CN116388994A - Large data packet communication security authentication method with low resource consumption - Google Patents
Large data packet communication security authentication method with low resource consumption Download PDFInfo
- Publication number
- CN116388994A CN116388994A CN202310207203.7A CN202310207203A CN116388994A CN 116388994 A CN116388994 A CN 116388994A CN 202310207203 A CN202310207203 A CN 202310207203A CN 116388994 A CN116388994 A CN 116388994A
- Authority
- CN
- China
- Prior art keywords
- data
- signature
- data packet
- vehicle controller
- result
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 36
- 238000004891 communication Methods 0.000 title claims abstract description 22
- 230000005540 biological transmission Effects 0.000 claims abstract description 22
- 238000012545 processing Methods 0.000 claims abstract description 8
- 238000012795 verification Methods 0.000 claims abstract description 5
- 230000008569 process Effects 0.000 claims description 14
- 230000006855 networking Effects 0.000 description 3
- 230000006399 behavior Effects 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3265—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate chains, trees or paths; Hierarchical trust model
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a large data packet communication safety authentication method with low resource consumption.A data transmitting end carries out digital signature processing on a data packet before data transmission, binds a signature result and a signature certificate with the large data packet, packages an original data packet, the signature result and the signature certificate to generate a data downloading link, and transmits the data downloading link to a vehicle controller at a data receiving end through a safety encryption transmission protocol; the vehicle controller at the data receiving end independently downloads the data packet through the data download link, analyzes the signature certificate and the signature result from the downloaded data packet, verifies the signature certificate and the signature result, and completes data identification after all verification passes. The invention ensures the information security of the big data packet on the premise of not occupying excessive resource consumption, and simultaneously meets the requirements of resource constraint, bandwidth constraint, real-time performance and the like.
Description
Technical Field
The invention belongs to the technical field of safety authentication of data communication between the outside of a vehicle and a vehicle end, and particularly relates to a large data packet communication safety authentication method with low resource consumption.
Background
Under the large environment of intelligent networking-electric sharing, the intelligent networking automobile is not a travel tool any more, but a carrier which brings interconnection and intercommunication convenience for travel, however, the information safety problem is gradually discovered and gradually valued while enjoying the intelligence, networking, electric and sharing brought by the intelligent networking automobile. Information security is not involved in automotive electronics, whether it is driving assistance, autopilot or body comfort, infotainment, chassis control, powertrain, etc. The attack behaviors such as short-distance contact attack, remote contactless attack, cloud server sharing platform attack, AI algorithm attack and the like are layered endlessly, but the ultimate purpose of the attack behaviors is information.
Information security is to solve the confidentiality, integrity, availability, authenticity, non-repudiation, freshness and authorization problems of protecting information. The design of the protection scheme mainly comprises the following principles: the method comprises the following steps of integrating a minimum supply plane principle, a default security principle, a permission minimization principle, a deep defense principle, a failure security principle, an untrusted third party system principle, a function isolation principle, an equipolar principle, a dynamic principle and an integral design principle into information security in the whole automobile development stage, and simultaneously considering resource constraint, bandwidth constraint and real-time requirements according to actual requirements.
The data packet communicated by the vehicle controller, especially the data packet facing the communication outside the vehicle, needs to adopt encryption, decryption and identity authentication mechanisms to ensure the information security of the data packet, mainly ensuring confidentiality, integrity, availability and authenticity, but the encryption, decryption and identity authentication processes need to occupy double or even more memory space, thereby greatly increasing the cost and development difficulty of the controller, greatly increasing the resource loss and transmission time of the data transmission process, and easily enabling users to intuitively feel abnormal conditions such as slow network and the like.
Disclosure of Invention
In order to solve the problem of overlarge resource expenditure in the safety authentication process of the vehicle controller communication in the prior art, the invention provides a large data packet communication safety authentication method with low resource consumption, which ensures the information safety of the large data packet on the premise of not occupying excessive resource consumption and meets the requirements of resource constraint, bandwidth constraint, real-time performance and the like.
The invention aims at realizing the following technical scheme:
a large data packet communication security authentication method with low resource consumption comprises the following steps:
step one, a data transmitting end packages and processes data and generates a download link: before data transmission, the data transmitting end carries out digital signature processing on the data packet to obtain a signature result with extremely small data volume, binds the signature result and a signature certificate with a big data packet, packages the original data packet, the signature result and the signature certificate to generate a data downloading link, and transmits the data downloading link to the vehicle controller of the data receiving end through a secure encryption transmission protocol;
step two, the data receiving end vehicle controller downloads the data package and authenticates the data: and the vehicle controller at the data receiving end performs decryption and decryption on the encrypted link acquired through the secure encrypted transmission protocol, obtains a data downloading link transmitted by the data transmitting end, independently downloads a data packet through the data downloading link, analyzes a signature certificate and a signature result from the downloaded data packet, verifies the signature certificate and the signature result, and completes data identification after all verification passes.
Further, the first step includes:
1.1, a data transmitting end carries out hash operation on an original data packet to obtain a hash result of an extremely small data volume;
1.2, the data transmitting end applies for a signature certificate preset by the vehicle controller at the data receiving end, and encrypts the hash result obtained by the operation in the step 1.1 by using the signature certificate to obtain a signature result;
1.3, after the digital signature is completed, the data transmitting end packages the original data packet, the signature result and the signature certificate together to generate a data downloading link;
1.4 the data transmitting end transmits the download link to the vehicle controller at the data receiving end through a secure transmission protocol.
Preferably, the hash result obtained by the hash operation in the step 1.1 is 32 bytes.
Preferably, in step 1.2, the data transmitting end applies a three-level signature certificate issued by a root certificate chain preset by the vehicle controller at the data receiving end to a certificate issuing party in the public key management system.
Preferably, in step 1.4, the process that the data transmitting end transmits the download link to the vehicle controller at the data receiving end through the secure transmission protocol includes encrypting and digitally signing the download link to generate an encrypted link.
Further, the second step includes:
2.1, the vehicle controller at the data receiving end performs independent downloading according to the acquired data downloading link to obtain a data packet;
2.2, after the data receiving end vehicle controller downloads the data packet, analyzing the file catalogue to obtain a signature result and a signature certificate;
2.3 the vehicle controller verifies whether the signature certificate is legal or not according to a root certificate chain preset by the vehicle controller, if so, the step 2.4 is executed, and if not, the signature certificate is directly discarded;
2.4 decrypting the signature result using the signature certificate;
2.5, carrying out hash operation on the data of the rest part of the data packet;
and 2.6, comparing whether the hash operation result is consistent with the decryption result, if not, discarding the data packet, and if so, finishing data authentication.
Preferably, in step 2.1, the vehicle controller at the data receiving end signs and decrypts the encrypted link sent by the data sending end to obtain the data downloading link.
Preferably, in the step 2.2, the file directory is parsed to obtain a root directory storing the signature certificate and the signature result in the data packet.
The invention has the following advantages:
the invention provides a large data packet communication security authentication method with low resource consumption, which can solve the problems of resource constraint, bandwidth constraint, real-time requirement and the like while guaranteeing the information security of large data packets. The method does not directly encrypt the whole package of the big data package, firstly carries out signature processing on the big data package to obtain a signature result with extremely small data volume and a signature certificate bound with the big data package, then packages the whole compressed data package to generate a download link, ensures information security through encryption and identity authentication on the data download link, and simultaneously, the vehicle controller carries out security processing on only a very small part of data through decryption and decryption on the obtained encrypted link to obtain the original download link of the big data package, directly carries out independent downloading according to the download link, analyzes a root directory storing the signature certificate and the signature result after downloading to obtain the data package, firstly verifies whether the signature certificate is a certificate issued by a root certificate chain preset by the vehicle controller, then signs the signature result according to the signature certificate, ensures confidentiality, integrity, availability and authenticity of the big data package, and the whole process can effectively solve the problems of resource constraint, bandwidth constraint, real-time requirement and the like.
Compared with the prior art, the invention has the following advantages and beneficial effects:
1. under the scene of considering resource consumption, the information security is guaranteed to the greatest extent possible;
2. under the scene of considering information safety, the resource consumption is optimized to the greatest extent;
3. and the data package is signed, and the security of the transmitted data is protected by adopting a double protection mode of encrypting and signing the download link of the data package.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the following description will briefly explain the drawings to be used in the description of the embodiments of the present invention, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to the contents of the embodiments of the present invention and these drawings without inventive effort for those skilled in the art.
Fig. 1 is a flow chart of processing an original data packet by a data transmitting end in a low-resource-consumption large data packet communication security authentication method according to an embodiment of the present invention;
FIG. 2 is a flow chart of a vehicle controller obtaining a data packet in a low-resource-consumption large data packet communication security authentication method according to an embodiment of the present invention;
fig. 3 is a schematic diagram of a digital signature process according to an embodiment of the present invention.
Detailed Description
The invention is described in further detail below with reference to the drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting thereof.
A large data packet communication security authentication method with low resource consumption comprises the following steps:
step one, a data transmitting end packages and processes data and generates a download link: before data transmission, the data transmitting end carries out digital signature processing on the data packet to obtain a signature result with extremely small data volume, binds the signature result and a signature certificate with a big data packet, packages the original data packet, the signature result and the signature certificate to generate a data downloading link, and transmits the data downloading link to the vehicle controller of the data receiving end through a secure encryption transmission protocol;
step two, the data receiving end vehicle controller downloads the data package and authenticates the data: and the vehicle controller at the data receiving end performs decryption and decryption on the encrypted link acquired through the secure encrypted transmission protocol, obtains a data downloading link transmitted by the data transmitting end, independently downloads a data packet through the data downloading link, analyzes a signature certificate and a signature result from the downloaded data packet, verifies the signature certificate and the signature result, and completes data identification after all verification passes.
Further, the first step includes:
1.1, a data transmitting end carries out hash operation on an original data packet to obtain a hash result of an extremely small data volume;
1.2, the data transmitting end applies for a signature certificate preset by the vehicle controller at the data receiving end, and encrypts the hash result obtained by the operation in the step 1.1 by using the signature certificate to obtain a signature result;
1.3, after the digital signature is completed, the data transmitting end packages the original data packet, the signature result and the signature certificate together to generate a data downloading link;
1.4 the data transmitting end transmits the download link to the vehicle controller at the data receiving end through a secure transmission protocol.
Preferably, the hash result obtained by the hash operation in the step 1.1 is 32 bytes.
Preferably, in step 1.2, the data transmitting end applies a three-level signature certificate issued by a root certificate chain preset by the vehicle controller at the data receiving end to a certificate issuing party in the public key management system.
Preferably, in step 1.4, the process that the data transmitting end transmits the download link to the vehicle controller at the data receiving end through the secure transmission protocol includes encrypting and digitally signing the download link to generate an encrypted link.
Further, the second step includes:
2.1, the vehicle controller at the data receiving end performs independent downloading according to the acquired data downloading link to obtain a data packet;
2.2, after the data receiving end vehicle controller downloads the data packet, analyzing the file catalogue to obtain a signature result and a signature certificate;
2.3 the vehicle controller verifies whether the signature certificate is legal or not according to a root certificate chain preset by the vehicle controller, if so, the step 2.4 is executed, and if not, the signature certificate is directly discarded;
2.4 decrypting the signature result using the signature certificate;
2.5, carrying out hash operation on the data of the rest part of the data packet;
and 2.6, comparing whether the hash operation result is consistent with the decryption result, if not, discarding the data packet, and if so, finishing data authentication.
Preferably, in step 2.1, the vehicle controller at the data receiving end signs and decrypts the encrypted link sent by the data sending end to obtain the data downloading link.
Preferably, in the step 2.2, the file directory is parsed to obtain a root directory storing the signature certificate and the signature result in the data packet.
Examples
A large data packet communication security authentication method with low resource consumption comprises the following steps:
step one, a data transmitting end packages and processes data and generates a download link: before data transmission, the data transmitting end carries out digital signature processing on the data packet to obtain a signature result with extremely small data volume, binds the signature result and a signature certificate with a big data packet, packages the original data packet, the signature result and the signature certificate to generate a data downloading link, and transmits the data downloading link to the vehicle controller of the data receiving end through a secure encryption transmission protocol; the specific process is shown in figure 1;
1.1, a data transmitting end carries out hash operation on an original data packet to obtain a hash result (usually 32 bytes) with extremely small data volume;
1.2, the data transmitting end applies a third-level signature certificate issued by a root certificate chain preset by a vehicle controller at a receiving end to a certification party in a public key management system, and encrypts a hash result obtained by the operation in the step 1.1 by using the signature certificate to obtain a signature result;
1.3, after the digital signature is completed, the data transmitting end packages the original data packet, the signature result and the signature certificate together to generate a data downloading link;
1.4 the data sender securely transmits the download link to the data receiver vehicle controller via a secure transmission protocol, which includes encrypting and digitally signing the download link.
Step two, the data receiving end vehicle controller downloads the data package and authenticates the data: the vehicle controller at the data receiving end independently downloads the data packet through the data downloading connection, analyzes the signature certificate and the signature result from the downloaded data packet, verifies the signature certificate and the signature result, and completes data identification after all verification passes; the specific process is shown in fig. 2;
2.1, after receiving the download link, the vehicle controller at the data receiving end independently downloads the data packet according to the self download capability, and the process does not adopt a safe transmission protocol, so that the data quantity is ensured to be as small as possible, and the resource consumption is low;
2.2, after the data receiving end vehicle controller downloads the data packet, analyzing the file catalogue to obtain a signature result and a signature certificate;
2.3 the vehicle controller verifies whether the signature certificate is legal or not according to a root certificate chain preset by the vehicle controller, if so, the next step is executed, and if not, the signature certificate is directly discarded;
2.4, if the signature certificate is legal, decrypting the signature result by using the signature certificate;
2.5, carrying out hash operation on the data of the rest part of the data packet;
and 2.6, comparing whether the hash operation result is consistent with the decryption result, if not, discarding the data packet, and if so, indicating that the data packet is available, and enabling the data packet to be normally used and trusted.
The hash operation in this embodiment refers to a mapping rule that maps a binary value string with any length to a binary value string with a fixed length, and the binary value string obtained after the original data is mapped by the hash operation is the hash value. The original data cannot be deduced in reverse from the hash value (so the hash algorithm is also called one-way hash algorithm); the method is very sensitive to input data, even if the original data is modified by one bit, the finally obtained hash values are also quite different; the probability of hash collision is very small, and the probability of the same hash value is very small for different original data; the execution efficiency of the hash algorithm is as high as possible, and the hash value can be calculated rapidly for a longer text.
In this embodiment, the working principle of digital signature on the data packet is as shown in fig. 3: like what we signed a document, the role of digital signature is to uniquely identify the signer. The identification identity is identity authentication, so the actual principle adopted by the digital signature is asymmetric encryption. The overhead for encrypting the whole message is large, so that the digest value of the message is generally calculated, and the calculated digest value is subjected to asymmetric encryption operation.
Digest value computation is also commonly referred to as hash value computation, and the simple principle of understanding is to obtain a very short value, typically 128 bits, 256 bits, etc., from a very long message by padding, grouping, computing, and xoring. This calculation can only be done in one direction and the same message calculates the same digest value. In this way, the sending end calculates the abstract value of the whole message before sending the information, and attaches the abstract value to the tail of the message, the receiving end calculates the abstract value of the received message after receiving the message, and the receiving end can check whether the message is tampered or not compared with the abstract value attached to the tail.
The digest value was originally intended primarily to ensure integrity in information security. However, in the case of asymmetric encryption, since the calculation efficiency of the currently commonly used asymmetric algorithm is not high, the resources required for implementing the asymmetric encryption of the whole message are too large, so that the currently common usage is to perform the asymmetric encryption on the digest value of the message, and the result of the asymmetric encryption is what we commonly say a digital signature, so that the integrity of the message is verified and the non-repudiation of the message is verified.
Although embodiments of the present invention have been shown and described, it will be understood by those skilled in the art that various changes, modifications, substitutions and alterations can be made therein without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (8)
1. The large data packet communication safety authentication method with low resource consumption is characterized by comprising the following steps:
step one, a data transmitting end packages and processes data and generates a download link: before data transmission, the data transmitting end carries out digital signature processing on the data packet, binds a signature result and a signature certificate with a big data packet, packages the original data packet, the signature result and the signature certificate to generate a data downloading link, and transmits the data downloading link to the vehicle controller at the data receiving end through a secure encryption transmission protocol;
step two, the data receiving end vehicle controller downloads the data package and authenticates the data: the vehicle controller at the data receiving end independently downloads the data packet through the data download link, analyzes the signature certificate and the signature result from the downloaded data packet, verifies the signature certificate and the signature result, and completes data identification after all verification passes.
2. The method for secure authentication of large packet communication with low resource consumption according to claim 1, wherein said step one comprises:
1.1, a data transmitting end carries out hash operation on an original data packet to obtain a hash result of an extremely small data volume;
1.2, the data transmitting end applies for a signature certificate preset by the vehicle controller at the data receiving end, and encrypts the hash result obtained by the operation in the step 1.1 by using the signature certificate to obtain a signature result;
1.3, after the digital signature is completed, the data transmitting end packages the original data packet, the signature result and the signature certificate together to generate a data downloading link;
1.4 the data transmitting end transmits the download link to the vehicle controller at the data receiving end through a secure transmission protocol.
3. The method for securely authenticating large data packet communication with low resource consumption as claimed in claim 2, wherein the hash result obtained by the hash operation in step 1.1 is 32 bytes.
4. The method for authenticating communication security of large data packets with low resource consumption according to claim 2, wherein in step 1.2, the data transmitting end applies a three-level signature certificate issued by a root certificate chain preset by the vehicle controller at the data receiving end to the issuing party in the public key management system.
5. The method for secure authentication of large data packet communication with low resource consumption according to claim 2, wherein in step 1.4, the process of transmitting the download link to the vehicle controller at the data receiving end by the data transmitting end via the secure transmission protocol includes encrypting and digitally signing the download link to generate the encrypted link.
6. The method for authenticating communication security of large data packet with low resource consumption as claimed in claim 5, wherein said step two comprises:
2.1, the vehicle controller at the data receiving end performs independent downloading according to the acquired data downloading link to obtain a data packet;
2.2, after the data receiving end vehicle controller downloads the data packet, analyzing the file catalogue to obtain a signature result and a signature certificate;
2.3 the vehicle controller verifies whether the signature certificate is legal or not according to a root certificate chain preset by the vehicle controller, if so, the step 2.4 is executed, and if not, the signature certificate is directly discarded;
2.4 decrypting the signature result using the signature certificate;
2.5, carrying out hash operation on the data of the rest part of the data packet;
and 2.6, comparing whether the hash operation result is consistent with the decryption result, if not, discarding the data packet, and if so, finishing data authentication.
7. The method for secure authentication of large data packet communication with low resource consumption according to claim 6, wherein in step 2.1, the data receiving end vehicle controller performs decryption and decryption on the encrypted link transmitted from the data transmitting end, thereby obtaining the data download link.
8. The method for securely authenticating large data packet communication with low resource consumption according to claim 6, wherein in step 2.2, the file directory is parsed to obtain a root directory storing the signature certificate and the signature result in the data packet.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310207203.7A CN116388994A (en) | 2023-03-06 | 2023-03-06 | Large data packet communication security authentication method with low resource consumption |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310207203.7A CN116388994A (en) | 2023-03-06 | 2023-03-06 | Large data packet communication security authentication method with low resource consumption |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116388994A true CN116388994A (en) | 2023-07-04 |
Family
ID=86962439
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310207203.7A Pending CN116388994A (en) | 2023-03-06 | 2023-03-06 | Large data packet communication security authentication method with low resource consumption |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116388994A (en) |
-
2023
- 2023-03-06 CN CN202310207203.7A patent/CN116388994A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10965450B2 (en) | In-vehicle networking | |
| CN107105060B (en) | Method for realizing information security of electric automobile | |
| KR102605987B1 (en) | Specially programmed computing systems with associated devices configured to implement centralized services ecu based on services oriented architecture and methods of use thereof | |
| Groll et al. | Secure and authentic communication on existing in-vehicle networks | |
| CN111049803A (en) | Data encryption and platform security access method based on vehicle-mounted CAN bus communication system | |
| US20230362607A1 (en) | Method and system for addition of assurance information to v2x messaging | |
| CN112636923B (en) | Engineering machinery CAN equipment identity authentication method and system | |
| WO2021217263A1 (en) | Method and system for establishing trust for a cybersecurity posture of a v2x entity | |
| CN113542428B (en) | Vehicle data uploading method and device, vehicle, system and storage medium | |
| Kukkala et al. | SEDAN: Security-aware design of time-critical automotive networks | |
| CN112584355A (en) | Key cooperation method, system and medium for inter-vehicle communication | |
| US11936689B2 (en) | Transmission of data or messages on board a vehicle using a SOME/IP communication protocol | |
| US11934338B2 (en) | Enhanced secure onboard communication for CAN | |
| Yoshikawa et al. | Secure in-vehicle systems against Trojan attacks | |
| CN116388994A (en) | Large data packet communication security authentication method with low resource consumption | |
| Castiglione et al. | Lightweight ciphers in automotive networks: a preliminary approach | |
| CN116599772B (en) | Data processing method and related equipment | |
| CN111478948B (en) | Block chain access method, internet of things equipment and storage medium | |
| Abd El-Gleel et al. | Secure lightweight CAN protocol handling message loss for electric vehicles | |
| Yoshikawa et al. | Secure in-vehicle Systems using Authentication | |
| CN117909987A (en) | Security refreshing method and system for application software of electronic control unit and readable storage medium | |
| KR20240003977A (en) | Method for verifying integrity of application in vehicle controller | |
| CN117858086A (en) | V2X security authentication method, system and device based on zero trust gateway | |
| CN115913814A (en) | Vehicle-mounted CAN bus encryption communication system and method supporting security level classification | |
| Bindel et al. | Drive (Quantum) Safe!–Towards PQ Authentication for V2V Communications |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |