CN115225318B - Vehicle-mounted Ethernet dynamic login authentication method and system based on vehicle-mounted terminal - Google Patents
Vehicle-mounted Ethernet dynamic login authentication method and system based on vehicle-mounted terminal Download PDFInfo
- Publication number
- CN115225318B CN115225318B CN202210645292.9A CN202210645292A CN115225318B CN 115225318 B CN115225318 B CN 115225318B CN 202210645292 A CN202210645292 A CN 202210645292A CN 115225318 B CN115225318 B CN 115225318B
- Authority
- CN
- China
- Prior art keywords
- vehicle
- authentication
- nodes
- mounted terminal
- ethernet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 26
- 238000012795 verification Methods 0.000 claims abstract description 42
- 238000004364 calculation method Methods 0.000 description 8
- 238000010586 diagram Methods 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention provides a vehicle-mounted Ethernet dynamic login authentication method and system based on a vehicle-mounted terminal, wherein the vehicle-mounted terminal firstly requests to connect a background server, performs identity verification through a preset public key, downloads a corresponding private key and signs after the verification is successful; when the vehicle-mounted terminal receives identity authentication requests of other nodes, generating a random authentication code; the vehicle-mounted terminal calculates a random authentication code through a preset verification algorithm to obtain a first authentication sequence; the other nodes calculate the random authentication code through a preset verification algorithm to obtain a second authentication sequence; and comparing the first authentication sequence with the second authentication sequence, if the first authentication sequence and the second authentication sequence are the same, passing the authentication, and connecting other nodes with the background server through the vehicle-mounted terminal. The invention realizes the connection and authentication of the other nodes in the vehicle-mounted Ethernet by the centralized proxy of the vehicle-mounted terminal, physically isolates the connection between the other nodes and the external network, and the vehicle-mounted terminal actively connects the background server through the public key, downloads the private key and the background server for authentication, and simplifies the authentication algorithm.
Description
Technical Field
The invention relates to the technical field of vehicle-mounted Ethernet dynamic login authentication, in particular to a vehicle-mounted Ethernet dynamic login authentication method and system based on a vehicle-mounted terminal.
Background
Automobiles are one of common tools for people to travel, and with the development of the internet of vehicles and 5G technology, identity authentication of a vehicle-mounted terminal and a background server is commonly applied to the vehicle network, and key authentication is generally performed by using PKI certificates. The authentication modes among the vehicle-mounted Ethernet local area networks are similar to PKI modes, such as HMAC-MD5, HMAC-SHA-2, password authentication and the like. However, similar to the PKI mode, the authentication and verification process of the HMAC-MD5 and the HMAC-SHA-2 is complicated, the algorithm is complex, the calculation power requirement is high, the real-time performance is low through a software mode, and the hardware cost is increased through additionally adding the hardware implementation of calculation and verification. The password authentication mode is easy to crack, and the security is not high.
Disclosure of Invention
The invention aims to provide a vehicle-mounted Ethernet dynamic login authentication method and system based on a vehicle-mounted terminal, which solve the technical problems that the hardware cost of the existing authentication method is high and the hardware is easy to crack.
In one aspect, a vehicle-mounted ethernet dynamic login authentication method based on a vehicle-mounted terminal is provided, which includes:
the method comprises the steps that a vehicle-mounted terminal firstly requests to connect with a background server, the background server performs identity verification through a preset public key, and after verification is successful, the vehicle-mounted terminal downloads a preset corresponding private key and signs through the corresponding private key;
when the vehicle-mounted terminal receives the identity authentication request of other nodes in the vehicle-mounted Ethernet, the vehicle-mounted terminal generates a random authentication code and returns the random authentication code to the other nodes in the vehicle-mounted Ethernet; the vehicle-mounted terminal calculates the generated random authentication code through a preset verification algorithm to obtain a first authentication sequence;
the other nodes in the vehicle-mounted Ethernet calculate the received random authentication code through a preset verification algorithm to obtain a second authentication sequence;
and the vehicle-mounted terminal receives the second authentication sequence, compares the first authentication sequence with the second authentication sequence, judges that the authentication is passed if the first authentication sequence is the same as the second authentication sequence, and other nodes in the vehicle-mounted Ethernet are connected with the background server through the vehicle-mounted terminal.
Preferably, the method further comprises:
and after downloading the preset corresponding private key, the vehicle-mounted terminal detects whether the signature is out of date according to a preset time period, and when detecting that the signature is out of date, the vehicle-mounted terminal resumes downloading the new corresponding private key.
Preferably, the generating the random authentication code by the vehicle-mounted terminal specifically includes:
when the vehicle-mounted terminal receives the identity authentication request of other nodes in the vehicle-mounted Ethernet, acquiring the current time and the identity authentication information of other nodes in the vehicle-mounted Ethernet; the identity authentication information at least comprises a vehicle unique identification code and a node unique serial number;
and generating a plurality of corresponding random numbers by taking the current time as a random seed, and outputting the plurality of corresponding random numbers as random authentication codes according to a preset format.
Preferably, the calculating, by the vehicle-mounted terminal, the generated random authentication code through a preset verification algorithm specifically includes:
the vehicle-mounted terminal acquires a vehicle unique identification code prestored in the vehicle-mounted terminal;
calculating a first authentication sequence according to a pre-stored unique vehicle identification code and an acquired unique node serial number by the following formula:
wherein the SS i Representing a first authentication sequence, PVIN i Representing 16 bytes after a unique identification code of a vehicle pre-stored in a vehicle-mounted terminal and SN (serial number) i 16 bytes after the unique serial number of the node representing other nodes in the vehicle-mounted Ethernet i Representing a 16 byte random authentication code, i representing a byte serial number,representing exclusive or operation, Σ represents a summation operation of 0 to i.
Preferably, the calculating, by the other node, the received random authentication code through a preset verification algorithm specifically includes:
acquiring a vehicle unique identification code and a node unique serial number corresponding to other nodes in the vehicle-mounted Ethernet;
calculating a second authentication sequence according to the unique vehicle identification code and the unique node serial number by the following formula:
wherein ss i Representing a second authentication sequence, VIN i Representing the unique identification code of the vehicle corresponding to other nodes, and the SN of the unique identification code of the vehicle is 16 bytes later i 16 bytes after the unique serial number of the node representing other nodes in the vehicle-mounted Ethernet i Representing a 16 byte random authentication code, i representing a byte serial number,representing exclusive or operation, Σ represents a summation operation of 0 to i.
On the other hand, a vehicle-mounted Ethernet dynamic login authentication system based on the vehicle-mounted terminal is also provided, and the vehicle-mounted Ethernet dynamic login authentication method based on the vehicle-mounted terminal is realized and comprises the following steps: the system comprises a vehicle-mounted terminal, a background server and other nodes in the vehicle-mounted Ethernet; the vehicle-mounted terminal is respectively connected with the background server and other nodes in the vehicle-mounted Ethernet;
the background server is used for carrying out identity verification through a preset public key when the vehicle-mounted terminal first requests to connect with the background server; when the vehicle-mounted terminal requests connection after signing through the corresponding private key, carrying out identity verification on the vehicle-mounted terminal through the corresponding private key;
the vehicle-mounted terminal is used for downloading a preset corresponding private key and signing through the corresponding private key after the background server is successfully verified by first requesting to be connected; when receiving an identity authentication request of other nodes in the vehicle-mounted Ethernet, generating a random authentication code and returning the random authentication code to the other nodes; calculating the generated random authentication code through a preset verification algorithm to obtain a first authentication sequence;
the other nodes in the vehicle-mounted Ethernet are used for calculating the received random authentication code through a preset verification algorithm to obtain a second authentication sequence;
the vehicle-mounted terminal is further configured to receive the second authentication sequence, compare the first authentication sequence with the second authentication sequence, determine that authentication is passed if the first authentication sequence is the same as the second authentication sequence, and connect other nodes in the vehicle-mounted ethernet to the background server through the vehicle-mounted terminal.
Preferably, the vehicle-mounted terminal is further configured to detect whether the signature expires according to a preset time period after downloading the preset corresponding private key, and when detecting that the signature has expired, resume downloading the new corresponding private key.
Preferably, the vehicle-mounted terminal is further used for acquiring the current time and the identity authentication information of other nodes in the vehicle-mounted ethernet when receiving the identity authentication request of other nodes in the vehicle-mounted ethernet; the identity authentication information at least comprises a vehicle unique identification code and a node unique serial number;
and generating a plurality of corresponding random numbers by taking the current time as a random seed, and outputting the plurality of corresponding random numbers as random authentication codes according to a preset format.
Preferably, the vehicle-mounted terminal is further used for acquiring a vehicle unique identification code prestored therein;
calculating a first authentication sequence according to a pre-stored unique vehicle identification code and an acquired unique node serial number by the following formula:
wherein the SS i Representing a first authentication sequence, PVIN i Representing 16 bytes after a unique identification code of a vehicle pre-stored in a vehicle-mounted terminal and SN (serial number) i 16 bytes after the unique serial number of the node representing other nodes in the vehicle-mounted Ethernet i Representing a 16 byte random authentication code, i representing a byte serial number,representing exclusive or operation, Σ represents a summation operation of 0 to i.
Preferably, the other nodes in the vehicle-mounted ethernet are further configured to calculate a second authentication sequence according to the unique vehicle identification code and the unique node serial number according to the following formula:
wherein ss i Representing a second authentication sequence, VIN i Representing the unique identification code of the vehicle corresponding to other nodes, and the SN of the unique identification code of the vehicle is 16 bytes later i 16 bytes after the unique serial number of the node representing other nodes in the vehicle-mounted Ethernet i Representing a 16 byte random authentication code, i representing a byte serial number,representing exclusive or operation, Σ represents a summation operation of 0 to i.
In summary, the embodiment of the invention has the following beneficial effects:
according to the vehicle-mounted Ethernet dynamic login authentication method and system based on the vehicle-mounted terminal, the vehicle-mounted terminal intensively proxies the external network connection and authentication of other nodes in the vehicle-mounted Ethernet, and the other nodes firstly perform dynamic login authentication with the vehicle-mounted terminal when the other nodes need to be connected with the external network, so that the connection of the other nodes and the external network is physically isolated, and the function of protecting the other nodes can be achieved. The vehicle-mounted terminal actively connects with the background server through the public key, downloads the private key and verifies with the background server through the private key, and the simplified identity verification algorithm replaces PKI direct connection background, so that the using amount of PKI certificates can be reduced, the complexity of the verification algorithm is greatly reduced, and the CPU operation amount is reduced.
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions of the prior art, the drawings which are required in the description of the embodiments or the prior art will be briefly described, it being obvious that the drawings in the description below are only some embodiments of the invention, and that it is within the scope of the invention to one skilled in the art to obtain other drawings from these drawings without inventive faculty.
Fig. 1 is a schematic flow chart of a vehicle-mounted ethernet dynamic login authentication method based on a vehicle-mounted terminal in an embodiment of the present invention.
Fig. 2 is a schematic diagram of a vehicle-mounted ethernet dynamic login authentication system based on a vehicle-mounted terminal in an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings, for the purpose of making the objects, technical solutions and advantages of the present invention more apparent.
Fig. 1 is a schematic diagram of an embodiment of a vehicle-mounted ethernet dynamic login authentication method based on a vehicle-mounted terminal according to the present invention. In this embodiment, the vehicle-mounted terminal is a TBOX, and in other embodiments, the vehicle-mounted terminal may also be other terminals with information receiving and transmitting functions. The vehicle-mounted Ethernet dynamic login authentication method in the embodiment comprises the following steps:
the method comprises the steps that a vehicle-mounted terminal firstly requests to connect with a background server, the background server performs identity verification through a preset public key, and after verification is successful, the vehicle-mounted terminal downloads a preset corresponding private key and signs through the corresponding private key; that is, in this embodiment, the vehicle-mounted terminal refers to a 5G vehicle-mounted terminal, which connects to the background server through the 5G network by using a public key (for example, using PKI to verify), and performs signing and verification after downloading a private key; the public key is issued by a certificate issuing mechanism and is stored in the 5G vehicle-mounted terminal by default. When the 5G vehicle-mounted terminal is authenticated with the background server for the first time, the public key is adopted for authentication, and when the authentication is carried out after the subsequent private key signature, the authentication is carried out through the downloaded corresponding private key.
In a specific embodiment, after downloading the preset corresponding private key, the vehicle-mounted terminal detects whether the signature is out of date according to a preset time period, and when detecting that the signature is out of date, the vehicle-mounted terminal resumes downloading the new corresponding private key. That is, after signing and verifying the private key, it is periodically checked whether the signature is expired, and a new private key is not needed to be downloaded during the period, in this embodiment, the expiration period is usually 30 days.
Further, when the vehicle-mounted terminal receives the identity authentication request of other nodes in the vehicle-mounted Ethernet, the vehicle-mounted terminal generates a random authentication code and returns the random authentication code to the other nodes in the vehicle-mounted Ethernet; the vehicle-mounted terminal calculates the generated random authentication code through a preset verification algorithm to obtain a first authentication sequence; that is, when other nodes send an identity authentication request to the 5G vehicle-mounted terminal, the 5G vehicle-mounted terminal generates a random authentication code and then responds to other nodes, and the other nodes calculate an authentication sequence by using the random authentication code and a specified algorithm and then send the authentication sequence to the 5G vehicle-mounted terminal.
In a specific embodiment, when the vehicle-mounted terminal receives an identity authentication request of other nodes in the vehicle-mounted ethernet, acquiring the current time and the identity authentication information of the other nodes in the vehicle-mounted ethernet; wherein the identity authentication information at least comprises a vehicle unique identification number (VIN) and a node unique Serial Number (SN);
the current time is used as a random seed to generate a plurality of corresponding random numbers, the corresponding random numbers are output as random authentication codes according to a preset format, and it is understood that the length of the random authentication codes is 16 bytes, each byte is an ASCII code, and 4 random numbers with 32 bits are generated as the random authentication codes by using the time as the random seed. When the calculation is performed, the calculation is performed by identifying 16 bytes after the VIN code/SN code, and the corresponding random authentication code is only 16 bytes.
Specifically, the vehicle-mounted terminal calculates the generated random authentication code through a preset verification algorithm specifically including: the vehicle-mounted terminal acquires a vehicle unique identification code prestored in the vehicle-mounted terminal; calculating a first authentication sequence according to a pre-stored unique vehicle identification code and an acquired unique node serial number by the following formula:
wherein the SS i Representing a first authentication sequence, PVIN i Representing 16 bytes after a unique identification code of a vehicle pre-stored in a vehicle-mounted terminal and SN (serial number) i 16 bytes after the unique serial number of the node representing other nodes in the vehicle-mounted Ethernet i Representing a 16 byte random authentication code, i representing a byte serial number,representing exclusive or operation, Σ represents a summation operation of 0 to i.
Further, other nodes in the vehicle-mounted Ethernet calculate the received random authentication code through a preset verification algorithm to obtain a second authentication sequence; that is, when the other nodes in the vehicle-mounted Ethernet calculate the second authentication sequence, a verification algorithm consistent with the vehicle-mounted terminal is adopted to calculate the generated random authentication code, so that the consistency of calculation is maintained.
In a specific embodiment, when the other nodes in the vehicle-mounted ethernet calculate the second authentication sequence, a vehicle unique identification code and a node unique serial number corresponding to the other nodes in the vehicle-mounted ethernet are obtained;
calculating a second authentication sequence according to the unique vehicle identification code and the unique node serial number by the following formula:
wherein ss i Representing a second authentication sequence, VIN i Representing the unique identification code of the vehicle corresponding to other nodes, and the SN of the unique identification code of the vehicle is 16 bytes later i 16 bytes after the unique serial number of the node representing other nodes in the vehicle-mounted Ethernet i Representing a 16 byte random authentication code, i representing a byte serial number,representing exclusive or operation, Σ represents a summation operation of 0 to i.
Further, the vehicle-mounted terminal receives the second authentication sequence, compares the first authentication sequence with the second authentication sequence, judges that authentication is passed if the first authentication sequence is the same as the second authentication sequence, and other nodes in the vehicle-mounted Ethernet are connected with the background server through the vehicle-mounted terminal. That is, there may be a difference in identifying the unique vehicle identification code used for the calculation, and the other nodes in the on-vehicle ethernet adopt their own corresponding unique vehicle identification codes, and the on-vehicle terminal identifies the unique vehicle identification code pre-stored therein at the time of the calculation. When the authentication sequences of the calculation results of the two are the same, the vehicle unique identification codes are consistent, namely the authentication is passed, if the vehicle unique identification codes are different, the vehicle unique identification codes are inconsistent, and the authentication is not passed. Specifically, after checking whether the VIN code stored in the 5G vehicle-mounted terminal is the same as that of other nodes, the authentication sequence is calculated by using a verification algorithm, and is compared with the received authentication sequence. After the authentication is passed, other nodes are connected with an external network and a background server through a 5G vehicle-mounted terminal proxy to receive and transmit data.
Fig. 2 is a schematic diagram of an embodiment of a vehicle-mounted ethernet dynamic login authentication system based on a vehicle-mounted terminal according to the present invention. In this embodiment, the system comprises:
the system comprises a vehicle-mounted terminal, a background server and other nodes in the vehicle-mounted Ethernet; the vehicle-mounted terminal is respectively connected with the background server and other nodes in the vehicle-mounted Ethernet;
the background server is used for carrying out identity verification through a preset public key when the vehicle-mounted terminal first requests to connect with the background server; and when the vehicle-mounted terminal requests connection after signing through the corresponding private key, carrying out identity verification on the vehicle-mounted terminal through the corresponding private key.
The vehicle-mounted terminal is used for downloading a preset corresponding private key and signing through the corresponding private key after the background server is successfully verified by first requesting to be connected; when receiving an identity authentication request of other nodes in the vehicle-mounted Ethernet, generating a random authentication code and returning the random authentication code to the other nodes; calculating the generated random authentication code through a preset verification algorithm to obtain a first authentication sequence; specifically, the vehicle-mounted terminal is further used for detecting whether the signature is out of date according to a preset time period after downloading the preset corresponding private key, and retransmitting the downloading of the new corresponding private key when detecting that the signature is out of date. The vehicle-mounted terminal is also used for acquiring the current time and the identity authentication information of other nodes in the vehicle-mounted Ethernet when receiving the identity authentication request of the other nodes in the vehicle-mounted Ethernet; the identity authentication information at least comprises a vehicle unique identification code and a node unique serial number; and generating a plurality of corresponding random numbers by taking the current time as a random seed, and outputting the plurality of corresponding random numbers as random authentication codes according to a preset format. The vehicle-mounted terminal is also used for acquiring a unique vehicle identification code prestored in the vehicle-mounted terminal; calculating a first authentication sequence according to a pre-stored unique vehicle identification code and an acquired unique node serial number by the following formula:
wherein the SS i Representing a first authentication sequence, PVIN i Representing 16 bytes after a unique identification code of a vehicle pre-stored in a vehicle-mounted terminal and SN (serial number) i 16 bytes after the unique serial number of the node representing other nodes in the vehicle-mounted Ethernet i Representing a 16 byte random authentication code, i representing a byte serial number,representing exclusive or operation, Σ represents a summation operation of 0 to i.
And the other nodes in the vehicle-mounted Ethernet are used for calculating the received random authentication code through a preset verification algorithm to obtain a second authentication sequence. Specifically, the other nodes in the vehicle-mounted ethernet are further configured to calculate a second authentication sequence according to the unique vehicle identification code and the unique node serial number according to the following formula:
wherein ss i Representing a second authentication sequence, VIN i Representing the unique identification code of the vehicle corresponding to other nodes, and the SN of the unique identification code of the vehicle is 16 bytes later i 16 bytes after the unique serial number of the node representing other nodes in the vehicle-mounted Ethernet i Representing a 16 byte random authentication code, i representing a byte serial number,representing exclusive or operation, Σ represents a summation operation of 0 to i.
The vehicle-mounted terminal is also used for receiving the second authentication sequence, comparing the first authentication sequence with the second authentication sequence, judging that the authentication is passed if the first authentication sequence is the same as the second authentication sequence, and connecting other nodes in the vehicle-mounted Ethernet to the background server through the vehicle-mounted terminal.
It should be noted that, the system in the foregoing embodiment corresponds to the method in the foregoing embodiment, and therefore, a portion of the system in the foregoing embodiment that is not described in detail may be obtained by referring to the content of the method in the foregoing embodiment, which is not described herein.
In summary, the embodiment of the invention has the following beneficial effects:
according to the vehicle-mounted Ethernet dynamic login authentication method and system based on the vehicle-mounted terminal, the vehicle-mounted terminal intensively proxies the external network connection and authentication of other nodes in the vehicle-mounted Ethernet, and the other nodes firstly perform dynamic login authentication with the vehicle-mounted terminal when the other nodes need to be connected with the external network, so that the connection of the other nodes and the external network is physically isolated, and the function of protecting the other nodes can be achieved. The vehicle-mounted terminal actively connects with the background server through the public key, downloads the private key and verifies with the background server through the private key, and the simplified identity verification algorithm replaces PKI direct connection background, so that the using amount of PKI certificates can be reduced, the complexity of the verification algorithm is greatly reduced, and the CPU operation amount is reduced.
The foregoing disclosure is illustrative of the present invention and is not to be construed as limiting the scope of the invention, which is defined by the appended claims.
Claims (10)
1. The vehicle-mounted Ethernet dynamic login authentication method based on the vehicle-mounted terminal is characterized by comprising the following steps of:
the method comprises the steps that a vehicle-mounted terminal firstly requests to connect with a background server, the background server performs identity verification through a preset public key, and after verification is successful, the vehicle-mounted terminal downloads a preset corresponding private key and signs through the corresponding private key;
when the vehicle-mounted terminal receives an identity authentication request of other nodes in the vehicle-mounted Ethernet, the vehicle-mounted terminal generates a random authentication code and returns the random authentication code to the other nodes in the vehicle-mounted Ethernet; the vehicle-mounted terminal calculates the generated random authentication code through a preset verification algorithm to obtain a first authentication sequence;
the other nodes in the vehicle-mounted Ethernet calculate the received random authentication code through a preset verification algorithm to obtain a second authentication sequence;
and the vehicle-mounted terminal receives the second authentication sequence, compares the first authentication sequence with the second authentication sequence, judges that the authentication is passed if the first authentication sequence is the same as the second authentication sequence, and other nodes in the vehicle-mounted Ethernet are connected with the background server through the vehicle-mounted terminal.
2. The method as recited in claim 1, further comprising:
and after downloading the preset corresponding private key, the vehicle-mounted terminal detects whether the signature is out of date according to a preset time period, and when detecting that the signature is out of date, the vehicle-mounted terminal downloads the new corresponding private key again.
3. The method of claim 2, wherein the generating the random authentication code by the vehicle-mounted terminal specifically comprises:
when the vehicle-mounted terminal receives the identity authentication request of other nodes in the vehicle-mounted Ethernet, acquiring the current time and the identity authentication information of other nodes in the vehicle-mounted Ethernet; the identity authentication information at least comprises a vehicle unique identification code and a node unique serial number;
and generating a plurality of corresponding random numbers by taking the current time as a random seed, and outputting the plurality of corresponding random numbers as random authentication codes according to a preset format.
4. The method of claim 3, wherein the calculating, by the vehicle-mounted terminal, the generated random authentication code by a preset verification algorithm specifically includes:
the vehicle-mounted terminal acquires a vehicle unique identification code prestored in the vehicle-mounted terminal;
calculating a first authentication sequence according to a pre-stored unique vehicle identification code and an acquired unique node serial number by the following formula:
wherein the SS i Representing a first authentication sequence, PVIN i Representing 16 bytes after a unique identification code of a vehicle pre-stored in a vehicle-mounted terminal and SN (serial number) i 16 bytes after the unique serial number of the node representing other nodes in the vehicle-mounted Ethernet i The random authentication code of 16 bytes is represented, i is represented by a byte serial number, sigma is represented by an exclusive or operation, and sigma is represented by a summation operation of 0 to i.
5. The method of claim 3, wherein the calculating, by the other nodes in the vehicle ethernet, the received random authentication code by a preset verification algorithm specifically includes:
acquiring a vehicle unique identification code and a node unique serial number corresponding to other nodes in the vehicle-mounted Ethernet;
calculating a second authentication sequence according to the unique vehicle identification code and the unique node serial number by the following formula:
wherein ss i Representing a second authentication sequence, VIN i Representing the unique identification code of the vehicle corresponding to other nodes in the vehicle-mounted Ethernet, and the SN is 16 bytes after the unique identification code of the vehicle corresponding to other nodes in the vehicle-mounted Ethernet i 16 bytes after the unique serial number of the node representing other nodes in the vehicle-mounted Ethernet i The random authentication code of 16 bytes is represented, i is represented by a byte serial number, sigma is represented by an exclusive or operation, and sigma is represented by a summation operation of 0 to i.
6. A vehicle-mounted ethernet dynamic login authentication system based on a vehicle-mounted terminal, for implementing the method as claimed in any one of claims 1 to 5, comprising: the system comprises a vehicle-mounted terminal, a background server and other nodes in the vehicle-mounted Ethernet; the vehicle-mounted terminal is respectively connected with the background server and other nodes in the vehicle-mounted Ethernet;
the background server is used for carrying out identity verification through a preset public key when the vehicle-mounted terminal first requests to connect with the background server; when the vehicle-mounted terminal requests connection after signing through the corresponding private key, carrying out identity verification on the vehicle-mounted terminal through the corresponding private key;
the vehicle-mounted terminal is used for downloading a preset corresponding private key and signing through the corresponding private key after the background server is successfully verified by first requesting to be connected; when receiving an identity authentication request of other nodes in the vehicle-mounted Ethernet, generating a random authentication code and returning the random authentication code to the other nodes in the vehicle-mounted Ethernet; calculating the generated random authentication code through a preset verification algorithm to obtain a first authentication sequence;
the other nodes in the vehicle-mounted Ethernet are used for calculating the received random authentication code through a preset verification algorithm to obtain a second authentication sequence;
the vehicle-mounted terminal is further configured to receive the second authentication sequence, compare the first authentication sequence with the second authentication sequence, determine that authentication is passed if the first authentication sequence is the same as the second authentication sequence, and connect other nodes in the vehicle-mounted ethernet to the background server through the vehicle-mounted terminal.
7. The system of claim 6, wherein the vehicle terminal is further configured to detect whether the signature expires according to a preset time period after downloading the preset corresponding private key, and to re-download the new corresponding private key when detecting that the signature has expired.
8. The system of claim 7, wherein the vehicle-mounted terminal is further configured to obtain the current time and the identity authentication information of the other nodes in the vehicle-mounted ethernet when the identity authentication request of the other nodes in the vehicle-mounted ethernet is received; the identity authentication information at least comprises a vehicle unique identification code and a node unique serial number;
and generating a plurality of corresponding random numbers by taking the current time as a random seed, and outputting the plurality of corresponding random numbers as random authentication codes according to a preset format.
9. The system of claim 8, wherein the vehicle-mounted terminal is further configured to obtain a unique vehicle identification code pre-stored therein;
calculating a first authentication sequence according to a pre-stored unique vehicle identification code and an acquired unique node serial number by the following formula:
wherein the SS i Representing a first authentication sequence, PVIN i Representing 16 bytes after a unique identification code of a vehicle pre-stored in a vehicle-mounted terminal and SN (serial number) i 16 bytes after the unique serial number of the node representing other nodes in the vehicle-mounted Ethernet i The random authentication code of 16 bytes is represented, i is represented by a byte serial number, sigma is represented by an exclusive or operation, and sigma is represented by a summation operation of 0 to i.
10. The system of claim 8, wherein the other nodes in the vehicle ethernet network are further configured to calculate a second authentication sequence based on the vehicle unique identification code and the node unique serial number by the following formula:
wherein ss i Representing a second authentication sequence, VIN i Representing the unique identification code of the vehicle corresponding to other nodes in the vehicle-mounted Ethernet, and the SN is 16 bytes after the unique identification code of the vehicle corresponding to other nodes in the vehicle-mounted Ethernet i 16 bytes after the unique serial number of the node representing other nodes in the vehicle-mounted Ethernet i The random authentication code of 16 bytes is represented, i is represented by a byte serial number, sigma is represented by an exclusive or operation, and sigma is represented by a summation operation of 0 to i.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210645292.9A CN115225318B (en) | 2022-06-09 | 2022-06-09 | Vehicle-mounted Ethernet dynamic login authentication method and system based on vehicle-mounted terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210645292.9A CN115225318B (en) | 2022-06-09 | 2022-06-09 | Vehicle-mounted Ethernet dynamic login authentication method and system based on vehicle-mounted terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115225318A CN115225318A (en) | 2022-10-21 |
| CN115225318B true CN115225318B (en) | 2023-12-22 |
Family
ID=83608527
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210645292.9A Active CN115225318B (en) | 2022-06-09 | 2022-06-09 | Vehicle-mounted Ethernet dynamic login authentication method and system based on vehicle-mounted terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115225318B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110769393A (en) * | 2019-11-07 | 2020-02-07 | 公安部交通管理科学研究所 | Identity authentication system and method for vehicle-road cooperation |
| CN110933615A (en) * | 2019-11-12 | 2020-03-27 | 江苏恒宝智能系统技术有限公司 | Data transmission method for vehicle-mounted terminal |
| CN112954643A (en) * | 2019-11-25 | 2021-06-11 | 中国移动通信有限公司研究院 | Direct connection communication authentication method, terminal, edge service node and network side equipment |
| CN113114699A (en) * | 2021-04-26 | 2021-07-13 | 中国第一汽车股份有限公司 | Vehicle terminal identity certificate application method |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107968781B (en) * | 2017-11-23 | 2021-04-30 | 大陆投资(中国)有限公司 | Safety processing method for vehicle sharing service |
-
2022
- 2022-06-09 CN CN202210645292.9A patent/CN115225318B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110769393A (en) * | 2019-11-07 | 2020-02-07 | 公安部交通管理科学研究所 | Identity authentication system and method for vehicle-road cooperation |
| CN110933615A (en) * | 2019-11-12 | 2020-03-27 | 江苏恒宝智能系统技术有限公司 | Data transmission method for vehicle-mounted terminal |
| CN112954643A (en) * | 2019-11-25 | 2021-06-11 | 中国移动通信有限公司研究院 | Direct connection communication authentication method, terminal, edge service node and network side equipment |
| CN113114699A (en) * | 2021-04-26 | 2021-07-13 | 中国第一汽车股份有限公司 | Vehicle terminal identity certificate application method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115225318A (en) | 2022-10-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20030126433A1 (en) | Method and system for performing on-line status checking of digital certificates | |
| WO2019083440A2 (en) | Vehicle-mounted device upgrading method and related device | |
| US20020056039A1 (en) | System for providing certification confirming agency service using double electronic signature | |
| CN111786799B (en) | Digital certificate signing and issuing method and system based on Internet of things communication module | |
| WO2023024487A1 (en) | Blockchain-based interconnected vehicle authentication system and method | |
| JPH07177142A (en) | Message guarantee system | |
| US20020062443A1 (en) | Method of providing time stamping service for setting client's system clock | |
| CN118153024B (en) | Method, device, equipment and storage medium for detecting risk of server certificate application | |
| Buschlinger et al. | Plug-and-patch: Secure value added services for electric vehicle charging | |
| CN115225318B (en) | Vehicle-mounted Ethernet dynamic login authentication method and system based on vehicle-mounted terminal | |
| CN113420277A (en) | Digital identity management and verification method based on intelligent contract | |
| CN115567271B (en) | Authentication method and device, page skip method and device, electronic equipment and medium | |
| CN116614520A (en) | Block chain transmission method, device, equipment and storage medium for trusted data | |
| CN112738751B (en) | Wireless sensor access authentication method, device and system | |
| CN116055111A (en) | Progressive OTA system, implementation method, medium and equipment | |
| CN114598454B (en) | Key generation and identity authentication method, device, equipment and computer storage medium | |
| CN113438212A (en) | Block chain node-based communication security management method and block chain security system | |
| CN108270742A (en) | A kind of method that VPN safety certifications are carried out using bill | |
| CN114065179B (en) | Authentication method, authentication device, server, client and readable storage medium | |
| CN109756509B (en) | Network authentication system based on information receipt and working method thereof | |
| CN116318748A (en) | Trusted time authentication method based on verification loop | |
| CN115361136A (en) | Verification method and device, equipment and computer readable storage medium | |
| CN116193435A (en) | C-V2X-based vehicle-mounted terminal secure communication method, device and medium | |
| CN116010442A (en) | Internet of vehicles and vehicle data query method, device, equipment and medium | |
| CN116506104A (en) | Method and system for information security interaction of different departments based on cross-chain blockchain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |