CN116331047A - Transaction verification method and device for charging pile, computer equipment and storage medium - Google Patents

Transaction verification method and device for charging pile, computer equipment and storage medium Download PDF

Info

Publication number
CN116331047A
CN116331047A CN202310309021.0A CN202310309021A CN116331047A CN 116331047 A CN116331047 A CN 116331047A CN 202310309021 A CN202310309021 A CN 202310309021A CN 116331047 A CN116331047 A CN 116331047A
Authority
CN
China
Prior art keywords
charging
data
transaction
security chip
verification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310309021.0A
Other languages
Chinese (zh)
Inventor
钟文琦
白雪松
庞振江
王文赫
曲胜波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
Beijing Smartchip Microelectronics Technology Co Ltd
Original Assignee
State Grid Corp of China SGCC
Beijing Smartchip Microelectronics Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, Beijing Smartchip Microelectronics Technology Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN202310309021.0A priority Critical patent/CN116331047A/en
Publication of CN116331047A publication Critical patent/CN116331047A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60LPROPULSION OF ELECTRICALLY-PROPELLED VEHICLES; SUPPLYING ELECTRIC POWER FOR AUXILIARY EQUIPMENT OF ELECTRICALLY-PROPELLED VEHICLES; ELECTRODYNAMIC BRAKE SYSTEMS FOR VEHICLES IN GENERAL; MAGNETIC SUSPENSION OR LEVITATION FOR VEHICLES; MONITORING OPERATING VARIABLES OF ELECTRICALLY-PROPELLED VEHICLES; ELECTRIC SAFETY DEVICES FOR ELECTRICALLY-PROPELLED VEHICLES
    • B60L53/00Methods of charging batteries, specially adapted for electric vehicles; Charging stations or on-board charging equipment therefor; Exchange of energy storage elements in electric vehicles
    • B60L53/60Monitoring or controlling charging stations
    • B60L53/66Data transfer between charging stations and vehicles
    • B60L53/665Methods related to measuring, billing or payment
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60LPROPULSION OF ELECTRICALLY-PROPELLED VEHICLES; SUPPLYING ELECTRIC POWER FOR AUXILIARY EQUIPMENT OF ELECTRICALLY-PROPELLED VEHICLES; ELECTRODYNAMIC BRAKE SYSTEMS FOR VEHICLES IN GENERAL; MAGNETIC SUSPENSION OR LEVITATION FOR VEHICLES; MONITORING OPERATING VARIABLES OF ELECTRICALLY-PROPELLED VEHICLES; ELECTRIC SAFETY DEVICES FOR ELECTRICALLY-PROPELLED VEHICLES
    • B60L53/00Methods of charging batteries, specially adapted for electric vehicles; Charging stations or on-board charging equipment therefor; Exchange of energy storage elements in electric vehicles
    • B60L53/30Constructional details of charging stations
    • B60L53/31Charging columns specially adapted for electric vehicles
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/308Payment architectures, schemes or protocols characterised by the use of specific devices or networks using the Internet of Things
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/349Rechargeable cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3821Electronic credentials
    • G06Q20/38215Use of certificates or encrypted proofs of transaction rights
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02TCLIMATE CHANGE MITIGATION TECHNOLOGIES RELATED TO TRANSPORTATION
    • Y02T10/00Road transport of goods or passengers
    • Y02T10/60Other road transportation technologies with climate change mitigation effect
    • Y02T10/70Energy storage systems for electromobility, e.g. batteries

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Theoretical Computer Science (AREA)
  • Strategic Management (AREA)
  • General Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • Finance (AREA)
  • Computer Security & Cryptography (AREA)
  • Transportation (AREA)
  • Mechanical Engineering (AREA)
  • Power Engineering (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Computing Systems (AREA)
  • Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)

Abstract

The invention discloses a transaction verification method of a charging pile, which is applied to a charging control terminal of the charging pile, and comprises the following steps: in case of reading the charging card, determining a gun identification of a target charging gun selected for providing electric energy and frozen resource data in the charging card, and acquiring a terminal identification and a key index number from a security chip; receiving a pseudo-random number and a resource offline transaction sequence number sent by the charging card under the condition that the key index number can be supported by the charging card; sending an initializing gray lock message authentication code calculation command to the security chip to obtain a subkey corresponding to the consumption key; and sending a gray lock command to the charging card to instruct the charging card to conduct transaction verification. Therefore, the special safety chip of the charging control terminal is used for carrying out safety data interaction, and the malicious damage to the charging control system caused by attack means such as counterfeiting of the identity of the charging control terminal, replay attack and the like can be effectively prevented.

Description

Transaction verification method and device for charging pile, computer equipment and storage medium
Technical Field
The present invention relates to the field of information security technologies, and in particular, to a method and apparatus for verifying a transaction of a charging pile, a computer device, and a storage medium.
Background
The electric automobile takes the power battery as a power source, has the advantages of small noise, no pollution, low loss and the like, and gradually becomes the main stream of the automobile industry. The charging pile is used as a main electric vehicle charging facility and is an important node for linking electric vehicles, energy sources and data. In the aspect of the implementation of the existing electric automobile charging pile technology, the charging control technology of the charging pile is key.
The charging control terminal is used as an important component of the charging control technology of the charging pile, is mainly responsible for reading a charging card, charging and charging the charging, and performing communication interaction with the Internet of vehicles through a network, and is of great importance for ensuring the normal operation of the charging pile and realizing the remote communication of the Internet of vehicles and the charging pile.
In the related art, a charging control terminal generally supports a secure charging service in a one-stake-one-gun mode. However, with the gradual development and popularization of electric vehicles, one-pile multi-gun charging piles are gradually replacing one-pile one-gun charging piles, and the safety protection level of charging control terminals is required to be improved.
Disclosure of Invention
The present invention aims to solve at least one of the technical problems in the related art to some extent. Therefore, a first object of the present invention is to provide a transaction verification method for a charging pile, which is based on a special security chip of a charging control terminal for performing security data interaction, so as to support security protection of charging services of one pile with multiple guns and improve protection level of a charging control system.
A second object of the present invention is to provide a transaction verification device for a charging pile.
A third object of the invention is to propose a computer device.
A fourth object of the present invention is to propose a computer readable storage medium.
In order to achieve the above objective, an embodiment of a first aspect of the present invention provides a transaction verification method for a charging pile, which is applied to a charging control terminal of the charging pile; the charging pile is provided with at least one charging machine gun; the security chip of the charging control terminal stores a terminal identifier, a consumption key and a key index number of the charging control terminal; the method comprises the following steps: in the case of reading a charging card, determining a gun identifier of a target charging gun selected for providing electric energy and frozen resource data in the charging card, and acquiring the terminal identifier and the key index number from the security chip; receiving a pseudo-random number and a resource offline transaction sequence number sent by the charging card under the condition that the key index number can be supported by the charging card; sending an initializing gray lock message authentication code calculation command carrying the machine gun identification to the security chip to instruct the security chip to calculate the consumption key according to a terminal transaction sequence number, the machine gun identification, the pseudo-random number and the resource offline transaction sequence number to obtain a sub-key corresponding to the consumption key; calculating transaction type identification, transaction time data, terminal identification and frozen resource data by using the subkey to obtain a first message authentication code; and sending an ash lock command to the charging card based on the first message authentication code, the terminal random number, the transaction time data and the terminal transaction serial number so as to instruct the charging card to conduct transaction verification on the first message authentication code.
According to one embodiment of the present invention, before receiving the pseudo random number and the resource offline transaction serial number sent by the charging card, if the key index number can be supported by the charging card, the transaction verification method of the charging pile further includes: and sending an ash lock wallet initialization command to the charging card based on the machine gun identification, the frozen resource data, the terminal identification and the key index number so as to instruct the charging card to verify the key index number, and sending a pseudo-random number and a resource offline transaction serial number to the charging control terminal if verification is passed.
According to one embodiment of the present invention, the transaction verification method of the charging pile further includes: and under the condition that the first message authentication code passes the transaction verification, receiving a second message authentication code sent by the charging card so as to verify the validity of the charging card.
According to one embodiment of the present invention, the transaction verification method of the charging pile further includes: sending an ash lock verification code calculation instruction to the security chip based on the transaction type identifier, the charging card identifier, the resource offline transaction serial number and the resource transaction data under the condition that the charging operation is finished, so as to instruct the security chip to calculate an ash lock verification code and a security storage module verification code by using the subkey; and sending the resource transaction data, the resource offline transaction serial number, the terminal identification, the machine gun identification, the terminal transaction serial number, the transaction time data, the gray lock verification code and the secure storage module verification code to the charging card.
According to one embodiment of the present invention, the security chip further stores a first random number; the transaction verification method of the charging pile further comprises the following steps: sending handshake information to a security gateway based on the first random number to instruct the security gateway to issue a second random number, link certificate data, initial signature data and an initial signature value; transmitting the handshake information, the second random number, the link certificate data, the initial signature data and the initial signature value to the security chip to instruct the security chip to extract a signature verification public key from the link certificate data; signing the initial signature data and the initial signature value by using the signature signing public key; calculating a handshake digest value based on the handshake information, and calculating a handshake digest signature value of the handshake digest value by using the signature verification public key; receiving the handshake digest value and the handshake digest signature value sent by the security chip; and sending a key negotiation instruction to the security chip to instruct the security chip to generate a premaster key according to the first random number, the second random number and the client version number, and deriving a working key based on the premaster key.
According to one embodiment of the present invention, the transaction verification method of the charging pile further includes: receiving client verification data sent by the security chip; the client verification data is obtained by calculating the handshake digest according to a client tag stored in the security chip in advance.
According to one embodiment of the present invention, the transaction verification method of the charging pile further includes: receiving a premaster secret key ciphertext sent by the security chip; the pre-master key ciphertext is obtained by encrypting a pre-master key by using a working key by the security chip; based on the client verification data, the client certificate and the premaster secret key ciphertext, carrying out data combination to obtain client result data; and sending the client result data to the security gateway to instruct the security gateway to verify the client result data.
According to one embodiment of the present invention, the transaction verification method of the charging pile further includes: receiving server verification data returned by the security gateway; the server verification data are used for indicating the security chip to verify the security gateway and establishing connection with the security gateway.
According to one embodiment of the present invention, the transaction verification method of the charging pile further includes: receiving ciphertext and verification codes of application data; decrypting the ciphertext of the application data by using the working key to obtain a plaintext of the application data; executing corresponding application layer protocol processing operation according to the plaintext of the application data to obtain execution result data of the application layer protocol processing operation; and sending the execution result data to the security chip to instruct the security chip to calculate the ciphertext and the verification code of the execution result data.
According to one embodiment of the present invention, the transaction verification method of the charging pile further includes: transmitting chip information of the security chip to a car networking platform to instruct the car networking platform to generate authentication data based on the chip information; receiving the authentication data sent by the Internet of vehicles platform; the authentication data is used for indicating the security chip to verify the authentication data and generating authentication verification information and an application session key; and sending the authentication verification information to the internet of vehicles platform so as to instruct the internet of vehicles platform to verify the authentication verification information.
According to one embodiment of the present invention, the transaction verification method of the charging pile further includes: transmitting appointed type data pre-agreed with a mobile client to the security chip so as to instruct the security chip to encrypt the appointed type data; receiving encrypted specified type data and displaying a graphic code generated based on the encrypted specified type data; and under the condition that the mobile client scans the graphic code and decrypts the encrypted specified type data in the graphic code, establishing communication connection with the mobile client.
According to one embodiment of the present invention, the transaction verification method of the charging pile further includes: acquiring controller information of a controller of the charging pile; the controller information comprises a controller serial number and a symmetric key version number; transmitting a first control random number generated by the security chip to the controller to instruct the security chip of the controller to calculate authentication data of the first control random number and generate a second control random number; receiving authentication data of the first control random number and the second control random number; transmitting a control instruction to the security chip to instruct the security chip to encrypt the control instruction using the controller serial number, authentication data of the first control random number, and the second control random number; and sending the encrypted control instruction to the controller.
According to one embodiment of the present invention, the transaction verification method of the charging pile further includes: sending a meter reading instruction to an ammeter; the meter reading instruction carries an ammeter random number generated by the security chip, and the meter reading instruction is used for indicating the security chip of the ammeter to generate security reading data in a preset security mode based on the ammeter random number; the preset security modes comprise a plaintext mac mode, a ciphertext mode and a ciphertext mac mode; and receiving the safe reading data sent by the ammeter, and verifying the safe reading data.
In order to achieve the above object, a second aspect of the present invention provides a transaction verification device for a charging pile, which is applied to a charging control terminal of the charging pile; the charging pile is provided with at least one charging machine gun; the security chip of the charging control terminal stores a terminal identifier, a consumption key and a key index number of the charging control terminal; the device comprises: the charging card reading module is used for reading the charging card; a resource data determination module for determining a gun identity of a target charging gun selected for providing electrical energy and frozen resource data in the charging card, if the charging card is read; the identifier and index number acquisition module is used for acquiring the terminal identifier and the key index number from the security chip; the random number and sequence number receiving module is used for receiving a pseudo-random number and a resource offline transaction sequence number sent by the charging card under the condition that the key index number can be supported by the charging card; the authentication code calculation command sending module is used for sending an initialization gray lock message authentication code calculation command carrying the machine gun identifier to the security chip so as to instruct the security chip to calculate the consumption key according to the terminal transaction sequence number, the machine gun identifier, the pseudo-random number and the resource offline transaction sequence number to obtain a subkey corresponding to the consumption key; calculating transaction type identification, transaction time data, terminal identification and frozen resource data by using the subkey to obtain a first message authentication code; and the gray lock command sending module is used for sending a gray lock command to the charging card based on the first message authentication code, the terminal random number, the transaction time data and the terminal transaction serial number so as to instruct the charging card to conduct transaction verification on the first message authentication code.
According to an embodiment of the present invention, the transaction verification device of the charging stake further includes: and the initialization command sending module is used for sending an ash lock wallet initialization command to the charging card based on the machine gun identification, the frozen resource data, the terminal identification and the key index number so as to instruct the charging card to verify the key index number, and if the verification is passed, sending a pseudo-random number and a resource offline transaction sequence number to the charging control terminal.
According to an embodiment of the present invention, the transaction verification device of the charging stake further includes: the verification code calculation instruction sending module is used for sending an ash lock verification code calculation instruction to the security chip based on the transaction type identifier, the charging card identifier, the resource offline transaction serial number and the resource transaction data under the condition that the charging operation is finished, so as to instruct the security chip to calculate an ash lock verification code and a security storage module verification code by using the subkey; and the transaction data transmitting module is used for transmitting the resource transaction data, the resource offline transaction serial number, the terminal identification, the machine gun identification, the terminal transaction serial number, the transaction time data, the gray lock verification code and the secure storage module verification code to the charging card.
To achieve the above object, an embodiment of a third aspect of the present invention provides a computer device, including a memory and a processor, where the memory stores a computer program, and the processor implements the steps of the method according to any one of the preceding embodiments when the processor executes the computer program.
To achieve the above object, a fourth aspect of the present invention provides a computer-readable storage medium, on which a computer program is stored, which when executed by a processor implements the steps of the method according to any one of the preceding embodiments.
According to the embodiments provided by the invention, the special safety chip is arranged in the charging control terminal of the charging pile, so that the charging control terminal can realize confidentiality, integrity and safety of service data transmitted between the charging pile and each communication interaction object inside and outside the charging pile based on the safety chip, can prevent the charging control system from being maliciously damaged by attack means such as counterfeiting of the identity of the charging control terminal, replay attack and the like, can support the safety protection of charging service of one pile with multiple guns, and effectively improves the safety protection level of the charging control system.
Additional aspects and advantages of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.
Drawings
Fig. 1 is a schematic view of an application scenario of a transaction verification method of a charging pile according to an embodiment of the present disclosure.
Fig. 2a is a flow chart illustrating a transaction verification method of a charging stake according to one embodiment of the present disclosure.
Fig. 2b is a flow chart illustrating a transaction verification method of a charging stake according to one embodiment of the present disclosure.
Fig. 3a is a flow chart illustrating a transaction verification method of a charging stake according to one embodiment of the present disclosure.
Fig. 3b is a flow chart illustrating a transaction verification method of a charging stake according to one embodiment of the present disclosure.
Fig. 4 is a flow chart illustrating a transaction verification method of a charging stake according to one embodiment of the present disclosure.
Fig. 5 is a flow chart illustrating a transaction verification method of a charging stake according to one embodiment of the present disclosure.
Fig. 6 is an interactive flow diagram of a transaction verification method of a charging pile according to one embodiment of the present disclosure.
Fig. 7a is a flow chart illustrating a transaction verification method of a charging stake according to one embodiment of the present disclosure.
Fig. 7b is a flow chart illustrating a transaction verification method of a charging stake according to one embodiment of the present disclosure.
Fig. 8a is a flow chart illustrating a transaction verification method of a charging stake according to one embodiment of the present disclosure.
Fig. 8b is a flow chart illustrating a transaction verification method of a charging stake according to one embodiment of the present disclosure.
Fig. 8c is a flow chart illustrating a transaction verification method of a charging stake according to one embodiment of the present disclosure.
Fig. 8d is a flow chart illustrating a transaction verification method of a charging stake according to one embodiment of the present disclosure.
Fig. 9a is a flow chart illustrating a transaction verification method of a charging stake according to one embodiment of the present disclosure.
Fig. 9b is a flow chart illustrating a transaction verification method of a charging stake according to one embodiment of the present disclosure.
Fig. 9c is a flow chart illustrating a transaction verification method of a charging stake according to one embodiment of the present disclosure.
Fig. 10a is a flow chart illustrating a transaction verification method of a charging stake according to one embodiment of the present disclosure.
Fig. 10b is a flow chart illustrating a transaction verification method of a charging stake according to one embodiment of the present disclosure.
Fig. 11a is a flow chart illustrating a transaction verification method of a charging stake according to one embodiment of the present disclosure.
Fig. 11b is a flow chart illustrating a transaction verification method of a charging stake according to one embodiment of the present disclosure.
Fig. 12a is a block diagram of a transaction verification device of a charging stake according to one embodiment of the present disclosure.
Fig. 12b is a block diagram of a transaction verification device of a charging stake according to one embodiment of the present disclosure.
Fig. 12c is a block diagram of a transaction verification device of a charging stake according to one embodiment of the present disclosure.
Fig. 13 is a block diagram of a computer device according to one embodiment of the present disclosure.
Detailed Description
Embodiments of the present invention are described in detail below, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to like or similar elements or elements having like or similar functions throughout. The embodiments described below by referring to the drawings are illustrative and intended to explain the present invention and should not be construed as limiting the invention.
The electric automobile is a vehicle taking a power battery as a power source, and has the advantages of small noise, no pollution, low loss and the like compared with the traditional vehicle taking petroleum and other energy sources as the power source, and is becoming the main stream of the automobile industry gradually.
In order to facilitate charging of electric vehicles, a large amount of funds are invested in the country for constructing charging stations for electric vehicles. The charging pile is used as a main electric vehicle charging facility in a charging station, is an important node for linking electric vehicles, energy sources and data, and is an important component of the vehicle Internet and the energy source Internet. In the aspect of the implementation of the existing electric automobile charging pile technology, the charging control technology of the charging pile is a key part.
The charging control technology of the charging pile is mainly realized through a charging pile control system, and the charging pile control system comprises a charging equipment controller and a charging control terminal. The charging control terminal is used as important equipment in the charging pile and is mainly responsible for reading charging cards, charging and charging, communication interaction with the Internet of vehicles through a network, controlling the liquid crystal display of the charging pile and other functions, and is critical to ensuring normal work and accurate charging of the charging pile, realizing remote communication between the Internet of vehicles and the charging pile and remote control of the charging pile by the Internet of vehicles.
In the related art, in the first aspect, a charging control terminal is generally set for a charging pile of a pile-gun type to support a safe charging service in the pile-gun mode. However, with the gradual development and popularization of electric vehicles, the charging demand of electric vehicles is increasing, and developing low-cost charging piles becomes a necessary trend of development of electric vehicle charging stations, and one-pile-one-gun charging piles will gradually develop into one-pile-multi-gun charging piles, so as to satisfy the application scenarios that multiple users can use one charging pile at the same time. Under the condition, the charging control terminal aiming at the one-pile one-gun type charging pile cannot meet the technical requirements of safety protection of the one-pile multi-gun type charging pile. In a second aspect, the charging control terminal of the charging pile communicates directly with the internet of vehicles platform, typically through an ethernet interface. The communication line between the charging control terminal and the internet of vehicles platform is easily exposed to the risk of network attacks from the public network or private network, and an attacker may destroy the integrity and correctness of data transmitted between the charging control terminal and the internet of vehicles platform by maliciously imitation or tampering with confidential information. In the third aspect, the charging control terminal of the charging pile typically sends a control command to the charging device controller of the charging pile through the CAN bus, and an attacker may falsify the identity of the false charging control terminal, and the false charging control terminal sends an abnormal control command to the charging device controller so as to perform illegal operations such as power stealing. In the fourth aspect, the charging control terminal of the charging post communicates with the charging post application on the user's mobile phone directly, typically through a bluetooth interface. Because the Bluetooth technology has a certain security risk, the communication through the Bluetooth interface is easy to attack by various Bluetooth hackers, and the Bluetooth communication between the charging pile application program of the charging control terminal and the user mobile phone has higher security protection requirements.
In order to improve the multi-aspect safety protection level of the charging control terminal of the charging pile, it is necessary to provide a transaction verification method of the charging pile, which can support the safety protection of charging business of one pile and multiple guns. And installing special safety chips in the charging control terminal and the charging equipment controller of the charging pile, wherein the special safety chips of the charging control terminal can be used for storing and managing keys and digital certificates of the charging control terminal and performing password operation. Based on a special security chip, a symmetric encryption algorithm data encryption and message authentication mode is adopted between the charging control terminal and the security gateway, the charging pile application program, the electric automobile charging card and the charging pile ammeter, and a digital certificate-based security authentication mode is adopted between the charging control terminal and the Internet of vehicles platform, so that confidentiality, integrity and security of service data transmitted between the charging control terminal of the charging pile and all communication interaction objects inside and outside the charging pile are realized, malicious damage to a charging control system caused by attack means such as counterfeiting of the identity of the charging control terminal, replay attack and the like can be prevented, illegal operations such as electricity stealing and the like can be prevented, and thus, accidents of the charging control system are prevented.
Fig. 1 is a schematic view of an application scenario of a transaction verification method of a charging pile provided in the present specification. Taking an electric automobile charging pile comprising an object-oriented protocol ammeter, a charging control terminal TCU, a charging equipment controller, an electric automobile charging card reader and a Bluetooth interface as an example, wherein the object-oriented protocol ammeter is used as a power consumption metering unit, and the charging equipment controller can control the charging machine gun of the charging pile to work. There may be a plurality of charging guns, object oriented protocol meters and charging device controllers corresponding to the charging posts. The charging control terminal TCU and the object-oriented protocol ammeter can be communicated through an RS485 bus; the charging control terminal TCU and the charging equipment controller CAN be communicated through a CAN bus; the charging control terminal TCU can comprise a Bluetooth interface, so that the charging control terminal TCU can carry out safe communication with the mobile phone app of the user through the Bluetooth interface; the charging control terminal TCU and the electric vehicle charging card reader can communicate through an RS232 interface, so that the charging control terminal TCU can perform data interaction with the electric vehicle charging card. The charging control terminal TCU can communicate with a plurality of charging equipment controllers and can send control commands to the plurality of charging equipment controllers so as to control a plurality of different charging guns on the same charging pile to work.
Further, a security chip of the charging control terminal is embedded in the TCU of the charging control terminal, so as to be used for data encryption and message security authentication when data transmission is carried out between the charging control terminal and other communication objects; the controller safety chip is embedded in the charging equipment controller and is used for verifying the legitimacy of the charging control terminal, so that the illegal charging control terminal is prevented from sending an abnormal control instruction to the controller to carry out operations such as power stealing.
In this scenario example, the electric car charging stake and the internet of vehicles platform may communicate based on MQTT (Message Queuing Telemetry Transport, message queue telemetry transport protocol) protocol. Specifically, the charging control terminal of the electric automobile charging pile can perform data transmission with the safety gateway of the internet of vehicles platform based on the MQTT protocol so as to be connected with the internet of vehicles platform, and the charging control terminal can perform identity authentication and uplink and downlink data transmission with the internet of vehicles platform.
The embodiment of the specification provides a transaction verification method of a charging pile, which is applied to a charging control terminal of the charging pile; the charging pile is provided with at least one charging machine gun; the security chip of the charging control terminal stores the terminal identification, the consumption key and the key index number of the charging control terminal. Referring to fig. 2a, the transaction verification method of the charging stake may include the following steps.
And S110, under the condition that the charging card is read, determining a machine gun identification of a target charging machine gun selected for providing electric energy and frozen resource data in the charging card, and acquiring a terminal identification and a key index number from the security chip.
The terminal identification comprises the serial number of the charging control terminal and the serial number of the security chip of the charging control terminal. The consumption key is a root key of a key used for gray lock consumption transaction of the current charging process, and the key index number is a key index number of the consumption key. The machine gun mark is the number corresponding to the charging machine gun of the charging pile. Illustratively, the charging stake has 8 charging guns, corresponding gun designations No. 1, no. 2, no. 3, no. …, no. 8. The frozen resource data is the data such as the estimated deduction amount determined by the charging control terminal aiming at the current charging card.
Specifically, when a user needs to use the charging pile to charge the electric automobile, the user uses the charging card to punch the card once at the corresponding position of the charging pile, and selects a charging machine gun which is determined to be used as a target charging machine gun for providing electric energy at present. After the user selects the target charging machine gun, the charging control terminal can determine the machine gun identification corresponding to the target charging machine gun. The charging control terminal reads card information, electricity purchase wallet information and the like in the charging card to determine the amount and the like which are expected to be deducted from the electricity purchase wallet of the charging card in the current charging transaction, and the amount and the like are used as frozen resource data in the charging card.
The charging control terminal sends an instruction for acquiring the terminal identification and the key index number to the security chip so as to acquire the corresponding terminal identification and the key index number, and the charging control terminal is used for carrying out ash lock processing on the electricity purchasing purse in the charging card. Illustratively, the key index number is obtained by the billing control terminal sending an ADF (Application Dedicated File, application specific file) selection instruction to the security chip.
In some embodiments, the charging control terminal is a charging control unit (TCU) in a charging control system of the charging stake. The security chip (Embedded Secure Access Module, ESAM) is an embedded security control module using domestic cryptographic algorithms (SM 1, SM2, SM3, SM 4) for storing and managing keys, for performing cryptographic operations, etc. The charging card is a smart card with a security module. The consumption key is a symmetrical key which is negotiated in advance by the charging card and the charging control terminal and is respectively stored in a security module of the charging card and a security chip of the charging control terminal.
And S120, receiving the pseudo-random number and the resource offline transaction serial number sent by the charging card under the condition that the key index number can be supported by the charging card.
The resource offline transaction serial number is a wallet offline transaction serial number in the charging card.
Specifically, the charging control terminal transmits the key index number acquired from the security chip to the charging card, and the charging card checks whether the received key index number is supported by the charging card. Under the condition that the charging card checking key index number can be supported by the charging card, the charging card generates a pseudo-random number and sends the pseudo-random number and data such as the resource offline transaction serial number of the charging card to the charging control terminal.
S130, sending an initializing gray lock message authentication code calculation command carrying a machine gun identifier to the security chip to instruct the security chip to calculate a consumption key according to a terminal transaction sequence number, the machine gun identifier, a pseudo-random number and a resource offline transaction sequence number to obtain a sub-key corresponding to the consumption key; and calculating the transaction type identifier, the transaction time data, the terminal identifier and the frozen resource data by using the subkey to obtain a first message authentication code.
The terminal transaction serial number is stored in a security chip of the charging control terminal, and is updated correspondingly when the charging pile generates a transaction. The subkeys are a group of subkeys generated by taking the consumption key as a root key and are used for corresponding gray lock consumption transaction of the charging card and the charging control terminal in the charging process. The transaction time data includes transaction date, transaction time, and the like.
The frozen resource data is the actual frozen amount. The actual frozen amount is determined according to the balance of the electric wallet in the charging card and the predicted deduction amount, and when the balance of the electric wallet is larger than or equal to the predicted deduction amount, the actual frozen amount is the predicted deduction amount; when the balance of the electricity purchasing wallet is smaller than the expected deduction amount, the actual frozen amount is the balance of the electricity purchasing wallet.
The pseudo-random number generated by the charging card is changed, namely the pseudo-random number of each complete charging transaction process is different, so that the generated sub-secret keys are also different, the problems that secret keys are stolen and the like in the charging transaction process can be prevented, and the safety protection level of data interaction between the charging control terminal and the charging card is improved.
And S140, sending a gray lock command to the charging card based on the first message authentication code, the terminal random number, the transaction time data and the terminal transaction serial number so as to instruct the charging card to conduct transaction verification on the first message authentication code.
The terminal random number is a random number generated by a security chip of the charging control terminal aiming at the charging process.
Specifically, after the security chip calculates the first message authentication code, the terminal random number and the terminal transaction serial number are returned to the charging control terminal. The charging control terminal organizes the first message authentication code, the terminal random number, the transaction time data and the terminal transaction serial number into an ash lock command and sends the ash lock command to the charging card. And after the charging card receives the gray lock command, verifying the first message authentication code by using the subkey.
It should be noted that, in the above embodiment, the generation process of the subkey used for verifying the first message authentication code is the same as the generation process of the subkey corresponding to the consumption key in step S130, and is obtained by calculating the consumption key by using the terminal transaction serial number, the machine gun identifier, the pseudo-random number and the resource offline transaction serial number by the charging card.
In the above embodiment, an embedded security chip of the charging control terminal is provided, so that the charging transaction between the charging control terminal and the charging card of the electric automobile can be realized through an ash lock mechanism. In the charging transaction process, the charging card selects a charging machine gun number to be bound, so that the safety protection of charging business of one pile and multiple guns can be realized, and the safety protection of charging business of one pile and eight guns can be supported at most. Therefore, the safety protection level of the charging control system can be improved according to the general protection principle of the new version of the standardized design scheme of the charging facility compiled by the national network electric automobile company.
In some embodiments, in the case that the key index number can be supported by the charging card, before receiving the pseudo random number and the resource offline transaction serial number sent by the charging card, the transaction verification method of the charging pile may further include: and sending an ash lock wallet initialization command to the charging card based on the machine gun identification, the frozen resource data, the terminal identification and the key index number to instruct the charging card to verify the key index number, and if the verification is passed, sending a pseudo-random number and a resource offline transaction sequence number to the charging control terminal.
Specifically, the charging control terminal organizes a gun identifier, frozen resource data, a terminal identifier, a key index number and the like of the target charging gun into an ash lock wallet initialization command, and sends the ash lock wallet initialization command to the charging card. After receiving the ash lock wallet initialization command, the charging card checks whether the key index number contained in the command is supported by the charging card. After checking that the key index number can be supported by the charging card, the charging card generates a pseudo-random number, and then the charging card sends the data such as the resource offline transaction serial number, the pseudo-random number and the like to the charging control terminal.
In some embodiments, the transaction verification method of the charging stake may further include: and under the condition that the first message authentication code passes the transaction verification, receiving a second message authentication code sent by the charging card so as to verify the validity of the charging card.
Specifically, after the charging card verifies that the first message authentication code passes, the gray lock is applied to the electricity purchasing purse in the charging card, and a second message authentication code is generated and sent to the charging control terminal. And the security chip of the charging control terminal verifies the second message authentication code to check the validity of the charging card. After the safety chip verifies that the second message authentication code passes, the electric automobile corresponding to the charging card can start to use electricity. In some embodiments, the second message authentication code is a MAC verification code.
Fig. 2b is a schematic diagram illustrating interaction flow between a charging control terminal and a security chip and a charging card of the charging control terminal. Referring to fig. 2b, the charging control terminal TCU sends a terminal identification reading instruction to the security chip of the charging control terminal TCU according to the determined machine gun identification. The security chip receives the instruction and returns the terminal identification to the charging control terminal, and the charging control terminal acquires and stores the terminal identification. The charging control terminal sends an ADF (Application Dedicated File, application specific file) selection instruction to the security chip, the security chip receives the instruction and returns the key index number of the consumption key to the charging control terminal, and the charging control terminal acquires the key index number and stores the key index number.
The charging control terminal sends an instruction for reading the information of the electricity purchasing wallet to the charging card, and the charging card receives the instruction and returns the effective date of the charging card, the information of the electric automobile, the available amount in the electricity purchasing wallet and other data to the charging control terminal. The charging control terminal acquires the data, determines the amount of money which is expected to be deducted by the current charging, and the like, and uses the amount of money as frozen resource data in the charging card.
The charging control terminal organizes a terminal identifier, a key index number, a machine gun identifier, an expected deduction amount and the like into an ash lock wallet initialization command, sends the ash lock wallet initialization command to the charging card, and checks whether the key index number contained in the command is supported by the charging card after the charging card receives the ash lock wallet initialization command. After the charging card checks that the key index number can be supported by the charging card, a pseudo-random number ICC is generated, and the charging card sends data such as the balance of the electricity purchasing wallet in the charging card, the off-line transaction serial number of the wallet, the overdraft limit, the key version number, the security algorithm identification, the pseudo-random number ICC, the actual frozen amount and the like to the charging control terminal. The charging control terminal receives and stores the data such as the offline transaction serial number, the transaction date, the transaction time, the key version number, the security algorithm identification, the pseudo random number ICC, the actual frozen amount and the like. In some embodiments, the security algorithm is an algorithm for security computation, such as a signature algorithm, a signature verification algorithm, an encryption and decryption algorithm, and the like.
The charging control terminal sends an initializing gray lock message authentication code calculation command containing a machine gun identifier to a security chip of the charging control terminal, and after the security chip of the charging control terminal receives the command, the terminal transaction sequence number, the machine gun identifier, the pseudo random number ICC and the resource offline transaction sequence number are used for calculating a consumption key so as to generate a subkey corresponding to the consumption key. The security chip of the charging control terminal uses the subkey to calculate the transaction type identifier, the terminal identifier, the transaction date, the transaction time and the actual frozen amount, and a first message authentication code is obtained. In some embodiments, the first message authentication code is a MAC verification code.
The security chip returns the first message authentication code, the terminal random number TRAN and the terminal transaction serial number to the charging control terminal. The charging control terminal organizes the first message authentication code, the terminal random number TRAN, the transaction date, the transaction time and the terminal transaction serial number into an ash lock command and sends the ash lock command to the charging card. And after the charging card receives the gray lock command, verifying the first message authentication code by using the subkey. After the charging card verifies that the first message authentication code passes, the internal transaction detail offline transaction serial number is added with 1, and gray lock processing is carried out on the electricity purchase wallet application in the charging card.
The charging card generates a second message authentication code and sends the second message authentication code to the charging control terminal, and the charging control terminal sends a second message authentication code verification instruction to a security chip of the charging control terminal based on the second message authentication code. The security chip receives the instruction, verifies the second message authentication code and returns the verification result to the charging control terminal. After the safety chip verifies that the second message authentication code passes, the electric automobile corresponding to the charging card can start to use electricity.
In some embodiments, the charging card also generates a gray lock verification code GTAC when generating the second message authentication code. If abnormal interruption and the like occur in the charging process, and the unbuckling command of the ash lock wallet cannot be successfully executed at the time, the ash lock verification code GTAC can be incorporated into abnormal transaction data of the terminal by the charging control terminal so as to be uploaded to a host for ash lock verification.
In some embodiments, referring to fig. 3a, the transaction verification method of the charging stake may further include the following steps.
And S210, under the condition that the charging operation is finished, sending an ash lock verification code calculation instruction to the security chip based on the transaction type identifier, the charging card identifier, the resource offline transaction serial number and the resource transaction data so as to instruct the security chip to calculate the ash lock verification code and the security storage module verification code by using the sub-secret key.
Wherein the charging card is identified as a wallet application serial number in the charging card. The resource transaction data is data such as transaction amount actually generated in the charging process. The safe storage module is a safe storage module in the charging control terminal.
Specifically, under the condition that the electric automobile charging is finished, the charging control terminal sends an ash lock verification code calculation instruction to a security chip of the charging control terminal based on data such as transaction type identification, wallet application serial numbers in a charging card, wallet off-line transaction serial numbers, transaction amounts and the like. The security chip receives the gray lock verification code calculation instruction, calculates the gray lock verification code based on transaction amount and the like by using a subkey corresponding to the consumption key, and calculates the security storage module verification code based on transaction type identification, charging card identification, resource offline transaction serial number, resource transaction data, gray lock verification code and the like by using the gray lock subkey. And the security chip returns the calculated gray lock verification code and the security storage module verification code to the charging control terminal.
S220, sending the resource transaction data, the resource offline transaction serial number, the terminal identification, the machine gun identification, the terminal transaction serial number, the transaction time data, the gray lock verification code and the secure storage module verification code to the charging card.
Specifically, in the case where the charging of the electric vehicle is ended, the user needs to perform the secondary card swiping. After the charging control terminal receives the gray lock verification code and the secure storage module verification code returned by the secure chip, the charging control terminal sends a gray lock releasing instruction to the charging card based on the data such as the resource transaction data, the resource offline transaction serial number, the terminal identification, the machine gun identification, the terminal transaction serial number, the transaction time data, the gray lock verification code, the secure storage module verification code and the like.
Further, after receiving the gray lock release instruction, the charging card verifies the correctness of the gray lock verification code. And after verifying that the gray lock verification code is correct, the charging card executes a corresponding gray lock unlocking instruction to finish the operations of unlocking gray lock, deducting money and the like.
For example, referring to fig. 3b, when charging of the electric vehicle is completed, the charging control terminal TCU sends an ash lock verification code calculation instruction to the security chip based on the transaction type identifier, the power purchase wallet application serial number in the charging card, the wallet offline transaction serial number, the transaction amount, and other data. The security chip receives the gray lock verification code calculation instruction, calculates gray lock verification code GMAC by using a subkey corresponding to the consumption key to data such as transaction amount, and calculates security storage module verification code SAMTAC by using the gray lock subkey to data such as transaction type identification, a power purchase wallet application serial number in the charging card, a wallet offline transaction serial number, transaction amount, the gray lock verification code GMAC, a terminal transaction serial number and the like. And the security chip returns the gray lock verification code GMAC and the security storage module verification code SAMTAC to the charging control terminal.
The charging control terminal sends an ash lock unbuckling instruction to the charging card based on the transaction amount, the wallet offline transaction serial number, the terminal identification, the machine gun identification, the terminal transaction serial number, the transaction date, the transaction time, the ash lock verification code GMAC, the security storage module verification code SAMTAC and other data. After the charging card receives the gray lock unbuckling instruction, judging whether the physical card number of the charging card is the same as the card number of the original charging card with the gray lock, and under the condition of the same judgment, verifying the correctness of the gray lock verification code GMAC by the charging card. Under the condition that the charging card verifies that the gray lock verification code GMAC is correct, the charging card executes a gray lock unlocking instruction to finish operations such as unlocking gray lock and deducting money, and the transaction verification code TAC of the unlocking transaction is returned to the charging control terminal. The charging control terminal receives the transaction verification code TAC and sends an instruction for clearing the transaction verification code to-be-read mark TACUF to the charging card, and the charging card receives the instruction and clears the transaction verification code to-be-read mark TACUF to indicate that the complete charging transaction process is completed.
In some embodiments, the secure chip also has a first random number stored therein. Referring to fig. 4, the transaction verification method of the charging stake may further include the following steps.
And S310, sending handshake information to the security gateway based on the first random number to instruct the security gateway to issue a second random number, link certificate data, initial signature data and an initial signature value.
The first random number is a random number generated by the security chip. The security gateway is the security gateway of the car networking platform.
Specifically, the charging control terminal takes a first random number from a security chip of the embedded charging control terminal, and organizes handshake information data comprising the first random number and sends the handshake information data to a security gateway of the internet of vehicles platform. After the security gateway receives the handshake information data, the security gateway transmits the second random number, the link certificate data, the initial signature data of the security gateway and the initial signature value to the charging control terminal.
S320, sending handshake information, a second random number, link certificate data, initial signature data and an initial signature value to the security chip to instruct the security chip to extract a signature verification public key from the link certificate data; signing the initial signature data and the initial signature value by using the signature signing public key; and calculating a handshake digest value based on the handshake information, and calculating a handshake digest signature value of the handshake digest value by using the signature verification public key.
Specifically, the charging control terminal receives the second random number, the link certificate data, the initial signature data and the initial signature value of the security gateway, which are issued by the security gateway, and sends the data to the security chip of the charging control terminal. The security chip verifies the validity of the link certificate data according to the link certificate rule, and takes out the corresponding signature verification public key from the link certificate data with the validity verified, and then uses the signature verification public key to verify the initial signature data and the initial signature value. The charging control terminal sends the same handshake information data to the security chip, and the security chip calculates a corresponding handshake abstract value for the handshake information data and sends the handshake abstract value to the charging control terminal. The security chip also uses the signature verification key to sign the handshake digest value to obtain a handshake digest signature value of the handshake digest value, and sends the handshake digest signature value to the charging control terminal.
It should be noted that the link certificate data may include data of a plurality of certificates, such as signature verification certificate data, encryption and decryption certificate data, and the like. The security chip may take out public keys corresponding to the certificates from the link certificate data with legal verification, and the signature verification public key is a public key used for signature verification in the public keys.
S330, receiving the handshake digest value and the handshake digest signature value sent by the security chip.
S340, sending a key negotiation instruction to the security chip to instruct the security chip to generate a premaster key according to the first random number, the second random number and the client version number, and deriving a working key based on the premaster key.
Specifically, the charging control terminal sends the version number of the charging control terminal to the security chip, and sends a key negotiation instruction to the security chip. And the security chip executes a key negotiation instruction according to the first random number, the second random number and the version number of the charging control terminal so as to generate a premaster secret key. And taking the premaster secret key as a root secret key, and simultaneously deriving a plurality of working secret keys by the security chip, wherein the working secret keys correspond to the working scene. The working key is stored in the security chip and used for the subsequent security calculation when the data transmission is carried out between the charging control terminal and the security gateway so as to protect the security of the data.
Different working keys are applied to different scenes, such as encryption and decryption scenes, signature and signature verification scenes and the like of data transmission between a charging control terminal and a security gateway, and the working keys corresponding to different application scenes comprise encryption and decryption keys, signature and signature verification keys and the like.
In some embodiments, the transaction verification method of the charging stake may further include: and receiving the client verification data sent by the security chip. The client verification data is obtained by calculating a handshake abstract value according to a client tag stored in the security chip in advance.
Wherein, the client is a charging control terminal.
Specifically, the security chip of the charging control terminal performs security calculation on the handshake digest value according to the stored client tag to obtain client verification data for key negotiation confirmation, and sends the verification data to the charging control terminal. In some embodiments, the client tag is a "client finished" tag.
In the handshake process of the two communication parties, the two communication parties usually agree on corresponding labels in advance for safety calculation in the handshake process of the two communication parties. The communication parties comprise a client and a server, wherein the client is correspondingly stored with a client label, and the server is correspondingly stored with a server label.
In some embodiments, referring to fig. 5, the transaction verification method of the charging stake may further include the following steps.
S410, receiving a premaster secret key ciphertext sent by the security chip. The pre-master key ciphertext is obtained by encrypting the pre-master key by using a working key through a security chip.
Specifically, after the security chip executes a key negotiation instruction to generate a premaster key and derives a plurality of working keys by taking the premaster key as a root key, the security chip encrypts the premaster key by using the derived working key to obtain a premaster key ciphertext, and sends the premaster key ciphertext to the charging control terminal. The premaster secret key ciphertext is used for being subsequently sent to the security gateway, so that the security gateway can decrypt to obtain the premaster secret key, and a plurality of working keys are further derived based on the premaster secret key. It should be noted that, the plurality of working keys derived by the security gateway based on the premaster secret key are in one-to-one correspondence with and the same as the plurality of working keys stored in the security chip, and are used for symmetrically encrypting the data transmitted between the charging control terminal and the security gateway.
S420, based on the client verification data, the client certificate and the premaster secret ciphertext, data combination is carried out, and client result data is obtained.
The client certificate is a certificate of a security chip of the charging control terminal, and a public key of the security chip can be obtained from the certificate.
S430, sending the client end result data to the security gateway to instruct the security gateway to verify the client end result data.
Specifically, the charging control terminal organizes the client authentication data, handshake digest signature value, client certificate and premaster secret ciphertext into client result data, and sends the client result data to the security gateway. The security gateway receives the client result data and verifies the client verification data in the client result data.
In some embodiments, the transaction verification method of the charging stake may further include: and receiving the server verification data returned by the security gateway. The server verification data are used for indicating the security chip to verify the security gateway and establishing connection with the security gateway.
In the above embodiments, the charging control terminal corresponds to the client terminal of both communication parties, the security gateway corresponds to the server terminal of both communication parties, and the security gateway stores the server terminal tag. In some embodiments, the server side label is "server finished".
Specifically, the security gateway receives client result data and verifies client verification data in the client result data. After the verification of the client verification data is passed, the security gateway performs security calculation according to the server label to obtain the server verification data, the server verification data is returned to the charging control terminal, and the charging control terminal receives the server verification data returned by the security gateway. The charging control terminal sends the server verification data to the security chip, and the security chip executes a key negotiation confirmation instruction to verify the correctness of the received server verification data. If the verification data of the server passes the verification, the two-way verification and key negotiation between the charging control terminal and the security gateway are successful, and the security chip enables the working key for data transmission with the security gateway. Further, the security gateway derives the same working key from the premaster secret. So far, the charging control terminal and the security gateway successfully establish a secure data communication connection.
Illustratively, the charging control terminal and the security gateway conduct secure data interaction at a link layer through SSL VPN (Secure Sockets Layer, secure socket protocol; virtual Private Network, virtual private network) to ensure the security of a communication link between the charging control terminal and the security gateway. The secure data interaction between the charging control terminal and the secure gateway comprises two parts of interaction for establishing secure communication connection and interaction based on data protection. Referring to fig. 6, the interaction of establishing a connection between the charging control terminal and the security gateway may include the following processes:
the charging control terminal TCU sends a random number acquisition instruction to a security chip of the charging control terminal TCU, and the security chip acquires a first random number R1 and returns the first random number R1 to the charging control terminal TCU. The charging control terminal organizes handshake information data comprising the first random number R1 and sends the handshake information data to a security gateway of the vehicle networking platform. After the security gateway receives the handshake information Data, the second random number R2, the link certificate Data CertData, the initial signature Data0 of the security gateway and the initial signature value Sign0 are sent to the charging control terminal.
The charging control terminal receives a second random number R2, link certificate Data CertData, initial signature Data0 and an initial signature value Sign0 which are sent by the security gateway, a security chip of the charging control terminal verifies the validity of the link certificate Data CertData according to the link certificate rule, a public key is taken out from the verified valid link certificate Data CertData, and then the signature verification public key is used for verifying the initial signature value Sign 0. The charging control terminal sends the same handshake information data to the security chip, and the security chip calculates the handshake abstract value of the handshake information data and sends the handshake abstract value to the charging control terminal. And the security chip calculates a handshake digest signature value of the handshake digest value by using the signature verification key and sends the handshake digest signature value to the charging control terminal.
The charging control terminal sends the version number of the charging control terminal to the security chip, and the security chip executes a key negotiation instruction according to the first random number R1, the second random number R2 and the version number of the charging control terminal to generate a premaster secret key, takes the premaster secret key as a root secret key, derives a plurality of working secret keys and stores the working secret keys. The security chip encrypts the premaster secret key by using the derived working secret key to obtain a premaster secret key ciphertext, and sends the premaster secret key ciphertext to the charging control terminal.
The security chip carries out security calculation on the handshake abstract value according to the stored client label, obtains client verification data for key negotiation confirmation, and sends the verification data to the charging control terminal.
The charging control terminal organizes the client verification data, the handshake digest signature value, the TCU certificate and the premaster secret key ciphertext into result data, and sends the result data to the security gateway. The security gateway receives the result data and verifies the client verification data in the result data. Under the condition that the verification of the client verification data is passed, the security gateway derives the same working key according to the premaster key, carries out security calculation according to a server finished to obtain the server verification data, and returns the server verification data to the charging control terminal. And the charging control terminal receives the server verification data returned by the security gateway. The charging control terminal sends the server verification data to the security chip, and the security chip executes a key negotiation confirmation instruction to verify the correctness of the server verification data. If the verification result is correct, the security chip enables the working key. So far, the charging control terminal and the security gateway successfully establish data communication connection.
In some embodiments, referring to fig. 7a, the transaction verification method of the charging stake may further include the following steps.
S510, receiving ciphertext of the application data and a verification code.
The application data is application layer protocol processing data issued by the security gateway. The application data includes data such as data reading, setting, operation and the like sent by the security gateway to the charging control terminal.
Specifically, through the method, the charging control terminal and the security gateway establish data communication connection. The security gateway encrypts the application data by using the working key derived in the key negotiation process to obtain the ciphertext of the application data, and calculates the verification code of the application data by using the working key to obtain the verification code of the application data. And the security gateway sends the ciphertext and the verification code of the obtained application data to the charging control terminal. In some embodiments, the verification code is a MAC verification code.
S520, decrypting the ciphertext of the application data by using the working key to obtain the plaintext of the application data.
Specifically, after receiving the ciphertext of the application data and the verification code, the charging control terminal enables the security chip to verify the verification code first, and under the condition that verification is passed, the security chip decrypts the ciphertext of the application data to obtain the plaintext of the application data. The charging control terminal executes corresponding application layer protocol processing according to the plaintext of the application data, including data reading, setting, operation and the like.
Further, before the charging control terminal sends the link decryption calculation instruction to the security chip, the charging control terminal also sends the link verification code verification instruction to the security chip, so that the security chip can verify the correctness of the verification code of the application data, and after the verification result is correct, the charging control terminal sends the link decryption calculation instruction to the security chip.
S530, corresponding application layer protocol processing operation is executed according to the plaintext of the application data, and execution result data of the application layer protocol processing operation is obtained.
S540, sending the execution result data to the security chip to instruct the security chip to calculate the ciphertext and the verification code of the execution result data.
Specifically, after executing corresponding application layer protocol processing operation according to the plaintext of the application data, the charging control terminal generates corresponding execution result data for executing the application layer protocol processing. The charging control terminal sends the execution result data to the security chip and instructs the security chip to calculate the ciphertext and verification code of the result data based on the result data, so as to enable the security gateway to verify the correctness of the result data. After verification is correct, communication interaction based on data protection can be realized between the charging control terminal and the security gateway.
Illustratively, referring to fig. 7b, the interaction flow of the charging control terminal and the security gateway based on data protection includes:
the security gateway calculates a verification code MAC1 and a ciphertext Endata1 for the application Data1 by using the working key, and organizes the MAC1 and the Endata1 into a message and sends the message to the charging control terminal TCU.
After receiving the verification code MAC1 and the ciphertext Endata1, the charging control terminal sends a link MAC verification instruction to the security chip based on the verification code MAC1 and the ciphertext Endata1, and the security chip receives the instruction and verifies the correctness of the verification code MAC 1. The charging control terminal sends a link decryption calculation instruction to the security chip, and the security chip decrypts the ciphertext Endata1 to obtain a plaintext of the application Data 1.
The security chip returns the plaintext of the application Data1 to the charging control terminal, and the charging control terminal executes corresponding application layer protocol processing (reading, setting, operating and the like) operations according to the application Data 1.
The charging control terminal sends the result Data2 for executing the application layer protocol processing to the security chip, and the security chip calculates the verification value MAC2 and the ciphertext value Endata2 based on the result Data2 so as to carry out Data protection on the result Data and send the result Data to the charging control terminal. The charging control terminal performs Data combination on the verification value MAC2 and the ciphertext value Endata2, and sends the verification value MAC2 and the ciphertext value Endata2 to the security gateway, and the security gateway receives and verifies the correctness of the result Data 2. After the result Data2 passes the verification, the communication interaction based on Data protection can be realized between the charging control terminal and the security gateway.
In some embodiments, referring to fig. 8a, the transaction verification method of the charging stake may further include the following steps.
And S610, transmitting the chip information of the security chip to the Internet of vehicles platform to instruct the Internet of vehicles platform to generate authentication data based on the chip information.
The internet of vehicles platform comprises a security gateway corresponding to any one of the embodiments. The authentication data is used for identity authentication between the charging control terminal and the Internet of vehicles platform.
Specifically, the charging control terminal sends an instruction for acquiring chip information to the security chip, and the security chip returns the corresponding chip information to the charging control terminal. And the charging control terminal sends the chip information to the internet of vehicles platform, and the internet of vehicles platform generates corresponding authentication data according to the chip information of the security chip.
Illustratively, the internet of vehicles platform generates a counter and a random number according to chip information of the security chip, and then encrypts the counter and the random number to obtain ciphertext of the counter and the random number. The internet of vehicles platform signs the ciphertext, and combines the ciphertext and the signature of the ciphertext to obtain authentication data.
In some embodiments, the chip information includes information of a chip manufacturer, a chip version number, a chip serial number, and the like.
S620, receiving authentication data sent by the Internet of vehicles platform. The authentication data is used for indicating the security chip to verify the authentication data and generating authentication verification information and an application session key.
The application session key is used for encrypting and decrypting data transmission between the charging control terminal and the Internet of vehicles platform.
Specifically, the internet of vehicles platform issues authentication data to the charging control terminal, and after receiving the authentication data, the charging control terminal sends an instruction to the security chip, so that the security chip firstly verifies the authentication data, and generates authentication verification information according to a verification result and returns the authentication verification information to the charging control terminal. Secondly, in case that the authentication data passes verification, the secure chip internally generates a corresponding application session key.
In some embodiments, the application session key is made valid for one session time by presetting the validity time of the application session key. When the use time of the application session key reaches the preset effective time, the application session key is invalid. If the communication between the charging control terminal and the Internet of vehicles platform is needed to be continued, the application session key negotiation process is needed to be carried out again, and the communication can be carried out again after a new application session key is generated, so that the randomness and the temporary property of the session key are ensured, and the safety of data interaction is improved.
S630, sending the authentication verification information to the internet of vehicles platform to instruct the internet of vehicles platform to verify the authentication verification information.
Specifically, the charging control terminal sends the authentication verification information to the internet of vehicles platform, and the internet of vehicles platform receives the authentication verification information and verifies the authentication verification information. On the premise that the verification information passes verification, the charging control terminal and the vehicle networking platform complete the identity authentication process, and the charging control terminal and the vehicle networking platform can start to perform a session.
The interaction flow between the charging control terminal and the internet of vehicles platform comprises identity authentication interaction and uplink and downlink data transmission interaction. Referring to fig. 8b, the identity authentication interaction between the charging control terminal and the internet of vehicles platform may include the following procedures:
the charging control terminal TCU sends a chip information acquisition instruction to the security chip, the security chip receives the instruction and returns the chip information of the security chip to the charging control terminal TCU. And the charging control terminal sends the chip information to the car networking platform. The car networking platform receives the chip information and generates a counter ASCTR and a random number R1 according to the chip information iov Then for counter ASCTR and random number R1 iov The ciphertext M1 is obtained by encryption. The internet of vehicles platform continues to sign the ciphertext M1 to obtain a signature S1, and then combines the ciphertext M1 and the signature S1 to obtain authentication data And issues the authentication data to the charging control terminal. And the charging control terminal receives the authentication data and then sends an asymmetric key negotiation instruction aiming at the Internet of vehicles platform to the security chip. The security chip receives the asymmetric key negotiation instruction, firstly verifies the authentication data, generates authentication verification information and returns the authentication verification information to the charging control terminal. Second, in case the authentication data is verified, the secure chip internally generates an application session key. The charging control terminal receives the authentication verification information and sends the authentication verification information to the internet of vehicles platform, and the internet of vehicles platform verifies the authentication verification information after receiving the authentication verification information. After the authentication verification information passes the verification, the identity authentication process between the charging control terminal and the internet of vehicles platform is ended, and one session between the internet of vehicles platform and the charging control terminal is started.
The uplink and downlink data transmission between the charging control terminal and the internet of vehicles platform is required to be performed after the identity authentication between the charging control terminal and the internet of vehicles platform. The downlink data of the charging control terminal by the Internet of vehicles platform comprises operation instructions such as reset, parameter setting, control and the like. Referring to fig. 8c, the downlink data transmission interaction between the internet of vehicles platform and the charging control terminal may include the following procedures: and the internet of vehicles platform performs symmetric encryption protection calculation on the downlink data, and then organizes the downlink task data. And the internet of vehicles platform sends a downlink data message to the charging control terminal TCU based on the downlink task data. And the TCU receives the downlink data message and sends the downlink data message to the security chip. And the security chip receives the downlink data message and uses the current effective application session key to decrypt and verify the downlink data. After the verification is passed, the security chip returns the decrypted downlink data to the charging control terminal TCU, and the charging control terminal TCU executes corresponding operation instructions according to the downlink data.
The charging control terminal reports uplink data of the Internet of vehicles platform, returns the data and the like. Referring to fig. 8d, the uplink data transmission interaction between the charging control terminal and the internet of vehicles platform may include the following procedures: and the TCU performs data organization on the uplink data to obtain uplink task data, and sends the uplink task data to the security chip. And the security chip receives the uplink task data, performs protection calculation on the uplink task data by using the current effective application session key and returns the uplink task data to the charging control terminal TCU. And the TCU sends an uplink data message to the Internet of vehicles platform based on the uplink task data and the encrypted uplink task data. And after the internet of vehicles platform receives the uplink data message, decrypting and verifying the uplink data.
In the embodiment, the identity authentication of the charging control terminal and the internet of vehicles platform adopts a security authentication mode based on a digital certificate, and the transmission of uplink and downlink data adopts a symmetrical encryption mode, so that the integrity and the reliability of data transmission are ensured.
In some embodiments, referring to fig. 9a, the transaction verification method of the charging stake may further include the following steps.
S710, sending appointed type data pre-agreed with the mobile client to the security chip to instruct the security chip to encrypt the appointed type data.
The specified type data is data which has a certain credible range and is agreed in advance by a specified application program of the charging control terminal and the mobile client. In some embodiments, the specified type of data is class a confidential data.
S720, receiving the encrypted specified type data and displaying a graphic code generated based on the encrypted specified type data.
Specifically, the charging control terminal receives data obtained by encrypting the specified type data by the security chip, generates a corresponding graphic code and displays the graphic code through a display screen of the charging pile. In some embodiments, the graphic code is a two-dimensional code.
S730, when the mobile client scans the graphic code and decrypts the encrypted specified type data in the graphic code, establishing communication connection with the mobile client.
Specifically, the graphics code is scanned with a specified application of the mobile client, which decrypts the specified type of data encrypted in the graphics code. If the decrypted result is within the trusted range, the charging control terminal establishes a communication connection with the mobile client. In some embodiments, the charging control terminal has a bluetooth interface enabling the charging control terminal to establish a bluetooth communication connection with the mobile client via the bluetooth interface.
The charging control terminal is connected with the mobile client through a Bluetooth interface, and further, the charging control terminal is connected with an application program APP of the mobile client through the Bluetooth interface. Referring to fig. 9b, the process of establishing a connection between the charging control terminal and the mobile client may include: the TCU of the charging control terminal sends an instruction for encrypting the class A confidential data to the security chip, the security chip encrypts the class A confidential data, and the encrypted class A confidential data is returned to the charging control terminal. The charging control terminal receives the encrypted data returned by the security chip, generates a corresponding two-dimensional code, and displays the two-dimensional code through a display screen of the charging pile. And after the application program APP of the mobile client scans and reads the two-dimensional code, acquiring encrypted class A confidential data, and decrypting and verifying the encrypted class A confidential data. If the decrypted result is within the trusted range, the verification is passed, and the application program APP of the mobile client is connected with the charging control terminal through Bluetooth.
Further, after the charging control terminal is successfully connected with the mobile client, session key negotiation is performed first. After the session key agreement is successful, the service data transmitted between the charging control terminal and the mobile client is encrypted and protected by the session key.
For example, referring to fig. 9c, the session key negotiation procedure between the charging control terminal and the mobile client may include: the application program APP of the mobile client uses the key pair version number in the corresponding SDK certificate, the security algorithm and the random number R1 generated by the application program APP app Signing with SDK certificate to obtain signature value Sign1, then generating random number R1 by application program APP based on version number, security algorithm and application program APP app And the SDK certificate and the signature value Sign1 send a session key negotiation instruction to the charging control terminal TCU. The charging control terminal receives the session key negotiation instruction and sends the application aiming at the mobile client to the security chip based on the dataAn asymmetric key agreement initialization instruction of the program APP. The security chip judges the validity of the SDK certificate, and after judging the validity, analyzes the SDK certificate to obtain the SDK public key. The security chip uses the SDK public key to carry out signature verification on the signature value Sign1, and after the signature verification is successful, the security chip generates a random number R2 ESAM And R3 ESAM . Secure chip pair random number R1 using SDK public key app +R2 ESAM +R3 ESAM And encrypting to obtain a ciphertext Endata, and then signing the version number, the ciphertext Endata and the application signature certificate of the charging control terminal TCU by using a secret key in the application signature certificate of the charging control terminal to obtain a signature value Sign2. At the same time, the security chip also uses the key algorithm to make the random number R1 app +R2 ESAM And calculating to derive a session key ks, and storing the session key ks in a security chip. The security chip sends the version number, the ciphertext Endata, the application signature certificate of the charging control terminal and the signature value Sign2 to the charging control terminal, and the charging control terminal sends the data to the application program APP of the mobile client together. And the application program APP of the mobile client performs session key negotiation according to the received data and returns session key negotiation result data to the charging control terminal. The session key negotiation result data contains version number and session key negotiation ciphertext data. After receiving the session key negotiation result data, the charging control terminal sends an asymmetric key negotiation confirmation instruction aiming at the application program APP of the mobile client to the security chip. The security chip decrypts the session key negotiation ciphertext data by using the derived session key ks and decrypts the random number R3 ESAM An alignment is performed to verify legitimacy. At random number R3 ESAM After passing the verification, the session key negotiation is successful. And the application program APP and the charging control terminal of the subsequent mobile client use the session key ks to carry out encryption protection on the data to be transmitted.
In some embodiments, the security chip uses a domestic cryptographic algorithm on the random number R1 app +R2 ESAM A calculation is performed to derive the session key ks. Illustratively, the security chip uses a domestic cryptographic algorithm SM3 to randomize the number R1 app +R2 ESAM Hash calculation is carried out, and 32 words are derivedThe session key ks of the section is also stored in the security chip. The first 16 bytes of the session key ks are taken as an initial vector (Initialization Vector, IV), and the last 16 bytes are taken as keys.
In the above embodiment, the charging control terminal encrypts the specified type data by using the security chip to generate the two-dimensional code, and the mobile client scans the two-dimensional code through the application program to establish bluetooth communication connection with the charging control terminal, so that the mobile client and the charging control terminal can communicate through bluetooth. After the communication connection is established, the mobile client and the charging control terminal perform session key negotiation to generate a session key with a certain validity period, so as to encrypt and decrypt service data to be transmitted by using the session key. Because the session key has randomness and diversity, the security of data interaction between the mobile client and the charging control terminal can be improved.
In some embodiments, referring to fig. 10a, the transaction verification method of the charging stake may further include the following steps.
And S810, acquiring controller information of a controller of the charging pile. The controller information includes a controller serial number and a symmetric key version number.
S820, the first control random number generated by the security chip is sent to the controller to instruct the security chip of the controller to calculate the authentication data of the first control random number and generate the second control random number.
S830, receiving authentication data of the first control random number and the second control random number.
And S840, sending a control instruction to the security chip to instruct the security chip to encrypt the control instruction by using the controller serial number, the authentication data of the first control random number and the second control random number.
S850, sending the encrypted control instruction to the controller.
The controller is a charging equipment controller of the charging pile and is used for receiving a control instruction sent by the charging control terminal. The controller serial number and the symmetric key version number are stored in an embedded security chip of the controller.
In some cases, in order to ensure that the charging control terminal that sends the control instruction to the controller is a legal charging control terminal, verification of the received control instruction needs to be performed at the controller side. Therefore, a security chip is embedded in the controller and is used for storing the secret key of the controller, performing security calculation and the like so as to prevent an illegal charging control terminal from sending an abnormal control instruction to the controller and performing operations such as power stealing and the like.
The charging control terminal sends control instructions directly to the controller through the CAN bus. Referring to fig. 10b, the interaction between the billing control terminal and the controller may include the following processes:
the charging control terminal TCU sends an instruction for acquiring the controller information to the controller of the charging pile, and the controller receives the instruction and sends the instruction to the controller security chip. The controller security chip returns the controller information data comprising the controller serial number and the symmetric key version number to the controller, and the controller receives the controller information data, performs data combination and sends the controller information data to the charging control terminal. The charging control terminal receives the controller information data.
The charging control terminal sends a command for acquiring the random number to the security chip embedded in the charging control terminal. The security chip of the charging control terminal uses the random number R1 TCU And returning the information to the charging control terminal, and sending the information to the controller by the charging control terminal. The controller receives the random number R1 TCU And sends the random number R1 to the controller security chip, and the controller security chip generates a random number R1 TCU Calculate authentication data and generate random number R2 con And random number R1 TCU And sends the authentication data one of the number to the controller. The controller authenticates the data and the random number R2 con And combining the data and sending the data to the charging control terminal.
The control instruction may be a control frame MAC calculation instruction. The charging control terminal sends a control frame MAC calculation instruction to a security chip of the charging control terminal, and the security chip of the charging control terminal uses a controller serial number and a random number R2 con And a random number R1 TCU The authentication data of the charging control terminal encrypts the control instruction and sends the control instruction to the charging control terminal. The charging control terminal encrypts the dataAnd the control instruction of (2) is sent to the controller. The controller receives the encrypted control instruction and sends the encrypted control instruction to the controller security chip. The controller security chip verifies the control instruction, and after the control instruction passes the verification, the controller executes related control operation and sends an operation result to the charging control terminal.
In the above embodiment, the controller security chip is embedded in the controller, and after the controller receives the control instruction sent by the charging control terminal, the controller security chip authenticates the control instruction, and the authenticated control instruction can be executed by the controller, and all security operations are implemented based on the security chip, so as to prevent the illegal charging control terminal from sending an abnormal control instruction to the controller, and thus, the security protection requirement on the control instruction of the charging control terminal can be satisfied.
In some embodiments, referring to fig. 11a, the transaction verification method of the charging stake may further include the following steps.
S910, sending a meter reading instruction to the ammeter.
The meter reading instruction carries an ammeter random number generated by the security chip, and the meter reading instruction is used for indicating the security chip of the ammeter to generate security reading data of a preset security mode based on the ammeter random number. The preset security modes comprise a plaintext mac mode, a ciphertext mode and a ciphertext mac mode.
S920, receiving the safe reading data sent by the ammeter, and verifying the safe reading data.
For example, referring to fig. 11b, the process of reading the electric meter by the charging control terminal may include: the charging control terminal TCU sends an instruction for acquiring the random number to the security chip of the charging control terminal TCU, and the security chip of the charging control terminal transmits the random number R1 EM And returning to the charging control terminal. Charging control terminal based on random number R1 EM And sending a meter reading instruction to the ammeter. Ammeter will random number R1 EM And the data to be read is sent to an ammeter security chip, and the ammeter security chip calculates the security read data according to three security modes and returns the security read data to the ammeter, wherein the security read data comprises a plaintext mac mode, a ciphertext mode and a ciphertext mac mode. Reading data corresponding to three safety modes of ammeter And respectively combining the data and sending the data to the charging control terminal. The charging control terminal receives data sent by the ammeter and sends the data to the security chip of the charging control terminal, and the security chip of the charging control terminal respectively verifies the data according to three security modes according to the format of the received data, including verifying the read data according to a plaintext+MAC mode, verifying the read data according to a ciphertext mode and verifying the read data according to a ciphertext+MAC mode.
The embodiment of the specification provides a transaction verification device of a charging pile, which is applied to a charging control terminal of the charging pile; the charging pile is provided with at least one charging machine gun; the security chip of the charging control terminal stores the terminal identification, the consumption key and the key index number of the charging control terminal. Referring to fig. 12a, the transaction verification device 1000 of the charging stake may include: the charging card reading module 1010, the resource data determining module 1020, the identification and index number acquiring module 1030, the random number and sequence number receiving module 1040, the authentication code calculation command transmitting module 1050 and the gray lock command transmitting module 1060.
And a charging card reading module 1010 for reading the charging card.
A resource data determination module 1020 for determining, upon reading the charging card, a gun identification of a target charging gun selected for providing power and frozen resource data in the charging card.
The identifier and index number obtaining module 1030 is configured to obtain the terminal identifier and the key index number from the security chip.
The random number and sequence number receiving module 1040 is configured to receive a pseudo random number and a resource offline transaction sequence number sent by the charging card when the key index number can be supported by the charging card.
The authentication code calculation command sending module 1050 is configured to send an initialization gray lock message authentication code calculation command carrying a machine gun identifier to the security chip, so as to instruct the security chip to calculate the consumption key according to the terminal transaction sequence number, the machine gun identifier, the pseudo-random number, and the resource offline transaction sequence number, and obtain a subkey corresponding to the consumption key; and calculating the transaction type identifier, the transaction time data, the terminal identifier and the frozen resource data by using the subkey to obtain a first message authentication code.
The gray lock command sending module 1060 is configured to send a gray lock command to the charging card based on the first message authentication code, the terminal random number, the transaction time data, and the terminal transaction serial number, so as to instruct the charging card to perform transaction verification on the first message authentication code.
In some embodiments, referring to fig. 12b, the transaction verification device 1000 of the charging stake may further include: the command transmitting module 1070 is initialized.
And the initialization command sending module 1070 is configured to send an ash lock wallet initialization command to the charging card based on the machine gun identifier, the frozen resource data, the terminal identifier and the key index number, so as to instruct the charging card to verify the key index number, and if the verification is passed, send the pseudo-random number and the resource offline transaction sequence number to the charging control terminal.
In some embodiments, referring to fig. 12c, the transaction verification device 1000 of the charging stake may further include: verification code calculation instruction transmitting module 1080 and transaction data transmitting module 1090.
And the verification code calculation instruction sending module 1080 is configured to send a gray lock verification code calculation instruction to the security chip based on the transaction type identifier, the charging card identifier, the resource offline transaction serial number and the resource transaction data, so as to instruct the security chip to calculate the gray lock verification code and the security storage module verification code by using the subkey.
The transaction data transmitting module 1090 is configured to transmit resource transaction data, a resource offline transaction serial number, a terminal identifier, a machine gun identifier, a terminal transaction serial number, transaction time data, a gray lock verification code, and a secure storage module verification code to the charging card.
For specific limitations on the transaction verification device of the charging post, reference may be made to the above limitations on the transaction verification method of the charging post, and no further description is given here. Each of the modules in the above-described apparatus may be implemented in whole or in part by software, hardware, and combinations thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.
The present description also provides a computer device 1100, referring to fig. 13, which includes a memory 1110, a processor 1120, and a computer program 1130 stored on the memory 1110 and executable on the processor 1120, where the processor 1120 implements the transaction verification method of the charging stake of any one of the foregoing embodiments when executing the computer program 1130.
The present description also provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the transaction verification method of the charging stake of any of the foregoing embodiments.
It should be noted that the logic and/or steps represented in the flowcharts or otherwise described herein, for example, may be considered as a ordered listing of executable instructions for implementing logical functions, and may be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions. For the purposes of this description, a "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device. More specific examples (a non-exhaustive list) of the computer-readable medium would include the following: an electrical connection (electronic device) having one or more wires, a portable computer diskette (magnetic device), a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber device, and a portable compact disc read-only memory (CDROM). In addition, the computer readable medium may even be paper or other suitable medium on which the program is printed, as the program may be electronically captured, via, for instance, optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner, if necessary, and then stored in a computer memory.
It is to be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above-described embodiments, the various steps or methods may be implemented in software or firmware stored in a memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, may be implemented using any one or combination of the following techniques, as is well known in the art: discrete logic circuits having logic gates for implementing logic functions on data signals, application specific integrated circuits having suitable combinational logic gates, programmable Gate Arrays (PGAs), field Programmable Gate Arrays (FPGAs), and the like.
In the description of the present specification, a description referring to terms "one embodiment," "some embodiments," "examples," "specific examples," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present invention. In this specification, schematic representations of the above terms do not necessarily refer to the same embodiments or examples. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
Furthermore, the terms "first," "second," and the like, are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include at least one such feature. In the description of the present invention, the meaning of "plurality" means at least two, for example, two, three, etc., unless specifically defined otherwise.
In the present invention, unless explicitly specified and limited otherwise, the terms "mounted," "connected," "secured," and the like are to be construed broadly, and may be, for example, fixedly connected, detachably connected, or integrally formed; can be mechanically or electrically connected; either directly or indirectly, through intermediaries, or both, may be in communication with each other or in interaction with each other, unless expressly defined otherwise. The specific meaning of the above terms in the present invention can be understood by those of ordinary skill in the art according to the specific circumstances.
While embodiments of the present invention have been shown and described above, it will be understood that the above embodiments are illustrative and not to be construed as limiting the invention, and that variations, modifications, alternatives and variations may be made to the above embodiments by one of ordinary skill in the art within the scope of the invention.

Claims (18)

1. The transaction verification method of the charging pile is characterized by being applied to a charging control terminal of the charging pile; the charging pile is provided with at least one charging machine gun; the security chip of the charging control terminal stores a terminal identifier, a consumption key and a key index number of the charging control terminal; the method comprises the following steps:
in the case of reading a charging card, determining a gun identifier of a target charging gun selected for providing electric energy and frozen resource data in the charging card, and acquiring the terminal identifier and the key index number from the security chip;
receiving a pseudo-random number and a resource offline transaction sequence number sent by the charging card under the condition that the key index number can be supported by the charging card;
sending an initializing gray lock message authentication code calculation command carrying the machine gun identification to the security chip to instruct the security chip to calculate the consumption key according to a terminal transaction sequence number, the machine gun identification, the pseudo-random number and the resource offline transaction sequence number to obtain a sub-key corresponding to the consumption key; calculating transaction type identification, transaction time data, terminal identification and frozen resource data by using the subkey to obtain a first message authentication code;
And sending an ash lock command to the charging card based on the first message authentication code, the terminal random number, the transaction time data and the terminal transaction serial number so as to instruct the charging card to conduct transaction verification on the first message authentication code.
2. The method of claim 1, wherein, in the case where the key index number is supportable by the charging card, before receiving the pseudo-random number, the resource offline transaction sequence number, sent by the charging card, the method further comprises:
and sending an ash lock wallet initialization command to the charging card based on the machine gun identification, the frozen resource data, the terminal identification and the key index number so as to instruct the charging card to verify the key index number, and sending a pseudo-random number and a resource offline transaction serial number to the charging control terminal if verification is passed.
3. The method according to claim 1, wherein the method further comprises:
and under the condition that the first message authentication code passes the transaction verification, receiving a second message authentication code sent by the charging card so as to verify the validity of the charging card.
4. The method according to claim 1, wherein the method further comprises:
Sending an ash lock verification code calculation instruction to the security chip based on the transaction type identifier, the charging card identifier, the resource offline transaction serial number and the resource transaction data under the condition that the charging operation is finished, so as to instruct the security chip to calculate an ash lock verification code and a security storage module verification code by using the subkey;
and sending the resource transaction data, the resource offline transaction serial number, the terminal identification, the machine gun identification, the terminal transaction serial number, the transaction time data, the gray lock verification code and the secure storage module verification code to the charging card.
5. The method of claim 1, wherein the secure chip further has a first random number stored therein; the method further comprises the steps of:
sending handshake information to a security gateway based on the first random number to instruct the security gateway to issue a second random number, link certificate data, initial signature data and an initial signature value;
transmitting the handshake information, the second random number, the link certificate data, the initial signature data and the initial signature value to the security chip to instruct the security chip to extract a signature verification public key from the link certificate data; signing the initial signature data and the initial signature value by using the signature signing public key; calculating a handshake digest value based on the handshake information, and calculating a handshake digest signature value of the handshake digest value by using the signature verification public key;
Receiving the handshake digest value and the handshake digest signature value sent by the security chip;
and sending a key negotiation instruction to the security chip to instruct the security chip to generate a premaster key according to the first random number, the second random number and the client version number, and deriving a working key based on the premaster key.
6. The method of claim 5, wherein the method further comprises:
receiving client verification data sent by the security chip; the client verification data is obtained by calculating the handshake digest according to a client tag stored in the security chip in advance.
7. The method of claim 6, wherein the method further comprises:
receiving a premaster secret key ciphertext sent by the security chip; the pre-master key ciphertext is obtained by encrypting a pre-master key by using a working key by the security chip;
based on the client verification data, the client certificate and the premaster secret key ciphertext, carrying out data combination to obtain client result data;
and sending the client result data to the security gateway to instruct the security gateway to verify the client result data.
8. The method of claim 7, wherein the method further comprises:
receiving server verification data returned by the security gateway; the server verification data are used for indicating the security chip to verify the security gateway and establishing connection with the security gateway.
9. The method of claim 5, wherein the method further comprises:
receiving ciphertext and verification codes of application data;
decrypting the ciphertext of the application data by using the working key to obtain a plaintext of the application data;
executing corresponding application layer protocol processing operation according to the plaintext of the application data to obtain execution result data of the application layer protocol processing operation;
and sending the execution result data to the security chip to instruct the security chip to calculate the ciphertext and the verification code of the execution result data.
10. The method of claim 5, wherein the method further comprises:
transmitting chip information of the security chip to a car networking platform to instruct the car networking platform to generate authentication data based on the chip information;
receiving the authentication data sent by the Internet of vehicles platform; the authentication data is used for indicating the security chip to verify the authentication data and generating authentication verification information and an application session key;
And sending the authentication verification information to the internet of vehicles platform so as to instruct the internet of vehicles platform to verify the authentication verification information.
11. The method according to claim 1, wherein the method further comprises:
transmitting appointed type data pre-agreed with a mobile client to the security chip so as to instruct the security chip to encrypt the appointed type data;
receiving encrypted specified type data and displaying a graphic code generated based on the encrypted specified type data;
and under the condition that the mobile client scans the graphic code and decrypts the encrypted specified type data in the graphic code, establishing communication connection with the mobile client.
12. The method according to claim 1, wherein the method further comprises:
acquiring controller information of a controller of the charging pile; the controller information comprises a controller serial number and a symmetric key version number;
transmitting a first control random number generated by the security chip to the controller to instruct the security chip of the controller to calculate authentication data of the first control random number and generate a second control random number;
Receiving authentication data of the first control random number and the second control random number;
transmitting a control instruction to the security chip to instruct the security chip to encrypt the control instruction using the controller serial number, authentication data of the first control random number, and the second control random number;
and sending the encrypted control instruction to the controller.
13. The method according to claim 1, wherein the method further comprises:
sending a meter reading instruction to an ammeter; the meter reading instruction carries an ammeter random number generated by the security chip, and the meter reading instruction is used for indicating the security chip of the ammeter to generate security reading data in a preset security mode based on the ammeter random number; the preset security modes comprise a plaintext mac mode, a ciphertext mode and a ciphertext mac mode;
and receiving the safe reading data sent by the ammeter, and verifying the safe reading data.
14. The transaction verification device of the charging pile is characterized by being applied to a charging control terminal of the charging pile; the charging pile is provided with at least one charging machine gun; the security chip of the charging control terminal stores a terminal identifier, a consumption key and a key index number of the charging control terminal; the device comprises:
The charging card reading module is used for reading the charging card;
a resource data determination module for determining a gun identity of a target charging gun selected for providing electrical energy and frozen resource data in the charging card, if the charging card is read;
the identifier and index number acquisition module is used for acquiring the terminal identifier and the key index number from the security chip;
the random number and sequence number receiving module is used for receiving a pseudo-random number and a resource offline transaction sequence number sent by the charging card under the condition that the key index number can be supported by the charging card;
the authentication code calculation command sending module is used for sending an initialization gray lock message authentication code calculation command carrying the machine gun identifier to the security chip so as to instruct the security chip to calculate the consumption key according to the terminal transaction sequence number, the machine gun identifier, the pseudo-random number and the resource offline transaction sequence number to obtain a subkey corresponding to the consumption key; calculating transaction type identification, transaction time data, terminal identification and frozen resource data by using the subkey to obtain a first message authentication code;
And the gray lock command sending module is used for sending a gray lock command to the charging card based on the first message authentication code, the terminal random number, the transaction time data and the terminal transaction serial number so as to instruct the charging card to conduct transaction verification on the first message authentication code.
15. The apparatus of claim 14, wherein the apparatus further comprises:
and the initialization command sending module is used for sending an ash lock wallet initialization command to the charging card based on the machine gun identification, the frozen resource data, the terminal identification and the key index number so as to instruct the charging card to verify the key index number, and if the verification is passed, sending a pseudo-random number and a resource offline transaction sequence number to the charging control terminal.
16. The apparatus of claim 14, wherein the apparatus further comprises:
the verification code calculation instruction sending module is used for sending an ash lock verification code calculation instruction to the security chip based on the transaction type identifier, the charging card identifier, the resource offline transaction serial number and the resource transaction data under the condition that the charging operation is finished, so as to instruct the security chip to calculate an ash lock verification code and a security storage module verification code by using the subkey;
And the transaction data transmitting module is used for transmitting the resource transaction data, the resource offline transaction serial number, the terminal identification, the machine gun identification, the terminal transaction serial number, the transaction time data, the gray lock verification code and the secure storage module verification code to the charging card.
17. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any one of claims 1 to 13 when the computer program is executed.
18. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 13.
CN202310309021.0A 2023-03-27 2023-03-27 Transaction verification method and device for charging pile, computer equipment and storage medium Pending CN116331047A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310309021.0A CN116331047A (en) 2023-03-27 2023-03-27 Transaction verification method and device for charging pile, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310309021.0A CN116331047A (en) 2023-03-27 2023-03-27 Transaction verification method and device for charging pile, computer equipment and storage medium

Publications (1)

Publication Number Publication Date
CN116331047A true CN116331047A (en) 2023-06-27

Family

ID=86876986

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310309021.0A Pending CN116331047A (en) 2023-03-27 2023-03-27 Transaction verification method and device for charging pile, computer equipment and storage medium

Country Status (1)

Country Link
CN (1) CN116331047A (en)

Similar Documents

Publication Publication Date Title
CN103714639B (en) A kind of method and system that realize the operation of POS terminal security
CN103067401B (en) Method and system for key protection
EP2221742B1 (en) Authenticated communication between security devices
CN101300808B (en) Method and arrangement for secure autentication
CN101828357B (en) Credential provisioning method and device
CN107896147B (en) Method and system for negotiating temporary session key based on national cryptographic algorithm
CN106327184A (en) Intelligent mobile terminal payment system and intelligent mobile terminal payment method based on safe hardware isolation
KR100682263B1 (en) System and method for remote authorization authentication using mobile
CN108243181A (en) A kind of car networking terminal, data ciphering method and car networking server
CN112118223B (en) Authentication method of master station and terminal, master station, terminal and storage medium
US10044684B2 (en) Server for authenticating smart chip and method thereof
CN112689981B (en) Communication authentication system and method between vehicle, charging station, and charging station management server
CN101131756A (en) Security authentication system, device and method for electric cash charge of mobile paying device
CN101841525A (en) Secure access method, system and client
KR102575725B1 (en) Apparatus, system and method for controlling charging of electric vehicle
CN114520976B (en) Authentication method and device for user identity identification card and nonvolatile storage medium
CN103078742A (en) Generation method and system of digital certificate
CN114765534B (en) Private key distribution system and method based on national secret identification cryptographic algorithm
CN105827656A (en) Identity authentication method based on NFC payment and device
US20120124378A1 (en) Method for personal identity authentication utilizing a personal cryptographic device
CN112134694B (en) Data interaction method, master station, terminal and computer readable storage medium
CN103905388A (en) Authentication method, authentication device, smart card, and server
CN112672342A (en) Data transmission method, device, equipment, system and storage medium
CN104579659A (en) Device for safety information interaction
CN114299667A (en) Charging payment method and device for electric automobile

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination