CN115334101A - Vehicle communication method and terminal, vehicle, and computer-readable storage medium - Google Patents

Vehicle communication method and terminal, vehicle, and computer-readable storage medium Download PDF

Info

Publication number
CN115334101A
CN115334101A CN202210863656.0A CN202210863656A CN115334101A CN 115334101 A CN115334101 A CN 115334101A CN 202210863656 A CN202210863656 A CN 202210863656A CN 115334101 A CN115334101 A CN 115334101A
Authority
CN
China
Prior art keywords
vehicle
mobile
certificate
key
terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210863656.0A
Other languages
Chinese (zh)
Inventor
卢龙
李正玉
孙瀛
梁锋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Weilai Automobile Technology Anhui Co Ltd
Original Assignee
Weilai Automobile Technology Anhui Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Weilai Automobile Technology Anhui Co Ltd filed Critical Weilai Automobile Technology Anhui Co Ltd
Priority to CN202210863656.0A priority Critical patent/CN115334101A/en
Publication of CN115334101A publication Critical patent/CN115334101A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/40Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The application relates to a vehicle communication method and terminal, a vehicle and a computer readable storage medium, the method comprising: generating a corresponding vehicle end private key and a vehicle end public key by the vehicle end, and distributing a vehicle end certificate based on the vehicle end public key to the mobile end through the authentication center; receiving, by the vehicle end, a mobile end certificate distributed via the certificate authority; presenting a graphical code of first signature information about a mobile terminal certificate through a vehicle terminal, wherein the graphical code is used for being read by the mobile terminal and verifying the first signature information through a public key of the mobile terminal; the vehicle end signs the test data through a vehicle end private key, encrypts the signed information through a mobile end certificate to generate test information, and sends the test information to the mobile end; and the vehicle end generates a session key based on the vehicle end private key, the vehicle end public key, the mobile end public key and the mobile end private key and mobile end negotiation.

Description

Vehicle communication method and terminal, vehicle, and computer-readable storage medium
Technical Field
The present application relates to the field of vehicle privacy protection, and in particular, to a vehicle communication method and terminal, a vehicle, and a computer-readable storage medium.
Background
With the development of the intelligent networking automobile, the communication security is more and more valued by users. In the intelligent electric automobile industry, one very important security field is data security, behind which is user privacy, property and even life security. Along with the intellectualization and networking of the vehicle, more and more data are generated by the intelligent vehicle, and many data are related to the privacy of the user, so that the privacy, property and even life safety of the user are influenced seriously if the data are leaked. With the introduction of data security laws and personal information protection laws, user privacy protection is becoming a compliance requirement.
In view of the above, there is a need for an improved communication mechanism.
Disclosure of Invention
Embodiments of the present application provide a vehicle communication method and terminal, a vehicle, and a computer-readable storage medium for improving security of vehicle communication.
According to an aspect of the present application, a vehicle communication method is provided. The method comprises the following steps: generating a corresponding vehicle end private key and a vehicle end public key by a vehicle end, and distributing a vehicle end certificate based on the vehicle end public key to a mobile end through an authentication center; receiving, by the vehicle end, a mobile end certificate distributed via an authentication center, wherein the mobile end certificate is generated based on a mobile end public key, and the mobile end public key and a mobile end private key corresponding to the mobile end public key are generated by the mobile end; presenting a graphical code of first signature information about the mobile terminal certificate through the vehicle terminal, wherein the graphical code is used for being read by the mobile terminal and verifying the first signature information through the mobile terminal public key; the vehicle end signs test data through the vehicle end private key, encrypts signed information through the mobile end certificate to generate test information, and sends the test information to the mobile end, wherein the test information is decrypted by the mobile end through the mobile end private key, and second signature information in the decrypted data is verified based on the vehicle end certificate; and generating a session key by the vehicle end based on the vehicle end private key, the vehicle end public key, the mobile end public key and the mobile end private key in a negotiation manner with the mobile end.
In some embodiments of the present application, optionally, the graphic code is a two-dimensional code.
In some embodiments of the present application, optionally, the vehicle terminal certificate based on the vehicle terminal public key distributed to the mobile terminal includes: and the mobile terminal determines the ID of the vehicle terminal certificate through the vehicle identification code of the vehicle terminal and acquires the vehicle terminal certificate according to the ID, wherein the vehicle identification code binds the corresponding ID of the vehicle terminal certificate and the ID of the mobile terminal certificate.
In some embodiments of the present application, optionally, receiving, by the vehicle end, the mobile terminal certificate distributed via the certificate authority includes: and the vehicle end determines the ID of the mobile terminal certificate through the vehicle identification code, and obtains the mobile terminal certificate.
In some embodiments of the present application, optionally, the method further comprises: encrypting session content using the session key to generate encrypted session content; and sending the encrypted session content to the mobile terminal.
In some embodiments of the present application, optionally, the method further comprises: decrypting, by the mobile terminal, the encrypted session content using the session key to generate the session content.
In some embodiments of the present application, optionally, the method is used for transmitting the real-time picture from the vehicle end to the mobile end.
In some embodiments of the present application, optionally, the vehicle end negotiates with the mobile end to generate the session key based on the vehicle end private key, the vehicle end public key, the mobile end public key, and the mobile end private key through a DH algorithm.
According to another aspect of the present application, a vehicle communication terminal is provided. The terminal includes: the key management and encryption and decryption module is configured to generate a corresponding vehicle-side private key and a vehicle-side public key; the certification authority client module is configured to generate a vehicle end certificate based on the vehicle end public key and distribute the vehicle end certificate to the mobile end through the certification authority, and receive the mobile end certificate based on the mobile end public key distributed through the certification authority, wherein the mobile end public key and a corresponding mobile end private key thereof are generated by the mobile end; and a verification module configured to present a graphical code of first signature information about the mobile terminal certificate, the graphical code being used for the mobile terminal to read and verify the first signature information through the mobile terminal public key; the verification module is further configured to sign test data through the vehicle-side private key, encrypt signed information through the mobile-side certificate to generate test information, and send the test information to the mobile terminal, wherein the test information is decrypted by the mobile terminal through the mobile-side private key, and second signature information in the decrypted data is verified through the vehicle-side certificate; and the key management and encryption and decryption module is further configured to generate a session key based on the vehicle-side private key, the vehicle-side public key, the mobile-side public key and the mobile-side private key in negotiation with the mobile terminal.
In some embodiments of the present application, optionally, the graphic code is a two-dimensional code.
In some embodiments of the present application, optionally, the certificate authority client module is configured to determine an ID of the vehicle-side certificate through a vehicle identification code of the vehicle side, and thereby obtain the vehicle-side certificate, where the vehicle identification code binds the corresponding ID of the vehicle-side certificate and the ID of the mobile-side certificate.
In some embodiments of the present application, optionally, the key management and encryption/decryption module is further configured to: encrypting session content using the session key to generate encrypted session content; and sending the encrypted session content to the mobile terminal.
According to another aspect of the present application, a vehicle communication terminal is provided. The terminal includes: a memory configured to store instructions; and a processor configured to execute the instructions such that any one of the vehicle communication methods described above is performed.
According to another aspect of the present application, a vehicle is provided. The vehicle comprises any one of the vehicle communication terminals as described above.
According to another aspect of the present application, there is provided a computer-readable storage medium having instructions stored therein, wherein the instructions, when executed by a processor, cause the processor to perform any one of the vehicle communication methods as described above.
The vehicle communication method and terminal, the vehicle, and the computer-readable storage medium according to some embodiments of the present application may verify the authenticity of a certificate exchanged between the vehicle end and the mobile end, and may implement encrypted communication based on the authentic certificate, so as to implement services such as real-time transmission of a screen between the vehicle end and the mobile end.
Drawings
The above and other objects and advantages of the present application will become more apparent from the following detailed description when taken in conjunction with the accompanying drawings, in which like or similar elements are designated by like reference numerals.
FIG. 1 illustrates a vehicle communication method according to one embodiment of the present application;
FIG. 2 illustrates a vehicle communication terminal according to one embodiment of the present application;
FIG. 3 illustrates a vehicle communication terminal according to one embodiment of the present application;
FIG. 4 illustrates a mobile terminal according to one embodiment of the present application;
fig. 5 shows a vehicle communication system and its operating principle according to an embodiment of the present application.
Detailed Description
For the purposes of brevity and explanation, the principles of the present application are described herein with reference primarily to exemplary embodiments thereof. However, those skilled in the art will readily recognize that the same principles are equally applicable to all types of vehicle communication methods and terminals, vehicles, and computer-readable storage media, and that these same or similar principles may be implemented therein, with any such variations not departing from the true spirit and scope of the present application.
According to an aspect of the present application, a vehicle communication method is provided. As shown in fig. 1, a vehicle communication method 10 (hereinafter referred to as method 10) includes the steps of: in step S102, the vehicle end generates a corresponding vehicle end private key and a vehicle end public key, and distributes a vehicle end certificate based on the vehicle end public key to the mobile end via the certificate authority; receiving, by the vehicle end, a mobile terminal certificate distributed via the certificate authority in step S104; presenting a graphical code of first signature information about the mobile terminal certificate through the vehicle terminal in step S106; in step S108, the vehicle end signs the test data through a vehicle end private key, encrypts the signed information through a mobile end certificate to generate test information, and sends the test information to the mobile end; and generating a session key by the vehicle end by negotiating with the mobile end, for example, through a DH (Diffie Hellman) algorithm, based on the vehicle end private key, the vehicle end public key, the mobile end public key, and the mobile end private key in step S110. Through the above steps of the method 10, the certificates of the opposite terminals received by the vehicle terminal and the mobile terminal can be verified, and the certificates are prevented from being tampered in the middle. The verified certificate can be further used for generating a session key, so that the reliability of communication between the vehicle end and the mobile end is guaranteed. The specific working principle of the above steps of the method 10 will be explained in detail below.
For clarity of the operation of the method 10, reference will now be made to the vehicle communication system illustrated in FIG. 5. As shown in fig. 5, the vehicle communication system includes a vehicle end, a mobile end, a public key infrastructure/certificate authority (PKI/CA), a Telematics Service Provider (TSP), and the like. The following operations will be performed between the above entities, and the sequence numbers of the following operations correspond to those of the figures:
(1) and issuing the certificate. The scheme shown in fig. 5 may be an end-to-end encryption scheme for privacy protection of the car networking in a real-time scenario, and a session both ends (car end and mobile end) are required to generate a terminal-side certificate before a real-time session is established. The preferred scheme is that a pair of public key and private key is respectively generated by two ends, specifically comprising a mobile end public key and mobile end private key pair, a vehicle end public key and vehicle end private key pair, and then the two ends respectively request the PKI/CA system to sign and issue a certificate at the opposite end side.
(2) A certificate request (specifically, as shown in the figure, obtaining a mobile terminal certificate and obtaining a vehicle terminal certificate, respectively). Before the real-time session is established, a session request end (a vehicle end or a mobile end) acquires a certificate of a session receiving end (the mobile end or the vehicle end) through a PKI/CA system, and meanwhile, the request end can locally manage the received certificate through a certificate management module.
(3) And (5) scanning the code for verification. After the vehicle end and the mobile end have installed the certificates of the opposite end, the code scanning is performed by the mobile end so as to verify the certificate installed by the vehicle end (the vehicle end can display the signature of the locally installed mobile end certificate, and the mobile end compares whether the signature information is consistent or not by the code scanning). If the verification is passed, the vehicle end can generate random information and sign the random information by using a vehicle end private key, and then the signed information is encrypted by using a mobile end certificate and is sent to the mobile end. The mobile terminal can decrypt the data by using a local mobile terminal private key and verify the signature information by using a locally installed vehicle terminal certificate, so that a man-in-the-middle can be prevented from tampering the certificate.
Through the above process, it can be determined whether the vehicle end and the mobile end both correctly receive the certificate of the other side, and the correct certificate is the basis of the subsequent other communication steps. Some examples of end-to-end encrypted (E2 EE) communications using authenticated certificates are described below, where the data communicated between the sender and the receiver (including the intermediate receiver) is E2EE encrypted data.
(4) A real-time conversation. In a real-time session scenario, a session request end (a vehicle end or a mobile end) and a receiving end may negotiate a session key through a DH algorithm, and specifically, the two ends may generate the session key based on public and private key information of the two ends through the DH algorithm. The process of generating the session key based on the car-side private key, the car-side public key, the mobile-side public key, and the mobile-side private key by using the DH algorithm may be performed with reference to the prior art, and is not described herein again. The session key negotiated by both ends can be used for symmetric encryption of session content such as real-time.
It should be noted that fig. 5 and the above description are intended to provide the reader with a full and complete solution, not necessarily all, for a complete understanding of the principles of the application, but are not intended to limit the scope of the application.
Returning to fig. 1, the method 10 is primarily from a vehicle-end perspective, with the communication system described differently and as a whole, how the communication method is performed. In step S102, the method 10 generates a corresponding vehicle-side private key and a vehicle-side public key from the vehicle side, and distributes a vehicle-side certificate based on the vehicle-side public key to the mobile side via the certificate authority. The vehicle-side private key and the vehicle-side public key generated in step S102 will make it possible to encrypt information with a certificate in a subsequent process. Further, the method 10 receives, by the vehicle end, the mobile terminal certificate distributed via the certificate authority in step S104. The mobile terminal certificate is generated based on the mobile terminal public key, and the mobile terminal public key and the mobile terminal private key corresponding to the mobile terminal public key are generated by the mobile terminal. Through steps S102 and S104, the mobile terminal and the vehicle terminal achieve exchange of certificates, and the certificates received by both terminals can be used for subsequent encrypted communication.
In some embodiments of the present application, in step S102, the mobile terminal may determine an ID of the vehicle-side certificate through a vehicle identification code of the vehicle side, and thereby obtain the vehicle-side certificate, where the vehicle identification code binds the ID of the corresponding vehicle-side certificate and the ID of the mobile-side certificate. In addition, in step S104, the ID of the corresponding vehicle end certificate and the ID of the mobile end certificate may be bound by the vehicle identification code of the vehicle end, and the vehicle end may determine the ID of the mobile end certificate by the vehicle identification code and obtain the mobile end certificate accordingly.
The method 10 presents a graphical code of signature information (also referred to as first signature information for distinction) about the mobile terminal certificate through the vehicle terminal in step S106. The graphical code can be read by the mobile terminal, and the mobile terminal can verify the first signature information included in the graphical code through the mobile terminal public key, so that the reliability of the first signature information is verified, and whether the mobile terminal certificate received by the vehicle terminal is reliable is determined. In some examples, the graphical code may be a two-dimensional code; in other examples, the graphical code may also be other graphical codes that can be machine-readable, such as a bar code.
In step S108, the vehicle signs the test data through the vehicle private key and encrypts the signed information through the mobile terminal certificate to generate test information, and sends the test information to the mobile terminal in the method 10. The test information can be received by the mobile terminal, and the mobile terminal can decrypt the test information through the mobile terminal private key. Then, the mobile terminal may verify the signature information (also referred to as second signature information to indicate differences) in the decrypted data based on the vehicle terminal certificate.
In some embodiments of the present application, the real-time session may be initiated by the vehicle end. In step S110, the vehicle negotiates with the mobile terminal through a DH algorithm based on the vehicle private key, the vehicle public key, the mobile public key, and the mobile private key to generate a session key in the method 10. Specifically, the two ends can generate the session key based on the public and private key information of the two ends through the DH algorithm. The process of generating the session key based on the car-side private key, the car-side public key, the mobile-side public key, and the mobile-side private key by using the DH algorithm may be performed with reference to the prior art, and is not described herein again.
In some embodiments of the present application, the vehicle end may encrypt the session content with the session key, and specifically, the method 10 further includes the following steps: encrypting the session content using the session key to generate encrypted session content; and sending the encrypted session content to the mobile terminal. In addition, the mobile terminal may receive and decrypt the encrypted session content, and specifically, the method 10 further includes the following steps: the encrypted session contents are decrypted by the mobile terminal using the session key to generate session contents. In this way, the real-time session content can be encrypted using both symmetric encryption and asymmetric encryption, thereby ensuring the security of the communication. Because the volume of the session content is large, the session key generated by the DH algorithm can be used for carrying out symmetric encryption, and the symmetric encryption balances the safety and the efficiency.
In some embodiments of the present application, the method 10 is used to transmit real-time images from a vehicle end to a mobile end. The session content (real-time picture) can be encrypted in a more efficient manner by the method 10, and the security of the transmitted real-time picture can be guaranteed.
In some embodiments of the present application, the real-time session may be initiated by the mobile terminal, and the session initiated by the vehicle terminal may refer to the above related process, which is not described herein again.
According to another aspect of the present application, a vehicle communication terminal is provided. As shown in fig. 2, the vehicle communication terminal 20 (hereinafter referred to as the terminal 20) includes a memory 202 and a processor 204. Wherein the processor 204 can read data from the memory 202 and write data to the memory 202. The memory 202 may store instructions and the processor 204 may execute the instructions stored in the memory 202 to cause performance of any of the vehicle communication methods as described above.
According to another aspect of the present application, a vehicle communication terminal is provided. As shown in fig. 3, the vehicle communication terminal 30 (hereinafter, referred to as the terminal 30) includes a key management and encryption/decryption module, an authentication center client module, and a verification module.
The key management and encryption/decryption module of the terminal 30 is configured to generate a corresponding vehicle-side private key and a vehicle-side public key. Specifically, the key management and encryption/decryption module may provide functions such as encryption, decryption, offline session key management, real-time session key management, certificate management, and private key management.
The certificate authority client module of the terminal 30 may generate a vehicle-side certificate based on the vehicle-side public key and distribute the vehicle-side certificate to the mobile side through the certificate authority, and receive the mobile-side certificate based on the mobile-side public key distributed through the certificate authority, where the mobile-side public key and the corresponding mobile-side private key thereof are generated by the mobile side. Specifically, the certificate authority client module may provide certificate issuing and certificate downloading functions: the certificate issuing can be used for generating a vehicle end certificate in a real-time scene, a vehicle end locally generates a public and private key pair, and then requests a PKI/CA system to issue the certificate; and the certificate downloading is used for requesting the mobile terminal certificate from the mobile terminal by the vehicle terminal in a real-time scene.
The verification module of the terminal 30 may present a graphical code of the first signature information about the mobile terminal certificate, where the graphical code is used for the mobile terminal to read and verify the first signature information through the mobile terminal public key; the verification module is further configured to sign the test data through the vehicle-side private key, encrypt the signed information through the mobile-side certificate to generate test information, and send the test information to the mobile side, wherein the test information is decrypted by the mobile side through the mobile-side private key, and verify second signature information in the decrypted data through the vehicle-side certificate. In some embodiments of the present application, the graphical code is a two-dimensional code; in other examples, the graphical code may also be other graphical codes that can be machine-readable, such as a bar code.
Specifically, the verification module can provide a two-dimensional code scanning verification function: the vehicle end displays signature information of the installed certificate of the mobile end, the mobile end scans codes through the two-dimensional codes to compare whether the signatures are consistent, if yes, the vehicle end sends encrypted signature information (the vehicle end uses a private key to sign random information and encrypts the signature information by using the locally installed certificate of the mobile end) to the mobile end, and the mobile end verifies the encrypted signature information.
In addition, the key management and encryption and decryption module is further configured to negotiate with the mobile terminal through a DH algorithm based on the vehicle-side private key, the vehicle-side public key, the mobile-side public key and the mobile-side private key to generate a session key. Specifically, the key management and encryption/decryption module may negotiate with the peer end through a DH algorithm based on public and private key information at both ends to generate a session key. The process of generating the session key based on the car-side private key, the car-side public key, the mobile-side public key, and the mobile-side private key by using the DH algorithm may be performed with reference to the prior art, and is not described herein again.
In some embodiments of the present application, the certificate authority client module is configured to determine an ID of the vehicle-side certificate through a vehicle identification code of the vehicle side, and obtain the vehicle-side certificate accordingly, where the vehicle identification code binds the ID of the corresponding vehicle-side certificate and the ID of the mobile-side certificate.
In some embodiments of the present application, the key management and encryption/decryption module is further configured to: encrypting the session content using the session key to generate encrypted session content; and sending the encrypted session content to the mobile terminal.
In some embodiments of the present application, the terminal further comprises a session management module. The session management module may be configured to generate session information, the session information including at least one of: time stamp, random number. Specifically, the session management module can provide offline session management and real-time session management, and the session management module manages session information for offline sessions and real-time sessions, including information such as vehicle end VIN, mobile end identity information, timestamp, and random number, and the session information can be synchronized to two ends through a secure encrypted channel. For a real-time scenario, the real-time session requestor may encrypt the session key with the session receiver certificate.
In addition, the terminal 30 may further include a hardware security module (not shown in the figure), which may be an abstraction layer of the vehicle-end bottom layer security hardware module HSM, for providing key generation, management and data encryption and decryption capabilities.
According to another aspect of the present application, a mobile terminal is provided. As shown in fig. 4, the mobile terminal 40 includes a key management and encryption/decryption module, an authentication center client module, and a verification module. During communication, the terminal 30 and the mobile terminal 40 are located at the same opposite end, and thus each module in the mobile terminal 40 may have the same function as the corresponding module of the terminal 30. For brevity, the functions and operation of the various modules of the mobile end 40 will not be described in further detail herein.
According to another aspect of the present application, a vehicle is provided. The vehicle comprises any one of the vehicle communication terminals as described above. The present application is not limited to the layout of the vehicle (e.g., wheeled vehicle, tracked vehicle, etc.) nor the driving force of the vehicle (e.g., motor drive, gasoline drive, etc.), and encompasses a variety of vehicles currently known in the art as well as vehicles developed in the future.
According to another aspect of the present application, there is provided a computer readable storage medium having stored therein instructions that, when executed by a processor, cause the processor to perform any of the vehicle communication methods as described above. Computer-readable media as referred to in the present application includes various types of computer storage media and can be any available media that can be accessed by a general purpose or special purpose computer. By way of example, computer-readable media may include RAM, ROM, EPROM, E 2 PROM, registers, hard disk, removable disk, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other temporary or non-temporary medium that can be used to carry or store desired program code means in the form of instructions or data structures and that can be accessed by a general purpose or special purpose computer, or a general purpose or special purpose processor. A disk, as used herein, typically reproduces data magnetically, whereas a disc reproduces data optically with a laser. Combinations of the above should also be included within the scope of computer-readable media. An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor. The processor and the storage medium may reside in an Application Specific Integrated Circuit (ASIC). The ASIC may reside in a user terminal. In the alternative, the processor and the storage medium may reside as discrete components in a user terminal.
The above are merely specific embodiments of the present application, but the scope of the present application is not limited thereto. Other possible variations or substitutions may occur to those skilled in the art based on the teachings herein, and are intended to be covered by the present disclosure. In the present invention, the embodiments and features of the embodiments may be combined with each other without conflict. The scope of protection of the present application is subject to the description of the claims.

Claims (10)

1. A vehicle communication method, characterized in that the method comprises:
generating a corresponding vehicle end private key and a vehicle end public key by a vehicle end, and distributing a vehicle end certificate based on the vehicle end public key to a mobile end through an authentication center;
receiving, by the vehicle end, a mobile end certificate distributed via an authentication center, wherein the mobile end certificate is generated based on a mobile end public key, and the mobile end public key and a mobile end private key corresponding to the mobile end public key are generated by the mobile end;
presenting a graphical code of first signature information about the mobile terminal certificate through the vehicle terminal, wherein the graphical code is used for being read by the mobile terminal and verifying the first signature information through a public key of the mobile terminal;
the vehicle end signs test data through the vehicle end private key, encrypts signed information through the mobile end certificate to generate test information, and sends the test information to the mobile end, wherein the test information is decrypted by the mobile end through the mobile end private key, and second signature information in the decrypted data is verified based on the vehicle end certificate; and
and the vehicle end generates a session key based on the vehicle end private key, the vehicle end public key, the mobile end public key and the mobile end private key in negotiation with the mobile end.
2. The method of claim 1, wherein the graphical code is a two-dimensional code.
3. The method according to claim 1, wherein the vehicle end certificate based on the vehicle end public key distributed to the mobile end comprises:
and the mobile terminal determines the ID of the vehicle terminal certificate through the vehicle identification code of the vehicle terminal and obtains the vehicle terminal certificate according to the ID, wherein the vehicle identification code binds the corresponding ID of the vehicle terminal certificate and the ID of the mobile terminal certificate.
4. The method of claim 3, wherein receiving, by the vehicle end, the mobile-end certificate distributed via a certificate authority comprises:
and the vehicle end determines the ID of the mobile terminal certificate through the vehicle identification code, and obtains the mobile terminal certificate.
5. The method of claim 1, further comprising: encrypting session content using the session key to generate encrypted session content; and
and sending the encrypted session content to the mobile terminal.
6. The method of claim 5, further comprising: decrypting, by the mobile terminal, the encrypted session content using the session key to generate the session content.
7. The method of claim 1, wherein the method is used for transmitting real-time pictures from the vehicle end to the mobile end.
8. The method of claim 1, wherein the vehicle end negotiates with the mobile end to generate the session key through a DH algorithm based on the vehicle end private key, the vehicle end public key, the mobile end public key, and the mobile end private key.
9. A vehicle communication terminal, characterized in that the terminal comprises:
the key management and encryption and decryption module is configured to generate a corresponding vehicle-side private key and a vehicle-side public key;
the certification authority client module is configured to generate a vehicle end certificate based on the vehicle end public key and distribute the vehicle end certificate to the mobile end through the certification authority, and receive the mobile end certificate based on the mobile end public key distributed through the certification authority, wherein the mobile end public key and a corresponding mobile end private key thereof are generated by the mobile end; and
a verification module configured to present a graphical code of first signature information about the mobile terminal certificate, the graphical code being used for the mobile terminal to read and verify the first signature information through the mobile terminal public key; wherein the content of the first and second substances,
the verification module is further configured to sign test data through the vehicle-side private key, encrypt signed information through the mobile-side certificate to generate test information, and send the test information to the mobile terminal, wherein the test information is decrypted by the mobile terminal through the mobile-side private key, and second signature information in the decrypted data is verified through the vehicle-side certificate; and is
The key management and encryption and decryption module is further configured to generate a session key based on the vehicle-side private key, the vehicle-side public key, the mobile-side public key, and the mobile-side private key in negotiation with the mobile terminal.
10. The terminal of claim 9, wherein the graphical code is a two-dimensional code.
CN202210863656.0A 2022-07-22 2022-07-22 Vehicle communication method and terminal, vehicle, and computer-readable storage medium Pending CN115334101A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210863656.0A CN115334101A (en) 2022-07-22 2022-07-22 Vehicle communication method and terminal, vehicle, and computer-readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210863656.0A CN115334101A (en) 2022-07-22 2022-07-22 Vehicle communication method and terminal, vehicle, and computer-readable storage medium

Publications (1)

Publication Number Publication Date
CN115334101A true CN115334101A (en) 2022-11-11

Family

ID=83919854

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210863656.0A Pending CN115334101A (en) 2022-07-22 2022-07-22 Vehicle communication method and terminal, vehicle, and computer-readable storage medium

Country Status (1)

Country Link
CN (1) CN115334101A (en)

Similar Documents

Publication Publication Date Title
CN110380852B (en) Bidirectional authentication method and communication system
EP1610202B1 (en) Using a portable security token to facilitate public key certification for devices in a network
US20090144541A1 (en) Method and apparatus of mutual authentication and key distribution for downloadable conditional access system in digital cable broadcasting network
CN109302369B (en) Data transmission method and device based on key verification
EP2747377B1 (en) Trusted certificate authority to create certificates based on capabilities of processes
CN109495445A (en) Identity identifying method, device, terminal, server and medium based on Internet of Things
CN112039918A (en) Internet of things credible authentication method based on identification cryptographic algorithm
US7779262B2 (en) Security method using electronic signature
CN107404469B (en) Session safety processing system, device, apparatus and method
CN113382002B (en) Data request method, request response method, data communication system, and storage medium
CN103905388A (en) Authentication method, authentication device, smart card, and server
CN109309910A (en) Communication data transmission method, system, equipment and computer readable storage medium
CN113572795B (en) Vehicle safety communication method, system and vehicle-mounted terminal
CN111065081A (en) Bluetooth-based information interaction method and device
WO2024017255A1 (en) Vehicle communication method, terminal, vehicle and computer-readable storage medium
CN114339680A (en) V2X system and safety authentication method
WO2024017256A1 (en) Vehicle communication method and terminal, and vehicle and computer-readable storage medium
CN113115309A (en) Data processing method and device for Internet of vehicles, storage medium and electronic equipment
CN108809656B (en) Key exchange protocol construction method based on double authentication protection signatures
CN111225001A (en) Block chain decentralized communication method, electronic equipment and system
CN115334101A (en) Vehicle communication method and terminal, vehicle, and computer-readable storage medium
CN111539032B (en) Electronic signature application system resistant to quantum computing disruption and implementation method thereof
CN113098833B (en) Information safety control method of vehicle, client device and server device
CN115334104A (en) Vehicle communication method and terminal, vehicle, and computer-readable storage medium
CN112041897B (en) Control method, ticketing rule server, ticket checking rule server and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination