the electric vehicle so that the electric vehicle sends vehicle configuration information to the central server, and the central server verifies the vehicle configuration information by using a first quantum key which is in a first quantum key set stored by the central server and is the same as the first quantum key used by the vehicle configuration information; the vehicle configuration information is generated based on key information of an unused first quantum key in a first quantum key set stored in the electric vehicle and configuration information of the electric vehicle;
and receiving identity authentication passing information sent by the central server under the condition of passing verification.
Optionally, generating second authentication information of the wireless charging management server includes:
acquiring identity information of the wireless charging management server;
and generating second authentication information based on the identity information of the wireless charging management server and the key information of the unused second quantum key in the second quantum key set stored in the wireless charging management server.
Optionally, the decrypting the configuration verification information and verifying the decryption result include:
determining a second quantum key;
decrypting the configuration verification information by using the determined second quantum key to obtain a decryption result;
judging whether the decryption result is a preset result or not; and if so, executing the step of forwarding the decryption result to the electric automobile.
The identity authentication method is applied to an electric automobile, wherein the electric automobile stores a first quantum key set shared with a central server and communicates with the central server based on the first quantum key set;
the identity authentication method comprises the following steps:
generating and sending first identity verification information to a wireless charging management server so that the wireless charging management server sends first data to a central server, and the central server performs identity authentication on the electric vehicle based on the first data, a first quantum key set and a second quantum key set stored by the central server; the first data comprises first authentication information of the electric automobile and second authentication information of the wireless charging management server;
after the identity authentication of the central server is passed, key information of an unused second quantum key in a second quantum key set stored by the central server and identity information in the first identity verification information are received, and configuration verification information of the electric vehicle issued by the wireless charging management server is generated and passed;
sending vehicle configuration information to the center server, so that the center server verifies the vehicle configuration information by using a first quantum key which is stored by the center server and is the same as a first quantum key used by the vehicle configuration information in a first quantum key set, and if the vehicle configuration information passes the verification, sending identity authentication passing information to the wireless charging management server; the vehicle configuration information is generated based on key information of an unused first quantum key in a first quantum key set stored in the electric vehicle and configuration information of the electric vehicle.
Optionally, generating first authentication information includes:
acquiring identity information of the electric automobile;
generating first authentication information based on key information of an unused first quantum key in a first quantum key set stored in the electric vehicle and identity information of the electric vehicle.
Optionally, sending vehicle configuration information to the central server includes:
acquiring configuration information;
performing hash calculation on configuration information of the electric vehicle based on key information of an unused first quantum key in a first quantum key set stored in the electric vehicle;
and sending the hash calculation result and the key information of the used first quantum key to the central server.
An identity authentication device is applied to a central server, the central server stores a first quantum key set shared by the central server and an electric vehicle and a second quantum key set shared by the central server and a wireless charging management server, and the central server communicates with the electric vehicle based on the first quantum key set and communicates with the wireless charging management server based on the second quantum key set;
the identity authentication device includes:
the data acquisition module is used for acquiring first data sent by the wireless charging management server; the first data comprises first authentication information of the electric automobile and second authentication information of the wireless charging management server;
the identity authentication module is used for performing identity authentication on the electric automobile based on the first data, the first quantum key set and the second quantum key set stored by the central server;
the information generation module is used for generating configuration verification information of the electric automobile by using key information of an unused second quantum key in a second quantum key set stored by the central server and identity information in the first identity verification information if the identity authentication is passed, and issuing the configuration verification information to the electric automobile through the wireless charging management server;
the configuration information receiving module is used for receiving vehicle configuration information sent by the electric automobile; the vehicle configuration information is generated based on key information of an unused first quantum key in a first quantum key set stored in the electric vehicle and configuration information of the electric vehicle;
and the configuration verification module is used for verifying the vehicle configuration information by using a first quantum key which is stored in the center server and is the same as the first quantum key used by the vehicle configuration information in a first quantum key set, and if the vehicle configuration information passes the verification, sending identity authentication passing information to the wireless charging management server.
An identity authentication device is applied to a wireless charging management server, wherein the wireless charging management server stores a second quantum key set shared with a central server and communicates with the central server based on the second quantum key set;
the identity authentication device includes:
the information generation module is used for generating second identity verification information of the wireless charging management server under the condition of receiving first identity verification information sent by an electric automobile;
the data sending module is used for sending first data to the central server so that the central server can perform identity authentication on the electric automobile based on the first data, the first quantum key set and the second quantum key set stored by the central server; the first data comprises first authentication information of the electric automobile and second authentication information of the wireless charging management server;
the information receiving module is used for receiving the key information of the unused second quantum key in the second quantum key set stored by the central server and the identity information in the first identity verification information after the central server passes the identity authentication, and generating and sending the configuration verification information of the electric vehicle;
the information verification module is used for carrying out decryption operation on the configuration verification information and carrying out verification operation on a decryption result; if the verification is passed, forwarding the decryption result to the electric vehicle so that the electric vehicle sends vehicle configuration information to the central server, and the central server verifies the vehicle configuration information by using a first quantum key which is in a first quantum key set stored by the central server and is the same as the first quantum key used by the vehicle configuration information; the vehicle configuration information is generated based on key information of an unused first quantum key in a first quantum key set stored in the electric vehicle and configuration information of the electric vehicle;
the information receiving module is further configured to receive identity authentication passing information sent by the central server under the condition that the central server passes the verification.
An identity authentication device is applied to an electric automobile, wherein the electric automobile stores a first quantum key set shared with a central server and communicates with the central server based on the first quantum key set;
the identity authentication device includes:
the verification information generation module is used for generating and sending first identity verification information to the wireless charging management server so that the wireless charging management server sends first data to the center server, and the center server carries out identity authentication on the electric automobile based on the first data, the first quantum key set and the second quantum key set stored by the center server; the first data comprises first authentication information of the electric automobile and second authentication information of the wireless charging management server;
the verification information receiving module is used for receiving key information of an unused second quantum key in a second quantum key set stored by the central server and identity information in the first identity verification information after the central server passes the identity authentication, and generating and passing configuration verification information of the electric vehicle issued by the wireless charging management server;
the configuration information sending module is used for sending vehicle configuration information to the central server so that the central server verifies the vehicle configuration information by using a first quantum key which is stored by the central server and is the same as a first quantum key used by the vehicle configuration information in a first quantum key set, and if the vehicle configuration information passes the verification, identity authentication passing information is sent to the wireless charging management server; the vehicle configuration information is generated based on key information of an unused first quantum key in a first quantum key set stored in the electric vehicle and configuration information of the electric vehicle.
An identity authentication system comprises a central server for executing the identity authentication method, a wireless charging management server for executing the identity authentication method and an electric vehicle for executing the identity authentication method.
Compared with the prior art, the invention has the following beneficial effects:
the invention provides an identity authentication method, an identity authentication device and an identity authentication system. That is to say, the communication between the central server and the wireless charging management server as well as the electric vehicle is based on the quantum key, the Quantum Key Distribution (QKD) process has the characteristic of quantum computing resistance, the quantum key generated based on the QKD process and the secure communication realized by combining the quantum key with the related algorithm also have the characteristic of quantum computing resistance, the quantum key can be prevented from being obtained in a quantum computing mode, the behavior of counterfeiting the identity of the electric vehicle in a key counterfeiting mode is further avoided, and the charging security of the electric vehicle is improved. Further, in the invention, after the identity authentication of the electric vehicle is passed, the central server uses the key information of the unused second quantum key in the second quantum key set and the identity information in the first identity verification information, which are stored in the central server, to generate the configuration verification information of the electric vehicle, that is, the quantum keys in the second quantum key set are used only once, so that the situation of key leakage caused by the repeated use of the quantum keys can be avoided, and the charging safety of the electric vehicle can also be improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a schematic view of a scenario of an identity authentication method according to an embodiment of the present invention;
fig. 2 is a flowchart of an identity registration method according to an embodiment of the present invention;
fig. 3 is a flowchart of a method of identity authentication according to an embodiment of the present invention;
fig. 4 is a flowchart of another method for authenticating an identity according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of an identity authentication apparatus applied to a central server according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of an identity authentication apparatus applied to a wireless charging management server according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of an identity authentication device applied to an electric vehicle according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Battery charging techniques are classified into wired charging and wireless charging. The wireless charging technology is a technology of transferring electric energy in the air between a charger and a device by an electromagnetic induction or a magnetic resonance technology so that current flows to charge a battery. At present, a wireless charging system usually only authenticates through a digital certificate of an automobile, however, a public key certificate system is no longer safe, and a private key can be directly calculated from a public key by adopting a quantum computing technology, so that a public-private key cryptosystem is easy to crack. After public private key password is revealed, other electric automobile can use public private key to carry out the identity imitation to realized the control of charging through the imitation identity, the security that wireless charges step down, can't satisfy wireless charging system's safe operation demand.
In order to solve the problem, the inventor researches and discovers that the Quantum Key Distribution (QKD) process has a quantum computation resistant characteristic, the quantum key generated based on the QKD process is high in identity authentication security realized by combining a related algorithm, and the quantum key also has the quantum computation resistant characteristic, so that the reliability and the security of identity authentication can be improved, and the charging security of the electric vehicle is improved.
In order to perform identity authentication through the quantum key, it is required to ensure that the electric vehicle, the wireless charging management server, the quantum network service station and the central server all realize secure communication through the quantum key.
Referring to fig. 1, a schematic view of a scenario of an electric vehicle, a wireless charging management server, a quantum network service station, and a central server is shown.
Specifically, the whole system comprises a central server, one or more quantum network service stations, one or more wireless charging management servers and quantum key fobs thereof, and one or more electric vehicles and quantum key fobs thereof.
The central server is arranged in a quantum cipher network where the quantum network service station is located and used for identity information management of the electric automobile, recording and managing configuration information of the electric automobile and quantum key information used for identity authentication of the electric automobile, and meanwhile, the central server records wireless charging management server information of the electric automobile and the quantum key information owned by each wireless charging management server.
The wireless charging management server is located in a classical network, the wireless charging management server corresponding to each electric automobile is provided with a quantum key card in physical connection, after the wireless charging management server is registered and authenticated in the central server, the central server and the wireless charging management server can be provided with a shared quantum key through the quantum cipher network and the quantum key card, and the shared quantum key can be updated when needed.
The quantum key card is issued to the electric automobile or the wireless charging management server by the quantum network service station, and the quantum key in the quantum key card also has one copy in the quantum network service station, so that the electric automobile or the wireless charging management server with the quantum key card and the quantum network service station have a shared quantum key.
Each electric automobile has its own quantum key card, and after registering and authenticating in the central server, each electric automobile can obtain the shared quantum key for identity authentication distributed by the central server through the quantum cryptography network and the quantum key card, and the electric automobiles store the shared quantum key in the quantum key card, and the central server stores the shared quantum key in the database of the central server.
The central server divides one secret key according to a preset length to obtain a plurality of shared quantum secret keys, sequentially numbers the shared quantum secret keys, distributes the numbered shared quantum secret keys to the electric automobile and stores the number. And when the terminal is used in the later period, the terminal is sequentially used according to the numbering sequence. The shared quantum key obtained by the wireless charging management server is similar.
In this embodiment, the shared quantum key belongs to a symmetric key, and when the shared quantum key is used, the encryption operation is performed by using a symmetric encryption algorithm, which may be the most secure one-time pad (OTP) encryption manner.
In addition, Quantum Key Distribution (QKD) equipment is deployed in both the central server and the quantum network service station, and both sides can generate a shared quantum key through a QKD process for encryption and decryption of communication information between the both sides.
Before the electric vehicle is charged wirelessly, both the electric vehicle and the wireless charging management server need to be registered (share a secret key) with the center server. The registration is described by taking an electric vehicle as an example, and the wireless charging management server is similar.
Referring to fig. 2, the process of registering (sharing a key) of the electric vehicle with the center server may include:
and S11, the electric automobile sends registration information to the quantum network service station.
Specifically, the quantum key card of the electric vehicle obtains the shared quantum key with the quantum network service station through the key distribution service of the sub-network service station, so that the electric vehicle and the quantum network service station have the shared quantum key, the shared quantum key is a symmetric key, and the subsequent electric vehicle and the quantum network service station use the shared quantum key to encrypt and decrypt data during data transmission.
The electric vehicle needs to register with the central server, specifically, the electric vehicle acquires registration information, where the registration information includes: quantum key fob ID1 of the electric vehicle, electric vehicle ID and its configuration information (including information of hardware, firmware, and software of the electric vehicle, etc.).
The electric automobile carries out hash value calculation on the registration information to obtain a hash value, the electric automobile encrypts the registration information and the hash value of the registration information by using a quantum key shared by the quantum network service station and sends the encrypted registration information and the hash value of the registration information to the quantum network service station, the quantum network service station decrypts the registration information and the hash value of the registration information by using the quantum key shared by the electric automobile, encrypts the decrypted information by using the quantum key shared by the quantum network service station and the central server and sends the encrypted information to the central server.
It should be noted that, no matter quantum secure communication between any two devices (such as a quantum network service station and a central server, a quantum network service station and an electric vehicle), shared quantum keys with sequential numbers are stored in both devices, and the shared quantum keys are used in sequence, and after one shared quantum key is used, it is set with a key identifier, for example, it is used. Unused keys are identified as unused.
When the quantum key is used for encryption, the quantum key with the most advanced number (such as the smallest serial number) of the unused number is used for encryption, and then the communication partner uses the same quantum key for decryption.
And S12, the quantum network service station sends the registration information to the central server.
S13, the central server verifies the registration information; if the verification is passed, step S14 is executed.
And S14, the central server records the configuration information of the electric automobile.
In practical application, the central server decrypts the registration information and the hash value of the registration information based on the shared secret key of the quantum network service station, generates the hash value of the decrypted registration information based on the same algorithm as that of the electric automobile, and if the hash value is the same as the received hash value, the registration information is verified successfully. The central server records the electric vehicle ID and configuration information thereof (including information of hardware, firmware and software of the electric vehicle, and the like) to a central server database. If the verification result is inconsistent with the verification result, the verification result is transmitted to the electric automobile through the sub-network service station.
And S15, the central server sends the shared secret key to the quantum network service station.
And S16, the quantum network service station sends the shared secret key to the electric automobile.
Specifically, the central server uses a quantum encryption communication link of the quantum cryptography network (i.e. information transmitted on the link is encrypted by using a quantum key) to transmit the shared quantum key to a quantum key card of the electric vehicle through encryption forwarding of the quantum network service station, and simultaneously stores the shared quantum key in a database of the central server.
It should be noted that, in a similar manner to the steps S11-S16, the wireless charging management server obtains the shared quantum key with the central server for the wireless charging management server to perform encrypted communication with the central server.
The quantum key sharing between the electric vehicle and the central server can be realized through the steps, and in this embodiment, the quantum key sharing between the electric vehicle and the central server is combined into a first quantum key set.
Meanwhile, quantum key sharing between the wireless charging management server and the central server is realized, in the embodiment, the quantum key sharing between the wireless charging management server and the central server is combined into a second quantum key set.
That is, the central server holds a first quantum key set shared by the central server and an electric vehicle and a second quantum key set shared by the central server and a wireless charging management server, and the central server communicates with the electric vehicle based on the first quantum key set and communicates with the wireless charging management server based on the second quantum key set;
on the basis of the above, another embodiment of the present invention provides an identity authentication method, and with reference to fig. 3, the identity authentication method may include:
and S21, the electric automobile generates first identity verification information.
And S22, the electric automobile sends the first identity authentication information to the wireless charging management server.
In practical application, when the electric vehicle needs to be charged, the electric vehicle is close to a charging device, such as a charging pile, and a user can send an identity authentication request, which may also be referred to as first identity verification information, to a wireless charging management server through a charging request button on the electric vehicle. The first authentication information is generated by the electric automobile based on the acquired identity information of the electric automobile and key information of an unused first quantum key in a first quantum key set stored in the electric automobile.
Specifically, the electric automobile calculates a message authentication code HMAC (N1| | | T1; K1) related to the key of the electric automobile ID by using a shared quantum key K1 which is stored in the electric automobile and has the unused serial number N1 and is connected with the central server.
Wherein, T1 is the current time, and the first authentication information, namely N1, ID, time T1 and HMAC (N1| | | ID | | | T1; K1) (wherein | | | is connection operation) is sent to the wireless charging management server through wireless communication. The HMAC (Hash-based Message Authentication Code) is a Hash operation Message Authentication Code associated with a key.
And S23, the wireless charging management server generates second authentication information of the wireless charging management server.
In practical application, the second authentication information is generated by the wireless charging management server based on the acquired identity information of the wireless charging management server and key information of an unused second quantum key in a second quantum key set stored in the wireless charging management server after the wireless charging management server receives the first authentication information sent by the electric vehicle.
Specifically, the wireless charging management server receives the first authentication information, generates forwarding information of the first authentication information by using a quantum key shared by the wireless charging management server and the central server, and sends the forwarding information to the central server.
In detail, the wireless charging management server uses the shared quantum key SK with unused serial number SN as the key identifier of the wireless charging management server and the central server to calculate the message authentication code HMAC (N1| | ID | | T1; K1) | SID | | T2; SK), where T2 is the time at that time and SID is the identification information of the wireless charging management server, and in the embodiment, SN, SID, T2 and HMAC (N1| | | ID | T1; K1) | SID | | | T2; SK) are referred to as the second authentication information of the wireless charging management server.
And S24, the wireless charging management server sends the first data to the central server.
After obtaining the second authentication information of the wireless charging management server, the wireless charging management server collects the first authentication information of the electric vehicle and the second authentication information of the wireless charging management server, namely collects the first authentication information and the second authentication information of the electric vehicle to obtain N1, ID, T1, HMAC (N1| | | T1; K1), SN, SID, T2 and HMAC (HMAC (N1| | | ID | | T1; K1) | | | SID | | | T2; SK), and the collected data is called first data and is sent to the central server.
And S25, the central server authenticates the identity of the electric automobile based on the first data and the first quantum key set and the second quantum key set stored by the central server, and after the identity authentication is passed, the step S26 is executed.
In practical application, the central server verifies the correctness of the first data, if the first data are correct, the unused shared quantum key is used for generating configuration verification information of the electric vehicle ID, and the configuration verification information of the electric vehicle ID is sent to the electric vehicle through the wireless charging management server; otherwise, sending the authentication failure result (the first data is wrong) to the electric automobile through the wireless charging management server.
Specifically, the process of identity authentication, referring to fig. 4, may include:
s31, determining a second quantum key in second authentication information of the wireless charging management server.
S32, determining whether the key identification of the determined second quantum key is a preset identification; the preset identification representation key is used; if yes, go to step S38; if not, step S33 is executed.
Specifically, the central server extracts a shared quantum key SK with the serial number SN of the SID and the wireless charging management server, and if the key identifier of the SK is used, namely a preset identifier, the shared quantum key is used, and the verification fails, namely the identity authentication of the electric vehicle fails.
S33, verifying the second identity verification information by using the determined second quantum key; if the verification is not passed, go to step S38; if so, step S34 is executed.
Specifically, the central server verifies the correctness of the received HMAC (HMAC (N1 ID T1; K1) by using the HMAC (N1 ID T1; K1), the SID, T2 and the SK, if the received HMAC (N1 ID T1; K1) SID T2; the SK is incorrect, the identity authentication of the electric vehicle fails, otherwise, the key SK is marked as used.
And S34, determining a first quantum key in the first authentication information of the electric automobile.
S35, determining whether the key identification of the determined first quantum key is a preset identification; the preset identification representation key is used; if yes, go to step S38; if not, step S36 is executed.
Specifically, the central server extracts a shared quantum key K1 with the serial number N1 of the electric automobile, and if K1 is used, the identity authentication of the electric automobile fails.
S36, verifying the first authentication information by using the determined first quantum key; if the verification fails, determining that the identity verification of the electric vehicle fails (S38); and if the verification is passed, determining that the identity of the electric automobile is passed (S37).
Specifically, the central server verifies the correctness of the received HMAC (N1| | | ID | | T1; K1) by using N1, ID, T1 and K1, and marks the key K1 as used if the verification is successful.
In this embodiment, regardless of which step of the verification fails, the authentication of the electric vehicle is considered to be failed, and only if all the verifications are successful, the authentication of the electric vehicle is considered to be passed.
And S37, determining that the identity of the electric automobile passes the verification.
And S38, determining that the identity authentication of the electric automobile does not pass.
And S26, the central server generates configuration verification information of the electric automobile.
Specifically, the central server generates the configuration verification information of the electric vehicle by using key information of an unused second quantum key in a second quantum key set stored by the central server and identity information in the first identity verification information.
In detail, the central server performs hash calculation on key information of an unused second quantum key in a second quantum key set stored by the central server and identity information in the first identity verification information to obtain a hash calculation result, and then generates configuration verification information of the electric vehicle, wherein the configuration verification information of the electric vehicle includes the hash calculation result, the key information of the unused second quantum key in the second quantum key set stored by the central server and the identity information in the first identity verification information.
In practical applications, the central server calculates HMAC (N2| | ID | | | T3; K2) using an unused shared quantum key K2 with the serial number N2, where T3 is the time at that time, and in the present embodiment, N2, ID, T3 and HMAC (N2| ID | | | T3; K2) are referred to as configuration verification information of the electric vehicle.
And S27, the central server sends configuration verification information to the wireless charging management server.
Specifically, the central server sends N2, ID, T3 and HMAC (N2| | | ID | | T3; K2), namely configuration verification information of the electric automobile to the wireless charging management server by using the unused shared quantum key encryption of the wireless charging management server.
And if the identity authentication of the electric automobile fails, the central server encrypts and sends an authentication failure message to the wireless charging management server by using an unused shared quantum key of the wireless charging management server.
And S28, the wireless charging management server decrypts the configuration verification information and verifies the decryption result.
And S29, if the wireless charging management server passes the verification, the wireless charging management server forwards the decryption result to the electric automobile.
Specifically, the wireless charging management server decrypts the configuration verification information by using an unused shared quantum key corresponding to the central server to obtain a decryption result, and determines whether the decryption result is a preset result; and if so, the wireless charging management server forwards the decryption result to the electric automobile.
Specifically, the wireless charging management server decrypts to obtain the configuration verification information, verifies the correctness of the message by using a shared quantum key (a second quantum key) corresponding to the configuration verification information, specifically verifies whether the computed hash value is the hash value carried in the configuration verification information (similar to the hash verification process, please refer to the corresponding part, which is not described herein again), and if the computed hash value is the electric vehicle identity authentication failure message, refuses to provide the wireless charging service for the electric vehicle.
And if the configuration verification information is the configuration verification information of the electric vehicle ID generated by the central server, forwarding the configuration verification information to the electric vehicle.
S210, the electric automobile sends vehicle configuration information to the central server.
In practical application, the configuration verification information of the electric vehicle ID generated by the electric vehicle verification center server, and if successful, the electric vehicle generates vehicle configuration information, where the vehicle configuration information is generated based on key information of an unused first quantum key in a first quantum key set stored in the electric vehicle and the configuration information of the electric vehicle.
Specifically, the electric vehicle acquires configuration information, performs hash calculation on the configuration information of the electric vehicle based on key information of an unused first quantum key in a first quantum key set stored in the electric vehicle, and sends a hash calculation result (i.e., vehicle configuration information) and key information of the used first quantum key to the center server, so that the center server authenticates the integrity of the configuration information of the electric vehicle according to the stored configuration information.
S211, the central server verifies the vehicle configuration information. If the verification is passed, step S212 is executed.
S212, the central server sends identity authentication passing information to the wireless charging management server.
Specifically, the central server verifies the vehicle configuration information by using a first quantum key which is the same as that used by the vehicle configuration information in a first quantum key set stored by the central server.
Specifically, the central server receives the vehicle configuration information of the electric vehicle, reads the corresponding configuration information of the electric vehicle from the database, calculates the message authentication code of the configuration information by using the same shared quantum key, if the message authentication code is consistent with the received vehicle configuration information, the integrity authentication is successful, and encrypts and sends the authentication result and the electric vehicle configuration information to the wireless charging management server by using the shared quantum key of the wireless charging management server.
And the wireless charging management server receives the authentication result, and if the authentication is successful, the wireless charging management server performs charging service on the electric automobile according to the configuration information of the electric automobile.
In this embodiment, the center server stores a first quantum key set shared by the center server and an electric vehicle and a second quantum key set shared by the center server and a wireless charging management server, and the center server communicates with the electric vehicle based on the first quantum key set and communicates with the wireless charging management server based on the second quantum key set. That is to say, the communication between the central server and the wireless charging management server as well as the communication between the central server and the electric vehicle are based on the quantum key, the QKD process has the characteristic of quantum computing resistance, the quantum key generated based on the QKD process and the secure communication realized by combining the related algorithm also have the characteristic of quantum computing resistance, the quantum key can be prevented from being obtained in a quantum computing mode, the behavior of counterfeiting the identity of the electric vehicle in a key counterfeiting mode is further avoided, and the charging security of the electric vehicle is improved. Further, in the invention, after the identity authentication of the electric vehicle is passed, the central server generates the configuration verification information of the electric vehicle by using the key information of the unused second quantum key in the second quantum key set and the identity information in the first identity verification information, which are stored in the central server, that is, the quantum keys in the second quantum key set are used only once, so that the condition of key leakage caused by the repeated use of the quantum keys can be avoided, and the charging safety of the electric vehicle can also be improved.
In addition, the unconditional safety of the electric vehicle identity authentication is realized by using the quantum key-based electric vehicle one-time pad identity authentication method; through reasonable design of an identity authentication process and a system architecture, the organic combination of an electric vehicle wireless charging management system and a quantum cryptography network is realized. The central server is arranged in the quantum cipher network, the wireless charging management server and the electric automobile acquire the quantum cipher key through the quantum cipher key card to access the quantum cipher network, and the access cost of the quantum cipher network is reduced. The symmetric key authentication method based on the quantum key replaces the authentication method based on a public key system, so that the authentication method has the quantum computation resistant characteristic and can resist the cracking of a quantum computer to the authentication method in the future.
Optionally, on the basis of the embodiment of the identity authentication method, another embodiment of the present invention provides an identity authentication method applied to a central server, where the central server stores a first quantum key set shared by the central server and an electric vehicle and a second quantum key set shared by the central server and a wireless charging management server, and the central server communicates with the electric vehicle based on the first quantum key set and communicates with the wireless charging management server based on the second quantum key set;
the identity authentication method comprises the following steps:
acquiring first data sent by the wireless charging management server; the first data comprises first authentication information of the electric automobile and second authentication information of the wireless charging management server;
performing identity authentication on the electric automobile based on the first data, a first quantum key set and a second quantum key set saved by the central server;
if the identity authentication is passed, generating configuration verification information of the electric automobile by using key information of an unused second quantum key in a second quantum key set stored by the central server and identity information in the first identity verification information, and issuing the configuration verification information to the electric automobile through the wireless charging management server;
receiving vehicle configuration information sent by the electric vehicle; the vehicle configuration information is generated based on key information of an unused first quantum key in a first quantum key set stored in the electric vehicle and configuration information of the electric vehicle;
and verifying the vehicle configuration information by using a first quantum key which is the same as the first quantum key used by the vehicle configuration information and is collected by the first quantum key stored by the central server, and if the vehicle configuration information passes the verification, sending identity authentication passing information to the wireless charging management server.
Further, the first authentication information is generated by the electric vehicle based on the identity information of the electric vehicle and key information of an unused first quantum key in a first quantum key set stored in the electric vehicle; the second authentication information is generated by the wireless charging management server based on the identity information of the wireless charging management server and key information of unused second quantum keys in a second quantum key set stored in the wireless charging management server after the wireless charging management server receives the first authentication information sent by the electric vehicle;
based on the first data, the first quantum key set and the second quantum key set saved by the central server, the identity authentication of the electric vehicle is performed, and the method comprises the following steps:
determining a second quantum key in second authentication information of the wireless charging management server;
determining whether the key identifier of the determined second quantum key is a preset identifier; the preset identification representation key is used;
if so, determining that the identity authentication of the electric automobile does not pass;
if not, the second authentication information is verified by using the determined second quantum key;
and if the verification fails, determining that the identity verification of the electric automobile fails.
Further, when the determined second quantum key is used to verify the second authentication information and the verification passes, the method further includes:
determining a first quantum key in first identity verification information of the electric automobile;
determining whether the key identifier of the determined first quantum key is a preset identifier; the preset identification representation key is used;
if so, determining that the identity authentication of the electric automobile does not pass;
if not, the first authentication information is verified by using the determined first quantum key;
if the verification fails, determining that the identity verification of the electric automobile fails;
and if the verification is passed, determining that the identity of the electric automobile is passed.
Further, generating configuration verification information of the electric vehicle by using key information of an unused second quantum key in a second quantum key set stored by the central server and identity information in the first identity verification information, includes:
performing hash calculation on key information of an unused second quantum key in a second quantum key set stored by the central server and identity information in the first identity verification information to obtain a hash calculation result;
generating configuration verification information of the electric automobile; the configuration verification information of the electric vehicle comprises the Hash calculation result, the key information of the unused second quantum key in the second quantum key set stored by the central server, and the identity information in the first identity verification information.
Optionally, on the basis of the foregoing embodiment of the identity authentication method, another embodiment of the present invention provides an identity authentication method applied to a wireless charging management server, where the wireless charging management server holds a second quantum key set shared with a central server and communicates with the central server based on the second quantum key set;
the identity authentication method comprises the following steps:
under the condition of receiving first identity verification information sent by an electric automobile, generating second identity verification information of the wireless charging management server;
sending the first data to the central server, so that the central server performs identity authentication on the electric automobile based on the first data, a first quantum key set and a second quantum key set stored by the central server; the first data comprises first authentication information of the electric automobile and second authentication information of the wireless charging management server;
after the identity authentication of the central server is passed, using key information of an unused second quantum key in a second quantum key set stored by the central server and identity information in the first identity verification information to generate and send configuration verification information of the electric vehicle;
carrying out decryption operation on the configuration verification information, and carrying out verification operation on a decryption result; if the verification is passed, forwarding the decryption result to the electric automobile so that the electric automobile sends vehicle configuration information to the center server, and the center server verifies the vehicle configuration information by using a first quantum key set stored by the center server and a first quantum key which is the same as that used by the vehicle configuration information; the vehicle configuration information is generated based on key information of an unused first quantum key in a first quantum key set stored in the electric vehicle and configuration information of the electric vehicle;
and receiving identity authentication passing information sent by the central server under the condition of passing verification.
Further, generating second authentication information of the wireless charging management server includes:
acquiring identity information of the wireless charging management server;
and generating second authentication information based on the identity information of the wireless charging management server and the key information of the unused second quantum key in the second quantum key set stored in the wireless charging management server.
Further, performing a decryption operation on the configuration verification information, and performing a verification operation on a decryption result, including:
determining a second quantum key;
decrypting the configuration verification information by using the determined second quantum key to obtain a decryption result;
judging whether the decryption result is a preset result or not; and if so, executing the step of forwarding the decryption result to the electric automobile.
Optionally, on the basis of the embodiment of the identity authentication method, another embodiment of the present invention provides an identity authentication method, which is applied to an electric vehicle that holds a first quantum key set shared with a central server and communicates with the central server based on the first quantum key set;
the identity authentication method comprises the following steps:
generating and sending first identity verification information to a wireless charging management server so that the wireless charging management server sends first data to a central server, and the central server performs identity authentication on the electric vehicle based on the first data, a first quantum key set and a second quantum key set stored by the central server; the first data comprises first authentication information of the electric automobile and second authentication information of the wireless charging management server;
after the identity authentication of the central server is passed, using key information of an unused second quantum key in a second quantum key set stored by the central server and identity information in the first identity verification information, and generating and passing configuration verification information of the electric vehicle issued by the wireless charging management server;
sending vehicle configuration information to the center server, so that the center server verifies the vehicle configuration information by using a first quantum key which is stored by the center server and is the same as a first quantum key used by the vehicle configuration information in a first quantum key set, and if the vehicle configuration information passes the verification, sending identity authentication passing information to the wireless charging management server; the vehicle configuration information is generated based on key information of an unused first quantum key in a first quantum key set stored in the electric vehicle and configuration information of the electric vehicle.
Further, generating first authentication information, comprising:
acquiring identity information of the electric automobile;
generating first authentication information based on key information of an unused first quantum key in a first quantum key set stored in the electric vehicle and identity information of the electric vehicle.
Further, sending vehicle configuration information to the central server, comprising:
acquiring configuration information;
performing hash calculation on configuration information of the electric vehicle based on key information of an unused first quantum key in a first quantum key set stored in the electric vehicle;
and sending the hash calculation result and the key information of the used first quantum key to the central server.
Optionally, on the basis of the above embodiment of the identity authentication method applied to the center server, another embodiment of the present invention provides an identity authentication device applied to a center server, where the center server holds a first quantum key set shared by the center server and an electric vehicle and a second quantum key set shared by the center server and a wireless charging management server, and the center server communicates with the electric vehicle based on the first quantum key set and communicates with the wireless charging management server based on the second quantum key set;
referring to fig. 5, the identity authentication apparatus includes:
the data acquisition module 11 is configured to acquire first data sent by the wireless charging management server; the first data comprises first authentication information of the electric automobile and second authentication information of the wireless charging management server;
the identity authentication module 12 is configured to authenticate the identity of the electric vehicle based on the first data, the first quantum key set and the second quantum key set stored by the central server;
the information generating module 13 is configured to, if the identity authentication passes, use key information of an unused second quantum key in a second quantum key set stored by the central server and identity information in the first identity verification information to generate configuration verification information of the electric vehicle, and send the configuration verification information to the electric vehicle through the wireless charging management server;
a configuration information receiving module 14, configured to receive vehicle configuration information sent by the electric vehicle; the vehicle configuration information is generated based on key information of an unused first quantum key in a first quantum key set stored in the electric vehicle and configuration information of the electric vehicle;
and the configuration verification module 15 is configured to verify the vehicle configuration information by using a first quantum key which is the same as the first quantum key used by the vehicle configuration information in the first quantum key set stored by the center server, and if the vehicle configuration information passes the verification, send identity authentication passing information to the wireless charging management server.
Further, the first authentication information is generated by the electric vehicle based on the identity information of the electric vehicle and key information of an unused first quantum key in a first quantum key set stored in the electric vehicle; the second authentication information is generated by the wireless charging management server based on the identity information of the wireless charging management server and key information of unused second quantum keys in a second quantum key set stored in the wireless charging management server after the wireless charging management server receives the first authentication information sent by the electric vehicle;
the identity authentication module 12 includes:
the first key determining submodule is used for determining a second quantum key in second identity authentication information of the wireless charging management server;
the first identification determining submodule is used for determining whether the key identification of the determined second quantum key is a preset identification; the preset identification representation key is used;
the verification result determining submodule is used for determining that the identity verification of the electric automobile does not pass if the determined key identification of the second quantum key is a preset identification;
the first verification submodule is used for verifying the second identity verification information by using the determined second quantum key if the key identifier of the determined second quantum key is not the preset identifier;
and the verification result determining submodule is also used for determining that the identity verification of the electric automobile does not pass if the first verification submodule does not pass the verification.
Further, if the first verification sub-module passes the verification, the identity authentication module 12 further includes:
the second key determining submodule is used for determining a first quantum key in first identity verification information of the electric automobile;
the second identification determining submodule is used for determining whether the key identification of the determined first quantum key is a preset identification; the preset identification representation key is used;
the verification result determining submodule is further used for determining that the identity verification of the electric automobile does not pass if the determined key identification of the first quantum key is a preset identification;
the second verification submodule is used for verifying the first identity verification information by using the determined first quantum key if the key identifier of the determined first quantum key is not a preset identifier;
the verification result determining submodule is also used for determining that the identity verification of the electric automobile does not pass if the verification of the second verification submodule does not pass; and if the second verification sub-module passes the verification, determining that the identity of the electric automobile passes the verification.
Further, the information generating module 13 is specifically configured to:
performing hash calculation on key information of an unused second quantum key in a second quantum key set stored by the central server and identity information in the first identity verification information to obtain a hash calculation result;
generating configuration verification information of the electric automobile; the configuration verification information of the electric vehicle comprises the Hash calculation result, the key information of the unused second quantum key in the second quantum key set stored by the central server, and the identity information in the first identity verification information.
Optionally, on the basis of the above embodiment of the identity authentication method applied to the wireless charging management server, another embodiment of the present invention provides an identity authentication apparatus applied to a wireless charging management server, where the wireless charging management server holds a second quantum key set shared with a central server and communicates with the central server based on the second quantum key set;
referring to fig. 6, the identity authentication apparatus includes:
the information generating module 21 is configured to generate second authentication information of the wireless charging management server under the condition that first authentication information sent by an electric vehicle is received;
the data sending module 22 is configured to send first data to the central server, so that the central server performs identity authentication on the electric vehicle based on the first data and the first quantum key set and the second quantum key set stored by the central server; the first data comprises first authentication information of the electric automobile and second authentication information of the wireless charging management server;
the information receiving module 23 is configured to receive, after the identity authentication of the central server passes, key information of an unused second quantum key in a second quantum key set stored by the central server and identity information in the first identity verification information, and generate and send configuration verification information of the electric vehicle;
the information verification module 24 is configured to perform decryption operation on the configuration verification information and perform verification operation on a decryption result; if the verification is passed, forwarding the decryption result to the electric vehicle so that the electric vehicle sends vehicle configuration information to the central server, and the central server verifies the vehicle configuration information by using a first quantum key which is in a first quantum key set stored by the central server and is the same as the first quantum key used by the vehicle configuration information; the vehicle configuration information is generated based on key information of an unused first quantum key in a first quantum key set stored in the electric vehicle and configuration information of the electric vehicle;
the information receiving module 23 is further configured to receive identity authentication passing information sent by the central server under the condition that the central server passes the verification.
Further, the information generating module 21 is specifically configured to:
and acquiring the identity information of the wireless charging management server, and generating second identity verification information based on the identity information of the wireless charging management server and the key information of the unused second quantum key in the second quantum key set stored in the wireless charging management server.
Further, the information verification module 24 is specifically configured to:
determining a second quantum key;
decrypting the configuration verification information by using the determined second quantum key to obtain a decryption result;
judging whether the decryption result is a preset result or not; and if so, executing the step of forwarding the decryption result to the electric automobile.
Optionally, on the basis of the above embodiment of the identity authentication method applied to the electric vehicle, another embodiment of the present invention provides an identity authentication device applied to an electric vehicle, where the electric vehicle holds a first quantum key set shared with a central server and communicates with the central server based on the first quantum key set;
referring to fig. 7, the identity authentication apparatus includes:
the verification information generating module 31 is configured to generate and send first identity verification information to a wireless charging management server, so that the wireless charging management server sends first data to the center server, and the center server performs identity authentication on the electric vehicle based on the first data, a first quantum key set and a second quantum key set stored by the center server; the first data comprises first authentication information of the electric automobile and second authentication information of the wireless charging management server;
the verification information receiving module 32 is configured to receive key information of an unused second quantum key in a second quantum key set stored by the central server and the identity information in the first identity verification information after the central server passes the identity authentication, and generate and pass configuration verification information of the electric vehicle issued by the wireless charging management server;
a configuration information sending module 33, configured to send vehicle configuration information to the central server, so that the central server verifies the vehicle configuration information by using a first quantum key set stored by the central server and a first quantum key that is the same as the first quantum key used by the vehicle configuration information, and if the vehicle configuration information passes the verification, send identity authentication passing information to the wireless charging management server; the vehicle configuration information is generated based on key information of an unused first quantum key in a first quantum key set stored in the electric vehicle and configuration information of the electric vehicle.
Further, the verification information generating module 31 is specifically configured to:
the method comprises the steps of obtaining identity information of the electric automobile, and generating first identity verification information based on key information of unused first quantum keys in a first quantum key set stored in the electric automobile and the identity information of the electric automobile.
Further, the configuration information sending module 33 is specifically configured to:
the method comprises the steps of obtaining configuration information, carrying out Hash calculation on the configuration information of the electric automobile based on key information of an unused first quantum key in a first quantum key set stored in the electric automobile, and sending a Hash calculation result and key information of the used first quantum key to the central server.
In this embodiment, the center server stores a first quantum key set shared by the center server and an electric vehicle and a second quantum key set shared by the center server and a wireless charging management server, and the center server communicates with the electric vehicle based on the first quantum key set and communicates with the wireless charging management server based on the second quantum key set. That is to say, the communication between the central server and the wireless charging management server as well as the communication between the central server and the electric vehicle are based on the quantum key, the QKD process has the characteristic of quantum computing resistance, the quantum key generated based on the QKD process and the secure communication realized by combining the related algorithm also have the characteristic of quantum computing resistance, the quantum key can be prevented from being obtained in a quantum computing mode, the behavior of counterfeiting the identity of the electric vehicle in a key counterfeiting mode is further avoided, and the charging security of the electric vehicle is improved. Further, in the invention, after the identity authentication of the electric vehicle is passed, the central server generates the configuration verification information of the electric vehicle by using the key information of the unused second quantum key in the second quantum key set and the identity information in the first identity verification information, which are stored in the central server, that is, the quantum keys in the second quantum key set are used only once, so that the condition of key leakage caused by the repeated use of the quantum keys can be avoided, and the charging safety of the electric vehicle can also be improved.
It should be noted that, for the working processes of each module and sub-module in this embodiment, please refer to the corresponding description in the above embodiments, which is not described herein again.
Optionally, on the basis of the embodiments of the identity authentication method and apparatus, another embodiment of the present invention provides an identity authentication system, which includes a central server for executing the identity authentication method, a wireless charging management server for executing the identity authentication method, and an electric vehicle for executing the identity authentication method.
In this embodiment, the center server stores a first quantum key set shared by the center server and an electric vehicle and a second quantum key set shared by the center server and a wireless charging management server, and the center server communicates with the electric vehicle based on the first quantum key set and communicates with the wireless charging management server based on the second quantum key set. That is to say, the communication between the central server and the wireless charging management server as well as the communication between the central server and the electric vehicle are based on the quantum key, the QKD process has the characteristic of quantum computing resistance, the quantum key generated based on the QKD process and the secure communication realized by combining the related algorithm also have the characteristic of quantum computing resistance, the quantum key can be prevented from being obtained in a quantum computing mode, the behavior of counterfeiting the identity of the electric vehicle in a key counterfeiting mode is further avoided, and the charging security of the electric vehicle is improved. Further, in the invention, after the identity authentication of the electric vehicle is passed, the central server generates the configuration verification information of the electric vehicle by using the key information of the unused second quantum key in the second quantum key set and the identity information in the first identity verification information, which are stored in the central server, that is, the quantum keys in the second quantum key set are used only once, so that the condition of key leakage caused by the repeated use of the quantum keys can be avoided, and the charging safety of the electric vehicle can also be improved.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (14)
1. An identity authentication method is applied to a central server, the central server stores a first quantum key set shared by the central server and an electric vehicle and a second quantum key set shared by the central server and a wireless charging management server, and the central server communicates with the electric vehicle based on the first quantum key set and communicates with the wireless charging management server based on the second quantum key set;
the identity authentication method comprises the following steps:
acquiring first data sent by the wireless charging management server; the first data comprises first authentication information of the electric automobile and second authentication information of the wireless charging management server;
performing identity authentication on the electric automobile based on the first data, a first quantum key set and a second quantum key set saved by the central server;
if the identity authentication is passed, generating configuration verification information of the electric automobile by using key information of an unused second quantum key in a second quantum key set stored by the central server and identity information in the first identity verification information, and issuing the configuration verification information to the electric automobile through the wireless charging management server;
receiving vehicle configuration information sent by the electric vehicle; the vehicle configuration information is generated based on key information of an unused first quantum key in a first quantum key set stored in the electric vehicle and configuration information of the electric vehicle;
and verifying the vehicle configuration information by using a first quantum key which is the same as the first quantum key used by the vehicle configuration information and is collected by the first quantum key stored by the central server, and if the vehicle configuration information passes the verification, sending identity authentication passing information to the wireless charging management server.
2. The identity authentication method according to claim 1, wherein the first authentication information is generated by the electric vehicle based on the identity information of the electric vehicle and key information of an unused first quantum key in a first quantum key set stored in the electric vehicle; the second authentication information is generated by the wireless charging management server based on the identity information of the wireless charging management server and key information of unused second quantum keys in a second quantum key set stored in the wireless charging management server after the wireless charging management server receives the first authentication information sent by the electric vehicle;
based on the first data, the first quantum key set and the second quantum key set saved by the central server, the identity authentication of the electric vehicle is performed, and the method comprises the following steps:
determining a second quantum key in second authentication information of the wireless charging management server;
determining whether the key identifier of the determined second quantum key is a preset identifier; the preset identification representation key is used;
if so, determining that the identity authentication of the electric automobile does not pass;
if not, the second authentication information is verified by using the determined second quantum key;
and if the verification fails, determining that the identity verification of the electric automobile fails.
3. The identity authentication method according to claim 2, wherein if the second identity authentication information is verified by using the determined second quantum key, and the verification passes, the method further comprises:
determining a first quantum key in first identity verification information of the electric automobile;
determining whether the key identifier of the determined first quantum key is a preset identifier; the preset identification representation key is used;
if so, determining that the identity authentication of the electric automobile does not pass;
if not, the first authentication information is verified by using the determined first quantum key;
if the verification fails, determining that the identity verification of the electric automobile fails;
and if the verification is passed, determining that the identity of the electric automobile is passed.
4. The identity authentication method of claim 1, wherein generating configuration verification information of the electric vehicle by using key information of an unused second quantum key in a second quantum key set stored by the central server and identity information in the first authentication information comprises:
performing hash calculation on key information of an unused second quantum key in a second quantum key set stored by the central server and identity information in the first identity verification information to obtain a hash calculation result;
generating configuration verification information of the electric automobile; the configuration verification information of the electric vehicle comprises the Hash calculation result, the key information of the unused second quantum key in the second quantum key set stored by the central server, and the identity information in the first identity verification information.
5. The identity authentication method is applied to a wireless charging management server, wherein the wireless charging management server stores a second quantum key set shared with a central server and communicates with the central server based on the second quantum key set;
the identity authentication method comprises the following steps:
under the condition of receiving first identity verification information sent by an electric automobile, generating second identity verification information of the wireless charging management server;
sending the first data to the central server, so that the central server performs identity authentication on the electric automobile based on the first data, a first quantum key set and a second quantum key set stored by the central server; the first data comprises first authentication information of the electric automobile and second authentication information of the wireless charging management server;
receiving key information of an unused second quantum key in a second quantum key set stored by the central server and identity information in the first identity verification information after the central server passes the identity authentication, and generating and sending configuration verification information of the electric vehicle;
carrying out decryption operation on the configuration verification information, and carrying out verification operation on a decryption result; if the verification is passed, forwarding the decryption result to the electric vehicle so that the electric vehicle sends vehicle configuration information to the central server, and the central server verifies the vehicle configuration information by using a first quantum key which is in a first quantum key set stored by the central server and is the same as the first quantum key used by the vehicle configuration information; the vehicle configuration information is generated based on key information of an unused first quantum key in a first quantum key set stored in the electric vehicle and configuration information of the electric vehicle;
and receiving identity authentication passing information sent by the central server under the condition of passing verification.
6. The identity authentication method of claim 5, wherein generating the second authentication information of the wireless charging management server comprises:
acquiring identity information of the wireless charging management server;
and generating second authentication information based on the identity information of the wireless charging management server and the key information of the unused second quantum key in the second quantum key set stored in the wireless charging management server.
7. The identity authentication method of claim 5, wherein the decrypting the configuration verification information and the verifying the decryption result comprise:
determining a second quantum key;
decrypting the configuration verification information by using the determined second quantum key to obtain a decryption result;
judging whether the decryption result is a preset result or not; and if so, executing the step of forwarding the decryption result to the electric automobile.
8. The identity authentication method is applied to an electric automobile, wherein the electric automobile stores a first quantum key set shared with a central server and communicates with the central server based on the first quantum key set;
the identity authentication method comprises the following steps:
generating and sending first identity verification information to a wireless charging management server so that the wireless charging management server sends first data to a central server, and the central server performs identity authentication on the electric vehicle based on the first data, a first quantum key set and a second quantum key set stored by the central server; the first data comprises first authentication information of the electric automobile and second authentication information of the wireless charging management server;
after the identity authentication of the central server is passed, key information of an unused second quantum key in a second quantum key set stored by the central server and identity information in the first identity verification information are received, and configuration verification information of the electric vehicle issued by the wireless charging management server is generated and passed;
sending vehicle configuration information to the center server, so that the center server verifies the vehicle configuration information by using a first quantum key which is stored by the center server and is the same as a first quantum key used by the vehicle configuration information in a first quantum key set, and if the vehicle configuration information passes the verification, sending identity authentication passing information to the wireless charging management server; the vehicle configuration information is generated based on key information of an unused first quantum key in a first quantum key set stored in the electric vehicle and configuration information of the electric vehicle.
9. The identity authentication method of claim 8, wherein generating the first identity verification information comprises:
acquiring identity information of the electric automobile;
generating first authentication information based on key information of an unused first quantum key in a first quantum key set stored in the electric vehicle and identity information of the electric vehicle.
10. The identity authentication method of claim 8, wherein sending vehicle configuration information to the central server comprises:
acquiring configuration information;
performing hash calculation on configuration information of the electric vehicle based on key information of an unused first quantum key in a first quantum key set stored in the electric vehicle;
and sending the hash calculation result and the key information of the used first quantum key to the central server.
11. An identity authentication device is applied to a center server, wherein the center server stores a first quantum key set shared by the center server and an electric vehicle and a second quantum key set shared by the center server and a wireless charging management server, and the center server communicates with the electric vehicle based on the first quantum key set and communicates with the wireless charging management server based on the second quantum key set;
the identity authentication device includes:
the data acquisition module is used for acquiring first data sent by the wireless charging management server; the first data comprises first authentication information of the electric automobile and second authentication information of the wireless charging management server;
the identity authentication module is used for performing identity authentication on the electric automobile based on the first data, the first quantum key set and the second quantum key set stored by the central server;
the information generation module is used for generating configuration verification information of the electric automobile by using key information of an unused second quantum key in a second quantum key set stored by the central server and identity information in the first identity verification information if the identity authentication is passed, and issuing the configuration verification information to the electric automobile through the wireless charging management server;
the configuration information receiving module is used for receiving vehicle configuration information sent by the electric automobile; the vehicle configuration information is generated based on key information of an unused first quantum key in a first quantum key set stored in the electric vehicle and configuration information of the electric vehicle;
and the configuration verification module is used for verifying the vehicle configuration information by using a first quantum key which is stored in the center server and is the same as the first quantum key used by the vehicle configuration information in a first quantum key set, and if the vehicle configuration information passes the verification, sending identity authentication passing information to the wireless charging management server.
12. The identity authentication device is applied to a wireless charging management server, wherein the wireless charging management server stores a second quantum key set shared with a central server and communicates with the central server based on the second quantum key set;
the identity authentication device includes:
the information generation module is used for generating second identity verification information of the wireless charging management server under the condition of receiving first identity verification information sent by an electric automobile;
the data sending module is used for sending first data to the central server so that the central server can perform identity authentication on the electric automobile based on the first data, the first quantum key set and the second quantum key set stored by the central server; the first data comprises first authentication information of the electric automobile and second authentication information of the wireless charging management server;
the information receiving module is used for receiving the key information of the unused second quantum key in the second quantum key set stored by the central server and the identity information in the first identity verification information after the central server passes the identity authentication, and generating and sending the configuration verification information of the electric vehicle;
the information verification module is used for carrying out decryption operation on the configuration verification information and carrying out verification operation on a decryption result; if the verification is passed, forwarding the decryption result to the electric vehicle so that the electric vehicle sends vehicle configuration information to the central server, and the central server verifies the vehicle configuration information by using a first quantum key which is in a first quantum key set stored by the central server and is the same as the first quantum key used by the vehicle configuration information; the vehicle configuration information is generated based on key information of an unused first quantum key in a first quantum key set stored in the electric vehicle and configuration information of the electric vehicle;
the information receiving module is further configured to receive identity authentication passing information sent by the central server under the condition that the central server passes the verification.
13. An identity authentication device is applied to an electric automobile, wherein the electric automobile stores a first quantum key set shared with a central server and communicates with the central server based on the first quantum key set;
the identity authentication device includes:
the verification information generation module is used for generating and sending first identity verification information to a wireless charging management server so that the wireless charging management server sends first data to a center server, and the center server carries out identity authentication on the electric automobile based on the first data, a first quantum key set and a second quantum key set stored by the center server; the first data comprises first authentication information of the electric automobile and second authentication information of the wireless charging management server;
the verification information receiving module is used for receiving the key information of the unused second quantum key in the second quantum key set stored by the central server and the identity information in the first identity verification information after the central server passes the identity authentication, and generating and passing configuration verification information of the electric vehicle issued by the wireless charging management server;
the configuration information sending module is used for sending vehicle configuration information to the central server so that the central server verifies the vehicle configuration information by using a first quantum key which is stored by the central server and is the same as a first quantum key used by the vehicle configuration information in a first quantum key set, and if the vehicle configuration information passes the verification, identity authentication passing information is sent to the wireless charging management server; the vehicle configuration information is generated based on key information of an unused first quantum key in a first quantum key set stored in the electric vehicle and configuration information of the electric vehicle.
14. An identity authentication system comprising a central server for performing the identity authentication method of any one of claims 1 to 4, a wireless charging management server for performing the identity authentication method of any one of claims 5 to 7, and an electric vehicle for performing the identity authentication method of any one of claims 8 to 10.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011563055.5A CN114696998A (en) | 2020-12-25 | 2020-12-25 | Identity authentication method, device and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011563055.5A CN114696998A (en) | 2020-12-25 | 2020-12-25 | Identity authentication method, device and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114696998A true CN114696998A (en) | 2022-07-01 |
Family
ID=82129472
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011563055.5A Pending CN114696998A (en) | 2020-12-25 | 2020-12-25 | Identity authentication method, device and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114696998A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117119449A (en) * | 2023-10-20 | 2023-11-24 | 长江量子(武汉)科技有限公司 | Vehicle cloud safety communication method and system |
| CN117254910A (en) * | 2023-11-15 | 2023-12-19 | 合肥工业大学 | Efficient group key distribution method based on quantum random number under vehicle-mounted ad hoc network |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106257862A (en) * | 2015-06-19 | 2016-12-28 | 中兴新能源汽车有限责任公司 | Wireless charging device certification and the method and device of charging server certification |
| CN106330444A (en) * | 2015-06-19 | 2017-01-11 | 中兴新能源汽车有限责任公司 | Electric vehicle authentication method and device |
| CN106712931A (en) * | 2015-08-20 | 2017-05-24 | 上海国盾量子信息技术有限公司 | Mobile phone token identity authentication system and method based on quantum cipher network |
| US20180099575A1 (en) * | 2016-10-12 | 2018-04-12 | Toyota Jidosha Kabushiki Kaisha | Server and vehicle |
| CN109466364A (en) * | 2018-11-15 | 2019-03-15 | 东软睿驰汽车技术(沈阳)有限公司 | A kind of identity authentication method and device |
| CN110830245A (en) * | 2019-10-22 | 2020-02-21 | 如般量子科技有限公司 | Anti-quantum-computation distributed Internet of vehicles method and system based on identity secret sharing and implicit certificate |
| CN111475796A (en) * | 2020-03-20 | 2020-07-31 | 南京如般量子科技有限公司 | Anti-quantum computation identity authentication method and system based on secret sharing and quantum communication service station |
-
2020
- 2020-12-25 CN CN202011563055.5A patent/CN114696998A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106257862A (en) * | 2015-06-19 | 2016-12-28 | 中兴新能源汽车有限责任公司 | Wireless charging device certification and the method and device of charging server certification |
| CN106330444A (en) * | 2015-06-19 | 2017-01-11 | 中兴新能源汽车有限责任公司 | Electric vehicle authentication method and device |
| CN106712931A (en) * | 2015-08-20 | 2017-05-24 | 上海国盾量子信息技术有限公司 | Mobile phone token identity authentication system and method based on quantum cipher network |
| US20180099575A1 (en) * | 2016-10-12 | 2018-04-12 | Toyota Jidosha Kabushiki Kaisha | Server and vehicle |
| CN109466364A (en) * | 2018-11-15 | 2019-03-15 | 东软睿驰汽车技术(沈阳)有限公司 | A kind of identity authentication method and device |
| CN110830245A (en) * | 2019-10-22 | 2020-02-21 | 如般量子科技有限公司 | Anti-quantum-computation distributed Internet of vehicles method and system based on identity secret sharing and implicit certificate |
| CN111475796A (en) * | 2020-03-20 | 2020-07-31 | 南京如般量子科技有限公司 | Anti-quantum computation identity authentication method and system based on secret sharing and quantum communication service station |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117119449A (en) * | 2023-10-20 | 2023-11-24 | 长江量子(武汉)科技有限公司 | Vehicle cloud safety communication method and system |
| CN117119449B (en) * | 2023-10-20 | 2024-01-19 | 长江量子(武汉)科技有限公司 | Vehicle cloud safety communication method and system |
| CN117254910A (en) * | 2023-11-15 | 2023-12-19 | 合肥工业大学 | Efficient group key distribution method based on quantum random number under vehicle-mounted ad hoc network |
| CN117254910B (en) * | 2023-11-15 | 2024-01-26 | 合肥工业大学 | Efficient group key distribution method based on quantum random number under vehicle-mounted ad hoc network |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10949843B2 (en) | Methods and systems for conjugated authentication and authorization | |
| CN109862040B (en) | Security authentication method and authentication system | |
| CN110572418B (en) | Vehicle identity authentication method and device, computer equipment and storage medium | |
| CN111791741B (en) | Charging authentication method, charging pile, monitoring platform, BMS (battery management system), authentication chip and medium | |
| US8996868B2 (en) | Method of authenticating vehicle communication | |
| CN101156352B (en) | Authentication method, system and authentication center based on mobile network P2P communication | |
| KR20210132725A (en) | Electric Vehicle Charging Station System | |
| CN107181742A (en) | A kind of shared bicycle electronic lock system and its method for unlocking | |
| CN110289958B (en) | Internet of vehicles identity authentication method and system | |
| CN107277033B (en) | Charging and battery replacing equipment and authentication method and system for object to be charged and battery replaced | |
| CN111572493B (en) | Vehicle keyless entry and starting system and method based on Internet of vehicles | |
| JP2008547246A (en) | Method for comprehensive authentication and management of service provider, terminal and user identification module, and system and terminal apparatus using the method | |
| CN109617675B (en) | Method and system for authenticating identifiers of both sides between charge and discharge facility and user terminal | |
| CN111163109B (en) | Block chain center-removing type node anti-counterfeiting method | |
| CN112396735B (en) | Internet automobile digital key safety authentication method and device | |
| CN103873473A (en) | Method for authenticating anonymity groups of power-driven automobiles by charging station | |
| CN114696998A (en) | Identity authentication method, device and system | |
| CN105450623A (en) | Access authentication method of electric automobile | |
| Buschlinger et al. | Plug-and-patch: Secure value added services for electric vehicle charging | |
| Tajmohammadi et al. | LSPP: Lightweight and secure payment protocol for dynamic wireless charging of electric vehicles in vehicular cloud | |
| Hou et al. | Lightweight and privacy-preserving charging reservation authentication protocol for 5G-V2G | |
| CN100450305C (en) | Safety service communication method based on general authentification frame | |
| CN116388995A (en) | Lightweight smart grid authentication method based on PUF | |
| CN111245611B (en) | Anti-quantum computation identity authentication method and system based on secret sharing and wearable equipment | |
| CN110752934B (en) | Method for network identity interactive authentication under topological structure |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |