CN116614268A

CN116614268A - Identity authentication method, identity authentication device, electronic equipment and computer readable storage medium

Info

Publication number: CN116614268A
Application number: CN202310551779.5A
Authority: CN
Inventors: 黄启立
Original assignee: Apollo Zhilian Beijing Technology Co Ltd
Current assignee: Apollo Zhilian Beijing Technology Co Ltd
Priority date: 2023-05-16
Filing date: 2023-05-16
Publication date: 2023-08-18

Abstract

The disclosure provides an identity authentication method, an identity authentication device, electronic equipment and a computer readable storage medium, relates to the technical field of computers, and particularly relates to the technical field of intelligent cabins, vehicle-computer interconnection or blockchain. The specific scheme is as follows: the method comprises the steps that a digital certificate sent by a vehicle-mounted terminal is received, the digital certificate contains encryption information, the encryption information is obtained by an authentication server through encrypting a first random character by taking a device identifier of the first mobile terminal as an encryption key, and the first mobile terminal is a mobile terminal pre-bound with the vehicle-mounted terminal; decrypting the encrypted information based on the equipment identifier of the second mobile terminal to obtain a second random character; and sending the second random character to the vehicle-mounted terminal, so that the vehicle-mounted terminal performs identity authentication on the second mobile terminal based on the consistency of the second random character and the first random character. In the scheme, the identity authentication of the mobile terminal is realized through the encryption information in the digital certificate, and the safety of the identity of the mobile terminal can be effectively ensured.

Description

Identity authentication method, identity authentication device, electronic equipment and computer readable storage medium

Technical Field

The disclosure relates to the technical field of computers, in particular to the technical field of intelligent cabins, vehicle-computer interconnection or blockchain, and specifically relates to an identity authentication method, an identity authentication device, electronic equipment and a computer readable storage medium.

Background

With the rapid development of intelligent cabin technology, more and more vehicles are equipped with vehicle terminals. Interconnection of the vehicle-mounted terminal and the mobile terminal (such as a mobile phone) is also becoming more common, and more convenient interaction experience is provided for users.

Along with the increasing popularity of interconnection between a vehicle-mounted terminal and a mobile terminal, how to ensure the safety of interconnection between the vehicle-mounted terminal and the mobile terminal becomes an important technical problem.

Disclosure of Invention

In order to solve at least one of the above defects, the disclosure provides an identity authentication method, an identity authentication device, an electronic device and a computer readable storage medium.

According to a first aspect of the present disclosure, there is provided an identity authentication method, the method comprising:

the method comprises the steps that a digital certificate sent by a vehicle-mounted terminal is received, the digital certificate contains encryption information, the encryption information is obtained by an authentication server through encrypting a first random character by taking a device identifier of the first mobile terminal as an encryption key, and the first mobile terminal is a mobile terminal pre-bound with the vehicle-mounted terminal;

Decrypting the encrypted information based on the equipment identifier of the second mobile terminal to obtain a second random character;

and sending the second random character to the vehicle-mounted terminal so that the vehicle-mounted terminal can carry out identity authentication on the second mobile terminal based on the consistency of the second random character and the first random character.

According to a second aspect of the present disclosure, there is provided another identity authentication method, the method comprising:

the method comprises the steps that a digital certificate acquisition request is sent to an authentication server, a digital certificate returned by the authentication server is received, the digital certificate acquisition request carries a device identifier of a first mobile terminal bound with a vehicle-mounted terminal, the authentication server encrypts a first random character by taking an encryption character generated by the device identifier of the first mobile terminal as an encryption key to obtain encryption information, and the digital certificate is generated based on the encryption information;

transmitting the digital certificate to the second mobile terminal;

and in response to receiving the second random character sent by the second mobile terminal, authenticating the identity of the second mobile terminal based on the consistency of the second random character and the first random character, wherein the second random character is obtained by decrypting the encrypted information by the second mobile terminal based on the equipment identifier of the second mobile terminal.

According to a third aspect of the present disclosure, there is provided a further identity authentication method, the method comprising:

responding to a digital certificate acquisition request sent by a vehicle-mounted terminal, and acquiring a device identifier of a first mobile terminal bound with the vehicle-mounted terminal carried by the digital certificate acquisition request;

generating an encryption character by using the equipment identifier of the first mobile terminal as an encryption key, and encrypting the first random character to obtain encryption information;

and generating a digital certificate based on the encryption information, and returning the digital certificate to the vehicle-mounted terminal so that the vehicle-mounted terminal can perform identity authentication on the second mobile terminal based on the digital certificate.

According to a fourth aspect of the present disclosure, there is provided an identity authentication device comprising:

the digital certificate receiving module is used for receiving a digital certificate sent by the vehicle-mounted terminal, the digital certificate contains encryption information, the encryption information is obtained by using a device identifier of a first mobile terminal as an encryption key to encrypt a first random character, and the first mobile terminal is a mobile terminal pre-bound with the vehicle-mounted terminal;

the encryption information decryption module is used for decrypting the encryption information based on the equipment identifier of the second mobile terminal to obtain a second random character;

And the decryption result sending module is used for sending the second random character to the vehicle-mounted terminal so that the vehicle-mounted terminal can carry out identity authentication on the second mobile terminal based on the consistency of the second random character and the first random character.

According to a fifth aspect of the present disclosure, there is provided another identity authentication device, the device comprising:

the digital certificate receiving module is used for sending a digital certificate acquisition request to the authentication server, receiving a digital certificate returned by the authentication server, wherein the digital certificate acquisition request carries a device identifier of a first mobile terminal bound with the vehicle-mounted terminal, and the authentication server encrypts a first random character by taking the device identifier of the first mobile terminal as an encryption key to obtain encryption information and generates the digital certificate based on the encryption information;

the digital certificate sending module is used for sending the digital certificate to the second mobile terminal;

and the identity authentication module is used for responding to the received second random character sent by the second mobile terminal, carrying out identity authentication on the second mobile terminal based on the consistency of the second random character and the first random character, wherein the second random character is obtained by decrypting the encrypted information by the second mobile terminal based on the equipment identifier of the second mobile terminal.

According to a sixth aspect of the present disclosure, there is provided yet another identity authentication device, the device comprising:

the digital certificate acquisition request receiving module is used for responding to the digital certificate acquisition request sent by the vehicle-mounted terminal, and acquiring the equipment identifier of the first mobile terminal bound with the vehicle-mounted terminal carried by the digital certificate acquisition request;

the character encryption module is used for generating an encryption character by using the equipment identifier of the first mobile terminal as an encryption key and encrypting the first random character to obtain encryption information;

the digital certificate return module is used for generating a digital certificate based on the encryption information and returning the digital certificate to the vehicle-mounted terminal so that the vehicle-mounted terminal can perform identity authentication on the second mobile terminal based on the digital certificate.

According to a seventh aspect of the present disclosure, there is provided an electronic device comprising:

at least one processor; and

a memory communicatively coupled to the at least one processor; wherein,,

the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the authentication method.

According to an eighth aspect of the present disclosure, there is provided a non-transitory computer-readable storage medium storing computer instructions for causing a computer to execute the above-described authentication method.

According to a ninth aspect of the present disclosure, there is provided a computer program product comprising a computer program which, when executed by a processor, implements the above-described authentication method.

It should be understood that the description in this section is not intended to identify key or critical features of the embodiments of the disclosure, nor is it intended to be used to limit the scope of the disclosure. Other features of the present disclosure will become apparent from the following specification.

Drawings

The drawings are for a better understanding of the present solution and are not to be construed as limiting the present disclosure. Wherein:

fig. 1 is a schematic flow chart of an identity authentication method according to an embodiment of the disclosure;

FIG. 2 is a flow chart of another identity authentication method according to an embodiment of the present disclosure;

FIG. 3 is a flow chart of yet another identity authentication method provided by an embodiment of the present disclosure;

fig. 4 is a schematic structural diagram of an identity authentication device according to an embodiment of the present disclosure;

FIG. 5 is a schematic diagram of another identity authentication device according to an embodiment of the present disclosure;

FIG. 6 is a schematic diagram of another identity authentication device according to an embodiment of the present disclosure;

fig. 7 is a block diagram of an electronic device for implementing an identity authentication method of an embodiment of the present disclosure.

Detailed Description

Exemplary embodiments of the present disclosure are described below in conjunction with the accompanying drawings, which include various details of the embodiments of the present disclosure to facilitate understanding, and should be considered as merely exemplary. Accordingly, one of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the present disclosure. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.

Along with the increasing popularity of interconnection between a vehicle-mounted terminal and a mobile terminal, higher requirements are also put forward for ensuring the safety of interconnection between the vehicle-mounted terminal and the mobile terminal.

Specifically, when interconnection is established between the vehicle-mounted terminal and the mobile terminal, effective authentication needs to be performed on identities of the vehicle-mounted terminal and the mobile terminal so as to ensure the safety of the identities of the two communication parties.

In addition, security of communication data between the vehicle-mounted terminal and the mobile terminal needs to be ensured, and the communication data is prevented from being stolen by an unauthorized third party.

The embodiment of the disclosure provides an identity authentication method, an identity authentication device, an electronic device and a computer readable storage medium, which aim to solve at least one of the technical problems in the prior art.

Fig. 1 shows a flow chart of an identity authentication method provided by an embodiment of the disclosure, and as shown in fig. 1, the method mainly may include:

step S110: the method comprises the steps that a digital certificate is received, the digital certificate contains encryption information, the encryption information is obtained by an authentication server through encrypting a first random character by taking a device identifier of a first mobile terminal as an encryption key, and the first mobile terminal is a mobile terminal pre-bound with a vehicle-mounted terminal;

step S120: decrypting the encrypted information based on the equipment identifier of the second mobile terminal to obtain a second random character;

step S130: and sending the second random character to the vehicle-mounted terminal so that the vehicle-mounted terminal can carry out identity authentication on the second mobile terminal based on the consistency of the second random character and the first random character.

The method may be applied to a second mobile terminal. The vehicle-mounted terminal can be a vehicle-mounted system, a vehicle-mounted computer or a vehicle-mounted system and the like. A mobile terminal may be a smart phone of a user, etc.

In the embodiment of the disclosure, the vehicle-mounted terminal can bind the mobile terminals authorized to be interconnected. Specifically, the device identification of the bound mobile terminal may be stored in advance. The device identifier may be a unique identifier of the mobile terminal, which has uniqueness, and the device identifiers of different mobile terminals are different.

In this example, a mobile terminal pre-bound to the vehicle-mounted terminal may be referred to as a first mobile terminal. And recording the mobile terminal which is required to be subjected to identity authentication currently as a second mobile terminal.

The vehicle-mounted terminal may send a digital certificate acquisition request to the authentication server to apply for the digital certificate, and the authentication server may generate the digital certificate in response to receiving the digital certificate acquisition request and return the digital certificate to the vehicle-mounted terminal.

The digital certificate acquisition request sent by the vehicle-mounted terminal can carry the equipment identifier of the first mobile terminal pre-bound with the vehicle-mounted terminal, so that the authentication server can encrypt the first random character according to the equipment identifier of the first mobile terminal serving as an encryption key to obtain encryption information, and the digital certificate is generated based on the encryption information, namely the encryption information is contained in the digital certificate. In this example, the device identifier of the first mobile terminal may be used as a symmetric key.

As one example, the communication between the vehicle terminal and the authentication server may be based on the manner of secure socket layer hypertext transfer protocol (Hypertext Transfer Protocol Secure, https) to ensure the security of the communication between the vehicle terminal and the authentication server.

The first random character may be a unique character randomly generated by the authentication server.

When the vehicle-mounted terminal and the second mobile terminal need to be interconnected, the vehicle-mounted terminal can send the digital certificate to the second mobile terminal so as to carry out identity authentication.

In the embodiment of the disclosure, the vehicle-mounted terminal and the second mobile terminal can be pre-established with communication connection for interaction of data required in the identity authentication process. As one example, the in-vehicle terminal establishes Socket (Socket) communication with the second mobile terminal based on bluetooth. Specifically, the vehicle-mounted terminal can broadcast a communication connection request through bluetooth, and after receiving the communication connection request, the second mobile terminal can send a socket connection request to the vehicle-mounted terminal, so that the vehicle-mounted terminal can establish socket communication connection with the second mobile terminal in response to receiving the socket connection request.

The second mobile terminal can use the self equipment identifier as a decryption key, decrypt the encrypted information to obtain a second random character, and send the second random character to the vehicle-mounted terminal.

The device identifier of the first mobile terminal is used as an encryption key to encrypt the first random character to obtain encryption information, and when the second mobile terminal is identical to the first mobile terminal, namely the second mobile terminal is the terminal device bound by the vehicle-mounted terminal, the device identifier of the second mobile terminal is identical to the device identifier of the first mobile terminal, and at the moment, the second random character obtained by decrypting the encryption information based on the device identifier of the second mobile terminal is identical to the first random character. And when the second mobile terminal is different from the first mobile terminal, namely the second mobile terminal is not the terminal equipment bound by the vehicle-mounted terminal, the equipment identifier of the second mobile terminal is different from the equipment identifier of the first mobile terminal, and at the moment, the second random character obtained by decrypting the encryption information based on the equipment identifier of the second mobile terminal is inconsistent with the first random character.

The vehicle-mounted terminal can carry out identity authentication on the second mobile terminal based on the consistency of the second random character and the first random character. And when the second random character is consistent with the first random character, the identity authentication of the second mobile terminal is successful, and at the moment, the interconnection between the vehicle-mounted terminal and the second mobile terminal is established, so that the identity security of the second mobile terminal can be effectively ensured. And when the second random character is inconsistent with the first random character, the identity authentication of the second mobile terminal is unsuccessful.

According to the method provided by the embodiment of the disclosure, the digital certificate sent by the vehicle-mounted terminal is received, the digital certificate contains encryption information, the encryption information is obtained by using the equipment identifier of the first mobile terminal as an encryption key to encrypt the first random character, and the first mobile terminal is a mobile terminal pre-bound with the vehicle-mounted terminal; decrypting the encrypted information based on the equipment identifier of the second mobile terminal to obtain a second random character; and sending the second random character to the vehicle-mounted terminal so that the vehicle-mounted terminal can carry out identity authentication on the second mobile terminal based on the consistency of the second random character and the first random character. Based on the scheme, the identity authentication of the mobile terminal can be realized through the encryption information in the digital certificate, and the safety of the identity of the mobile terminal is ensured, so that the safety of interconnection between the vehicle-mounted terminal and the mobile terminal is ensured.

In the embodiment of the disclosure, the authentication server may be a node in a blockchain, and the processing steps of the authentication server in the scheme may be implemented based on a blockchain smart contract. A smart contract is an automatically executing code running on a blockchain that may be used to manage and process various data and business logic on the blockchain. Compared to traditional servers, smart contracts have the following advantages:

Decentralizing: the intelligent contract runs on the blockchain network, a centralized server is not provided, and data and codes are scattered on all nodes of the network, so that the data is safer and more reliable.

And (3) automatically executing: the intelligent contract code can be automatically executed without human intervention, so that intermediate links are reduced, and the efficiency is improved.

Tamper-resistant: the codes and data of the intelligent contract are stored in the blockchain and cannot be tampered, so that the safety of the data can be ensured.

The intelligent contract is an important component of the blockchain technology, can be used for realizing the functions of identity authentication, access authorization, data management and the like, and improves the safety and reliability of the system.

In an optional manner of the disclosure, the digital certificate further includes a digital signature, and decrypting the encrypted information based on the device identifier of the second mobile terminal includes:

performing signature authentication on the digital signature;

and decrypting the encrypted information based on the equipment identifier of the second mobile terminal in response to passing the signature authentication.

In the embodiment of the disclosure, the digital certificate further includes a digital signature, and the digital signature may be obtained by the authentication server signing the plaintext information based on a private key of the authentication server.

The second mobile terminal can realize identity authentication of the vehicle-mounted terminal by carrying out signature authentication on the digital signature. When the signature authentication of the digital signature passes, the identity authentication of the vehicle-mounted terminal is successful, and when the signature authentication of the digital signature fails, the identity authentication of the vehicle-mounted terminal is unsuccessful.

In the embodiment of the disclosure, after receiving the digital certificate, the second mobile terminal can perform signature authentication on the digital signature in the digital certificate, after the signature authentication is passed, namely after the security of the identity of the vehicle-mounted terminal is determined, the encrypted information is decrypted based on the equipment identifier of the second mobile terminal, and the decrypted second random character is sent to the vehicle-mounted terminal, so that the vehicle-mounted terminal performs identity authentication on the second mobile terminal, and effective authentication on the identities of the vehicle-mounted terminal and the mobile terminal is realized.

In an alternative form of the disclosure, the digital signature is generated based on a private key of the authentication service, and the method further comprises, prior to receiving the digital certificate:

acquiring a public key of an authentication server provided by a vehicle-mounted terminal;

signature authentication of a digital signature, comprising:

the digital signature is signature authenticated based on the public key of the authentication server.

In the embodiment of the disclosure, signature authentication is performed on the digital signature, and the digital signature needs to be realized based on a public key of an authentication server. Specifically, the digital signature may be obtained by signing the plaintext information by the authentication server based on a private key of the authentication server, the plaintext information may be included in the digital certificate, the second mobile terminal may perform a signature operation on the plaintext information based on a public key of the authentication server, and compare the obtained signature operation result with the digital signature in the digital certificate, if the obtained signature operation result and the digital signature are consistent, the signature authentication is passed, and if the obtained signature operation result and the digital signature are inconsistent, the signature authentication is failed.

In the embodiment of the disclosure, the vehicle-mounted terminal may obtain the public key of the authentication server in advance based on the trusted communication connection with the authentication server, and provide the public key of the authentication server to the second mobile terminal. It will be appreciated that the second mobile terminal may also obtain the public key of the authentication server by other means. The second mobile terminal can realize signature authentication of the digital signature after acquiring the public key of the certificate server.

In an optional manner of the present disclosure, obtaining a public key of an authentication server provided by a vehicle-mounted terminal includes:

and the public key of the authentication server is obtained by scanning the graphic code displayed by the vehicle-mounted terminal, wherein the graphic code is generated by the vehicle-mounted terminal based on the public key of the authentication server.

In the embodiment of the disclosure, the vehicle end may generate the image code based on the public key of the authentication server, and display the graphic code on the screen of the vehicle-mounted terminal, and the second mobile terminal may acquire the public key of the authentication server by scanning the graphic code displayed by the vehicle-mounted terminal.

The image code of the public key of the authentication server is displayed on the vehicle-mounted terminal, so that the second terminal can conveniently acquire the public key of the authentication server.

In an alternative manner of the present disclosure, in response to signature authentication of the digital signature, the method further includes:

and generating a symmetric key and sending the symmetric key to the vehicle-mounted terminal, wherein the symmetric key is used for encrypting and decrypting session information between the second mobile terminal and the vehicle-mounted terminal.

In the embodiment of the disclosure, when the signature authentication of the digital signature passes, the identity authentication of the vehicle-mounted terminal is successful. After verifying the security of the identity of the vehicle-mounted terminal, the second mobile terminal can generate a symmetric key and send the symmetric key to the vehicle-mounted terminal, wherein the symmetric key is used for encrypting and decrypting the session between the second mobile terminal and the vehicle-mounted terminal.

By encrypting the session information by using the symmetric key, the safety of communication data between the vehicle-mounted terminal and the second mobile terminal can be ensured, and the session information is prevented from being stolen.

In the embodiment of the disclosure, the symmetric key and the second random character can be packaged into one piece of information and sent to the vehicle-mounted terminal together, so that the interaction flow is simplified. After receiving the symmetric key and the second random character, the vehicle-mounted terminal can verify the consistency of the second random character and the first random character a priori, and when the second random character is consistent with the first random character, the identity authentication of the second mobile terminal is successful, at the moment, the interconnection between the vehicle-mounted terminal and the second mobile terminal can be established, and then the encryption and decryption of session information between the second mobile terminal and the vehicle-mounted terminal are carried out based on the symmetric key.

In an optional manner of the disclosure, the digital certificate further includes a public key of the vehicle-mounted terminal, and before the symmetric key is sent to the vehicle-mounted terminal, the method further includes:

and encrypting the symmetric key based on the public key of the vehicle-mounted terminal.

In the embodiment of the disclosure, the digital certificate may further include a public key of the vehicle-mounted terminal.

The digital certificate acquisition request sent by the vehicle-mounted terminal can carry the public key of the vehicle-mounted terminal, so that the authentication server can place the public key of the vehicle-mounted terminal in the digital certificate.

The second mobile terminal can acquire the public key of the vehicle-mounted terminal from the digital certificate, encrypt the symmetric key based on the public key of the vehicle-mounted terminal, then send the encrypted symmetric key to the vehicle-mounted terminal, and decrypt the encrypted symmetric key based on the private key of the vehicle-mounted terminal, so that the symmetric key is acquired for use in subsequent session.

The symmetric key is encrypted through the public key of the vehicle-mounted terminal, so that the safety of the symmetric key in the transmission process can be effectively ensured, and only the vehicle-mounted terminal can decrypt to obtain the symmetric key.

In the embodiment of the disclosure, the symmetric key is generated by the second mobile terminal, and the second mobile terminal can acquire the public key of the vehicle-mounted terminal from the digital certificate, so that after the symmetric key is generated by the second mobile terminal, the public key of the vehicle-mounted terminal can be conveniently used for encrypting the symmetric key. If the symmetric key is generated by the vehicle-mounted terminal, the vehicle-mounted terminal still needs to encrypt the symmetric key to ensure the security of the symmetric key, for example, the step of obtaining the public key of the second mobile terminal needs to be additionally added to obtain the public key of the second mobile terminal, and the security of the public key of the second mobile terminal needs to be ensured. In the scheme, the symmetric key is generated through the two mobile terminals, and the public key of the vehicle-mounted terminal is acquired from the digital certificate to be encrypted, so that the security of the symmetric key is conveniently and effectively ensured.

Fig. 2 is a flow chart illustrating another identity authentication method according to an embodiment of the disclosure, where, as shown in fig. 2, the method may mainly include:

Step S210: the method comprises the steps that a digital certificate acquisition request is sent to an authentication server, a digital certificate returned by the authentication server is received, the digital certificate acquisition request carries a device identifier of a first mobile terminal bound with a vehicle-mounted terminal, the authentication server encrypts a first random character by taking an encryption character generated by the device identifier of the first mobile terminal as an encryption key to obtain encryption information, and the digital certificate is generated based on the encryption information;

step S220: transmitting the digital certificate to the second mobile terminal;

step S230: and in response to receiving the second random character sent by the second mobile terminal, authenticating the identity of the second mobile terminal based on the consistency of the second random character and the first random character, wherein the second random character is obtained by decrypting the encrypted information by the second mobile terminal based on the equipment identifier of the second mobile terminal.

The method can be applied to the vehicle-mounted terminal. The vehicle-mounted terminal can be a vehicle-mounted system, a vehicle-mounted computer or a vehicle-mounted system and the like. A mobile terminal may be a smart phone of a user, etc.

In the embodiment of the disclosure, the vehicle-mounted terminal and the second mobile terminal can be pre-established with communication connection for interaction of data required in the identity authentication process.

The second mobile terminal can use the self equipment identifier as a decryption key, decrypt the encrypted information to obtain a second random character, and send the second random character to the vehicle-mounted terminal. The vehicle-mounted terminal can carry out identity authentication on the second mobile terminal based on the consistency of the second random character and the first random character.

According to the method provided by the embodiment of the disclosure, a digital certificate acquisition request is sent to an authentication server, a digital certificate returned by the authentication server is received, the digital certificate acquisition request carries the equipment identifier of a first mobile terminal bound with a vehicle-mounted terminal, the authentication server encrypts a first random character by taking the equipment identifier of the first mobile terminal as an encryption key to obtain encryption information, and the digital certificate is generated based on the encryption information; transmitting the digital certificate to the second mobile terminal; and in response to receiving the second random character sent by the second mobile terminal, authenticating the identity of the second mobile terminal based on the consistency of the second random character and the first random character, wherein the second random character is obtained by decrypting the encrypted information by the second mobile terminal based on the equipment identifier of the second mobile terminal. Based on the scheme, the identity authentication of the mobile terminal can be realized through the encryption information in the digital certificate, and the safety of the identity of the mobile terminal is ensured, so that the safety of interconnection between the vehicle-mounted terminal and the mobile terminal is ensured.

In the embodiment of the disclosure, the authentication server may be a node in a blockchain, and the processing steps of the authentication server in the scheme may be implemented based on a blockchain smart contract.

In an optional manner of the disclosure, based on the consistency of the second random character and the first random character, performing identity authentication on the second mobile terminal includes:

and determining that the identity authentication of the second mobile terminal is successful in response to the second random character being consistent with the first random character.

And when the second random character is consistent with the first random character, the identity authentication of the second mobile terminal is successful, and at the moment, the interconnection between the vehicle-mounted terminal and the second mobile terminal is established, so that the identity security of the second mobile terminal can be effectively ensured. And when the second random character is inconsistent with the first random character, the identity authentication of the second mobile terminal is unsuccessful.

In an optional manner of the disclosure, the method further includes:

receiving a symmetric key sent by a second mobile terminal;

and responding to the successful authentication of the second mobile terminal, and encrypting and decrypting the session information between the second mobile terminal and the vehicle-mounted terminal based on the symmetric key.

In the embodiment of the disclosure, when the signature authentication of the digital signature by the second mobile terminal passes, the identity authentication of the vehicle-mounted terminal is successful. After verifying the security of the identity of the vehicle-mounted terminal, the second mobile terminal can generate a symmetric key and send the symmetric key to the vehicle-mounted terminal, wherein the symmetric key is used for encrypting and decrypting the session between the second mobile terminal and the vehicle-mounted terminal.

In the embodiment of the disclosure, the second mobile terminal may package the symmetric key and the second random character into one piece of information and send the same to the vehicle-mounted terminal, so as to simplify the interaction flow. After receiving the symmetric key and the second random character, the vehicle-mounted terminal can verify the consistency of the second random character and the first random character a priori, and when the second random character is consistent with the first random character, the identity authentication of the second mobile terminal is successful, at the moment, the interconnection between the vehicle-mounted terminal and the second mobile terminal can be established, and then the encryption and decryption of session information between the second mobile terminal and the vehicle-mounted terminal are carried out based on the symmetric key.

In an optional manner of the disclosure, the symmetric key is encrypted by the second mobile terminal based on the public key of the vehicle-mounted terminal, and the method further includes:

the encrypted symmetric key is decrypted based on the private key of the vehicle-mounted terminal.

In an optional manner of the disclosure, the method further includes:

determining whether the second mobile terminal holds a public key of the authentication server;

and providing the public key of the authentication server to the second mobile terminal in response to the second mobile terminal not holding the public key of the authentication server.

The second mobile terminal needs to sign-authenticate the digital signature based on the public key of the authentication server. The in-vehicle terminal may determine whether the second mobile terminal holds the public key of the authentication server, and provide the public key of the authentication server to the second mobile terminal when the second mobile terminal does not hold the public key of the authentication server.

The in-vehicle terminal may acquire the public key of the authentication server in advance based on the trusted communication connection with the authentication server.

In an alternative manner of the present disclosure, providing a public key of an authentication server to a second mobile terminal includes:

generating a graphic code based on the public key of the authentication server;

the graphic code is displayed so that the second mobile terminal obtains the public key of the authentication server by scanning the graphic code.

In an alternative manner of the present disclosure, determining whether the second mobile terminal holds the public key of the authentication server includes:

sending a public key inquiry request of whether an authentication server is held or not to a second mobile terminal;

based on the returned result of the second mobile terminal to the inquiry request, whether the second mobile terminal holds the public key of the authentication server is determined.

In the embodiment of the disclosure, the vehicle-mounted terminal may determine whether the second mobile terminal holds the public key of the authentication server by sending an inquiry request to the second mobile terminal.

As an example, the vehicle terminal and the second mobile terminal may pre-establish a communication connection for interaction of data required in the authentication process. The vehicle-mounted terminal may initiate an inquiry request after the communication connection with the second mobile terminal is established, to confirm whether the second mobile terminal holds the public key of the authentication server.

Fig. 3 is a schematic flow chart of another identity authentication method according to an embodiment of the disclosure, where, as shown in fig. 3, the method may mainly include:

step S310: responding to a digital certificate acquisition request sent by a vehicle-mounted terminal, and acquiring a device identifier of a first mobile terminal bound with the vehicle-mounted terminal carried by the digital certificate acquisition request;

step S320: generating an encryption character by using the equipment identifier of the first mobile terminal as an encryption key, and encrypting the first random character to obtain encryption information;

step S330: and generating a digital certificate based on the encryption information, and returning the digital certificate to the vehicle-mounted terminal so that the vehicle-mounted terminal can perform identity authentication on the second mobile terminal based on the digital certificate.

The method may be applied to an authentication server. The vehicle-mounted terminal can be a vehicle-mounted system, a vehicle-mounted computer or a vehicle-mounted system and the like. A mobile terminal may be a smart phone of a user, etc.

The specific process of the vehicle-mounted terminal for carrying out identity authentication on the second mobile terminal based on the digital certificate is as follows: when the vehicle-mounted terminal and the second mobile terminal need to be interconnected, the vehicle-mounted terminal can send the digital certificate to the second mobile terminal. The second mobile terminal can use the self equipment identifier as a decryption key, decrypt the encrypted information to obtain a second random character, and send the second random character to the vehicle-mounted terminal. The vehicle-mounted terminal can carry out identity authentication on the second mobile terminal based on the consistency of the second random character and the first random character.

According to the method provided by the embodiment of the disclosure, the digital certificate acquisition request is acquired by responding to the digital certificate acquisition request sent by the vehicle-mounted terminal, wherein the digital certificate acquisition request carries the equipment identifier of the first mobile terminal bound with the vehicle-mounted terminal; generating an encryption character by using the equipment identifier of the first mobile terminal as an encryption key, and encrypting the first random character to obtain encryption information; and generating a digital certificate based on the encryption information, and returning the digital certificate to the vehicle-mounted terminal so that the vehicle-mounted terminal can perform identity authentication on the second mobile terminal based on the digital certificate. Based on the scheme, the identity authentication of the mobile terminal can be realized through the encryption information in the digital certificate, and the safety of the identity of the mobile terminal is ensured, so that the safety of interconnection between the vehicle-mounted terminal and the mobile terminal is ensured.

In an optional manner of the disclosure, the digital certificate acquisition request further carries a public key of the vehicle-mounted terminal, and generates the digital certificate based on the encryption information, including:

generating a digital signature based on a private key of the authentication server;

a digital certificate is generated based on the digital signature, the public key of the vehicle-mounted terminal, and the encryption information.

In the embodiment of the disclosure, the digital certificate acquisition request sent by the vehicle-mounted terminal may carry the public key of the vehicle-mounted terminal, so that the authentication server can place the public key of the vehicle-mounted terminal in the digital certificate.

The digital certificate also comprises a digital signature, and the digital signature can be obtained by the authentication server signing the plaintext information based on a private key of the authentication server.

As an example, the digital certificate acquisition request sent by the vehicle-mounted terminal may carry a public key of the vehicle-mounted terminal and a device identifier of the first mobile terminal. The authentication server responds to the received digital certificate acquisition request, generates a first random character, encrypts the first random character by taking the equipment identifier of the first mobile terminal as an encryption key to obtain encryption information, signs plaintext information based on a private key of the authentication server to obtain a digital signature, and finally the generated digital certificate contains the digital signature, a public key of the vehicle-mounted terminal and the encryption information.

In one alternative of the present disclosure, the authentication server is a node in the blockchain.

Based on the same principle as the method shown in fig. 1, fig. 4 shows a schematic structural diagram of an identity authentication device provided by an embodiment of the present disclosure, and as shown in fig. 4, the identity authentication device 40 may include:

the digital certificate receiving module 410 is configured to receive a digital certificate sent by the vehicle-mounted terminal, where the digital certificate includes encryption information, the encryption information is obtained by using, by an authentication server, a device identifier of a first mobile terminal as an encryption key to encrypt a first random character, and the first mobile terminal is a mobile terminal pre-bound with the vehicle-mounted terminal;

An encrypted information decryption module 420, configured to decrypt the encrypted information based on the device identifier of the second mobile terminal, to obtain a second random character;

the decryption result sending module 430 is configured to send the second random character to the vehicle-mounted terminal, so that the vehicle-mounted terminal performs identity authentication on the second mobile terminal based on the consistency of the second random character and the first random character.

According to the device provided by the embodiment of the disclosure, the digital certificate sent by the vehicle-mounted terminal is received, the digital certificate contains encryption information, the encryption information is obtained by using the equipment identifier of the first mobile terminal as an encryption key to encrypt the first random character, and the first mobile terminal is a mobile terminal pre-bound with the vehicle-mounted terminal; decrypting the encrypted information based on the equipment identifier of the second mobile terminal to obtain a second random character; and sending the second random character to the vehicle-mounted terminal so that the vehicle-mounted terminal can carry out identity authentication on the second mobile terminal based on the consistency of the second random character and the first random character. Based on the scheme, the identity authentication of the mobile terminal can be realized through the encryption information in the digital certificate, and the safety of the identity of the mobile terminal is ensured, so that the safety of interconnection between the vehicle-mounted terminal and the mobile terminal is ensured.

Optionally, the digital certificate further includes a digital signature, and the encrypted information decryption module is specifically configured to, when decrypting the encrypted information based on the device identifier of the second mobile terminal:

performing signature authentication on the digital signature;

Optionally, the digital signature is generated based on a private key of the authentication service, the apparatus further comprising:

the public key acquisition module of the authentication server is used for acquiring a public key of the authentication server provided by the vehicle-mounted terminal before receiving the digital certificate;

the encryption information decryption module is specifically used for carrying out signature authentication on the digital signature:

Optionally, the public key obtaining module of the authentication server is specifically configured to:

Optionally, the apparatus further includes:

and the symmetric key generation module is used for responding to the pass of signature authentication of the digital signature, generating a symmetric key and transmitting the symmetric key to the vehicle-mounted terminal, wherein the symmetric key is used for encrypting and decrypting session information between the second mobile terminal and the vehicle-mounted terminal.

Optionally, the digital certificate further includes a public key of the vehicle-mounted terminal, and the device further includes:

and the symmetric key encryption module is used for encrypting the symmetric key based on the public key of the vehicle-mounted terminal before sending the symmetric key to the vehicle-mounted terminal.

It will be appreciated that the above modules of the authentication device in the embodiments of the present disclosure have functions of implementing the corresponding steps of the authentication method in the embodiment shown in fig. 1. The functions can be realized by hardware, and can also be realized by executing corresponding software by hardware. The hardware or software includes one or more modules corresponding to the functions described above. The modules may be software and/or hardware, and each module may be implemented separately or may be implemented by integrating multiple modules. The functional description of each module of the above-mentioned identity authentication device may be specifically referred to the corresponding description of the identity authentication method in the embodiment shown in fig. 1, and will not be repeated herein.

Based on the same principle as the method shown in fig. 2, fig. 5 shows a schematic structural diagram of another identity authentication device provided by an embodiment of the present disclosure, and as shown in fig. 5, the identity authentication device 50 may include:

the digital certificate receiving module 510 is configured to send a digital certificate acquisition request to an authentication server, receive a digital certificate returned by the authentication server, where the digital certificate acquisition request carries a device identifier of a first mobile terminal bound to a vehicle-mounted terminal, and encrypt a first random character by using the authentication server as an encryption key by using the device identifier of the first mobile terminal to obtain encryption information, and generate a digital certificate based on the encryption information;

A digital certificate transmission module 520 for transmitting the digital certificate to the second mobile terminal;

the identity authentication module 530 is configured to perform identity authentication on the second mobile terminal based on consistency of the second random character and the first random character in response to receiving the second random character sent by the second mobile terminal, where the second random character is obtained by decrypting the encrypted information by the second mobile terminal based on the device identifier of the second mobile terminal.

According to the device provided by the embodiment of the disclosure, a digital certificate acquisition request is sent to an authentication server, a digital certificate returned by the authentication server is received, the digital certificate acquisition request carries the equipment identifier of the first mobile terminal bound with the vehicle-mounted terminal, the authentication server encrypts a first random character by taking the equipment identifier of the first mobile terminal as an encryption key to obtain encryption information, and the digital certificate is generated based on the encryption information; transmitting the digital certificate to the second mobile terminal; and in response to receiving the second random character sent by the second mobile terminal, authenticating the identity of the second mobile terminal based on the consistency of the second random character and the first random character, wherein the second random character is obtained by decrypting the encrypted information by the second mobile terminal based on the equipment identifier of the second mobile terminal. Based on the scheme, the identity authentication of the mobile terminal can be realized through the encryption information in the digital certificate, and the safety of the identity of the mobile terminal is ensured, so that the safety of interconnection between the vehicle-mounted terminal and the mobile terminal is ensured.

Optionally, the identity authentication module is specifically configured to, when performing identity authentication on the second mobile terminal based on the consistency of the second random character and the first random character:

Optionally, the apparatus further includes: the symmetric key processing module is used for:

receiving a symmetric key sent by a second mobile terminal;

Optionally, the symmetric key is encrypted by the second mobile terminal based on the public key of the vehicle-mounted terminal, and the apparatus further includes:

and the symmetric key decryption module is used for decrypting the encrypted symmetric key based on the private key of the vehicle-mounted terminal.

Optionally, the device further includes an authentication server public key sending module, where the authentication server public key sending module is configured to:

Optionally, the authentication server public key sending module is specifically configured to, when providing the public key of the authentication server to the second mobile terminal:

generating a graphic code based on the public key of the authentication server;

Optionally, the authentication server public key sending module is specifically configured to, when determining whether the second mobile terminal holds the public key of the authentication server:

It will be appreciated that the above modules of the authentication device in the embodiments of the present disclosure have functions of implementing the corresponding steps of the authentication method in the embodiment shown in fig. 2. The functions can be realized by hardware, and can also be realized by executing corresponding software by hardware. The hardware or software includes one or more modules corresponding to the functions described above. The modules may be software and/or hardware, and each module may be implemented separately or may be implemented by integrating multiple modules. The functional description of each module of the above-mentioned identity authentication device may be specifically referred to the corresponding description of the identity authentication method in the embodiment shown in fig. 2, and will not be repeated herein.

Based on the same principle as the method shown in fig. 3, fig. 6 shows a schematic structural diagram of yet another identity authentication device provided by an embodiment of the present disclosure, and as shown in fig. 6, the identity authentication device 60 may include:

the digital certificate acquisition request receiving module 610 is configured to, in response to receiving a digital certificate acquisition request sent by the vehicle-mounted terminal, acquire that the digital certificate acquisition request carries a device identifier of a first mobile terminal bound to the vehicle-mounted terminal;

the character encryption module 620 is configured to generate an encrypted character as an encryption key by using the device identifier of the first mobile terminal, and encrypt the first random character to obtain encrypted information;

the digital certificate return module 630 is configured to generate a digital certificate based on the encryption information, and return the digital certificate to the vehicle-mounted terminal, so that the vehicle-mounted terminal performs identity authentication on the second mobile terminal based on the digital certificate.

According to the device provided by the embodiment of the disclosure, the digital certificate acquisition request is acquired by responding to the digital certificate acquisition request sent by the vehicle-mounted terminal, wherein the digital certificate acquisition request carries the equipment identifier of the first mobile terminal bound with the vehicle-mounted terminal; generating an encryption character by using the equipment identifier of the first mobile terminal as an encryption key, and encrypting the first random character to obtain encryption information; and generating a digital certificate based on the encryption information, and returning the digital certificate to the vehicle-mounted terminal so that the vehicle-mounted terminal can perform identity authentication on the second mobile terminal based on the digital certificate. Based on the scheme, the identity authentication of the mobile terminal can be realized through the encryption information in the digital certificate, and the safety of the identity of the mobile terminal is ensured, so that the safety of interconnection between the vehicle-mounted terminal and the mobile terminal is ensured.

Optionally, the digital certificate acquisition request further carries a public key of the vehicle-mounted terminal, and the digital certificate return module is specifically configured to, when generating the digital certificate based on the encryption information:

Optionally, the authentication server is a node in a blockchain.

It will be appreciated that the above modules of the authentication device in the embodiments of the present disclosure have functions of implementing the corresponding steps of the authentication method in the embodiment shown in fig. 3. The functions can be realized by hardware, and can also be realized by executing corresponding software by hardware. The hardware or software includes one or more modules corresponding to the functions described above. The modules may be software and/or hardware, and each module may be implemented separately or may be implemented by integrating multiple modules. The functional description of each module of the above-mentioned identity authentication device may be specifically referred to the corresponding description of the identity authentication method in the embodiment shown in fig. 3, and will not be repeated herein.

In the technical scheme of the disclosure, the related processes of collecting, storing, using, processing, transmitting, providing, disclosing and the like of the personal information of the user accord with the regulations of related laws and regulations, and the public order colloquial is not violated.

According to embodiments of the present disclosure, the present disclosure also provides an electronic device, a readable storage medium and a computer program product.

The electronic device includes: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform an identity authentication method as provided by embodiments of the present disclosure.

Compared with the prior art, the electronic equipment is obtained by receiving the digital certificate sent by the vehicle-mounted terminal, wherein the digital certificate contains encryption information, the encryption information is obtained by using the equipment identifier of the first mobile terminal as an encryption key to encrypt the first random character, and the first mobile terminal is a mobile terminal pre-bound with the vehicle-mounted terminal; decrypting the encrypted information based on the equipment identifier of the second mobile terminal to obtain a second random character; and sending the second random character to the vehicle-mounted terminal so that the vehicle-mounted terminal can carry out identity authentication on the second mobile terminal based on the consistency of the second random character and the first random character. Based on the scheme, the identity authentication of the mobile terminal can be realized through the encryption information in the digital certificate, and the safety of the identity of the mobile terminal is ensured, so that the safety of interconnection between the vehicle-mounted terminal and the mobile terminal is ensured.

The readable storage medium is a non-transitory computer readable storage medium storing computer instructions for causing a computer to perform an identity authentication method as provided by an embodiment of the present disclosure.

Compared with the prior art, the readable storage medium is obtained by receiving a digital certificate sent by a vehicle-mounted terminal, wherein the digital certificate contains encryption information, the encryption information is obtained by using a device identifier of a first mobile terminal as an encryption key to encrypt a first random character by an authentication server, and the first mobile terminal is a mobile terminal pre-bound with the vehicle-mounted terminal; decrypting the encrypted information based on the equipment identifier of the second mobile terminal to obtain a second random character; and sending the second random character to the vehicle-mounted terminal so that the vehicle-mounted terminal can carry out identity authentication on the second mobile terminal based on the consistency of the second random character and the first random character. Based on the scheme, the identity authentication of the mobile terminal can be realized through the encryption information in the digital certificate, and the safety of the identity of the mobile terminal is ensured, so that the safety of interconnection between the vehicle-mounted terminal and the mobile terminal is ensured.

The computer program product comprises a computer program which, when executed by a processor, implements an identity authentication method as provided by embodiments of the present disclosure.

Compared with the prior art, the computer program product is obtained by receiving a digital certificate sent by a vehicle-mounted terminal, wherein the digital certificate contains encryption information, the encryption information is obtained by using a device identifier of a first mobile terminal as an encryption key to encrypt a first random character by an authentication server, and the first mobile terminal is a mobile terminal pre-bound with the vehicle-mounted terminal; decrypting the encrypted information based on the equipment identifier of the second mobile terminal to obtain a second random character; and sending the second random character to the vehicle-mounted terminal so that the vehicle-mounted terminal can carry out identity authentication on the second mobile terminal based on the consistency of the second random character and the first random character. Based on the scheme, the identity authentication of the mobile terminal can be realized through the encryption information in the digital certificate, and the safety of the identity of the mobile terminal is ensured, so that the safety of interconnection between the vehicle-mounted terminal and the mobile terminal is ensured.

Fig. 7 shows a schematic block diagram of an example electronic device 70 that may be used to implement embodiments of the present disclosure. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital processing, cellular telephones, smartphones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the disclosure described and/or claimed herein.

As shown in fig. 7, the electronic device 70 includes a computing unit 710 that may perform various suitable actions and processes according to a computer program stored in a Read Only Memory (ROM) 720 or a computer program loaded from a storage unit 780 into a Random Access Memory (RAM) 730. In RAM 730, various programs and data required for operation of device 70 may also be stored. The computing unit 710, ROM 720, and RAM 730 are connected to each other by a bus 740. An input/output (I/O) interface 750 is also connected to bus 740.

Various components in device 70 are connected to I/O interface 750, including: an input unit 760 such as a keyboard, a mouse, etc.; an output unit 770 such as various types of displays, speakers, etc.; a storage unit 780 such as a magnetic disk, an optical disk, or the like; and a communication unit 790 such as a network card, modem, wireless communication transceiver, etc. The communication unit 790 allows the device 70 to exchange information/data with other devices via a computer network, such as the internet, and/or various telecommunications networks.

The computing unit 710 may be a variety of general and/or special purpose processing components having processing and computing capabilities. Some examples of computing unit 710 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various specialized Artificial Intelligence (AI) computing chips, various computing units running machine learning model algorithms, a Digital Signal Processor (DSP), and any suitable processor, controller, microcontroller, etc. The computing unit 710 performs the identity authentication method provided in the embodiments of the present disclosure. For example, in some embodiments, performing the identity authentication methods provided in embodiments of the present disclosure may be implemented as a computer software program tangibly embodied on a machine-readable medium, such as storage unit 780. In some embodiments, part or all of the computer program may be loaded and/or installed onto the device 70 via the ROM 720 and/or the communication unit 790. One or more steps of the authentication method provided in the embodiments of the present disclosure may be performed when the computer program is loaded into the RAM 730 and executed by the computing unit 710. Alternatively, in other embodiments, the computing unit 710 may be configured to perform the identity authentication methods provided in embodiments of the present disclosure in any other suitable manner (e.g., by means of firmware).

Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuit systems, field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), systems On Chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs, the one or more computer programs may be executed and/or interpreted on a programmable system including at least one programmable processor, which may be a special purpose or general-purpose programmable processor, that may receive data and instructions from, and transmit data and instructions to, a storage system, at least one input device, and at least one output device.

Program code for carrying out methods of the present disclosure may be written in any combination of one or more programming languages. These program code may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus such that the program code, when executed by the processor or controller, causes the functions/operations specified in the flowchart and/or block diagram to be implemented. The program code may execute entirely on the machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.

In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. The machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.

To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and pointing device (e.g., a mouse or trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user may be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic input, speech input, or tactile input.

The systems and techniques described here can be implemented in a computing system that includes a background component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such background, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), wide Area Networks (WANs), and the internet.

The computer system may include a client and a server. The client and server are typically remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server may be a cloud server, a server of a distributed system, or a server incorporating a blockchain.

It should be appreciated that various forms of the flows shown above may be used to reorder, add, or delete steps. For example, the steps recited in the present disclosure may be performed in parallel, sequentially, or in a different order, provided that the desired results of the disclosed aspects are achieved, and are not limited herein.

The above detailed description should not be taken as limiting the scope of the present disclosure. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives are possible, depending on design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present disclosure are intended to be included within the scope of the present disclosure.

Claims

1. An identity authentication method, comprising:

receiving a digital certificate sent by a vehicle-mounted terminal, wherein the digital certificate contains encryption information, the encryption information is obtained by an authentication server encrypting a first random character by taking a device identifier of a first mobile terminal as an encryption key, and the first mobile terminal is a mobile terminal pre-bound with the vehicle-mounted terminal;

2. The method of claim 1, wherein the digital certificate further includes a digital signature, the decrypting the encrypted information based on the device identification of the second mobile terminal includes:

performing signature authentication on the digital signature;

3. The method of claim 2, the digital signature generated based on a private key of the authentication service, the method further comprising, prior to the receiving a digital certificate:

acquiring a public key of the authentication server provided by the vehicle-mounted terminal;

the signature authentication of the digital signature comprises the following steps:

and carrying out signature authentication on the digital signature based on the public key of the authentication server.

4. A method according to claim 3, said obtaining a public key of the authentication server provided by the vehicle-mounted terminal, comprising:

and acquiring the public key of the authentication server by scanning the graphic code displayed by the vehicle-mounted terminal, wherein the graphic code is generated by the vehicle-mounted terminal based on the public key of the authentication server.

5. The method of any of claims 2-4, in response to signature authentication of the digital signature, the method further comprising:

6. The method of claim 5, further comprising a public key of the vehicle-mounted terminal in the digital certificate, the method further comprising, prior to transmitting the symmetric key to the vehicle-mounted terminal:

7. An identity authentication method, comprising:

sending a digital certificate acquisition request to an authentication server, receiving a digital certificate returned by the authentication server, wherein the digital certificate acquisition request carries a device identifier of a first mobile terminal bound with a vehicle-mounted terminal, and the authentication server encrypts a first random character by taking an encryption character generated by the device identifier of the first mobile terminal as an encryption key to obtain encryption information, and generates the digital certificate based on the encryption information;

transmitting the digital certificate to a second mobile terminal;

And in response to receiving a second random character sent by the second mobile terminal, performing identity authentication on the second mobile terminal based on the consistency of the second random character and the first random character, wherein the second random character is obtained by decrypting the encrypted information by the second mobile terminal based on the equipment identifier of the second mobile terminal.

8. The method of claim 7, wherein the authenticating the second mobile terminal based on the consistency of the second random character with the first random character comprises:

and responding to the second random character consistent with the first random character, and determining that the identity authentication of the second mobile terminal is successful.

9. The method of claim 8, further comprising:

receiving a symmetric key sent by the second mobile terminal;

and responding to successful identity authentication of the second mobile terminal, and encrypting and decrypting session information between the second mobile terminal and the vehicle-mounted terminal based on the symmetric key.

10. The method of claim 9, wherein the symmetric key is encrypted by the second mobile terminal based on a public key of the in-vehicle terminal, the method further comprising:

Decrypting the encrypted symmetric key based on the private key of the vehicle-mounted terminal.

11. The method of any of claims 7-10, further comprising:

providing the public key of the authentication server to the second mobile terminal in response to the second mobile terminal not holding the public key of the authentication server.

12. The method of claim 11, wherein the providing the public key of the authentication server to the second mobile terminal comprises:

generating a graphic code based on a public key of the authentication server;

and displaying the graphic code so that the second mobile terminal obtains the public key of the authentication server by scanning the graphic code.

13. The method of claim 11 or 12, wherein the determining whether the second mobile terminal holds a public key of the authentication server comprises:

sending a public key inquiry request of whether the authentication server is held or not to the second mobile terminal;

and determining whether the second mobile terminal holds the public key of the authentication server or not based on a return result of the second mobile terminal to the inquiry request.

14. An identity authentication method, comprising:

and generating the digital certificate based on the encryption information, and returning the digital certificate to the vehicle-mounted terminal so that the vehicle-mounted terminal can perform identity authentication on the second mobile terminal based on the digital certificate.

15. The method of claim 14, wherein the digital certificate acquisition request further carries a public key of the vehicle-mounted terminal, and the generating the digital certificate based on the encryption information includes:

and generating the digital certificate based on the digital signature, the public key of the vehicle-mounted terminal and the encryption information.

16. The method of claim 14 or 15, wherein the authentication server is a node in a blockchain.

17. An identity authentication device comprising:

The digital certificate receiving module is used for receiving a digital certificate sent by the vehicle-mounted terminal, the digital certificate comprises encryption information, the encryption information is obtained by using a device identifier of a first mobile terminal as an encryption key to encrypt a first random character by an authentication server, and the first mobile terminal is a mobile terminal pre-bound with the vehicle-mounted terminal;

18. An identity authentication device comprising:

the digital certificate receiving module is used for sending a digital certificate acquisition request to the authentication server, receiving a digital certificate returned by the authentication server, wherein the digital certificate acquisition request carries a device identifier of a first mobile terminal bound with a vehicle-mounted terminal, and the authentication server encrypts a first random character by taking an encryption character generated by the device identifier of the first mobile terminal as an encryption key to obtain encryption information, and generates the digital certificate based on the encryption information;

19. An identity authentication device comprising:

the digital certificate acquisition request receiving module is used for responding to a digital certificate acquisition request sent by the vehicle-mounted terminal, and acquiring the digital certificate acquisition request carrying the equipment identifier of the first mobile terminal bound with the vehicle-mounted terminal;

and the digital certificate return module is used for generating the digital certificate based on the encryption information and returning the digital certificate to the vehicle-mounted terminal so that the vehicle-mounted terminal can perform identity authentication on the second mobile terminal based on the digital certificate.

20. An electronic device, comprising:

at least one processor; and

a memory communicatively coupled to the at least one processor; wherein,,

the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-16.

21. A non-transitory computer readable storage medium storing computer instructions for causing the computer to perform the method of any one of claims 1-16.

22. A computer program product comprising a computer program which, when executed by a processor, implements the method according to any of claims 1-16.