CN116017346A - V2X communication method and system - Google Patents

V2X communication method and system Download PDF

Info

Publication number
CN116017346A
CN116017346A CN202211541236.7A CN202211541236A CN116017346A CN 116017346 A CN116017346 A CN 116017346A CN 202211541236 A CN202211541236 A CN 202211541236A CN 116017346 A CN116017346 A CN 116017346A
Authority
CN
China
Prior art keywords
client
server
message
communication
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211541236.7A
Other languages
Chinese (zh)
Inventor
徐智凯
马春香
李媛媛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Wanji Technology Co Ltd
Original Assignee
Beijing Wanji Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Wanji Technology Co Ltd filed Critical Beijing Wanji Technology Co Ltd
Priority to CN202211541236.7A priority Critical patent/CN116017346A/en
Publication of CN116017346A publication Critical patent/CN116017346A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Abstract

The V2X communication method and system comprises the steps that a client sends a client Hello message in an SPDU code stream format to a server, wherein the client Hello message comprises a communication password suite and a signature message of the client, and the signature message comprises a client certificate and a client data signature value; the server responds to the ServerHello message in the SPDU format to the client according to the ClientHello message, wherein the ServerHello message comprises a target communication password suite determined by the server and a server certificate; after the server verifies the identity of the client according to the signature message, determining a server communication transmission key according to the target communication password suite; the client determines a client communication transmission key according to the ServerHello message; the client and the server communicate with each other according to the client communication transmission key and the server communication transmission key, respectively.

Description

V2X communication method and system
Technical Field
The application belongs to the technical field of Internet of vehicles, and particularly relates to a V2X communication method and system.
Background
With the rapid development of the technical field of internet of vehicles, in the single-point communication process of the wireless communication technology (vehicle to everything, V2X) scene for vehicles, in order to ensure the security of data in the transmission process, encryption communication is generally performed in a manner similar to a digital envelope. Where single point communication is a communication process in which data is typically transmitted by two stations (point-to-point). However, when the client and the server use a digital envelope to encrypt communications, asymmetric encryption and symmetric encryption are required each time, which results in low communication efficiency and affects user experience.
Disclosure of Invention
In view of this, the embodiments of the present application provide a V2X communication method and system, so as to solve the problem of low communication efficiency in the single-point communication process of the existing V2X scene.
A first aspect of an embodiment of the present application provides a V2X communication method, applied to a client in a V2X communication system, including: sending a client hello message in an SPDU code stream format to a server, wherein the client hello message comprises a communication cipher suite of a client and a signature message, and the signature message comprises a client certificate and a client data signature value; receiving a ServerHello message in an SPDU code stream format, wherein the ServerHello message is generated by a server according to the ClientHello message; determining a client communication transmission key according to the ServerHello message; the key is communicated to the server in accordance with the client communication.
With reference to the first aspect, in a first possible implementation manner of the first aspect, determining a client communication transmission key according to a ServerHello message includes: analyzing the ServerHello message to obtain a server public key and a ServerHello message plaintext; generating a client premaster secret key of the TLS according to the client public key, the server public key and the ServerHello message plaintext; and determining a client communication transmission key according to the client premaster secret key.
With reference to the first aspect, in a second possible implementation manner of the first aspect, before parsing the ServerHello message, the method further includes: if the server hello message is verified to be wrong, the verification error message is sent to the server, and the connection with the server is disconnected.
With reference to the first aspect, in a third possible implementation manner of the first aspect, determining a client communication transmission key according to a client premaster secret includes: generating a client master key according to the client pre-master key; and generating a client working key according to the client master key, and determining the client working key as a communication transmission key.
With reference to the first aspect, in a fourth possible implementation manner of the first aspect, after determining the client communication transmission key according to the ServerHello message, before communicating with the server according to the client communication transmission key, the method further includes: and sending a password specification change message to the server, encrypting the client handshake ending message by using the client premaster secret key and a corresponding algorithm in the client premaster secret key, and sending the encrypted client handshake ending message to the server.
A second aspect of the embodiments of the present application provides a V2X communication method, applied to a server in a V2X communication system, including: receiving a client hello message in an SPDU code stream format sent by a client, wherein the client hello message comprises a communication cipher suite and a signature message of the client, and the signature message comprises a client certificate and a client data signature value; responding the ServerHello message in the SPDU code stream format to the client according to the ClientHello message, wherein the ServerHello message comprises a target communication password suite determined by the server and a server certificate; after verifying the identity of the client according to the signature message, determining a server communication transmission key according to the target communication password suite; and communicating with the client according to the client communication transmission key.
With reference to the second aspect, in a first possible implementation manner of the second aspect, responding to the ServerHello message to the client according to the ClientHello message includes: analyzing the ClientHello message to obtain a communication password suite carried in the ClientHello message; if the server verifies the communication password suite successfully, a ServerHello message is responded to the client; if the server verifies the communication password suite by mistake, a verification error message is sent to the client, and the connection with the client is disconnected.
With reference to the second aspect, in a second possible implementation manner of the second aspect, determining a server communication transmission key according to the target communication cipher suite includes: analyzing the ClientHello message to obtain a client public key and a ClientHello message plaintext; and generating a server premaster secret key of the TLS according to the server public key, the client public key, the clear text of the ClientHello message and the target communication password suite, and determining a server communication transmission secret key according to the server premaster secret key.
With reference to the second aspect, in a third possible implementation manner of the second aspect, determining a server communication transmission key according to the server premaster secret includes: generating a server master key according to the server premaster key; and generating a server working key according to the server master key, and determining the server working key as a communication transmission key.
With reference to the second aspect, in a fourth possible implementation manner of the second aspect, after determining the server communication transmission key according to the target communication cipher suite, before communicating with the client according to the client communication transmission key, the method further includes: responding to the password specification change message to the client, encrypting the server handshake ending message by using the server premaster secret key and the corresponding algorithm in the server premaster secret key, and then sending the encrypted server handshake ending message to the client.
A third aspect of the embodiments of the present application provides a V2X communication system, including a client and a server in the V2X communication system: the client is used for sending a client hello message in an SPDU code stream format to the server, wherein the client hello message comprises a communication cipher suite and a signature message of the client, and the signature message comprises a client certificate and a client data signature value; the server is used for responding the ServerHello message in the SPDU format to the client according to the ClientHello message, wherein the ServerHello message comprises a target communication password suite determined by the server and a server certificate; the server is also used for determining a server communication transmission key according to the target communication password suite after verifying the identity of the client according to the signature message; the client is also used for determining a client communication transmission key according to the ServerHello message; the client is also used for communicating with the server according to the client communication transmission key and the server communication transmission key respectively.
Compared with the prior art, the embodiment of the application has the beneficial effects that:
the embodiment of the application provides a V2X communication method and a V2X communication system, which are applied to a client and a server. In the method, in the process of handshake interaction between the client and the server, the packet format of the ClientHello message sent by the client to the server is an SPDU code stream format. By the package mode, protocol fields of the client certificate and the signature message can be built in, and when the client interacts with the server, the client does not need to additionally send the certificate and the signature authentication message, so that the interaction process is saved, and then the final communication transmission password is determined based on the client hello message in the SPDU code stream format to complete a handshake protocol. After the client and the server determine the communication transmission password, the client and the server can directly adopt the communication transmission key negotiated after handshake protocol is carried out by the client and the server to carry out communication, so that the steps of symmetric encryption and asymmetric encryption in each encryption communication process are saved, the communication efficiency is improved, and the user experience is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required for the embodiments or the description of the prior art will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic illustration of a single-point communication interaction flow of a V2X scenario provided in one embodiment of the present application;
fig. 2 is a schematic diagram of an encrypted communication scenario between a client and a server according to an embodiment of the present application;
fig. 3 is a schematic diagram of an interaction flow of a V2X communication method according to an embodiment of the present application;
fig. 4 is a schematic diagram of a communication interaction flow when a client and a server perform data security transmission according to an embodiment of the present application.
Detailed Description
In the following description, for purposes of explanation and not limitation, specific details are set forth, such as particular system configurations, techniques, etc. in order to provide a thorough understanding of the embodiments of the present application. It will be apparent, however, to one skilled in the art that the present application may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known systems, devices, circuits, and methods are omitted so as not to obscure the description of the present application with unnecessary detail.
The technical scheme provided by the application is explained in detail below with reference to specific embodiments.
With the rapid development of communication technology, vehicles can be connected with various electronic devices (such as road side devices, servers, sensing devices and the like) to form the internet of vehicles by means of cellular communication (internet of vehicles communication based on cellular technology) or through communication (special short-range communication technology). When a vehicle performs single-point communication with each electronic device, for example, an in-vehicle terminal and a Server, or when an in-vehicle terminal communicates with a roadside device, a Client/Server (C/S) mode communication is generally adopted.
Fig. 1 is a schematic illustration of a single-point communication interaction flow of a V2X scene provided in an embodiment of the present application, and fig. 5 is shown in fig. 1, and includes the following steps S101 to S107.
S101, the client generates a client symmetric key according to the client private key.
S102, the client encrypts plaintext of the session message to be sent to the server by adopting the client symmetric key to obtain the ciphertext of the session message.
S103, the client acquires a server certificate, and a server public key is acquired from the server certificate.
0, wherein the client can obtain the server certificate from the public certificate of the server
Or the client itself may be obtained from a pre-stored server certificate.
S104, the client encrypts the symmetric key of the client by adopting the server public key to obtain the symmetric key ciphertext of the client.
In this embodiment, the process 5 of encrypting the client symmetric key by the client using the server public key is a process of generating a digital envelope. The server needs to be based on the digital envelope in the subsequent decryption process
And (5) decrypting the line.
And S105, the client sends the session message ciphertext and the client symmetric key ciphertext to the server.
S106, the server decrypts the symmetric key ciphertext of the client according to the private key of the server to obtain the symmetric key of the client.
And 0S107, the server decrypts the session message ciphertext according to the client symmetric key to obtain the client session message plaintext.
Fig. 2 is a schematic diagram of an encrypted communication scenario between a client and a server according to an embodiment of the present application. Referring to fig. 2, when the client performs encrypted communication with the server, each time, the client needs to perform asymmetric encryption (corresponding to the process of encrypting the symmetric key of the client by the server public key in the interactive flow of fig. 1), and the process 5 is the process of encrypting the digital envelope shown in fig. 2) and symmetric encryption (corresponding to the process of generating the symmetric key of the client in the interactive flow of fig. 1), so that the encryption process is complicated, thereby resulting in low communication efficiency and affecting user experience.
Based on this, the embodiment of the application provides a V2X communication method, which is applied to a client and a server. In the process of handshake interaction between the client and the server, the packet format of the ClientHello message sent by the client to the server is the SPDU code stream format. By the package mode, protocol fields of the client certificate and the signature message can be built in, and when the client interacts with the server, the client does not need to additionally send the certificate and the signature authentication message, so that the interaction process is saved, and then the final communication transmission password is determined based on the client hello message in the SPDU code stream format to complete a handshake protocol. After the client and the server determine the communication transmission password, the client and the server can directly adopt the communication transmission key negotiated after handshake protocol is carried out by the client and the server to carry out communication, so that the steps of symmetric encryption and asymmetric encryption in each encryption communication process are saved, the communication efficiency is improved, and the user experience is improved.
Fig. 3 is a schematic interaction flow chart of a V2X communication method according to an embodiment of the present application, and referring to fig. 3, the method includes the following steps S301 to S309.
S301, the client sends a ClientHello message in an SPDU code stream format to the server.
In this embodiment, when the client performs hello message interaction with the server, the ClientHello message sent by the client is formed by packing a security protocol data unit (Secured Protocol Data Unit, SPDU) code stream format in the standard TCCSA 307-2021 based on the technical requirements of the internet of vehicles wireless communication technology security certificate management system of LTE. The ClientHello message formed by the SPDU code stream format packet not only comprises a communication cipher suite, but also comprises a signature message of the SPDU code stream format. The communication cipher suite comprises client version information, an encryption suite candidate list, a compression algorithm candidate list, client random numbers, an expansion field and the like.
The client version information refers to the version (version) of the highest security transport layer protocol (Transport Layer Security, TLS) supported by the client, and includes, in order from low to high, the versions of SSLv2, SSLv3, TLSv1, TLSv1.1, TLSv1.2, and the like. The encryption suite candidate list is a list of encryption suite cipher suites supported by the client, and comprises: authentication algorithm Au (for authentication), key exchange algorithm KeyExchange (for key negotiation), symmetric encryption algorithm Enc (for information encryption), and information digest Mac (for integrity verification of the cryptographic suite by the server). The compression algorithm candidate list is a compression algorithm compression methods list supported by the client and used for subsequent information compression transmission. Random number random_c for subsequent key generation. Extension fields extensions, including parameters related to supporting protocols and algorithms, and other auxiliary information, etc.
The SPDU is a message structure transmitted between V2X devices, and in general, a signature message in the SPDU code stream format is composed of four parts: a hash algorithm (hashId) used for hashing the message when signing and verifying the signature; (II) data (tbsData) hashed and input as a signature; (III) determining an issuer certificate (signer) when signing the data; (IV) digital signature value (signature). The hash is to convert an input with any length into an output with a fixed length through a hash algorithm, and the output is a hash value. That is, the ClientHello message is transmitted in the SPDU code stream format, and the protocol field of the client certificate may be set in the signed message in the SPDU code stream format. For example, in the process of grouping the ClientHello messages through the SPDU code stream format, the corresponding protocol fields may be built in the corresponding message structure. For example, a protocol field of a hash algorithm (hashId) used for hashing a message when the client indicates signing and verifying signing is placed in a message structure of the hash algorithm (hashId) used for hashing the message when the client indicates signing and verifying signing; the protocol field of the data input by the client as the signature (namely, the ClientHello message protocol field) is placed in the message structure of the data input by the client as the signature after being hashed (tbsData) in the signature message; a protocol field of the client issuer certificate, placed in a message structure of a signature message for determining an issuer certificate (signer) when signing data; the protocol field of the client digital signature value is placed in the message structure of the digital signature value (signature) in the signed message.
Based on this, in the embodiment of the present application, the ClientHello message is packaged in the form of the SPDU code stream format, so that on one hand, the client certificate and the client digital signature value can be built in the ClientHello message, and on the other hand, the conventional standard communication method based on the TLS handshake protocol can be applied to the single-point communication process of the V2X scene.
S302, the server verifies the received ClientHello message and responds to the ServerHello message in the SPDU code stream format to the client.
When the server receives the ClientHello message sent by the client, the ClientHello message in the form of SPDU code stream format group packet is verified, if the verification is wrong, a fatal error is generated and the connection with the client is disconnected. If the verification is passed, a ServerHello message is responded to the client. Likewise, the packet format of the ServerHello message is also the SPDU code stream format.
When the server verifies the ClientHello message, the verification can be performed by a 5-error code defined by the server itself that identifies the error. For example, when the error code defined by the server is a and the ClientHello message is verified, the error code of a is generated, and the verification is considered to be failed, the server and the client have no communication condition, and the server is disconnected from the client.
The client hello message in the SPDU code stream format sent by the client to the server carries the guest
The client certificate (for the server to identify the client), the client data signature value (for the server to identify the client), and the hash algorithm (hashId) used to hash the message and the data hashed to input as a signature when the signature is indicated and verified, so the server does not need to send a certificate request message to the client after receiving the ClientHello message to verify the client identity. In comparison with the conventional handshake protocol, when a client performs a handshake operation with a server, it is required that
In addition, a certificate request message for client certificate verification is sent to the client, and the client needs to send a certificate message to the server after receiving the certificate request message sent by the server 5, in this embodiment, the hello message is already sent
The process of sending and verifying the certificate is completed, so that the process of protocol handshake is saved, and the handshake efficiency is improved.
It can be seen that, in this embodiment, the client hello field (i.e., the client hello message) is packaged by adopting the SPDU code stream format, and the client can be completed by one interaction between the client and the server
And the server omits the whole step of the 0TLS handshake protocol through the two-way handshake of the ClientHello message and the subsequent certificate exchange request process, shortens the handshake process and improves the communication efficiency.
S303, the server analyzes the received ClientHello message to obtain a client public key and a clear text of the ClientHello message.
The server analyzes the ClientHello message in the SPDU code stream format, and the SPDU code stream format is adopted
The client hello message carries the client certificate, so the server can obtain the client public key according to the parsed client certificate 5. The ClientHello message is then decrypted based on the client public key
Generating the clear text of the ClientHello message.
In addition, the server analyzes the ClientHello message in the SPDU code stream format to obtain a communication password suite included in the ClientHello message, and then determines a target communication password suite according to the communication password suite, wherein the target communication password suite includes a client version, a target encryption suite, a compression algorithm, a random number, an extension field and the like determined by the server.
S304, the server generates a server premaster secret key of the TLS according to the server public key, the client public key, the clear text of the ClientHello message and the target communication password suite.
Wherein, server premaster secret (ServerKeyExchange) is used to generate server master secret, server work secret, etc. In this way confidentiality of the communication process can be enhanced.
S305, the server responds to the client with the password specification change message, encrypts the server handshake ending message by using the server premaster secret key and the corresponding algorithm in the server premaster secret key, and then sends the encrypted server handshake ending message to the client.
S306, the client verifies the received ServerHello message.
The client verifies the received ServerHello message, and if the verification is wrong, a fatal error is generated and the connection with the server is disconnected. If the verification is passed, a subsequent message is replied to the server.
S307, the client analyzes the received ServerHello message to obtain the server public key and the ServerHello message plaintext.
Similarly, the ServerHello message returned by the server to the client is also sent in the packet format of the SPDU code stream format, so after the client receives the ServerHello message, the client first analyzes the ServerHello message, and the server side hello message in the SPDU code stream format also carries the server side certificate, so the client can obtain the server public key according to the server certificate obtained by analysis. And then analyzing the ServerHello message according to the public key of the server to generate a ServerHello message plaintext.
And S308, the client generates a client premaster secret key of the TLS according to the public key of the client, the public key of the server and the plain text of the ServerHello message.
Also, the client premaster secret is used to generate a client master secret, a client working secret, and the like.
S309, the client sends a password specification change message to the server, encrypts the client handshake ending message by using the client premaster secret key and the corresponding algorithm in the client premaster secret key, and then sends the encrypted client handshake ending message to the server.
In this embodiment, after the client and the server send the client handshake end message and the server handshake end message to each other, respectively, both the client and the server have ciphertext communication conditions. And then, when the client and the server carry out ciphertext communication, the data security transmission can be carried out by adopting the secret key negotiated in the mode.
It should be noted that, after the client and the server respectively generate the premaster secret, the premaster secret is used to generate the master secret, the working secret, and so on, so the client and the server can select the communication transmission secret key type, such as the working secret, used for ciphertext communication in the process of secret key negotiation.
Fig. 4 is a schematic diagram of a communication interaction flow when a client and a server perform data security transmission, as shown in fig. 4, and the method includes the following steps S401 to S403. The method will be explained by taking the type of the communication transmission key used for ciphertext communication after negotiation between the client and the server as the working key.
S401, the client encrypts the plaintext of the client session message according to the client working key to obtain the ciphertext of the client session message.
S402, the client sends the ciphertext of the client session message to the server.
S403, the server decrypts the ciphertext of the client session message according to the server working key to obtain the plaintext of the client session message.
It should be understood that the sequence number of each step in the foregoing embodiment does not mean that the execution sequence of each process should be determined by the function and the internal logic of each process, and should not limit the implementation process of the embodiment of the present application in any way.
The embodiment of the application also provides a V2X communication system, which is applied to a client and a server in the V2X communication system: the client is used for sending a client hello message in an SPDU code stream format to the server, wherein the client hello message comprises a communication cipher suite and a signature message of the client, and the signature message comprises a client certificate and a client data signature value; the server is used for responding the ServerHello message in the SPDU format to the client according to the ClientHello message, wherein the ServerHello message comprises a target communication password suite determined by the server and a server certificate; the server is also used for determining a server communication transmission key according to the target communication password suite after verifying the identity of the client according to the signature message; the client is also used for determining a client communication transmission key according to the ServerHello message; the client is also used for communicating with the server according to the client communication transmission key and the server communication transmission key respectively.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-described division of the functional units and modules is illustrated, and in practical application, the above-described functional distribution may be performed by different functional units and modules according to needs, i.e. the internal structure of the apparatus is divided into different functional units or modules to perform all or part of the above-described functions. The functional units and modules in the embodiment may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit, where the integrated units may be implemented in a form of hardware or a form of a software functional unit. In addition, specific names of the functional units and modules are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present application. The specific working process of the units and modules in the above system may refer to the corresponding process in the foregoing method embodiment, which is not described herein again.
In the foregoing embodiments, the descriptions of the embodiments are emphasized, and in part, not described or illustrated in any particular embodiment, reference is made to the related descriptions of other embodiments.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus/terminal device and method may be implemented in other manners. For example, the apparatus/terminal device embodiments described above are merely illustrative, e.g., the division of the modules or units is merely a logical function division, and there may be additional divisions in actual implementation, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection via interfaces, devices or units, which may be in electrical, mechanical or other forms.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated modules/units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. With such understanding, the present application implements all or part of the flow of the method of the above embodiments, and may also be implemented by hardware associated with computer program instructions, where the computer program may be stored on a computer readable storage medium, where the computer program, when executed by a processor, implements the steps of the method embodiments described above. Wherein the computer program comprises computer program code which may be in source code form, object code form, executable file or some intermediate form etc. The computer readable medium may include: any entity or device capable of carrying the computer program code, a recording medium, a U disk, a removable hard disk, a magnetic disk, an optical disk, a computer Memory, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), an electrical carrier signal, a telecommunications signal, a software distribution medium, and so forth. It should be noted that the computer readable medium may include content that is subject to appropriate increases and decreases as required by jurisdictions in which such content is subject to legislation and patent practice, such as in certain jurisdictions in which such content is not included as electrical carrier signals and telecommunication signals.
The above embodiments are only for illustrating the technical solution of the present application, and are not limiting; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present application, and are intended to be included in the scope of the present application.

Claims (11)

1. A V2X communication method, applied to a client in a V2X communication system, the method comprising:
sending a ClientHello message in an SPDU code stream format to the server, wherein the ClientHello message comprises a communication cipher suite of the client and a signature message, and the signature message comprises a client certificate and a client data signature value;
receiving a ServerHello message in an SPDU code stream format, wherein the ServerHello message is generated by the server according to the ClientHello message;
determining a client communication transmission key according to the ServerHello message;
and communicating with the server according to the client communication transmission key.
2. The method of claim 1, wherein determining the client communication transport key from the ServerHello message comprises:
analyzing the ServerHello message to obtain a server public key and a ServerHello message plaintext;
generating a client premaster secret key of the TLS according to the client public key, the server public key and the ServerHello message plaintext;
and determining the client communication transmission key according to the client premaster key.
3. The method of claim 2, wherein prior to said parsing the ServerHello message, the method further comprises:
and if the ServerHello message is verified to be wrong, sending a verification error message to the server, and disconnecting the server.
4. The method of claim 2, wherein said determining the client communication transport key from the client premaster secret comprises:
generating a client master key according to the client premaster key;
and generating a client working key according to the client master key, and determining the client working key as the communication transmission key.
5. The method of claim 2, wherein after said determining a client communication transfer key from a ServerHello message, said method further comprises, prior to communicating with said server from said client communication transfer key:
and sending a password specification change message to the server, encrypting a client handshake ending message by using the client premaster secret key and a corresponding algorithm in the client premaster secret key, and sending the encrypted client handshake ending message to the server.
6. A V2X communication method, applied to a server in a V2X communication system, the method comprising:
receiving a client hello message in an SPDU code stream format sent by a client, wherein the client hello message comprises a communication password suite and a signature message of the client, and the signature message comprises a client certificate and a client data signature value;
responding a ServerHello message in an SPDU code stream format to the client according to the ClientHello message, wherein the ServerHello message comprises a target communication password suite determined by the server and a server certificate;
after verifying the identity of the client according to the signature message, determining a server communication transmission key according to the target communication password suite;
and communicating with the client according to the client communication transmission key.
7. The method of claim 6, wherein responding to the ServerHello message to the client based on the ClientHello message comprises:
analyzing the ClientHello message to obtain the communication password suite carried in the ClientHello message;
if the server verifies the communication password suite successfully, responding to the ServerHello message to the client;
and if the server verifies the communication password suite to be wrong, sending a verification error message to the client and disconnecting the client.
8. The method of claim 6, wherein said determining a server communication transmission key from said target communication password suite comprises:
analyzing the ClientHello message to obtain a client public key and a ClientHello message plaintext;
and generating a server premaster secret key of the TLS according to the server public key, the client public key, the ClientHello message plaintext and the target communication password suite, and determining a server communication transmission secret key according to the server premaster secret key.
9. The method of claim 8, wherein said determining the server communication transport key from the server premaster secret comprises:
generating a server master key according to the server premaster key;
and generating a server working key according to the server master key, and determining the server working key as the communication transmission key.
10. The method of claim 8, wherein after said determining a server communication transmission key from said target communication cipher suite, said communicating with said client from said client communication transmission key, said method further comprises:
and responding to the password specification change message to the client, encrypting the server handshake ending message by using the server premaster secret key and a corresponding algorithm in the server premaster secret key, and then sending the encrypted server handshake ending message to the client.
11. A V2X communication system, comprising a client and a server in the V2X communication system:
the client is configured to send a ClientHello message in an SPDU code stream format to the server, where the ClientHello message includes a communication cipher suite of the client and a signature message, and the signature message includes a client certificate and a client data signature value;
the server is configured to respond to the ServerHello message in the SPDU format to the client according to the ClientHello message, where the ServerHello message includes the target communication password set and the server certificate determined by the server;
the server is further configured to determine a server communication transmission key according to the target communication cipher suite after verifying the identity of the client according to the signature message;
the client is further configured to determine a client communication transmission key according to the ServerHello message;
the client is also used for communicating with the server according to the client communication transmission key and the server communication transmission key respectively.
CN202211541236.7A 2022-12-02 2022-12-02 V2X communication method and system Pending CN116017346A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211541236.7A CN116017346A (en) 2022-12-02 2022-12-02 V2X communication method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211541236.7A CN116017346A (en) 2022-12-02 2022-12-02 V2X communication method and system

Publications (1)

Publication Number Publication Date
CN116017346A true CN116017346A (en) 2023-04-25

Family

ID=86018190

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211541236.7A Pending CN116017346A (en) 2022-12-02 2022-12-02 V2X communication method and system

Country Status (1)

Country Link
CN (1) CN116017346A (en)

Similar Documents

Publication Publication Date Title
CN111835752B (en) Lightweight authentication method based on equipment identity and gateway
CN110380852B (en) Bidirectional authentication method and communication system
CN112887338B (en) Identity authentication method and system based on IBC identification password
KR100319256B1 (en) Method for operating communication protocol
CN103546289B (en) USB (universal serial bus) Key based secure data transmission method and system
US8555069B2 (en) Fast-reconnection of negotiable authentication network clients
CN106788989B (en) Method and equipment for establishing secure encrypted channel
CN110995414B (en) Method for establishing channel in TLS1_3 protocol based on cryptographic algorithm
CN108650227A (en) Handshake method based on datagram secure transfer protocol and system
CN109302369B (en) Data transmission method and device based on key verification
CN111756529B (en) Quantum session key distribution method and system
CN109800588B (en) Dynamic bar code encryption method and device and dynamic bar code decryption method and device
WO2009115017A1 (en) Network certifying service system and method
CN111552270B (en) Safety authentication and data transmission method and device for vehicle-mounted diagnosis
CN113806772A (en) Information encryption transmission method and device based on block chain
CN111756528B (en) Quantum session key distribution method, device and communication architecture
CN114143082B (en) Encryption communication method, system and device
TW201537937A (en) Unified identity authentication platform and authentication method thereof
CN112422560A (en) Lightweight substation secure communication method and system based on secure socket layer
CN111817846A (en) Lightweight key negotiation communication protocol
CN104243452A (en) Method and system for cloud computing access control
JPH10242957A (en) User authentication method, system therefor and storage medium for user authentication
CN116132043B (en) Session key negotiation method, device and equipment
WO2024017255A1 (en) Vehicle communication method, terminal, vehicle and computer-readable storage medium
CN102739660B (en) Key exchange method for single sign on system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination