CN115499837A - Communication method, device, equipment and storage medium based on secure transport layer protocol - Google Patents

Communication method, device, equipment and storage medium based on secure transport layer protocol Download PDF

Info

Publication number
CN115499837A
CN115499837A CN202211047539.3A CN202211047539A CN115499837A CN 115499837 A CN115499837 A CN 115499837A CN 202211047539 A CN202211047539 A CN 202211047539A CN 115499837 A CN115499837 A CN 115499837A
Authority
CN
China
Prior art keywords
certificate
server
application
client
short
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211047539.3A
Other languages
Chinese (zh)
Inventor
鲁鹏
孙宁
高景伯
刘建行
张聪
李颖钧
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guoqi Beijing Intelligent Network Association Automotive Research Institute Co ltd
Beijing Chewang Technology Development Co ltd
Original Assignee
Guoqi Beijing Intelligent Network Association Automotive Research Institute Co ltd
Beijing Chewang Technology Development Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guoqi Beijing Intelligent Network Association Automotive Research Institute Co ltd, Beijing Chewang Technology Development Co ltd filed Critical Guoqi Beijing Intelligent Network Association Automotive Research Institute Co ltd
Priority to CN202211047539.3A priority Critical patent/CN115499837A/en
Publication of CN115499837A publication Critical patent/CN115499837A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/009Security arrangements; Authentication; Protecting privacy or anonymity specially adapted for networks, e.g. wireless sensor networks, ad-hoc networks, RFID networks or cloud networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/40Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The embodiment of the application provides a communication method, a device, equipment and a storage medium based on a secure transport layer protocol, which are applied to a client, and comprise the steps of sending a connection request of the secure transport layer TLS protocol to a server, wherein the request comprises a handshake message, the handshake message comprises a type extension of a client certificate and a type extension of a server certificate, the client certificate comprises a V2X short certificate, and the server certificate comprises at least one of the V2X short certificate and an X.509 certificate; receiving a response message sent by the server based on the request; verifying the signature information in the response message by using a public key corresponding to the server certificate; and under the condition of passing the verification, sending the V2X short certificate to the server based on the first certificate application information in the response message, so as to complete the communication connection of the TLS under the condition that the verification of the V2X short certificate by the server passes. According to the embodiment of the application, the bidirectional TLS identity authentication of the server and the client can be realized through the V2X short certificate, the cost is reduced, and the timeliness is improved.

Description

Communication method, device, equipment and storage medium based on secure transport layer protocol
Technical Field
The present application relates to the field of communications technologies, and in particular, to a communication method, apparatus, device, and storage medium based on a secure transport layer protocol.
Background
Along with the continuous improvement of the automobile intelligent degree, more and more new technical products are applied to the automobile, and the information safety problem of the automobile is more and more emphasized when the change of the automobile industry brings convenience for traveling.
The communication safety of the Cellular internet of vehicles (C-V2X, cellular-vehicle to X) is mainly divided into four directions: vehicle-to-cloud secure communications, vehicle-to-vehicle secure communications, vehicle-to-road secure communications, and vehicle-to-device secure communications. The vehicle-cloud secure communication is to perform Security Transport Layer protocol (TLS) secure connection between the vehicle and the cloud based on a password digital certificate of a digital certificate standard x.509. And the vehicle-to-vehicle, vehicle-to-road and vehicle-to-equipment safety communication carries out data signature and encryption based on the V2X short certificate. Therefore, according to different service division, in order to meet the vehicle cloud communication service requirements, an x.509 security certificate management system needs to be established, and in order to meet the V2X security service requirements, a V2X security certificate management system needs to be established.
Because the X.509 security certificate management system and the V2X security certificate management system are two independent systems, and the bytes of the X.509 certificate are more than those of the V2X short certificate, if the X.509 certificate is used in the V2X security communication, larger resources are occupied, and the cost is high; the timeliness V2X short certificate of the X.509 certificate cannot meet the high timeliness requirement of the Internet of vehicles.
Disclosure of Invention
The embodiment of the application provides a communication method, device, equipment and storage medium based on a secure transport layer protocol, and can solve the problems that in the prior art, when an X.509 certificate is used in V2X secure communication, larger resources can be occupied, and the cost is high, and the high timeliness requirement of the Internet of vehicles cannot be realized due to the timeliness V2X short certificate of the X.509 certificate.
In a first aspect, an embodiment of the present application provides a communication method based on a secure transport layer protocol, where the method is applied to a client, and includes:
sending a connection request of a security Transport Layer (TLS) protocol to a server, wherein the request comprises a handshake message, the handshake message comprises a type extension of a client certificate and a type extension of a server certificate, the client certificate comprises a V2X short certificate, and the server certificate comprises at least one of the V2X short certificate and an X509 certificate;
receiving a response message sent by the server based on the request, wherein the response message comprises at least one of a V2X short certificate and an X.509 certificate, signature information and first certificate application information, and the signature information is obtained by the server signing the handshake message by using a private key corresponding to the server certificate;
based on the response message, verifying the signature information by using a public key corresponding to the server certificate;
and sending a V2X short certificate to the server based on the first certificate application information in the response message under the condition that the verification is passed, so as to complete the communication connection of the TLS under the condition that the verification of the V2X short certificate by the server is passed.
In one embodiment, the response message includes a temporary public key generated by the server; the method further comprises the following steps:
and generating a shared secret key based on the temporary public key, wherein the shared secret key is used for encrypting the message transmitted to the server.
In one embodiment, before the sending the connection request of the secure transport layer TLS protocol to the server, the method further includes:
sending second certificate application information to a preset authorization mechanism, wherein the second certificate application information comprises a certificate type and a verification request, and the verification request comprises a public key, so that the authorization mechanism can verify the second certificate application information based on the public key;
and receiving the X.509 certificate corresponding to the certificate type sent by the authorization mechanism under the condition of passing the verification.
In one embodiment, before the sending the connection request of the secure transport layer TLS protocol to the server, the method further includes:
sending an application certificate application request to a preset V2X security certificate management system, wherein the application certificate application request comprises an identity certificate private key signature, so that the application certificate application request is verified by the V2X security certificate management system based on the identity certificate public key, and an application certificate application response message is generated after verification is passed;
sending an application certificate download application to the V2X security certificate management system based on the application certificate application response message sent by the V2X security certificate management system;
and receiving an application certificate download application response message sent by the V2X security certificate management system, wherein the application certificate download application response message comprises an application certificate which is downloaded by the V2X security certificate management system based on the application certificate download application.
In a second aspect, an embodiment of the present application provides a communication method based on a secure transport layer protocol, where the method is applied to a server and includes:
receiving a connection request of a security Transport Layer (TLS) protocol sent by a client, wherein the request comprises a handshake message, the handshake message comprises a type extension of a client certificate and a type extension of a server certificate, the client certificate comprises a V2X short certificate, and the server certificate comprises at least one of the V2X short certificate and an X.509 certificate;
sending a response message to the client based on the request, wherein the response message comprises at least one of a V2X short certificate and an X.509 certificate, signature information and first certificate application information, the signature information is obtained by the server by signing the handshake message by using a private key corresponding to the server certificate, so that the client verifies the signature information by using a public key corresponding to the server certificate based on the response message, and sends the V2X short certificate to the server based on the first certificate application information in the response message when the verification is passed;
and verifying the V2X short certificate sent by the client, and completing the communication connection of the TLS under the condition that the verification is passed.
In one embodiment, the handshake message includes information of a pre-shared key; the method further comprises the following steps:
and generating a shared key according to the pre-shared key and the temporary public key, wherein the shared key is used for encrypting the message transmitted to the client.
In a third aspect, an embodiment of the present application provides a communication apparatus based on a secure transport layer protocol, where the apparatus is applied to a client, and includes:
a sending module, configured to send a connection request of a security transport layer TLS protocol to a server, where the request includes a handshake message, the handshake message includes a type extension of a client certificate and a type extension of a server certificate, the client certificate includes a V2X short certificate, and the server certificate includes at least one of the V2X short certificate and an x.509 certificate;
a receiving module, configured to receive a response message sent by the server based on the request, where the response message includes at least one of a V2X short certificate and an x.509 certificate, signature information, and first certificate application information, and the signature information is obtained by the server signing the handshake message using a private key corresponding to the server certificate;
the verification module is used for verifying the signature information by utilizing a public key corresponding to the server certificate based on the response message;
the sending module is further configured to send, based on the first certificate application information in the response message, a V2X short certificate to the server when the verification passes, so that the TLS communication connection is completed when the verification of the V2X short certificate by the server passes.
In one embodiment, the response message includes a temporary public key generated by the server; the communication device based on the safe transmission layer protocol also comprises a generation module;
and the generating module is used for generating a shared secret key based on the temporary public key, wherein the shared secret key is used for encrypting the message transmitted to the server.
In an implementation manner, the sending module is further configured to send second certificate application information to a preset authority before sending a connection request of a security transport layer TLS protocol to a server, where the second certificate application information includes a certificate type and a verification request, and the verification request includes a public key, so that the second certificate application information is verified by the authority based on the public key;
the receiving module is further configured to receive an x.509 certificate corresponding to the certificate type and sent by the authorization mechanism under the condition that the certificate passes verification.
In an implementation manner, the sending module is further configured to send an application certificate application request to a preset V2X security certificate management system before sending a connection request of a security transport layer TLS protocol to a server, where the application certificate application request includes an identity certificate private key signature, so that the V2X security certificate management system verifies the application certificate application request based on the identity certificate public key, and generates application certificate application response information after the verification passes;
the sending module is further configured to send an application certificate download application to the V2X security certificate management system based on the application certificate application response message sent by the V2X security certificate management system;
the receiving module is further configured to receive an application certificate download application response message sent by the V2X security certificate management system, where the application certificate download application response message includes an application certificate that the V2X security certificate management system applies for downloading based on the application certificate download.
In a fourth aspect, an embodiment of the present application provides a communication device based on a secure transport layer protocol, where the device is applied to a server, and the device includes:
a receiving module, configured to receive a connection request of a security transport layer TLS protocol sent by a client, where the request includes a handshake message, the handshake message includes a type extension of a client certificate and a type extension of a server certificate, the client certificate includes a V2X short certificate, and the server certificate includes at least one of the V2X short certificate and an x.509 certificate;
a sending module, configured to send a response message to the client based on the request, where the response message includes at least one of a V2X short certificate and an x.509 certificate, signature information, and first certificate application information, where the signature information is obtained by the server signing the handshake message with a private key corresponding to the server certificate, so that the client verifies the signature information with the public key corresponding to the server certificate based on the response message, and sends the V2X short certificate to the server based on the first certificate application information in the response message when the verification passes;
and the verification module is used for verifying the V2X short certificate sent by the client and completing the communication connection of the TLS under the condition that the verification is passed.
In one embodiment, the handshake message includes information of a pre-shared key; the communication device based on the safe transmission layer protocol also comprises a generating module;
and the generating module is used for generating a shared secret key according to the pre-shared secret key and the temporary public key, wherein the shared secret key is used for encrypting the message transmitted to the client.
In a fifth aspect, an embodiment of the present application provides an electronic device, where the electronic device includes: a processor and a memory storing computer program instructions;
the processor, when executing the computer program instructions, implements a secure transport layer protocol based communication method as described in any of the embodiments of the first aspect.
In a sixth aspect, an embodiment of the present application provides a computer storage medium, on which computer program instructions are stored, and when executed by a processor, the computer program instructions implement the secure transport layer protocol-based communication method as described in any embodiment of the first aspect.
The communication method, the communication device, the communication equipment and the computer storage medium based on the security transport layer protocol of the embodiment of the application send a connection request of the security transport layer TLS protocol to a server through a client, wherein the request comprises a handshake message, the handshake message comprises a type extension of a client certificate and a type extension of a server certificate, the client certificate comprises a V2X short certificate, and the server certificate comprises at least one of the V2X short certificate and an X.509 certificate, so that the client performs identity authentication through the V2X short certificate, and the server can select the certificate type of the V2X short certificate or the X.509 certificate to perform identity authentication. Then, the client receives a response message sent by the server based on the request, wherein the response message comprises at least one of a V2X short certificate and an x.509 certificate, information that the server signs the handshake message by using a private key corresponding to the server certificate, and first certificate application information. And the client side verifies the signature information by using the public key corresponding to the server side certificate, and sends the V2X short certificate to the server side based on the first certificate application information under the condition that the verification is passed, so that the communication connection of the TLS is completed under the condition that the verification of the V2X short certificate by the server side is passed. Therefore, the client can directly carry out TLS connection by using the V2X short certificate, bidirectional TLS identity authentication of the server and the client can be realized through the V2X short certificate, an X.509 security certificate management system does not need to be established, the cost is reduced, and due to the certificate characteristics of the V2X short certificate, faster connection can be realized in TLS connection, and the requirement of a high-timeliness scene can be met.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings required to be used in the embodiments of the present application will be briefly described below, and for those skilled in the art, other drawings may be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic flowchart of a communication method based on a secure transport layer protocol according to an embodiment of the present application;
fig. 2 is a second flowchart of a communication method based on a secure transport layer protocol according to an embodiment of the present application;
FIG. 3 is a schematic flowchart of an X.509 certificate application provided by an embodiment of the present application;
fig. 4 is a schematic flowchart of an AC application certificate application according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of a communication device based on a secure transport layer protocol according to an embodiment of the present application;
fig. 6 is a second schematic structural diagram of a communication device based on a secure transport layer protocol according to an embodiment of the present application;
fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
Features of various aspects and exemplary embodiments of the present application will be described in detail below, and in order to make objects, technical solutions and advantages of the present application more apparent, the present application will be further described in detail below with reference to the accompanying drawings and specific embodiments. It should be understood that the specific embodiments described herein are intended to be illustrative only and are not intended to be limiting. It will be apparent to one skilled in the art that the present application may be practiced without some of these specific details. The following description of the embodiments is merely intended to provide a better understanding of the present application by illustrating examples thereof.
It should be noted that, in this document, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising 8230; \8230;" comprises 8230; "does not exclude the presence of additional like elements in a process, method, article, or apparatus that comprises the element.
As described in the background, the TLS protocol in the prior art is based on the verification of x.509 certificates to determine the client and server identities. In an application scene of the internet of vehicles, a host factory and a demonstration area establish an X.509 security certificate management system for meeting the requirements of vehicle cloud communication services and establish a V2X security certificate management system for meeting the requirements of V2X security services according to different service division. The x.509 security certificate management system and the V2X security certificate management system are two independent systems, and technically, the x.509 certificate is about 100 bytes larger than the V2X short certificate, and if the x.509 certificate is used in the V2X security communication, larger resources are occupied, which causes waste of labor and cost, and the requirement of high timeliness of the car networking cannot be met. In an application scenario of an intelligent transportation system, in order to implement efficient use of functions such as remote control and Over-the-Air Technology (OTA), efficient transmission and high reliability are required during TLS secure connection, and an x.509 certificate cannot implement faster connection during TLS connection.
In order to solve the above problem, an embodiment of the present application provides a communication method, an apparatus, a device, and a computer storage medium based on a secure transport layer protocol, where the communication method based on the secure transport layer protocol may send a connection request of a secure transport layer TLS protocol to a server through a client, where the request includes a handshake message, the handshake message includes a type extension of a client certificate and a type extension of a server certificate, the client certificate includes a V2X short certificate, and the server certificate includes at least one of the V2X short certificate and an x.509 certificate, so that the client performs identity authentication through the V2X short certificate, and the server may select a certificate type of the V2X short certificate or the x.509 certificate to perform identity authentication. Then, the client receives a response message sent by the server based on the request, wherein the response message comprises at least one of a V2X short certificate and an x.509 certificate, information that the server signs the handshake message by using a private key corresponding to the server certificate, and first certificate application information. And the client side verifies the signature information by using the public key corresponding to the server side certificate, and sends the V2X short certificate to the server side based on the first certificate application information under the condition that the verification is passed, so that the communication connection of the TLS is completed under the condition that the verification of the V2X short certificate by the server side is passed. Therefore, the client can directly carry out TLS connection by using the V2X short certificate, bidirectional TLS identity authentication of the server and the client can be realized through the V2X short certificate, an X.509 security certificate management system does not need to be established, the cost is reduced, and due to the certificate characteristics of the V2X short certificate, faster connection can be realized in TLS connection, and the requirement of a high-timeliness scene can be met.
The embodiment of the application can be applied to a scenario that both the client and the server use V2X short certificates, and also can be applied to a scenario that the client is a short certificate and the server is an x.509 certificate.
Fig. 1 shows a flowchart of a communication method based on a secure transport layer protocol according to an embodiment of the present application.
As shown in fig. 1, the communication method based on the secure transport layer protocol may specifically include the following steps:
s110, the client sends a connection request of a security transport layer TLS protocol to the server, where the request may include a handshake message, the handshake message may include a type extension of a client certificate and a type extension of a server certificate, the client certificate includes a V2X short certificate, and the server certificate includes at least one of the V2X short certificate and an x.509 certificate.
The client sends a connection request of a Transport Layer Security (TLS) to the server, where the TLS is used to provide confidentiality and data integrity between two communication applications, the client may be a vehicle terminal, and the server may be a cloud terminal, for example. The connection request may include a handshake message "Client Hello" which may include a type "Client _ certificate _ type" extension of the Client certificate and a type "server _ certificate _ type" extension of the server certificate, wherein the "Client _ certificate _ type" is a V2X short certificate, the "server _ certificate _ type" may support at least one type of V2X short certificate and x.509 certificate, and the server may select a first (optimal) certificate type from the server _ certificate _ type.
And S120, the server signs the handshake message by using a private key corresponding to the server certificate to obtain signature information.
The server signs the handshake message "Client Hello" by using a private key corresponding to the server certificate, wherein the server certificate may be a V2X short certificate or an x.509 certificate selected by the server.
S130, the server sends a response message to the client based on the request, where the response message may include at least one of the V2X short certificate and the x.509 certificate, the signature information, and the first certificate application information.
The Server replies a response message "Server Hello" to the client, where the response message may include a Server Certificate selected by the Server, signature information, and first Certificate application information "Certificate Request", where the first Certificate application information is used to apply for a client Certificate.
And S140, the client verifies the signature information by using the public key corresponding to the server certificate based on the response message.
After receiving the response message, the client verifies the signature information by using the public key corresponding to the server certificate, and verifies the validity of the server certificate, wherein the specific verification process may be as follows: and the server generates a public key and a private key corresponding to the server certificate, downloads the server certificate and the certificate chain, stores the server certificate and the certificate chain to a specified position, and generates a certificate configuration file. When verifying the validity of the certificate, the TLS1.3 program reads and calls the certificate file from the directory of the certificate configuration file, and then the TLS1.3 program verifies the certificate file based on the public key and the private key corresponding to the server certificate, and the certificate chain.
S150, the client sends the V2X short certificate to the server based on the first certificate application information in the response message under the condition that the verification is passed.
Under the condition that the server Certificate is verified to be valid, the client sends a Response message "Certificate Response" of the first Certificate application information to the server based on the first Certificate application information "Certificate Request" in the Response message, where the Response message "Certificate Response" may include a V2X short Certificate, that is, a client Certificate.
And S160, the service end verifies the V2X short certificate sent by the client, and completes the communication connection of the TLS under the condition that the verification is passed.
And the specific mode of verifying the V2X short certificate sent by the client by the server is consistent with the mode of verifying the validity of the certificate of the server, and if the verification is passed, the communication connection of the TLS is completed.
In the embodiment of the application, a connection request of a security transport layer TLS protocol is sent to a server through a client, wherein a handshake message in the request includes a type extension of a client certificate and a type extension of a server certificate, the client certificate includes a V2X short certificate, and the server certificate includes at least one of the V2X short certificate and an X.509 certificate, so that the client performs identity authentication through the V2X short certificate, and the server can select the certificate type of the V2X short certificate or the X.509 certificate to perform identity authentication. Then, the client receives a response message sent by the server based on the request, wherein the response message comprises at least one of a V2X short certificate and an x.509 certificate, information that the server signs the handshake message by using a private key corresponding to the server certificate, and first certificate application information. And the client side verifies the signature information by using the public key corresponding to the server side certificate, and sends the V2X short certificate to the server side based on the first certificate application information under the condition that the verification is passed, so that the communication connection of the TLS is completed under the condition that the verification of the V2X short certificate by the server side is passed. Therefore, the client can directly carry out TLS connection by using the V2X short certificate, the bidirectional TLS identity authentication of the server and the client can be realized through the V2X short certificate, an X.509 security certificate management system is not required to be established, the cost is reduced, and due to the certificate characteristics of the V2X short certificate, faster connection can be realized in TLS connection, and the requirement of a high-timeliness scene can be met.
Based on this, fig. 2 shows a flowchart of a secure transport layer protocol-based communication method provided in an embodiment of the present application, where the secure transport layer protocol-based communication method is applied to a client.
As shown in fig. 2, the communication method based on the secure transport layer protocol may specifically include the following steps:
s210, sending a connection request of a security Transport Layer (TLS) protocol to a server, wherein the request comprises a handshake message, the handshake message comprises a type extension of a client certificate and a type extension of a server certificate, the client certificate comprises a V2X short certificate, and the server certificate comprises at least one of the V2X short certificate and an X.509 certificate.
And S220, receiving a response message sent by the server based on the request, wherein the response message comprises at least one of a V2X short certificate and an X.509 certificate, signature information and first certificate application information, and the signature information is obtained by the server by using a private key corresponding to the server certificate to sign the handshake message.
And S230, verifying the signature information by using the public key corresponding to the server certificate based on the response message.
And S240, under the condition that the verification is passed, sending the V2X short certificate to the server based on the first certificate application information in the response message, so that under the condition that the verification of the V2X short certificate by the server is passed, the communication connection of the TLS is completed.
In the embodiment of the application, a connection request of a security transport layer TLS protocol is sent to a server through a client, wherein a handshake message in the request includes a type extension of a client certificate and a type extension of a server certificate, the client certificate includes a V2X short certificate, and the server certificate includes at least one of the V2X short certificate and an X.509 certificate, so that the client performs identity authentication through the V2X short certificate, and the server can select the certificate type of the V2X short certificate or the X.509 certificate to perform identity authentication. Then, the client receives a response message sent by the server based on the request, where the response message includes at least one of the V2X short certificate and the x.509 certificate, information that the server signs the handshake message using a private key corresponding to the server certificate, and first certificate application information. And the client side verifies the signature information by using the public key corresponding to the server side certificate, and sends the V2X short certificate to the server side based on the first certificate application information under the condition that the verification is passed, so that the communication connection of the TLS is completed under the condition that the verification of the V2X short certificate by the server side is passed. Therefore, the client can directly carry out TLS connection by using the V2X short certificate, bidirectional TLS identity authentication of the server and the client can be realized through the V2X short certificate, an X.509 security certificate management system does not need to be established, the cost is reduced, and due to the certificate characteristics of the V2X short certificate, faster connection can be realized in TLS connection, and the requirement of a high-timeliness scene can be met.
In some embodiments, the response message may include the server-generated temporary public key; the communication method based on the secure transport layer protocol may further include:
a shared key is generated based on the temporary public key.
The client receives a response message sent by the server based on the request, wherein the response message can comprise a temporary public key generated by the server, and the client generates a shared secret key required by the session based on the temporary public key, and the shared secret key is used for encrypting the message transmitted to the server. The response message may include a Key Share message, and the temporary public Key generated by the server may be sent to the client via the Key Share message.
Illustratively, the handshake message "Client Hello" may further include parameters such as a protocol version, a session ID, a cipher suite, and a compression algorithm supported by the Client, so that the server selects one parameter from the parameters such as the protocol version, the cipher suite, and the compression algorithm supported by the Client to generate a temporary public key, and then sends the temporary public key to the Client, and the Client generates the shared key based on the temporary public key.
In the embodiment of the application, the client receives the response message, the response message comprises the temporary public key generated by the server, the client generates the shared secret key based on the temporary public key, and the shared secret key is used for encrypting the message transmitted to the server, so that the message safety can be ensured, and the information transmission safety is improved.
In some embodiments, before sending the connection request of the secure transport layer TLS protocol to the server, the secure transport layer protocol-based communication method may further include:
sending second certificate application information to a preset authorization mechanism, wherein the second certificate application information comprises a certificate type and a verification request, and the verification request comprises a public key, so that the authorization mechanism can verify the second certificate application information based on the public key;
and receiving the X.509 certificate corresponding to the certificate type sent by the authorization mechanism under the condition of passing the verification.
The client sends the second Certificate application information to a preset Authority, where the preset Authority may be a Certificate Authority (CA). The second certificate application information may be a certificate application request, and the second certificate application information may include a certificate type and an authentication request of application, and may further include information such as a certificate type and a certificate number, where the authentication request may include a P10 request, and after receiving the second certificate application information, the CA may verify the second certificate application information based on a public key in the P10 request. And the preset authority sends the X.509 certificate corresponding to the certificate type to the client under the condition of passing the verification.
As an example, as shown in fig. 3, a client generates a certificate application request and sends the certificate application request to a CA authority in an x.509 secure certificate management system, wherein a certificate type, a certificate number and a P10 request are included in a certificate application request file. The CA organization certificate receives the certificate application request, the validity of the certificate application request is verified based on the P10 request, and after the verification of the validity is passed, the CA organization returns a certificate file to the client, wherein the certificate file comprises an X.509 certificate and a root certificate file.
In the embodiment of the application, the second certificate application information is sent to a preset authorization mechanism, the second certificate application information includes the certificate type and the verification request, the verification request includes the public key, so that the authorization mechanism verifies the second certificate application information based on the public key, and then the X.509 certificate corresponding to the certificate type sent by the authorization mechanism under the condition that the verification is passed is received, so that the security of applying for the X.509 certificate can be ensured.
In some embodiments, before sending the connection request of the secure transport layer TLS protocol to the server, the secure transport layer protocol-based communication method may further include:
sending an application certificate application request to a preset V2X security certificate management system, wherein the application certificate application request comprises an identity certificate private key signature and is used for verifying the application certificate application request based on an identity certificate public key by the V2X security certificate management system, and generating application certificate application response information after the verification is passed;
sending an application certificate download application to the V2X security certificate management system based on an application certificate application response message sent by the V2X security certificate management system;
and receiving an application certificate downloading application response message sent by the V2X security certificate management system, wherein the application certificate downloading application response message comprises an application certificate downloaded by the V2X security certificate management system based on the application certificate downloading application.
The V2X short certificate is an AC application certificate, and the application certificate application request may be a request for application of an application certificate for authentication by an Association Center (AC), and may include an identity certificate private key signature. After receiving the application certificate application request, the V2X security certificate management system verifies the validity of the application certificate application request based on the public key of the identity certificate, and generates application certificate application response information after the verification is passed, where the verification of the application certificate application request may be verified based on a certificate chain. And the client sends an application certificate downloading application to the V2X security certificate management system after receiving the application certificate application response information, and applies for downloading the application certificate. The application certificate application response message may further include download time information of the application certificate. In addition, the TLS secure connection may be performed using a pseudonymous certificate of the terminal instead of the application certificate.
As one example, as shown in fig. 4, the client generates an application certificate application request and signs with the identity certificate private key, sending the application certificate application request to the V2X security certificate management system. The V2X security certificate management system verifies the validity of the application certificate application request, generates an application certificate application response after the verification is passed, and returns the application certificate application response to the client, wherein the application certificate application response contains the downloading time information of the applied certificate. And then, the client generates an application certificate downloading request after receiving the application certificate application response, signs with the identity certificate, and then sends the application certificate downloading request to the V2X security certificate management system. The V2X secure certificate management system returns application certificate download response information (a compressed package file of the application certificate) to the client. In addition, the mode of the server side applying for the AC application certificate is consistent with the mode of the client side applying for the AC application certificate.
In the embodiment of the application, an application certificate application request is sent to a preset V2X security certificate management system, where the application certificate application request includes an identity certificate private key signature, so that the application certificate application request is verified by the V2X security certificate management system based on an identity certificate public key, application certificate application response information is generated after verification is passed, and an application certificate download application is sent to the V2X security certificate management system based on an application certificate application response message sent by the V2X security certificate management system. And then, receiving an application certificate downloading application response message sent by the V2X security certificate management system, wherein the application certificate downloading application response message comprises an application certificate downloaded and applied by the V2X security certificate management system based on the application certificate, so that the safety of the application certificate V2X short certificate can be ensured.
Based on this, another embodiment of the present application provides a communication method based on a secure transport layer protocol, which is applied to a server, and specifically includes the following steps:
receiving a connection request of a security Transport Layer (TLS) protocol sent by a client, wherein the request comprises a handshake message, the handshake message comprises a type extension of a client certificate and a type extension of a server certificate, the client certificate comprises a V2X short certificate, and the server certificate comprises at least one of the V2X short certificate and an X.509 certificate;
sending a response message to the client based on the request, wherein the response message comprises at least one of a V2X short certificate and an X.509 certificate, signature information and first certificate application information, the signature information is obtained by the server by signing a handshake message by using a private key corresponding to the server certificate, so that the client verifies the signature information by using a public key corresponding to the server certificate based on the response message, and sends the V2X short certificate to the server based on the first certificate application information in the response message under the condition that the verification is passed;
and verifying the V2X short certificate sent by the client, and completing the communication connection of the TLS under the condition that the verification is passed.
In the embodiment of the application, a connection request of a security Transport Layer (TLS) protocol sent by a client is received through a server, the request includes a handshake message, the handshake message includes a type extension of a client certificate and a type extension of a server certificate, the client certificate includes a V2X short certificate, and the server certificate includes at least one of the V2X short certificate and an X.509 certificate, so that the server can select the certificate type of the V2X short certificate or the X.509 certificate to perform identity authentication. Then, the server sends a response message to the client based on the request, the response message includes at least one of a V2X short certificate and an x.509 certificate, signature information and first certificate application information, the signature information is obtained by the server signing the handshake message with a private key corresponding to the server certificate, so that the client verifies the signature information by using a public key corresponding to the server certificate based on the response message, and sends the V2X short certificate to the server based on the first certificate application information in the response message when the verification is passed. And further verifying the V2X short certificate sent by the client, and completing the communication connection of the TLS under the condition that the verification is passed. Therefore, the client can directly carry out TLS connection by using the V2X short certificate, bidirectional TLS identity authentication of the server and the client can be realized through the V2X short certificate, an X.509 security certificate management system does not need to be established, the cost is reduced, and due to the certificate characteristics of the V2X short certificate, faster connection can be realized in TLS connection, and the requirement of a high-timeliness scene can be met.
In some embodiments, the handshake message may include information of the pre-shared key; the communication method based on the secure transport layer protocol may further include:
and generating a shared key according to the pre-shared key and the temporary public key.
The handshake message "Client Hello" may include an extension message (key sharing, pre-shared key mode), and the server generates a shared key based on the pre-shared key and the temporary public key in the extension message, where the shared key is used to encrypt a message transmitted to the Client.
As an example, the handshake message sent by the client and received by the server may include information of a Protocol version, a session ID, a cipher suite, a compression algorithm, and a pre-shared key that are supported by the client, and the server selects one of parameters of the Protocol version, the cipher suite, and the compression algorithm that are supported by the client, respectively, generates a temporary public key based on the selected parameter, and calculates a shared key for encrypting a hypertext Transfer Protocol (HTTP) message based on the temporary public key and the pre-shared key to encrypt the message transmitted to the client.
In the embodiment of the application, the shared key is generated according to the temporary public key and the pre-shared key in the handshake message, so that the client and the server can encrypt and transmit the message by using the generated shared key, and the security of message transmission is ensured.
Fig. 5 is a schematic structural diagram illustrating a communication apparatus 500 based on a secure transport layer protocol, according to an exemplary embodiment, where the communication apparatus 500 based on the secure transport layer protocol is applied to a client.
As shown in fig. 5, the communication device 500 based on the secure transport layer protocol may include:
a sending module 501, configured to send a connection request of a security transport layer TLS protocol to a server, where the request includes a handshake message, the handshake message includes a type extension of a client certificate and a type extension of a server certificate, the client certificate includes a V2X short certificate, and the server certificate includes at least one of the V2X short certificate and an x.509 certificate;
a receiving module 502, configured to receive a response message sent by the server based on the request, where the response message includes at least one of a V2X short certificate and an x.509 certificate, signature information, and first certificate application information, and the signature information is obtained by the server signing a handshake message with a private key corresponding to the server certificate;
the verification module 503 is configured to verify the signature information by using a public key corresponding to the server certificate based on the response message;
the sending module 501 is further configured to send the V2X short certificate to the server based on the first certificate application information in the response message when the verification passes, so as to complete the communication connection of the TLS when the verification of the V2X short certificate by the server passes.
In one embodiment, the response message may include a temporary public key generated by the server; the secure transport layer protocol based communication apparatus 500 may further include a generating module;
and the generation module is used for generating a shared key based on the temporary public key, and the shared key is used for encrypting the message transmitted to the server.
In an embodiment, the sending module 501 is further configured to send second certificate application information to a preset authority before sending a connection request of a security transport layer TLS protocol to a server, where the second certificate application information includes a certificate type and a verification request, and the verification request includes a public key, so that the authority verifies the second certificate application information based on the public key;
the receiving module 502 is further configured to receive an x.509 certificate corresponding to the certificate type sent by the authority under the condition that the authentication is passed.
In an embodiment, the sending module 501 is further configured to send an application certificate application request to a preset V2X security certificate management system before sending a connection request of a security transport layer TLS protocol to a server, where the application certificate application request includes an identity certificate private key signature, and is used for the V2X security certificate management system to verify the application certificate application request based on an identity certificate public key, and generate application certificate application response information after the verification passes;
the sending module 501 is further configured to send an application certificate download application to the V2X security certificate management system based on an application certificate application response message sent by the V2X security certificate management system;
the receiving module 502 is further configured to receive an application certificate download application response message sent by the V2X security certificate management system, where the application certificate download application response message includes an application certificate that the V2X security certificate management system applies for downloading based on application certificate download.
Fig. 6 is a schematic diagram illustrating a structure of a communication device 600 based on a secure transport layer protocol according to an exemplary embodiment, where the communication device 500 based on the secure transport layer protocol is applied to a server.
As shown in fig. 6, the communication apparatus 600 based on the secure transport layer protocol may include:
a receiving module 601, configured to receive a connection request of a security transport layer TLS protocol sent by a client, where the request includes a handshake message, the handshake message includes a type extension of a client certificate and a type extension of a server certificate, the client certificate includes a V2X short certificate, and the server certificate includes at least one of the V2X short certificate and an x.509 certificate;
a sending module 602, configured to send a response message to the client based on the request, where the response message includes at least one of a V2X short certificate and an x.509 certificate, signature information, and first certificate application information, and the signature information is obtained by the server signing a handshake message with a private key corresponding to the server certificate, so that the client verifies the signature information based on the response message by using a public key corresponding to the server certificate, and sends the V2X short certificate to the server based on the first certificate application information in the response message when the verification passes;
the verifying module 603 is further configured to verify the V2X short certificate sent by the client, and complete the communication connection of the TLS when the verification passes.
In one embodiment, the handshake message may include information of the pre-shared key; the secure transport layer protocol based communication apparatus 600 may further include a generating module;
and the generation module is used for generating a shared key according to the pre-shared key and the temporary public key, wherein the shared key is used for encrypting the message transmitted to the client.
Therefore, a connection request of a security transport layer TLS protocol is sent to a server through a client, wherein a handshake message in the request comprises a type extension of a client certificate and a type extension of a server certificate, the client certificate comprises a V2X short certificate, and the server certificate comprises at least one of the V2X short certificate and an X.509 certificate, so that the client performs identity authentication through the V2X short certificate, and the server can select the certificate type of the V2X short certificate or the X.509 certificate to perform identity authentication. Then, the client receives a response message sent by the server based on the request, wherein the response message comprises at least one of a V2X short certificate and an x.509 certificate, information that the server signs the handshake message by using a private key corresponding to the server certificate, and first certificate application information. And the client side verifies the signature information by using the public key corresponding to the server side certificate, and sends the V2X short certificate to the server side based on the first certificate application information under the condition that the verification is passed, so that the communication connection of the TLS is completed under the condition that the verification of the V2X short certificate by the server side is passed. Therefore, the client can directly carry out TLS connection by using the V2X short certificate, bidirectional TLS identity authentication of the server and the client can be realized through the V2X short certificate, an X.509 security certificate management system does not need to be established, the cost is reduced, and due to the certificate characteristics of the V2X short certificate, faster connection can be realized in TLS connection, and the requirement of a high-timeliness scene can be met.
Fig. 7 shows a hardware schematic diagram of an electronic device provided in an embodiment of the present application.
The electronic device may include a processor 701 and a memory 702 that stores computer program instructions.
Specifically, the processor 701 may include a Central Processing Unit (CPU), or an Application Specific Integrated Circuit (ASIC), or may be configured to implement one or more Integrated circuits of the embodiments of the present Application.
Memory 702 may include a mass storage for data or instructions. By way of example, and not limitation, memory 702 may include a Hard Disk Drive (HDD), a floppy Disk Drive, flash memory, an optical Disk, a magneto-optical Disk, tape, or a Universal Serial Bus (USB) Drive or a combination of two or more of these. Memory 702 may include removable or non-removable (or fixed) media, where appropriate. The memory 702 may be internal or external to the integrated gateway disaster recovery device, where appropriate. In a particular embodiment, the memory 702 is non-volatile solid-state memory.
The memory may include Read Only Memory (ROM), random Access Memory (RAM), magnetic disk storage media devices, optical storage media devices, flash memory devices, electrical, optical, or other physical/tangible memory storage devices. Thus, in general, the memory includes one or more tangible (non-transitory) computer-readable storage media (e.g., memory devices) encoded with software comprising computer-executable instructions and when the software is executed (e.g., by one or more processors), it is operable to perform operations described with reference to the methods according to an aspect of the present disclosure.
The processor 701 may implement any one of the above-described embodiments of the secure transport layer protocol-based communication method by reading and executing the computer program instructions stored in the memory 702.
In one example, the electronic device may also include a communication interface 703 and a bus 710. As shown in fig. 7, the processor 701, the memory 702, and the communication interface 703 are connected by a bus 710 to complete mutual communication.
The communication interface 703 is mainly used for implementing communication between modules, apparatuses, units and/or devices in this embodiment of the application.
Bus 710 comprises hardware, software, or both to couple the components of a secure transport layer protocol based communication device to each other. By way of example, and not limitation, a bus may include an Accelerated Graphics Port (AGP) or other graphics bus, an Enhanced Industrial Standard Architecture (EISA) bus, a Front Side Bus (FSB), a Hyper Transport (HT) interconnect, an Industrial Standard Architecture (ISA) bus, an infiniband interconnect, a Low Pin Count (LPC) bus, a memory bus, a Micro Channel Architecture (MCA) bus, a Peripheral Component Interconnect (PCI) bus, a PCI-Express (PCI-X) bus, a Serial Advanced Technology Attachment (SATA) bus, a video electronics standards association local (VLB) bus, or other suitable bus or a combination of two or more of these. Bus 710 may include one or more buses, where appropriate. Although specific buses are described and shown in the embodiments of the application, any suitable buses or interconnects are contemplated by the application.
The electronic device may execute the communication method based on the secure transport layer protocol in this embodiment based on sending a connection request of the secure transport layer TLS protocol to the server, where the request includes a handshake message, and the handshake message includes a type extension of the client certificate and a type extension of the server certificate, so as to implement the communication method based on the secure transport layer protocol described in conjunction with fig. 1.
In addition, in combination with the communication method based on the secure transport layer protocol in the foregoing embodiments, the embodiments of the present application may provide a computer storage medium to implement the method. The computer storage medium having computer program instructions stored thereon; the computer program instructions, when executed by a processor, implement any of the secure transport layer protocol based communication methods of the above embodiments.
It is to be understood that the present application is not limited to the particular arrangements and instrumentality described above and shown in the attached drawings. A detailed description of known methods is omitted herein for the sake of brevity. In the above embodiments, several specific steps are described and shown as examples. However, the method processes of the present application are not limited to the specific steps described and illustrated, and those skilled in the art can make various changes, modifications, and additions or change the order between the steps after comprehending the spirit of the present application.
The functional blocks shown in the above-described structural block diagrams may be implemented as hardware, software, firmware, or a combination thereof. When implemented in hardware, it may be, for example, an electronic circuit, an Application Specific Integrated Circuit (ASIC), suitable firmware, plug-in, function card, or the like. When implemented in software, the elements of the present application are the programs or code segments used to perform the required tasks. The program or code segments may be stored in a machine-readable medium or transmitted by a data signal carried in a carrier wave over a transmission medium or a communication link. A "machine-readable medium" may include any medium that can store or transfer information. Examples of a machine-readable medium include electronic circuits, semiconductor memory devices, ROM, flash memory, erasable ROM (EROM), floppy disks, CD-ROMs, optical disks, hard disks, fiber optic media, radio Frequency (RF) links, and so forth. The code segments may be downloaded via computer networks such as the internet, intranet, etc.
It should also be noted that the exemplary embodiments mentioned in this application describe some methods or systems based on a series of steps or devices. However, the present application is not limited to the order of the above-described steps, that is, the steps may be performed in the order mentioned in the embodiments, may be performed in an order different from the order in the embodiments, or may be performed simultaneously.
Aspects of the present disclosure are described above with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the disclosure. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, enable the implementation of the functions/acts specified in the flowchart and/or block diagram block or blocks. Such a processor may be, but is not limited to, a general purpose processor, a special purpose processor, an application specific processor, or a field programmable logic circuit. It will also be understood that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware for performing the specified functions or acts, or combinations of special purpose hardware and computer instructions.
As described above, only the specific embodiments of the present application are provided, and it can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the system, the module and the unit described above may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again. It should be understood that the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive various equivalent modifications or substitutions within the technical scope of the present application, and these modifications or substitutions should be covered within the scope of the present application.

Claims (10)

1. A communication method based on a secure transport layer protocol is applied to a client and comprises the following steps:
sending a connection request of a security Transport Layer (TLS) protocol to a server, wherein the request comprises a handshake message, the handshake message comprises a type extension of a client certificate and a type extension of a server certificate, the client certificate comprises a V2X short certificate, and the server certificate comprises at least one of the V2X short certificate and an X.509 certificate;
receiving a response message sent by the server based on the request, wherein the response message comprises at least one of a V2X short certificate and an X.509 certificate, signature information and first certificate application information, and the signature information is obtained by the server signing the handshake message by using a private key corresponding to the server certificate;
verifying the signature information by using a public key corresponding to the server certificate based on the response message;
and sending a V2X short certificate to the server based on the first certificate application information in the response message under the condition that the verification is passed, so as to complete the communication connection of the TLS under the condition that the verification of the V2X short certificate by the server is passed.
2. The method according to claim 1, wherein the response message includes a temporary public key generated by the server; the method further comprises the following steps:
and generating a shared secret key based on the temporary public key, wherein the shared secret key is used for encrypting the message transmitted to the server.
3. The method of claim 1, wherein prior to said sending a connection request of a secure transport layer, TLS, protocol to a server, the method further comprises:
sending second certificate application information to a preset authorization mechanism, wherein the second certificate application information comprises a certificate type and a verification request, and the verification request comprises a public key, so that the authorization mechanism verifies the second certificate application information based on the public key;
and receiving the X.509 certificate corresponding to the certificate type sent by the authorization mechanism under the condition of passing the verification.
4. The method of claim 1, wherein prior to said sending a connection request of a secure transport layer, TLS, protocol to a server, the method further comprises:
sending an application certificate application request to a preset V2X security certificate management system, wherein the application certificate application request comprises an identity certificate private key signature, so that the application certificate application request is verified by the V2X security certificate management system based on the identity certificate public key, and an application certificate application response message is generated after verification is passed;
sending an application certificate download application to the V2X security certificate management system based on the application certificate application response message sent by the V2X security certificate management system;
and receiving an application certificate download application response message sent by the V2X security certificate management system, wherein the application certificate download application response message comprises an application certificate which is downloaded by the V2X security certificate management system based on the application certificate download application.
5. A communication method based on a secure transport layer protocol is applied to a server and comprises the following steps:
receiving a connection request of a security Transport Layer (TLS) protocol sent by a client, wherein the request comprises a handshake message, the handshake message comprises a type extension of a client certificate and a type extension of a server certificate, the client certificate comprises a V2X short certificate, and the server certificate comprises at least one of the V2X short certificate and an X.509 certificate;
sending a response message to the client based on the request, wherein the response message comprises at least one of a V2X short certificate and an X.509 certificate, signature information and first certificate application information, the signature information is obtained by the server by signing the handshake message by using a private key corresponding to the server certificate, so that the client verifies the signature information by using a public key corresponding to the server certificate based on the response message, and sends the V2X short certificate to the server based on the first certificate application information in the response message when the verification is passed;
and verifying the V2X short certificate sent by the client, and completing the communication connection of the TLS under the condition that the verification is passed.
6. The method of claim 1, wherein the handshake message includes information of a pre-shared key; the method further comprises the following steps:
and generating a shared key according to the pre-shared key and the temporary public key, wherein the shared key is used for encrypting the message transmitted to the client.
7. A communication apparatus based on a secure transport layer protocol, wherein the apparatus is applied to a client, and comprises:
a sending module, configured to send a connection request of a security transport layer TLS protocol to a server, where the request includes a handshake message, the handshake message includes a type extension of a client certificate and a type extension of a server certificate, the client certificate includes a V2X short certificate, and the server certificate includes at least one of the V2X short certificate and an x.509 certificate;
a receiving module, configured to receive a response message sent by the server based on the request, where the response message includes at least one of a V2X short certificate and an x.509 certificate, signature information, and first certificate application information, and the signature information is obtained by the server signing the handshake message with a private key corresponding to the server certificate;
the verification module is used for verifying the signature information by utilizing a public key corresponding to the server certificate based on the response message;
the sending module is further configured to send, based on the first certificate application information in the response message, a V2X short certificate to the server when the verification passes, so that the TLS communication connection is completed when the verification of the V2X short certificate by the server passes.
8. A communication device based on a secure transport layer protocol, wherein the device is applied to a server and comprises:
a receiving module, configured to receive a connection request of a security transport layer TLS protocol sent by a client, where the request includes a handshake message, the handshake message includes a type extension of a client certificate and a type extension of a server certificate, the client certificate includes a V2X short certificate, and the server certificate includes at least one of the V2X short certificate and an x.509 certificate;
a sending module, configured to send a response message to the client based on the request, where the response message includes at least one of a V2X short certificate and an x.509 certificate, signature information, and first certificate application information, where the signature information is obtained by the server signing the handshake message with a private key corresponding to the server certificate, so that the client verifies the signature information with the public key corresponding to the server certificate based on the response message, and sends the V2X short certificate to the server based on the first certificate application information in the response message when the verification passes;
and the sending module is used for verifying the V2X short certificate sent by the client and completing the communication connection of the TLS under the condition that the verification is passed.
9. An electronic device, characterized in that the device comprises: a processor, and a memory storing computer program instructions; the processor reads and executes the computer program instructions to implement the secure transport layer protocol based communication method of any of claims 1-6.
10. A computer storage medium having computer program instructions stored thereon, which when executed by a processor implement the secure transport layer protocol based communication method of any one of claims 1 to 6.
CN202211047539.3A 2022-08-29 2022-08-29 Communication method, device, equipment and storage medium based on secure transport layer protocol Pending CN115499837A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211047539.3A CN115499837A (en) 2022-08-29 2022-08-29 Communication method, device, equipment and storage medium based on secure transport layer protocol

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211047539.3A CN115499837A (en) 2022-08-29 2022-08-29 Communication method, device, equipment and storage medium based on secure transport layer protocol

Publications (1)

Publication Number Publication Date
CN115499837A true CN115499837A (en) 2022-12-20

Family

ID=84466607

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211047539.3A Pending CN115499837A (en) 2022-08-29 2022-08-29 Communication method, device, equipment and storage medium based on secure transport layer protocol

Country Status (1)

Country Link
CN (1) CN115499837A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117082519A (en) * 2023-10-16 2023-11-17 中汽智联技术有限公司 Multi-system compatible Internet of vehicles network communication method, equipment and storage medium

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117082519A (en) * 2023-10-16 2023-11-17 中汽智联技术有限公司 Multi-system compatible Internet of vehicles network communication method, equipment and storage medium
CN117082519B (en) * 2023-10-16 2024-01-02 中汽智联技术有限公司 Multi-system compatible Internet of vehicles network communication method, equipment and storage medium

Similar Documents

Publication Publication Date Title
CN110380852B (en) Bidirectional authentication method and communication system
US8307202B2 (en) Methods and systems for using PKCS registration on mobile environment
CN111376865B (en) Vehicle digital key activation method, system and storage medium
CN110324335B (en) Automobile software upgrading method and system based on electronic mobile certificate
CN111935672B (en) Information reading method, device, system and storage medium
CN112564912B (en) Method, system and device for establishing secure connection and electronic equipment
CN110650478B (en) OTA method, system, device, SE module, program server and medium
CN102801616A (en) Message sending and receiving method, device and system
CN111541716A (en) Data transmission method and related device
CN115567197A (en) Digital certificate application method, device, equipment and computer storage medium
CN113569267A (en) Privacy safety data set intersection method, device, equipment and storage medium
CN112084234A (en) Data acquisition method, apparatus, device and medium
CN115065466B (en) Key negotiation method, device, electronic equipment and computer readable storage medium
CN110505619B (en) Data transmission method in eSIM remote configuration
CN115499837A (en) Communication method, device, equipment and storage medium based on secure transport layer protocol
CN113872765B (en) Identity credential application method, identity authentication method, equipment and device
CN115868189A (en) Method, vehicle, terminal and system for establishing vehicle safety communication
CN108259176B (en) Digital signature method, system and terminal based on mobile phone card
KR20190078154A (en) Apparatus and method for performing intergrated authentification for vehicles
CN114095919A (en) Certificate authorization processing method based on Internet of vehicles and related equipment
CN113660271B (en) Security authentication method and device for Internet of vehicles
CN111428279B (en) Explicit certificate generation method, device, equipment and storage medium
CN111093169B (en) Communication establishing method and device
CN111225358B (en) Identity recognition method and device, electronic equipment and storage medium
CN114386075A (en) Data transmission channel establishing method, data transmission device, data transmission equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination