CN115802347A - Method and device for authenticating identity of terminal in Internet of vehicles, electronic equipment and storage medium - Google Patents

Method and device for authenticating identity of terminal in Internet of vehicles, electronic equipment and storage medium Download PDF

Info

Publication number
CN115802347A
CN115802347A CN202211557864.4A CN202211557864A CN115802347A CN 115802347 A CN115802347 A CN 115802347A CN 202211557864 A CN202211557864 A CN 202211557864A CN 115802347 A CN115802347 A CN 115802347A
Authority
CN
China
Prior art keywords
internet
identity
terminal
vehicles
equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202211557864.4A
Other languages
Chinese (zh)
Other versions
CN115802347B (en
Inventor
王蕴实
张曼君
徐雷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CN202211557864.4A priority Critical patent/CN115802347B/en
Publication of CN115802347A publication Critical patent/CN115802347A/en
Application granted granted Critical
Publication of CN115802347B publication Critical patent/CN115802347B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

The invention provides a method and a device for authenticating the identity of a terminal in the Internet of vehicles, electronic equipment and a computer readable storage medium, and belongs to the technical field of communication. The method comprises the following steps: authenticating the network identity validity of the Internet of vehicles terminal according to an identity authentication request of the Internet of vehicles terminal, wherein the identity authentication request comprises an Internet of vehicles terminal identifier, and the identifier is a combination of an encrypted character string of a mobile communication user identifier and an encrypted character string of an equipment identifier; responding to the legality of the network identity of the Internet of vehicles terminal, and sending the encrypted character string of the equipment identifier in the identifier to a trusted center so that the trusted center authenticates the legality of the equipment identity of the Internet of vehicles terminal; and determining that the identity of the Internet of vehicles terminal is legal in response to the fact that the network identity is legal and the equipment identity is legal. The method and the device at least solve the problems of overload of vehicle networking terminal computing capacity, low reliability and safety of vehicle networking services, complex authentication process and high authentication delay in cross-domain authentication in the related technology, and are suitable for vehicle networking communication and automatic driving scenes.

Description

Method and device for authenticating identity of terminal in Internet of vehicles, electronic equipment and storage medium
Technical Field
The invention relates to the technical field of communication, in particular to a method and a device for authenticating the identity of a terminal in the Internet of vehicles, electronic equipment and a computer readable storage medium.
Background
According to different communication modes, a C-V2X (Cellular-Vehicle to evolution) system comprises two scenes of Cellular communication and direct connection communication. The V2X communication in the internet of vehicles relates to entities such as OBUs (On Board units), pedestrians, RSUs (Road Side units) and cloud service platforms, and these entities communicate with vehicles through Uu interfaces or PC5/V5 direct communication interfaces. Basic information such as the position, the speed, the course, road conditions and the like of the vehicle can be dynamically interacted between the vehicles, the roadside facilities and the pedestrians through a direct communication mode. And information can be interacted with other vehicle networking terminals or network side service platforms through the Uu interface uplink/downlink, so that long-distance and large-range reliable communication is realized.
In order to ensure the safety of the internet of vehicles, the safety of the vehicle identity is particularly important. Communication between the vehicle networking V2X communication entities needs to be realized through stronger identity authentication, and information safety under communication scenes of vehicles, vehicles and roadside facilities, vehicles and pedestrians and the like is guaranteed.
At present, the car networking V2X is mainly based on a PKI (Public Key Infrastructure) security authentication mode, a PKI system provides certificate service for car networking terminals, and all car networking V2X communication entities are required to maintain a certificate list. The PKI-based authentication method of direct communication has many problems, a sending vehicle end sends the Internet of vehicles information in a broadcasting mode, a receiving vehicle end directly processes authentication on the identity of the sending vehicle end, and the receiving vehicle end needs to process mass vehicle identity verification information around, so that the Internet of vehicles terminal has high calculation pressure. A hacker can copy and send massive vehicle identity verification information, DDos (Distributed Denial of Service) is carried out on a vehicle at a receiving end, and the vehicle networking terminal at the receiving end cannot process massive vehicle identity verification information due to overload of computing capacity, so that normal operation of vehicle networking services is influenced, and even road traffic safety of surrounding vehicles and pedestrians is damaged; if the vehicle communication information is acquired and utilized by hackers, vehicles can be illegally tracked, personal safety of terminals in the vehicles is threatened, and even social stability is damaged in severe cases. Meanwhile, the terminal of the internet of vehicles needs to be in secure communication with the CA periodically to update the certificate list, and the certificate is also replaced by a hacker during air interface transmission. In addition, for a scenario in which a plurality of independent PKI systems provide certificate services for the car networking terminal, if the service range of each PKI is called an authentication domain, the car networking terminal also needs to perform cross-domain authentication, which also increases the complexity of the authentication process and increases the authentication delay. Therefore, the existing PKI security authentication mode causes the overload of the computing capacity of the vehicle networking terminal and the low reliability and security of the vehicle networking service, and has the problems of complex authentication process and higher authentication delay in cross-domain authentication.
Disclosure of Invention
The present invention provides a method, an apparatus, an electronic device and a computer-readable storage medium for authenticating an identity of a terminal in an internet of vehicles, which are used to solve the above-mentioned technical problems in the prior art, such as overload of computing capability of the terminal in the internet of vehicles, low reliability and safety of business in the internet of vehicles, complex authentication process and high authentication delay in cross-domain authentication.
In a first aspect, the present invention provides a method for authenticating an identity of a terminal in a car networking, which is applied to a core network device, and the method includes: the network identity validity of the Internet of vehicles terminal is authenticated according to an identity authentication request of the Internet of vehicles terminal, wherein the identity authentication request comprises an Internet of vehicles terminal identification, and the Internet of vehicles terminal identification is a combination of an encrypted character string of a mobile communication user identification and an encrypted character string of an equipment identification; responding to the fact that the network identity of the Internet of vehicles terminal is legal, and sending the encrypted character string of the equipment identity in the Internet of vehicles terminal identity to a trusted center so that the trusted center can authenticate the equipment identity validity of the Internet of vehicles terminal; and determining that the identity of the Internet of vehicles terminal is legal in response to the fact that the network identity of the Internet of vehicles terminal is legal and the equipment identity is legal.
Preferably, the car networking terminal comprises an on-board unit and a road side unit. Before the network identity validity of the internet of vehicles terminal is authenticated according to the identity authentication request of the internet of vehicles terminal, the method further comprises the following steps: and receiving an identity authentication request sent by the Internet of vehicles terminal.
Preferably, the authenticating the network identity validity of the car networking terminal according to the identity authentication request of the car networking terminal specifically includes: extracting an encrypted character string of a mobile communication user identifier from the Internet of vehicles terminal identifier; decrypting the encrypted character string of the mobile communication user identification by using a preset first encryption key to obtain the mobile communication user identification; and authenticating the network identity validity of the Internet of vehicles terminal according to the mobile communication user identification.
Preferably, after the encrypted character string of the device identifier in the car networking terminal identifier is sent to a trusted center, and before the car networking terminal identifier is determined to be legal in response to the fact that the network identity of the car networking terminal is legal and the device identity is legal, the method further includes: and receiving an authentication result of the equipment identity legality of the Internet of vehicles terminal fed back by the trusted center.
Preferably, before receiving an identity authentication request sent by the vehicle networking terminal when accessing a communication network, the method further comprises: respectively setting a first encryption key pair in a communication SIM card and a core network of the Internet of vehicles terminal; and respectively setting a second encryption key pair in a communication SIM card and a trusted center of the vehicle networking terminal, wherein the second encryption key pair is an asymmetric key.
Preferably, after determining that the identity of the terminal in the internet of vehicles is legal, the method for authenticating the identity of the terminal in the internet of vehicles further comprises: receiving and analyzing a service request of the Internet of vehicles terminal; positioning a target Internet of vehicles terminal group which needs to be communicated by the Internet of vehicles terminal according to the service request and the position of the Internet of vehicles terminal; determining whether the identity of each Internet of vehicles terminal in the target Internet of vehicles terminal group is legal or not; screening out the vehicle networking terminals with legal identities from the target vehicle networking terminal group to obtain a target communication vehicle networking terminal group; and sending the service request of the Internet of vehicles terminal to a target communication Internet of vehicles terminal group so as to enable the Internet of vehicles terminal and the target communication Internet of vehicles terminal group to carry out service communication.
In a second aspect, the present invention further provides a method for authenticating an identity of a terminal in a vehicle networking system, which is applied to a trusted center, and the method includes: receiving an encrypted character string of an equipment identifier in an internet of vehicles terminal identifier sent by core network equipment, wherein the internet of vehicles terminal identifier is a combination of the encrypted character string of a mobile communication user identifier and the encrypted character string of the equipment identifier, the core network equipment is used for authenticating the network identity legality of the internet of vehicles terminal according to an identity authentication request of the internet of vehicles terminal, the authentication result is that the network identity of the internet of vehicles terminal is legal, and the identity authentication request comprises the internet of vehicles terminal identifier; authenticating the equipment identity validity of the Internet of vehicles terminal according to the encrypted character string of the equipment identifier; and feeding back an authentication result of the equipment identity legality of the Internet of vehicles terminal to the core network equipment, so that the core network equipment responds to the network identity legality and the equipment identity legality of the Internet of vehicles terminal, and the identity of the Internet of vehicles terminal is determined to be legal.
Preferably, the authenticating the device identity legitimacy of the car networking terminal according to the encrypted character string of the device identifier specifically includes: decrypting the encrypted character string of the equipment identifier in the Internet of vehicles terminal identifier by using a preset second encryption key to obtain the equipment identifier; and authenticating the equipment identity validity of the Internet of vehicles terminal according to the equipment identifier.
In a third aspect, the present invention further provides an authentication apparatus for identity of a terminal in internet of vehicles, including: the first authentication module is used for authenticating the network identity validity of the Internet of vehicles terminal according to an identity authentication request of the Internet of vehicles terminal, wherein the identity authentication request comprises an Internet of vehicles terminal identification, and the Internet of vehicles terminal identification is a combination of an encryption character string of a mobile communication user identification and an encryption character string of an equipment identification. And the first sending module is connected with the first authentication module and used for responding to the legality of the network identity of the Internet of vehicles terminal and sending the encrypted character string of the equipment identity in the Internet of vehicles terminal identity to a trusted center so as to enable the trusted center to authenticate the legality of the equipment identity of the Internet of vehicles terminal. And the determining module is connected with the first authentication module and used for responding to the legality of the network identity and the legality of the equipment identity of the Internet of vehicles terminal and determining the legality of the Internet of vehicles terminal.
Preferably, the first authentication module comprises: and the extraction unit is used for extracting the encrypted character string of the mobile communication user identification from the Internet of vehicles terminal identification. And the first decryption unit is connected with the extraction unit and used for decrypting the encrypted character string of the mobile communication user identifier by using a preset first encryption key to obtain the mobile communication user identifier. And the first authentication unit is connected with the first decryption unit and used for authenticating the network identity validity of the Internet of vehicles terminal according to the mobile communication user identification.
In a fourth aspect, the present invention further provides an authentication apparatus for identity of a terminal in internet of vehicles, including: the first receiving module is used for receiving an encrypted character string of an equipment identifier in a car networking terminal identifier sent by core network equipment, wherein the car networking terminal identifier is a combination of the encrypted character string of a mobile communication user identifier and the encrypted character string of the equipment identifier, the core network equipment is used for authenticating the network identity legality of the car networking terminal according to an identity authentication request of the car networking terminal, the authentication result is that the network identity of the car networking terminal is legal, and the identity authentication request comprises the car networking terminal identifier. And the second authentication module is connected with the first receiving module and used for authenticating the equipment identity validity of the Internet of vehicles terminal according to the encrypted character string of the equipment identifier. And the feedback module is connected with the second authentication module and used for feeding back an authentication result of the legitimacy of the equipment identity of the Internet of vehicles terminal to the core network equipment so that the core network equipment responds to the legality of the network identity and the legality of the equipment identity of the Internet of vehicles terminal and determines the legality of the identity of the Internet of vehicles terminal.
In a fifth aspect, the present invention further provides an electronic device, which includes a memory and a processor, where the memory stores a computer program, and the processor is configured to execute the computer program to implement the method for authenticating an identity of a terminal in a vehicle networking system according to the first aspect or the method for authenticating an identity of a terminal in a vehicle networking system according to the second aspect.
In a sixth aspect, the present invention further provides a computer-readable storage medium, on which a computer program is stored, which, when executed by a processor, implements the method for authenticating an identity of a terminal in a vehicle networking according to the first aspect or the method for authenticating an identity of a terminal in a vehicle networking according to the second aspect.
The identity authentication method, the device, the electronic equipment and the computer readable storage medium of the vehicle networking terminal provided by the invention have the advantages that a new identity of the vehicle networking terminal is constructed by integrating the characteristics of the network identity and the hardware identity of the vehicle networking terminal, the core network equipment and the trusted center respectively carry out the joint authentication of the network identity and the equipment identity based on the identity of the vehicle networking terminal, the reliable and safe identity authentication of the vehicle networking terminal is realized, the vehicle networking terminal does not need to carry out mass authentication and update and maintain a certificate list by itself, the reliability and the safety of the vehicle networking service are improved, the joint authentication of the vehicle networking terminal across security domains (such as a communication network and the trusted center) is realized, and the time delay of the cross-domain authentication is effectively reduced.
Drawings
Fig. 1 is a schematic view of an application scenario in embodiment 1 of the present invention;
fig. 2 is a schematic flowchart of an authentication method for an identity of a terminal in the internet of vehicles according to embodiment 1 of the present invention;
fig. 3 is a schematic flowchart of an authentication method for an identity of a terminal in the internet of vehicles according to embodiment 2 of the present invention;
fig. 4 is a schematic structural diagram of an authentication apparatus for identity of a terminal in the internet of vehicles according to embodiment 3 of the present invention;
fig. 5 is a schematic structural diagram of an authentication apparatus for identity of a terminal in the internet of vehicles according to embodiment 4 of the present invention;
fig. 6 is a schematic structural diagram of an electronic device according to embodiment 5 of the present invention.
Detailed Description
In order to make those skilled in the art better understand the technical solution of the present invention, the following detailed description will be made with reference to the accompanying drawings.
It is to be understood that the specific embodiments and figures described herein are merely illustrative of the invention and are not limiting of the invention.
It is to be understood that the embodiments and features of the embodiments can be combined with each other without conflict.
It is to be understood that, for the convenience of description, only parts related to the present invention are shown in the drawings of the present invention, and parts not related to the present invention are not shown in the drawings.
It should be understood that each unit and module related in the embodiments of the present invention may correspond to only one physical structure, may also be composed of multiple physical structures, or multiple units and modules may also be integrated into one physical structure.
It will be understood that, without conflict, the functions, steps, etc. noted in the flowchart and block diagrams of the present invention may occur in an order different from that noted in the figures.
It is to be understood that the flowchart and block diagrams of the present invention illustrate the architecture, functionality, and operation of possible implementations of systems, apparatus, devices and methods according to various embodiments of the present invention. Each block in the flowchart or block diagrams may represent a unit, module, segment, code, which comprises executable instructions for implementing the specified function(s). Furthermore, each block or combination of blocks in the block diagrams and flowchart illustrations can be implemented by a hardware-based system that performs the specified functions or by a combination of hardware and computer instructions.
It is to be understood that the units and modules involved in the embodiments of the present invention may be implemented by software, and may also be implemented by hardware, for example, the units and modules may be located in a processor.
Example 1:
the embodiment provides an authentication method for the identity of a terminal in the internet of vehicles, and as shown in fig. 1, an application scenario relates to communication entities such as terminals in the internet of vehicles (such as a vehicle-mounted unit and a road side unit), a base station, core network equipment, and a trusted center (TA). Each C-V2X vehicle-mounted unit is provided with a Uu interface and a PC5/V5 direct connection communication interface, the vehicle-mounted unit is communicated with the base station through the Uu interface, and is communicated with other vehicles or RSUs directly through the PC5/V5 interface.
As shown in fig. 2, this embodiment provides an authentication method for an identity of a terminal in a car networking, which is applied to a core network device, and the method includes:
step 101, authenticating the network identity validity of the Internet of vehicles terminal according to an identity authentication request of the Internet of vehicles terminal, wherein the identity authentication request comprises an Internet of vehicles terminal identification which is a combination of an encryption character string of a mobile communication user identification and an encryption character string of an equipment identification.
In this embodiment, the core network device performs validity authentication on the network identity of the car networking terminal according to the identity authentication request of the car networking terminal. Because the unique credible identification is needed for authenticating the vehicle networking terminal, the vehicle networking terminal identification is redefined, and the two attributes of the hardware identification (credible for vehicle networking business operation enterprises) and the communication network identification (credible for communication network operators) of the vehicle networking terminal are combined to serve as the unique identity identification of the vehicle networking terminal, so that the reliability and the safety of authentication can be improved, and the risk of embezzlement of the identity of the vehicle networking terminal after the hardware identification or the communication network identification is stolen is avoided. The vehicle networking terminal comprises a vehicle-mounted unit, a road side unit, a terminal held by a pedestrian and the like, and the communication network comprises a mobile communication network, a local area network, a satellite communication network and the like.
In this embodiment, the identifiers of the on-board unit and the roadside unit are defined, and the communication network is a mobile communication network. Defining an identification OBU of an onboard unit ID For mobile communication user identification and vehicle carried identification V ID The encryption combination of (1). The mobile communication user identification is a mobile communication network terminal identification and has global uniqueness. Vehicle-mounted identification V ID The vehicle legality authentication system is defined by units needing to authenticate vehicle legality, such as a vehicle manufacturer, a vehicle operation company, an internet of vehicles service company and the like. For example, the mobile communication subscriber identity of the vehicle-mounted unit is N 1 Bit string, vehicle-mounted identification V ID Is N 2 Bit string, identification of vehicle-mounted unit OBU ID Is N 1 +N 2 Bit string, first N 1 Position as mobile communication user markEncrypted combination of identities F 1 (Mobile communication subscriber identity) OBU ) Wherein the first encryption key pair is respectively set (or stored) in a communication SIM card and a core network of the on-board unit. Rear N 2 Is a vehicle-mounted mark V ID Is encrypted and combined F 2 (V ID ) Wherein the second encryption key pair respectively sets (or stores) the communication SIM card and the trust center TA of the vehicle-mounted unit 1 . Therefore, two types of keys are stored in the communication SIM card of the on-board unit: first encryption key K for communication network identity 1 ' (corresponding decryption key K) 1 Presence of core network), a second encryption key K for encrypting the device identity 2 ' (corresponding decryption key K) 2 Existence trust center TA 1 )。
The RSUs are uniformly arranged on the roadside, wirelessly communicate with vehicles in a coverage range through a PC5 port, and are connected with the base station through a Uu port. The coverage area of the base station is larger than the RSU, and a plurality of RSUs can be arranged in the coverage area of the base station. Identification RSU defining RSU ID For mobile communication user identification and RSU equipment identification RSU VID The encryption combination of (1). Equipment identification RSU of road side unit RSU VID Defined by RSU operating company, and trusted center TA of RSU operating company 2 And (6) authentication. If the mobile communication user identification of the road side unit is N 1 Bit string, device identification RSU VID Is N 2 Bit string, authentication identification RSU of RSU ID Is N 1 +N 2 Bit string, first N 1 Encryption combination F with mobile communication user identification 1 (Mobile communication subscriber identity) RSU ) And the encryption key pair is stored in the communication SIM card of the road side unit and the core network. Rear N 2 Bit is N 2 Bit RSU device identification RSU VID Is encrypted and combined F 2 (RSU VID ) Wherein the encryption key pair is respectively stored in the communication SIM card and the credible center TA of the road side unit 2 . Therefore, two types of keys are stored in the communication SIM card of the rsu: first encryption key K for communication network identity 1 ' (corresponding decryption key K) 1 Presence of core network), a second encryption key K for encrypting the device identity 2 ' (corresponding)Decrypting key K 2 Existence trust center TA 2 ). It should be noted that the combination of the encryption character string of the mobile communication user identifier and the encryption character string of the device identifier is not limited to the first N in the present embodiment 1 Bit + back N 2 The form of the character string can also be set as a character string cross combination or other combination modes according to the needs of users.
Optionally, before the network identity legitimacy of the vehicle networking terminal is authenticated according to the identity authentication request of the vehicle networking terminal, the method for authenticating the identity of the vehicle networking terminal further includes: and receiving an identity authentication request sent by the Internet of vehicles terminal.
In this embodiment, when accessing the mobile communication network, the car networking terminal (e.g., a vehicle-mounted unit) may send an identity authentication request to the core network device, or before the car networking terminal needs to perform service communication, the car networking terminal may send an identity authentication request to the core network device, or when the car networking terminal sends a service request to the core network device, the service request may carry the identity authentication request. The identity authentication request comprises an on-board unit identification (OBU) ID On board unit identification OBU ID For mobile communication user identification and vehicle carried identification V ID The encryption combination of (1).
Optionally, before receiving an identity authentication request sent by the vehicle networking terminal when accessing the communication network, the method for authenticating the identity of the vehicle networking terminal further includes: respectively setting a first encryption key pair in a communication SIM card and a core network of the Internet of vehicles terminal; and respectively setting a second encryption key pair in a communication SIM card and a trusted center of the vehicle networking terminal, wherein the second encryption key pair is an asymmetric key.
In this embodiment, the second encryption key holder is a communication operator and a trusted center, and the risk of leakage of the key of one of the two operators is prevented, so that the second encryption key pair is not proposed to use a symmetric key, and the use of an asymmetric key can improve security.
Optionally, step 101: according to the identity authentication request of the Internet of vehicles terminal, the network identity legality of the Internet of vehicles terminal is authenticated, and the method specifically comprises the following steps: extracting an encrypted character string of a mobile communication user identifier from the Internet of vehicles terminal identifier; decrypting the encrypted character string of the mobile communication user identification by using a preset first encryption key to obtain the mobile communication user identification; and authenticating the network identity validity of the Internet of vehicles terminal according to the mobile communication user identification.
In this embodiment, the core network device extracts the on board unit OBU ID Front N of 1 Bit string F 1 (mobile communication subscriber identity) using a stored first encryption key K 1 To F is aligned with 1 And (mobile communication user identification) is decrypted to obtain the mobile communication user identification, and the network identity legality of the vehicle-mounted unit is authenticated according to the mobile communication user identification. Or the core network equipment extracts the RSU VID Front N of 1 Bit string F 1 (Mobile communication subscriber identity) RSU ) Using the stored first encryption key K 1 To F 1 (Mobile communication subscriber identity) RSU ) And decrypting to obtain a mobile communication user identifier, and authenticating the network identity legality of the road side unit according to the mobile communication user identifier.
And 102, responding to the fact that the network identity of the Internet of vehicles terminal is legal, and sending the encrypted character string of the equipment identity in the Internet of vehicles terminal identity to a trusted center so that the trusted center can authenticate the equipment identity of the Internet of vehicles terminal to be legal.
In this embodiment, after the car networking terminal passes the network validity authentication of the core network, the core network authenticates the OBU ID Last N 2 Bit string F 2 (V ID ) Sending to trusted center TA 1 Or the core network will RSU VID After N 2 Bit string F 2 (RSU VID ) Sending to trusted center TA 2 . And for any security domain, the identification of the other security domain can be ensured not to be revealed in the authentication process, so that the identity privacy of the terminal user is effectively protected, and the security of the system is improved. The credible center authenticates the equipment identity validity of the Internet of vehicles terminal according to the encrypted character string of the equipment identifier, specificallyThe method comprises the following steps: the trusted center decrypts the encrypted character string of the equipment identifier in the Internet of vehicles terminal identifier by using a preset second encryption key to obtain the equipment identifier; and authenticating the equipment identity validity of the Internet of vehicles terminal according to the equipment identifier. For example, a trust center TA 1 /TA 2 Using a stored second encryption key K 2 To F 2 And decrypting to obtain a corresponding equipment identifier, and authenticating the equipment identity legality of the Internet of vehicles terminal according to the equipment identifier.
And 103, responding to the legality of the network identity and the legality of the equipment identity of the Internet of vehicles terminal, and determining the legality of the Internet of vehicles terminal identity.
In this embodiment, when the network identity of the car networking terminal is legal and the equipment identity thereof is legal, the core network equipment determines that the car networking terminal identity is legal. And when the authentication result of the network identity and/or the equipment identity of the vehicle networking terminal is illegal, the core network equipment determines that the identity of the vehicle networking terminal is illegal.
Optionally, after the encrypted character string of the device identifier in the terminal identifier of the internet of vehicles is sent to the trusted center, and before the network identity of the terminal of the internet of vehicles is legal and the device identity of the terminal of the internet of vehicles is legal in response to determining that the identity of the terminal of the internet of vehicles is legal, the method for authenticating the identity of the terminal of the internet of vehicles further includes: and receiving an authentication result of the equipment identity legality of the Internet of vehicles terminal fed back by the trusted center.
In this embodiment, the trusted center TA 1 /TA 2 After the equipment identity validity of the Internet of vehicles terminal is authenticated, the authentication result is fed back to the core network equipment, and the identity validity of the Internet of vehicles terminal is finally determined by the core network equipment.
Optionally, after determining that the identity of the terminal in the internet of vehicles is legal, the method for authenticating the identity of the terminal in the internet of vehicles further includes: receiving and analyzing a service request of the Internet of vehicles terminal; positioning a target Internet of vehicles terminal group which needs to communicate with the Internet of vehicles terminal according to the service request and the position of the Internet of vehicles terminal; determining whether the identity of each Internet of vehicles terminal in the target Internet of vehicles terminal group is legal or not; screening out the vehicle networking terminals with legal identities from the target vehicle networking terminal group to obtain a target communication vehicle networking terminal group; and sending the service request of the Internet of vehicles terminal to a target communication Internet of vehicles terminal group so as to enable the Internet of vehicles terminal and the target communication Internet of vehicles terminal group to carry out service communication.
In this embodiment, when the vehicle-mounted unit (or the road side unit) needs to perform the car networking service, the service request is sent to the core network device, and the service request includes a car networking service type. And the core network equipment analyzes the type of the Internet of vehicles service in the service request, and positions a target Internet of vehicles terminal group which needs to be communicated by the vehicle-mounted unit according to the position information and the service type of the vehicle-mounted unit. For example, the service type is an anti-collision early warning service, the on-board unit needs to communicate with other on-board units around the on-board unit by 300 meters, and the core network device locates other on-board units (or roadside units) within a circle with the position of the on-board unit as the center of the circle and the radius of the circle being 300 meters. And if the type of the Internet of vehicles service is the vehicle-to-vehicle communication core network equipment, executing the steps S1-S2. And if the type of the Internet of vehicles service is vehicle-to-road side unit communication, the core network equipment executes the steps S11-S12.
S1, core network equipment sends identity authentication demand information to a target Internet of vehicles terminal group, all Internet of vehicles terminals in the target Internet of vehicles terminal group feed back identity authentication requests to the core network equipment, the core network equipment determines whether the identities of all Internet of vehicles terminals (such as vehicle-mounted units) in the target Internet of vehicles terminal group are legal or not according to the authentication method of the identities of the Internet of vehicles terminals or other identity authentication methods of the embodiment, and the Internet of vehicles terminals with legal identities are screened out from the target Internet of vehicles terminal group to obtain a target communication Internet of vehicles terminal group.
And S2, the core network equipment sends the Internet of vehicles service message to a target communication Internet of vehicles terminal group passing the identity authentication, so that the Internet of vehicles terminal and the target communication Internet of vehicles terminal group carry out service communication.
S11, if the service type is communication between the vehicle and the Road Side Unit (RSU) and the road side unit is in wired connection with the core network equipment, the core network equipment can directly determine the identity legality of the RSU according to the RSU ID.
And S12, the core network equipment directly sends the vehicle networking service information to the positioned RSU with legal identity, so that the vehicle-mounted unit and the RSU carry out service communication.
In this embodiment, the positioning capability of the core network device is combined, directional transmission of the car networking service is performed according to the car networking service type, the vehicle and the RSU are assisted to perform bidirectional authentication, and the safety problem existing in the communication scene of the vehicle-mounted unit and the road side unit is solved: (1) When the vehicle-mounted unit sends a service message scene to the road side unit, the risk that the vehicle-mounted unit sends massive attack messages to the RSU, the RSU cannot process the attack messages, the RSU is broken down, and the service of the Internet of vehicles is interrupted exists; or the risk of imitating the RSU and receiving important vehicle networking service information of the vehicle-mounted unit. (2) When the RSU sends a broadcast message to the on-board unit, there is a security problem that a hacker (authenticated third party) intercepts important service information. Therefore, the core network equipment transmits the service message between the vehicle-mounted unit and the road side unit, and the oriented safety transmission after the safety certification is carried out, so that the safety of communication can be improved.
According to the authentication method for the identity of the Internet of vehicles terminal, a new identifier of the Internet of vehicles terminal is constructed by integrating the characteristics of the network identity and the hardware identity of the Internet of vehicles terminal, and joint authentication of the network identity and the equipment identity is respectively carried out through the core network equipment and the trusted center based on the identifier of the Internet of vehicles terminal, so that reliable and safe identity authentication of the Internet of vehicles terminal is realized, mass authentication and updating and maintaining of a certificate list by the Internet of vehicles terminal are not required, the reliability and the safety of Internet of vehicles service are improved, joint authentication of the Internet of vehicles terminal across security domains (such as a communication network and the trusted center) is realized, and the time delay of the cross-domain authentication is effectively reduced. Specifically, the identification of the car networking terminal is redefined, and the hardware identification (credible for car networking business operation enterprises) and the communication network identification (credible for communication network operators) of the car networking terminal are combined to serve as the unique identification of the car networking terminal, so that the risk of embezzlement of the identity of the car networking terminal after the hardware identification or the communication network identification is stolen is avoided. Further, the holder of the second encryption key is a communication operator and a trusted center, and the risk of leakage of the key of one of the operators is prevented, so that the security of the second encryption key can be improved by using the asymmetric key. And the core network equipment only sends the encrypted character string related to the equipment identity to the trusted center for authentication, and for any security domain, the identification of another security domain can not be revealed in the authentication process, so that the identity privacy of the terminal user is effectively protected, and the security of the system is improved. In addition, the core network equipment forwards the service message between the vehicle-mounted unit and the road side unit, and directional safe transmission after safety certification is carried out, so that the communication safety can be further improved.
Example 2:
as shown in fig. 3, this embodiment provides an authentication method for an identity of a terminal in a vehicle networking, which is applied to a trusted center, where the trusted center is connected to a core network device, and the method includes:
step 201, receiving an encrypted character string of a device identifier in a car networking terminal identifier sent by a core network device, wherein the car networking terminal identifier is a combination of the encrypted character string of a mobile communication user identifier and the encrypted character string of the device identifier, the core network device is used for authenticating the network identity validity of the car networking terminal according to an identity authentication request of the car networking terminal, the authentication result is that the network identity of the car networking terminal is legal, and the identity authentication request comprises the car networking terminal identifier.
In this embodiment, the car networking terminal includes on-board unit, road side unit, pedestrian's terminal of holding etc.. Before step 201, the core network device receives an identity authentication request sent by the vehicle networking terminal when accessing the communication network. The core network equipment is used for authenticating the network identity validity of the Internet of vehicles terminal according to the identity authentication request of the Internet of vehicles terminal, and specifically comprises the following steps: the core network equipment extracts the encrypted character string of the mobile communication user identification from the vehicle networking terminal identification; decrypting the encrypted character string of the mobile communication user identification by using a preset first encryption key to obtain the mobile communication user identification; and authenticating the network identity validity of the Internet of vehicles terminal according to the mobile communication user identification. In addition, the core network equipment sets the first encryption key pair in the communication SIM card and the core network of the vehicle networking terminal respectively; and respectively setting a second encryption key pair in the communication SIM card and the trusted center of the vehicle networking terminal, wherein the second encryption key pair is an asymmetric key.
And 202, authenticating the equipment identity validity of the Internet of vehicles terminal according to the encrypted character string of the equipment identifier.
Optionally, the authenticating the device identity legitimacy of the car networking terminal according to the encrypted character string of the device identifier specifically includes: decrypting the encrypted character string of the equipment identifier in the terminal identifier of the Internet of vehicles by using a preset second encryption key to obtain the equipment identifier; and authenticating the equipment identity validity of the Internet of vehicles terminal according to the equipment identifier.
Step 203, feeding back an authentication result of the equipment identity legality of the internet of vehicles terminal to the core network equipment, so that the core network equipment responds to the network identity legality and the equipment identity legality of the internet of vehicles terminal, and determines that the identity of the internet of vehicles terminal is legal.
In this embodiment, after the core network device determines that the identity of the car networking terminal is legal, the core network device receives and analyzes a service request of the car networking terminal; positioning a target Internet of vehicles terminal group which needs to communicate with the Internet of vehicles terminal according to the service request and the position of the Internet of vehicles terminal; determining whether the identity of each Internet of vehicles terminal in the target Internet of vehicles terminal group is legal or not; screening out the vehicle networking terminals with legal identities from the target vehicle networking terminal group to obtain a target communication vehicle networking terminal group; and sending the service request of the Internet of vehicles terminal to a target communication Internet of vehicles terminal group so as to enable the Internet of vehicles terminal and the target communication Internet of vehicles terminal group to carry out service communication.
S1, core network equipment sends identity authentication demand information to a target Internet of vehicles terminal group, each Internet of vehicles terminal in the target Internet of vehicles terminal group feeds an identity authentication request back to the core network equipment, the core network equipment determines whether the identity of each Internet of vehicles terminal (such as a vehicle-mounted unit) in the target Internet of vehicles terminal group is legal or not according to the authentication method of the Internet of vehicles terminal identity or other identity authentication methods of the embodiment, and the Internet of vehicles terminal with the legal identity is screened out from the target Internet of vehicles terminal group so as to obtain a target communication Internet of vehicles terminal group.
And S2, the core network equipment sends the Internet of vehicles service message to a target communication Internet of vehicles terminal group passing the identity authentication, so that the Internet of vehicles terminal and the target communication Internet of vehicles terminal group carry out service communication.
S11, if the service type is communication between the vehicle and the road side unit RSU is in wired connection with the core network equipment, the core network equipment can directly determine the identity legality of the RSU according to the RSU ID.
And S12, the core network equipment directly sends the vehicle networking service information to the positioned RSU with legal identity, so that the vehicle-mounted unit and the RSU carry out service communication.
In this embodiment, the positioning capability of the core network device is combined, directional transmission of the car networking service is performed according to the car networking service type, the vehicle and the RSU are assisted to perform bidirectional authentication, and the safety problem existing in the communication scene of the vehicle-mounted unit and the road side unit is solved: (1) When the vehicle-mounted unit sends a service message scene to the road side unit, the risk that the vehicle-mounted unit sends massive attack messages to the RSU, the RSU cannot process the attack messages, the RSU is broken down, and the service of the Internet of vehicles is interrupted exists; or the risk of imitating the RSU and receiving important vehicle networking service information of the vehicle-mounted unit. (2) When the RSU sends a broadcast message to the on-board unit, there is a security problem that a hacker (authenticated third party) intercepts important service information. Therefore, the core network equipment transmits the service message between the vehicle-mounted unit and the road side unit, and the oriented safety transmission after the safety certification is carried out, so that the safety of communication can be improved.
According to the identity characteristic of the vehicle-mounted unit (or the road side unit) in the vehicle networking service, the vehicle networking identity is newly defined, the hardware identity and the network identity characteristic of the vehicle-mounted unit (or the road side unit) are integrated, and the counterfeit risk caused by the leakage of the single identity of the vehicle-mounted unit (or the road side unit) is resisted. The network identity and equipment identity combined authentication is carried out on the vehicle end by utilizing the mobile communication network and the credible center, the combined authentication of the vehicle-mounted unit (or the road side unit) across security domains (the mobile communication network, the credible center TA1 of the vehicle-mounted unit and the credible center TA2 of the road side unit) is realized, for any security domain, the recognition identification of the other security domain is not revealed in the authentication process, and the user identity privacy is effectively protected. The positioning capability of the core network equipment is combined, the directional transmission of the Internet of vehicles service is carried out according to the type of the Internet of vehicles service, the vehicles and the RSU are assisted to carry out bidirectional authentication, the safety problem existing in the communication scene of the vehicle-mounted unit and the road side unit is solved, and the directional safe transmission after authentication is realized.
Example 3:
as shown in fig. 4, this embodiment provides an authentication apparatus for identity of terminals in internet of vehicles, including:
the first authentication module 41 is configured to authenticate the network identity validity of the car networking terminal according to an identity authentication request of the car networking terminal, where the identity authentication request includes a car networking terminal identifier, and the car networking terminal identifier is a combination of an encrypted character string of a mobile communication user identifier and an encrypted character string of an equipment identifier.
And the first sending module 42 is connected to the first authentication module 41, and is configured to send, in response to that the network identity of the car networking terminal is legal, the encrypted character string of the device identifier in the car networking terminal identifier to a trusted center, so that the trusted center authenticates the validity of the device identity of the car networking terminal.
And the determining module 43 is connected with the first authentication module 41 and is used for determining that the identity of the internet of vehicles terminal is legal in response to the fact that the network identity of the internet of vehicles terminal is legal and the equipment identity is legal.
Optionally, the car networking terminal includes an on-board unit and a road side unit. The first authentication module is also used for receiving an identity authentication request sent by the Internet of vehicles terminal.
Optionally, the first authentication module comprises: and the extraction unit is used for extracting the encrypted character string of the mobile communication user identification from the vehicle networking terminal identification. And the first decryption unit is connected with the extraction unit and used for decrypting the encrypted character string of the mobile communication user identifier by using a preset first encryption key to obtain the mobile communication user identifier. And the first authentication unit is connected with the first decryption unit and used for authenticating the network identity validity of the Internet of vehicles terminal according to the mobile communication user identification.
Optionally, the determining module is further configured to receive an authentication result of the legitimacy of the device identity of the vehicle networking terminal, which is fed back by the trusted center.
Optionally, the authentication device for the identity of the car networking terminal further includes a setting module, and the setting module is configured to set the first encryption key pair in the communication SIM card and the core network of the car networking terminal, respectively; the vehicle networking terminal is also used for setting a second encryption key pair in a communication SIM card and a trusted center of the vehicle networking terminal respectively, wherein the second encryption key pair is an asymmetric key.
Optionally, the device for authenticating the identity of the car networking terminal further comprises a second sending module, the second sending module is connected with the determining module and used for receiving and analyzing the service request of the car networking terminal, locating a target car networking terminal group of the car networking terminal needing communication according to the service request and the position of the car networking terminal, determining whether the identity of each car networking terminal in the target car networking terminal group is legal or not, screening out the car networking terminal with the legal identity from the target car networking terminal group to obtain a target communication car networking terminal group, and sending the service request of the car networking terminal to the target communication car networking terminal group to enable the car networking terminal and the target communication car networking terminal group to perform service communication.
In this embodiment, when the vehicle-mounted unit (or the road side unit) needs to perform the car networking service, the vehicle-mounted unit is configured to send a car networking service request to the core network device, where the car networking service request includes a car networking service type. The core network device is used for analyzing the type of the Internet of vehicles service in the Internet of vehicles service request, and if the type of the Internet of vehicles service is vehicle-to-vehicle communication, the core network device is used for executing the steps S1-S2. And if the type of the Internet of vehicles service is vehicle-to-road side unit communication, the core network equipment is used for executing the steps S11-S12.
S1, core network equipment sends identity authentication demand information to a target Internet of vehicles terminal group, each Internet of vehicles terminal in the target Internet of vehicles terminal group feeds an identity authentication request back to the core network equipment, the core network equipment determines whether the identity of each Internet of vehicles terminal (such as a vehicle-mounted unit) in the target Internet of vehicles terminal group is legal or not according to the authentication method of the Internet of vehicles terminal identity or other identity authentication methods of the embodiment, and the Internet of vehicles terminal with the legal identity is screened out from the target Internet of vehicles terminal group so as to obtain a target communication Internet of vehicles terminal group.
And S2, the core network equipment sends the Internet of vehicles service message to a target communication Internet of vehicles terminal group passing the identity authentication, so that the Internet of vehicles terminal and the target communication Internet of vehicles terminal group carry out service communication.
S11, if the service type is communication between the vehicle and the road side unit RSU is in wired connection with the core network equipment, the core network equipment can directly determine the identity legality of the RSU according to the RSU ID.
And S12, the core network equipment directly sends the vehicle networking service information to the positioned RSU with a legal identity, so that the vehicle-mounted unit and the RSU carry out service communication.
In this embodiment, the positioning capability of the core network device is combined, directional transmission of the car networking service is performed according to the car networking service type, the vehicle and the RSU are assisted to perform bidirectional authentication, and the safety problem existing in the communication scene of the vehicle-mounted unit and the road side unit is solved: (1) When the vehicle-mounted unit sends a service message scene to the road side unit, the risk that the vehicle-mounted unit sends massive attack messages to the RSU, the RSU cannot process the attack messages, the RSU is broken down, and the service of the Internet of vehicles is interrupted exists; or the risk of imitating the RSU and receiving important vehicle networking service information of the vehicle-mounted unit. (2) When the RSU sends a broadcast message to the on-board unit, there is a security problem that a hacker (authenticated third party) intercepts important service information. Therefore, the core network equipment transmits the service message between the vehicle-mounted unit and the road side unit, and the oriented safety transmission after the safety certification is carried out, so that the safety of communication can be improved.
Example 4:
as shown in fig. 5, this embodiment provides an authentication apparatus for identity of terminals in internet of vehicles, including:
the first receiving module 51 is configured to receive an encrypted character string of a device identifier in a car networking terminal identifier sent by a core network device, where the car networking terminal identifier is a combination of the encrypted character string of a mobile communication user identifier and the encrypted character string of the device identifier, the core network device is configured to authenticate the network identity validity of the car networking terminal according to an identity authentication request of the car networking terminal, and an authentication result is that the network identity of the car networking terminal is legal, and the identity authentication request includes the car networking terminal identifier.
And the second authentication module 52 is connected with the first receiving module 51 and is used for authenticating the equipment identity validity of the internet of vehicles terminal according to the encrypted character string of the equipment identifier.
Specifically, the second authentication module 52 is configured to decrypt, by using a preset second encryption key, an encrypted character string of the device identifier in the terminal identifier of the internet of vehicles to obtain the device identifier; and the terminal is also used for authenticating the equipment identity legality of the Internet of vehicles terminal according to the equipment identification.
And the feedback module 53 is connected with the second authentication module 52 and is used for feeding back an authentication result of the legitimacy of the equipment identity of the internet of vehicles terminal to the core network equipment, so that the core network equipment responds to the legality of the network identity and the legality of the equipment identity of the internet of vehicles terminal, and the identity of the internet of vehicles terminal is determined to be legal.
In this embodiment, the car networking terminal includes on-board unit, road side unit, pedestrian's terminal of holding etc.. The core network equipment is used for receiving an identity authentication request sent by the Internet of vehicles terminal when the Internet of vehicles terminal accesses the communication network. The core network equipment is used for authenticating the network identity legality of the Internet of vehicles terminal according to the identity authentication request of the Internet of vehicles terminal, and specifically, the core network equipment is used for extracting an encrypted character string of a mobile communication user identifier from the Internet of vehicles terminal identifier; decrypting the encrypted character string of the mobile communication user identification by using a preset first encryption key to obtain the mobile communication user identification; and the network identity validity of the Internet of vehicles terminal is authenticated according to the mobile communication user identification. In addition, the core network equipment is also used for setting the first encryption key pair in a communication SIM card and a core network of the vehicle networking terminal respectively; and respectively setting a second encryption key pair in the communication SIM card and the trusted center of the vehicle networking terminal, wherein the second encryption key pair is an asymmetric key.
In this embodiment, the core network device is further configured to receive and analyze a service request of the car networking terminal; positioning a target Internet of vehicles terminal group which needs to communicate with the Internet of vehicles terminal according to the service request and the position of the Internet of vehicles terminal; determining whether the identity of each Internet of vehicles terminal in the target Internet of vehicles terminal group is legal or not; screening out the vehicle networking terminals with legal identities from the target vehicle networking terminal group to obtain a target communication vehicle networking terminal group; and sending the service request of the Internet of vehicles terminal to a target communication Internet of vehicles terminal group so as to enable the Internet of vehicles terminal and the target communication Internet of vehicles terminal group to carry out service communication. When the vehicle-mounted unit (or the road side unit) needs to perform the vehicle networking service, the vehicle-mounted unit (or the road side unit) is used for sending a vehicle networking service request to the core network device, wherein the vehicle networking service request comprises the vehicle networking service type. The core network device is used for analyzing the type of the Internet of vehicles service in the Internet of vehicles service request, and if the type of the Internet of vehicles service is vehicle-to-vehicle communication, the core network device is used for executing the steps S1-S2. And if the type of the Internet of vehicles service is vehicle-to-road side unit communication, the core network equipment is used for executing the steps S11-S12.
S1, core network equipment sends identity authentication demand information to a target Internet of vehicles terminal group, each Internet of vehicles terminal in the target Internet of vehicles terminal group feeds an identity authentication request back to the core network equipment, the core network equipment determines whether the identity of each Internet of vehicles terminal (such as a vehicle-mounted unit) in the target Internet of vehicles terminal group is legal or not according to the authentication method of the Internet of vehicles terminal identity or other identity authentication methods of the embodiment, and the Internet of vehicles terminal with the legal identity is screened out from the target Internet of vehicles terminal group so as to obtain a target communication Internet of vehicles terminal group.
And S2, the core network equipment sends the Internet of vehicles service message to a target communication Internet of vehicles terminal group passing the identity authentication, so that the Internet of vehicles terminal and the target communication Internet of vehicles terminal group carry out service communication.
S11, if the service type is communication between the vehicle and the road side unit RSU is in wired connection with the core network equipment, the core network equipment can directly determine the identity legality of the RSU according to the RSU ID.
And S12, the core network equipment directly sends the vehicle networking service information to the positioned RSU with legal identity, so that the vehicle-mounted unit and the RSU carry out service communication. In this embodiment, the positioning capability of the core network device is combined, directional transmission of the car networking service is performed according to the car networking service type, the vehicle and the RSU are assisted to perform bidirectional authentication, and the safety problem existing in the communication scene of the vehicle-mounted unit and the road side unit is solved: (1) When the vehicle-mounted unit sends a service message scene to the road side unit, the risk that the vehicle-mounted unit sends massive attack messages to the RSU, the RSU cannot process the attack messages, the RSU is broken down, and the service of the Internet of vehicles is interrupted exists; or the risk of imitating the RSU and receiving important vehicle networking service information of the vehicle-mounted unit. (2) When the RSU sends a broadcast message to the on-board unit, there is a security problem that a hacker (authenticated third party) intercepts important service information. Therefore, the core network equipment transmits the service message between the vehicle-mounted unit and the road side unit, and the oriented safety transmission after the safety certification is carried out, so that the safety of communication can be improved.
Example 5:
as shown in fig. 6, the present embodiment provides an electronic device, which includes a memory 61 and a processor 62, where the memory 61 stores therein a computer program, and the processor 62 is configured to run the computer program to implement the method for authenticating an identity of a terminal in a car networking according to embodiment 1 or the method for authenticating an identity of a terminal in a car networking according to embodiment 2.
Example 6:
the present embodiment provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the method for authenticating an identity of a terminal in a vehicle networking according to embodiment 1 or the method for authenticating an identity of a terminal in a vehicle networking according to embodiment 2.
The authentication device for the identity of the car networking terminal in embodiments 3 and 4, the electronic device in embodiment 5, and the computer-readable storage medium in embodiment 6 are used to synthesize the characteristics of the network identity and the hardware identity of the car networking terminal to construct a new identifier of the car networking terminal, and perform joint authentication of the network identity and the device identity based on the identifier of the car networking terminal through the core network device and the trusted center, respectively, so as to implement reliable and safe identity authentication of the car networking terminal, and do not need the car networking terminal to perform mass authentication and update a maintenance certificate list by itself, thereby improving reliability and safety of car networking services, and simultaneously implementing joint authentication of the car networking terminal across security domains (such as a communication network and the trusted center), and effectively reducing time delay of the cross-domain authentication. Specifically, the method and the device are used for redefining the identification of the car networking terminal, and the hardware identification (credible for car networking business operation enterprises) and the communication network identification (credible for communication network operators) of the car networking terminal are combined to serve as the unique identification of the car networking terminal, so that the risk of stealing the identity of the car networking terminal after the hardware identification or the communication network identification is stolen is avoided. Further, the holder of the second encryption key is a communication operator and a trusted center, and the risk of leakage of the key of one of the operators is prevented, so that the security of the second encryption key can be improved by using the asymmetric key. And the method is only used for sending the encrypted character string related to the equipment identity to the trusted center for authentication, and for any security domain, the identifier of another security domain can not be revealed in the authentication process, so that the identity privacy of the terminal user is effectively protected, and the security of the system is improved. In addition, the core network equipment forwards the service message between the vehicle-mounted unit and the road side unit for oriented safe transmission after safety certification, so that the communication safety can be further improved.
It will be understood that the above embodiments are merely exemplary embodiments adopted to illustrate the principles of the present invention, and the present invention is not limited thereto. It will be apparent to those skilled in the art that various modifications and improvements can be made without departing from the spirit and substance of the invention, and these modifications and improvements are also considered to be within the scope of the invention.

Claims (13)

1. The method for authenticating the identity of the terminal in the Internet of vehicles is applied to core network equipment, and comprises the following steps:
the network identity legitimacy of the vehicle networking terminal is authenticated according to an identity authentication request of the vehicle networking terminal, wherein the identity authentication request comprises a vehicle networking terminal identifier, and the vehicle networking terminal identifier is a combination of an encrypted character string of a mobile communication user identifier and an encrypted character string of an equipment identifier;
responding to the fact that the network identity of the Internet of vehicles terminal is legal, and sending the encrypted character string of the equipment identity in the Internet of vehicles terminal identity to a trusted center so that the trusted center can authenticate the equipment identity validity of the Internet of vehicles terminal;
and determining that the identity of the Internet of vehicles terminal is legal in response to the fact that the network identity of the Internet of vehicles terminal is legal and the equipment identity is legal.
2. The identity authentication method of the terminal in the Internet of vehicles according to claim 1, wherein the terminal in the Internet of vehicles comprises a vehicle-mounted unit and a road side unit,
before the network identity validity of the vehicle networking terminal is authenticated according to the identity authentication request of the vehicle networking terminal, the method further comprises the following steps:
and receiving an identity authentication request sent by the Internet of vehicles terminal.
3. The identity authentication method of the internet of vehicles terminal according to claim 1, wherein the authentication of the network identity validity of the internet of vehicles terminal according to the identity authentication request of the internet of vehicles terminal specifically comprises:
extracting an encrypted character string of a mobile communication user identifier from the Internet of vehicles terminal identifier;
decrypting the encrypted character string of the mobile communication user identification by using a preset first encryption key to obtain the mobile communication user identification;
and authenticating the network identity validity of the Internet of vehicles terminal according to the mobile communication user identification.
4. The identity authentication method of the vehicle networking terminal, according to claim 1, further comprising, after sending the encrypted character string of the device identifier in the vehicle networking terminal identifier to a trusted center, and before determining that the identity of the vehicle networking terminal is legal in response to the network identity of the vehicle networking terminal being legal and the device identity being legal:
and receiving an authentication result of the legitimacy of the equipment identity of the Internet of vehicles terminal fed back by the trusted center.
5. The method for authenticating the identity of the internet of vehicles terminal according to claim 2, wherein before receiving the identity authentication request sent by the internet of vehicles terminal when accessing the communication network, the method further comprises:
respectively setting a first encryption key pair in a communication SIM card and a core network of the Internet of vehicles terminal;
and respectively setting a second encryption key pair in a communication SIM card and a trusted center of the vehicle networking terminal, wherein the second encryption key pair is an asymmetric key.
6. The method for authenticating the identity of the terminal in the Internet of vehicles according to any one of claims 1 to 5, further comprising, after determining that the identity of the terminal in the Internet of vehicles is legal:
receiving and analyzing a service request of the Internet of vehicles terminal;
positioning a target Internet of vehicles terminal group which needs to be communicated by the Internet of vehicles terminal according to the service request and the position of the Internet of vehicles terminal;
determining whether the identity of each Internet of vehicles terminal in the target Internet of vehicles terminal group is legal or not;
screening out the vehicle networking terminals with legal identities from the target vehicle networking terminal group to obtain a target communication vehicle networking terminal group;
and sending the service request of the Internet of vehicles terminal to a target communication Internet of vehicles terminal group so as to enable the Internet of vehicles terminal and the target communication Internet of vehicles terminal group to carry out service communication.
7. The identity authentication method of the vehicle networking terminal is applied to a trusted center, and comprises the following steps:
receiving an encrypted character string of an equipment identifier in an internet of vehicles terminal identifier sent by core network equipment, wherein the internet of vehicles terminal identifier is a combination of the encrypted character string of a mobile communication user identifier and the encrypted character string of the equipment identifier, the core network equipment is used for authenticating the network identity legality of the internet of vehicles terminal according to an identity authentication request of the internet of vehicles terminal, the authentication result is that the network identity of the internet of vehicles terminal is legal, and the identity authentication request comprises the internet of vehicles terminal identifier;
authenticating the equipment identity validity of the Internet of vehicles terminal according to the encrypted character string of the equipment identifier;
and feeding back an authentication result of the equipment identity legality of the Internet of vehicles terminal to the core network equipment, so that the core network equipment responds to the network identity legality and the equipment identity legality of the Internet of vehicles terminal, and the identity of the Internet of vehicles terminal is determined to be legal.
8. The method for authenticating the identity of the terminal in the internet of vehicles according to claim 7, wherein the authenticating the validity of the identity of the terminal in the internet of vehicles according to the encrypted character string of the device identifier specifically comprises:
decrypting the encrypted character string of the equipment identifier in the Internet of vehicles terminal identifier by using a preset second encryption key to obtain the equipment identifier;
and authenticating the equipment identity validity of the Internet of vehicles terminal according to the equipment identifier.
9. The utility model provides an authentication device of car networking terminal identity which characterized in that includes:
the first authentication module is used for authenticating the network identity validity of the Internet of vehicles terminal according to an identity authentication request of the Internet of vehicles terminal, the identity authentication request comprises an Internet of vehicles terminal identification which is a combination of an encryption character string of a mobile communication user identification and an encryption character string of a device identification,
the first sending module is connected with the first authentication module and used for responding to the legality of the network identity of the Internet of vehicles terminal and sending the encrypted character string of the equipment identity in the Internet of vehicles terminal identity to the trusted center so as to ensure that the trusted center authenticates the legality of the equipment identity of the Internet of vehicles terminal,
and the determining module is connected with the first authentication module and used for responding to the legality of the network identity and the legality of the equipment identity of the Internet of vehicles terminal and determining the legality of the Internet of vehicles terminal.
10. The device for authenticating the identity of the terminal in the internet of vehicles according to claim 9, wherein the first authentication module comprises:
an extraction unit, which is used for extracting the encrypted character string of the mobile communication user identification from the vehicle networking terminal identification,
a first decryption unit connected with the extraction unit and used for decrypting the encrypted character string of the mobile communication user identification by using a preset first encryption key to obtain the mobile communication user identification,
and the first authentication unit is connected with the first decryption unit and used for authenticating the network identity validity of the Internet of vehicles terminal according to the mobile communication user identification.
11. The utility model provides an authentication device of car networking terminal identity which characterized in that includes:
the first receiving module is used for receiving an encrypted character string of an equipment identifier in a car networking terminal identifier sent by core network equipment, wherein the car networking terminal identifier is a combination of the encrypted character string of a mobile communication user identifier and the encrypted character string of the equipment identifier, the core network equipment is used for authenticating the network identity legality of the car networking terminal according to an identity authentication request of the car networking terminal, the authentication result is that the network identity of the car networking terminal is legal, and the identity authentication request comprises the car networking terminal identifier,
the second authentication module is connected with the first receiving module and used for authenticating the equipment identity validity of the Internet of vehicles terminal according to the encrypted character string of the equipment identification,
and the feedback module is connected with the second authentication module and used for feeding back an authentication result of the legitimacy of the equipment identity of the Internet of vehicles terminal to the core network equipment so that the core network equipment responds to the legality of the network identity and the legality of the equipment identity of the Internet of vehicles terminal and determines the legality of the identity of the Internet of vehicles terminal.
12. An electronic device, characterized in that it comprises a memory in which a computer program is stored and a processor arranged to run the computer program to implement the method of authentication of the identity of a vehicle networking terminal according to any of claims 1-6 or the method of authentication of the identity of a vehicle networking terminal according to any of claims 7-8.
13. A computer-readable storage medium, on which a computer program is stored, which, when executed by a processor, carries out a method of authentication of an identity of a terminal in a vehicle networking according to any of claims 1 to 6 or a method of authentication of an identity of a terminal in a vehicle networking according to any of claims 7 to 8.
CN202211557864.4A 2022-12-06 2022-12-06 Authentication method and device for identity of Internet of vehicles terminal, electronic equipment and storage medium Active CN115802347B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211557864.4A CN115802347B (en) 2022-12-06 2022-12-06 Authentication method and device for identity of Internet of vehicles terminal, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211557864.4A CN115802347B (en) 2022-12-06 2022-12-06 Authentication method and device for identity of Internet of vehicles terminal, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN115802347A true CN115802347A (en) 2023-03-14
CN115802347B CN115802347B (en) 2024-09-17

Family

ID=85417950

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211557864.4A Active CN115802347B (en) 2022-12-06 2022-12-06 Authentication method and device for identity of Internet of vehicles terminal, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN115802347B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118019003A (en) * 2024-04-09 2024-05-10 中汽智联技术有限公司 Authentication method, device, equipment and storage medium of Internet of vehicles

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109996235A (en) * 2017-12-29 2019-07-09 宝沃汽车(中国)有限公司 Car networking terminal, for the method and apparatus of car networking terminal
CN112153638A (en) * 2019-08-20 2020-12-29 安波福电子(苏州)有限公司 Safety authentication method and equipment for vehicle-mounted mobile terminal
CN112399382A (en) * 2020-11-17 2021-02-23 平安科技(深圳)有限公司 Vehicle networking authentication method, device, equipment and medium based on block chain network
CN112671798A (en) * 2020-12-31 2021-04-16 北京明朝万达科技股份有限公司 Service request method, device and system in Internet of vehicles
US20210168602A1 (en) * 2019-04-20 2021-06-03 Ksmartech Co., Ltd Vehicle digital key sharing service method and system
CN112954643A (en) * 2019-11-25 2021-06-11 中国移动通信有限公司研究院 Direct connection communication authentication method, terminal, edge service node and network side equipment
CN114867014A (en) * 2022-05-07 2022-08-05 华中师范大学 Internet of vehicles access control method, system, medium, equipment and terminal

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109996235A (en) * 2017-12-29 2019-07-09 宝沃汽车(中国)有限公司 Car networking terminal, for the method and apparatus of car networking terminal
US20210168602A1 (en) * 2019-04-20 2021-06-03 Ksmartech Co., Ltd Vehicle digital key sharing service method and system
CN112153638A (en) * 2019-08-20 2020-12-29 安波福电子(苏州)有限公司 Safety authentication method and equipment for vehicle-mounted mobile terminal
CN112954643A (en) * 2019-11-25 2021-06-11 中国移动通信有限公司研究院 Direct connection communication authentication method, terminal, edge service node and network side equipment
CN112399382A (en) * 2020-11-17 2021-02-23 平安科技(深圳)有限公司 Vehicle networking authentication method, device, equipment and medium based on block chain network
CN112671798A (en) * 2020-12-31 2021-04-16 北京明朝万达科技股份有限公司 Service request method, device and system in Internet of vehicles
CN114867014A (en) * 2022-05-07 2022-08-05 华中师范大学 Internet of vehicles access control method, system, medium, equipment and terminal

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
HARSHA VASUDEV: "An Efficient Authentication and Secure Vehicle-to-Vehicle Communications in an IoV", 2019 IEEE 89TH VEHICULAR TECHNOLOGY CONFERENCE (VTC2019-SPRING), 27 June 2019 (2019-06-27) *
方万胜;黄金;金涛;蒋虎;: "车辆身份多源融合认证技术", 中国科技信息, no. 01, 7 January 2020 (2020-01-07) *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118019003A (en) * 2024-04-09 2024-05-10 中汽智联技术有限公司 Authentication method, device, equipment and storage medium of Internet of vehicles

Also Published As

Publication number Publication date
CN115802347B (en) 2024-09-17

Similar Documents

Publication Publication Date Title
CN108737430B (en) Encryption communication method and system for block chain node
CN110769393B (en) Identity authentication system and method for vehicle-road cooperation
EP3051855B1 (en) Communication device, lsi, program, and communication system
Xu et al. BAGKD: A batch authentication and group key distribution protocol for VANETs
CN112399382A (en) Vehicle networking authentication method, device, equipment and medium based on block chain network
US20200228988A1 (en) V2x communication device and method for inspecting forgery/falsification of key thereof
KR101521412B1 (en) Protocol Management System for Aggregating Massages based on certification
EP2974200B1 (en) Mobile terminal, onboard unit, and backend server
CN109362062B (en) ID-based group signature-based VANETs anonymous authentication system and method
CN111601280B (en) Access verification method and device
CN101145915B (en) An authentication system and method of trustable router
CN116235464A (en) Authentication method and system
CN105792194A (en) Base station legality authentication method, device and system and network device
Khalil et al. Sybil attack prevention through identity symmetric scheme in vehicular ad-hoc networks
CN113572795B (en) Vehicle safety communication method, system and vehicle-mounted terminal
US20200228326A1 (en) Securing outside-vehicle communication using ibc
CN115694891A (en) Roadside device communication system and method based on central computing platform
CN115802347B (en) Authentication method and device for identity of Internet of vehicles terminal, electronic equipment and storage medium
CN106657021B (en) Vehicle message authentication method and device in Internet of vehicles
Bissmeyer et al. Security in hybrid vehicular communication based on ITS-G5, LTE-V, and mobile edge computing
CN118250694A (en) Identity authentication and access control system and method for 5G-R terminal
CN113163375B (en) Air certificate issuing method and system based on NB-IoT communication module
CN115835194B (en) NB-IOT terminal safety access system and access method
KR20190078154A (en) Apparatus and method for performing intergrated authentification for vehicles
CN114785618B (en) Data communication method and system based on adjacent node secondary authentication

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant