CN117119449B - Vehicle cloud safety communication method and system - Google Patents

Vehicle cloud safety communication method and system Download PDF

Info

Publication number
CN117119449B
CN117119449B CN202311359727.4A CN202311359727A CN117119449B CN 117119449 B CN117119449 B CN 117119449B CN 202311359727 A CN202311359727 A CN 202311359727A CN 117119449 B CN117119449 B CN 117119449B
Authority
CN
China
Prior art keywords
key
cloud
cloud server
service
handshake
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202311359727.4A
Other languages
Chinese (zh)
Other versions
CN117119449A (en
Inventor
范犇
周敏
柳鹏
田阳柱
徐红星
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Changjiang Quantum Wuhan Technology Co ltd
Original Assignee
Changjiang Quantum Wuhan Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Changjiang Quantum Wuhan Technology Co ltd filed Critical Changjiang Quantum Wuhan Technology Co ltd
Priority to CN202311359727.4A priority Critical patent/CN117119449B/en
Publication of CN117119449A publication Critical patent/CN117119449A/en
Application granted granted Critical
Publication of CN117119449B publication Critical patent/CN117119449B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/009Security arrangements; Authentication; Protecting privacy or anonymity specially adapted for networks, e.g. wireless sensor networks, ad-hoc networks, RFID networks or cloud networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0433Key management protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/84Vehicles

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention provides a vehicle cloud secure communication method and a system, which are characterized in that a handshake key is preset to a vehicle terminal and a cloud server, the handshake key is not transmitted through a network, and a hacker cannot steal the handshake key; and then the handshake data and the reply packet carrying the service key of the reply handshake data are encrypted by using the handshake key, so that the transmission safety of the service key is ensured, and the safety communication flow is simplified. As the service key is issued by the quantum key distribution equipment, the service key has true random characteristics, and service messages Wen Moju between the vehicle clouds encrypted by the service key are deciphered; the cloud server is safely connected with the quantum key distribution equipment to apply for the service key, the vehicle terminal is not required to be communicated with the quantum key distribution equipment, and development cost is reduced; compared with the mode that the service key is generated by a terminal random number source in the prior art, the method does not need to configure a safety module with a complex structure at the terminal, and has small electronic interference on the vehicle terminal; and all communication data among the vehicle clouds are transmitted in ciphertext, so that the leakage of transmission information is fully avoided.

Description

Vehicle cloud safety communication method and system
Technical Field
The invention relates to the field of information security of the Internet of vehicles, in particular to a vehicle cloud security communication method and system.
Background
The automobile becomes an information system with large-scale software, and transmits the whole automobile data and controls the whole automobile core component by means of a wireless communication technology, so that once data leakage or tampering occurs, traffic accidents can be caused when serious, and even the life safety of users is threatened. Aiming at the problem of internet of vehicles data security, the prior art discloses an internet of vehicles data encryption method based on a neural network, a federal learning internet of vehicles privacy protection method based on homomorphic encryption and the like, and the encryption methods improve the security of the internet of vehicles data to a certain extent, but the decryption method is updated continuously along with the time, so that the security of the algorithm-based data is difficult to guarantee. In the prior art, a quantum random number source is configured at a vehicle terminal to generate a random number and the random number is synchronized to a cloud server to form a mode of protecting transmission data by a symmetric key, but the technology needs to configure a safety module containing the quantum random number source and a large-capacity memory at a vehicle end, and the vehicle end has numerous electronic devices, so that larger electronic interference is easy to generate, and the communication cost is increased. In the prior art, two ends of the public driving cloud respectively hold session IDs to apply symmetrical service keys to the password management platform to encrypt communication data, but the vehicle end of the method also needs to communicate with the password management platform, and a communication protocol between the vehicle end and the password management platform needs to be defined, so that development cost is increased.
Disclosure of Invention
In view of the above, the present invention provides a vehicle cloud security communication method and system to at least or partially solve the above-mentioned problems.
In a first aspect, the present invention provides a vehicle cloud security communication method, including: the system comprises a vehicle terminal, a cloud server and quantum key distribution equipment, wherein the cloud server is safely connected with the quantum key distribution equipment; the method comprises the following steps: presetting the same handshake key to the vehicle terminal and the cloud server; the vehicle terminal firstly accesses the network to generate handshake data, encrypts the handshake data by using the handshake key of the local side and sends the handshake data to the cloud server; the cloud server decrypts the handshake data to generate a response packet, applies a service key Q1 to the quantum key distribution equipment, writes the service key Q1 into the response packet, encrypts the response packet by using the handshake key of the self side and returns to the vehicle terminal; the vehicle terminal decrypts the response packet to obtain the service key Q1, and the service key Q1 is used for encrypting the service message between the vehicle terminal and the cloud server.
Optionally, the same handshake key is respectively stored in a flash of the vehicle terminal and a first cloud key storage area of the cloud server; the service key Q1 is distributed to a second cloud key storage area of the cloud server; after the vehicle terminal decrypts and acquires the service key Q1, the flash is emptied and moved into the service key Q1.
Optionally, the flash key encryption is invoked by the uplink messages sent to the cloud server by the vehicle terminal; the cloud server receives the uplink message and calls the second cloud key storage area key for decryption; after the call, the second cloud key storage area key is subjected to storage transfer, and the service key Q2 is obtained and synchronized to the flash of the vehicle terminal. Optionally, the step of obtaining the service key Q2 to be synchronized to the vehicle terminal specifically includes: the cloud server decrypts the uplink message to generate a response packet, applies the service key Q2 to the quantum key distribution equipment, and distributes the service key Q2 to the second cloud key storage area; the service key Q2 is written into the response packet, and the vehicle terminal returns after the first cloud key storage area key is called to be encrypted; and the vehicle terminal calls the flash key to decrypt the response packet to obtain the service key Q2, empties the flash and moves into the service key Q2.
Optionally, the cloud server applies for a service key Q3 to the quantum key distribution device while generating a downlink message; packaging the service key Q3 into a downlink message data packet, calling the second cloud key storage area key to encrypt and then sending the encrypted second cloud key storage area key to a vehicle terminal; after the call, the second cloud key storage area key is subjected to storage transfer, and the service key Q3 is stored in the second cloud key storage area.
Optionally, the service key Q3 is issued to a cache area of the cloud server, where the cache area is connected with the second cloud key storage area in a communication manner.
Optionally, the vehicle terminal calls the flash key to decrypt the downlink message data packet to obtain the service key Q3, empties the flash and moves into the service key Q3; and the vehicle terminal generates a response packet, the flash key is called to encrypt and then returns to the cloud server, and the cloud server calls the second cloud key storage area key to decrypt.
Optionally, the handshake data is generated again when the vehicle terminal is initialized, and the handshake data is encrypted by the flash key of the vehicle terminal and then sent to the cloud server.
Optionally, presetting the same handshake key to the vehicle terminal and the cloud server specifically includes:
the cloud server is filled with the handshake key generated by the quantum key distribution device, the handshake key is copied to a flash, and the flash is integrated on the vehicle-mounted of the vehicle terminal;
or the cloud server is provided with a random number generation unit, the handshake key generated by the random number generation unit is copied to the flash, and the flash is integrated in the vehicle.
In a second aspect, the present invention provides a vehicle cloud security communication system, including: the system comprises a vehicle terminal, a cloud server and quantum key distribution equipment, wherein the cloud server is in wired connection with the quantum key distribution equipment, the vehicle terminal is in communication connection with the cloud server, and the vehicle terminal and the cloud server are preset with the same handshake key; the vehicle terminal is used for generating handshake data, encrypting the handshake data by using the handshake key and then sending the handshake data to the cloud server; the cloud server is used for decrypting the handshake data by using the handshake key, applying a service key to the quantum key distribution equipment to form a response packet carrying the service key, encrypting by using the handshake key and returning to the vehicle terminal so that the vehicle terminal and the cloud server encrypt and decrypt a service message by using the service key; the quantum key distribution device is used for distributing the service key to the cloud server.
According to the vehicle cloud security communication method and system provided by the invention, the complexity of an encryption algorithm is not relied on, the true random characteristic of the quantum key is utilized, the security of a service key transmission path is ensured by layer-by-layer encryption, and the security of vehicle cloud data transmission is ensured by utilizing the service key on the basis. The method mainly comprises the steps of presetting a handshake key to a vehicle terminal and a cloud server, wherein the handshake key is not transmitted through a network, and cannot be stolen by a hacker; and then the handshake data and the reply packet carrying the service key of the reply handshake data are encrypted by using the handshake key, so that the transmission safety of the service key is ensured, and the safety communication flow is simplified. As the service key is issued by the quantum key distribution equipment, the service key has true random characteristics, and service messages Wen Moju between the vehicle clouds encrypted by the service key are deciphered; the cloud server is safely connected with the quantum key distribution equipment to apply for the service key, the vehicle terminal is not required to be communicated with the quantum key distribution equipment, and development cost is reduced; compared with the mode that the service key is generated by a terminal random number source in the prior art, the method does not need to configure a safety module with a complex structure at the terminal, and has small electronic interference on the vehicle terminal; and all communication data among the vehicle clouds are transmitted in ciphertext, so that the leakage of transmission information is fully avoided.
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions of the prior art, the drawings which are used in the description of the embodiments or the prior art will be briefly described, it being obvious that the drawings in the description below are only some embodiments of the invention, and that other drawings can be obtained according to these drawings without inventive faculty for a person skilled in the art.
Fig. 1 is a schematic diagram of data transmission of a vehicle cloud security communication method according to an embodiment of the invention.
Fig. 2 is a schematic diagram of data transmission of a vehicle cloud security communication method according to another embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
In the description of the present specification, the terms "first," "second," and the like are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include one or more such feature.
The technical scheme of the invention is described in detail below by specific examples. The following embodiments may be combined with each other, and some embodiments may not be repeated for the same or similar concepts or processes.
A first aspect of an embodiment of the present invention provides a vehicle cloud security communication method, as shown in fig. 1 and fig. 2, including: the vehicle terminal is in wireless connection with the cloud server, the vehicle terminal can send an uplink message to the cloud server to report the running state of the vehicle, the cloud server can send a downlink message to the vehicle terminal, for example, a remote OTA upgrade packet is sent, the service message comprises the uplink message and the downlink message, and handshaking is needed to be completed between the vehicle terminal and the cloud server before the service message is transmitted between the vehicle terminal and the cloud server, so that information such as a communication protocol and the like can be confirmed. The cloud server is connected with the quantum key distribution equipment in a safe way, and particularly, the cloud server is connected with the quantum key distribution equipment in a wired way, wherein the wired connection way comprises but is not limited to an Ethernet way, an RS-485 way and the like; in other embodiments, the cloud server and the quantum key distribution device may also be on the same local area network for secure transmission of data. The quantum key distribution device is used for responding to the application of the cloud server for obtaining the service key to distribute the truly random quantum key to the cloud server to serve as the service key for encrypting the service message, or actively filling the truly random quantum key to the cloud server according to the instruction to serve as the handshake key for encrypting handshake data, and particularly when the quantum key is issued to the cloud server in a wired mode, the transmission path is absolutely safe. According to the invention, the vehicle terminal and the quantum key distribution device do not need to establish communication connection. It should be noted that, the quantum key distribution device is in the prior art, and the present invention mainly uses the distributed quantum key to implement encryption or decryption, and does not improve the device.
In one embodiment of the present invention, as shown in fig. 1, the method includes:
s1: presetting the same handshake key to the vehicle terminal and the cloud server;
specifically, in the idle period when the quantum key distribution device does not respond to the cloud server to acquire the service key, the quantum key distribution device can be controlled to fill a handshake key of a plurality of bytes into the cloud server. Further, a flash, namely a flash memory, is inserted into the cloud server, a handshake key is copied to the flash, and before the vehicle terminal leaves the factory, the flash is integrated on a vehicle-mounted main board of the vehicle terminal, so that the vehicle terminal and the cloud server have the same handshake key; or the cloud server is provided with a random number generation unit, the random number generation unit can generate a random number, after the cloud server inserts a flash, the random number is copied to the flash to be used as a handshake key, and the flash is integrated on the vehicle-mounted of the vehicle terminal before the vehicle terminal leaves a factory, so that the vehicle terminal and the cloud terminal have the same handshake key, and therefore one of the two ends of the vehicle cloud terminal can decrypt data encrypted by the handshake key, and the other end of the vehicle cloud terminal can decrypt the data. Wherein, the random number generation unit arranged in the device is the prior art, and is not described herein. In the above embodiment, the handshake key of the cloud server is synchronized with the vehicle terminal through flash, the handshake key is not issued by the network, and the handshake key cannot be stolen unless the vehicle terminal and the cloud server are physically damaged, so that the transmission security of data encrypted by the handshake key is ensured. In particular, when the handshake key originates from the quantum key distribution device filling, it has truly random nature and cannot be broken even if the encrypted data is intercepted.
S2: the vehicle terminal firstly accesses the network to generate handshake data, encrypts the handshake data by using the handshake key of the local side and sends the handshake data to the cloud server;
specifically, after leaving the factory, a user activates the vehicle-mounted system, handshake data are generated when the vehicle-mounted system is connected with the cloud server in a first network access mode, the handshake data comprise, but are not limited to, information such as a communication protocol and vehicle configuration, and the vehicle terminal calls a handshake key in the flash to encrypt the handshake data and sends the handshake data to the cloud server. Further specifically, the vehicle terminal is provided with a built-in symmetric encryption and decryption algorithm security chip, the security chip is electrically connected with the flash, and when the vehicle terminal encrypts and decrypts data, the data to be processed and the internal key of the flash are transmitted to the security chip for encryption and decryption.
S3: the cloud server decrypts the handshake data to generate a response packet, applies a service key Q1 to the quantum key distribution equipment, writes the service key Q1 into the response packet, encrypts the response packet by using the handshake key of the self side and returns to the vehicle terminal;
specifically, the cloud server is provided with a first cloud key storage area and a second cloud key storage area, and a handshake key filled by the quantum key distribution device or a handshake key generated in the quantum key distribution device is stored in the first cloud key storage area. The cloud server receives the encrypted handshake data, invokes the handshake key of the first cloud key storage area to decrypt, generates a response packet for replying the handshake data after decrypting, applies for the service key Q1 to the sub-key distribution equipment, writes the service key Q1 into the response packet, invokes the handshake key of the first cloud key storage area to encrypt, sends the encrypted handshake key to the vehicle terminal in a ciphertext mode, ensures the transmission safety of the service key Q1, encapsulates the service key Q1 into the response packet for transmission, does not need to be independently transmitted, and simplifies the safety communication flow. The service key Q1 distributed by the quantum key distribution device is distributed to a second cloud key storage area of the cloud server. The method and the device set the key partition storage at one side of the cloud server, so that the keys can be conveniently and quickly called and destroyed. The cloud server is internally provided with a security chip electrically connected with a cloud key storage unit, the cloud key storage unit comprises a first cloud key storage area and a second cloud key storage area, data to be encrypted and decrypted and a key are transmitted to the security chip to be encrypted and decrypted, wherein a substituted encryption and decryption algorithm is a symmetric encryption and decryption algorithm, is the same as an algorithm built in the security chip of the vehicle terminal, and can be SM4. In other embodiments, a security chip is built in the cloud server, a first cloud key storage area and a second cloud key storage area are arranged in the security chip, a symmetric encryption and decryption algorithm is preset, when encryption and decryption processing is required to be implemented, data to be processed are transmitted to the security chip, and the security chip calls a corresponding storage area key for processing.
S4: the vehicle terminal decrypts the response packet to obtain the service key Q1, and the service key Q1 is used for encrypting the service message between the vehicle terminal and the cloud server.
Specifically, the vehicle terminal receives the encrypted response packet, invokes the handshake key in the flash to decrypt, thereby obtaining response information and the service key Q1, and automatically empties the flash and moves into the service key Q1 after the decryption of the response packet is completed. Therefore, the flash only stores one key, and the flash can be set to have smaller capacity, so that the cost is reduced, and the excessive influence on the running speed of the main control of the vehicle is avoided. Therefore, after the vehicle terminal and the cloud server handshake, the vehicle terminal and the cloud server hold the same service key Q1, one end of the service key Q1 uses the message encrypted by the service key, and the other end of the service key Q1 can use the service key to decrypt, so that the safety communication between the vehicles and the clouds is ensured. It should be noted that, the response packet that the vehicle terminal receives the reply handshake data is regarded as the cloud server agrees to handshake, if the cloud server refuses the vehicle terminal to access the internet, the response packet is not required to be generated, if the vehicle terminal does not receive the response packet in a preset time, the vehicle terminal fails to handshake, and the service message cannot be further generated.
The vehicle cloud security communication method provided by the invention does not depend on the complexity of an encryption algorithm, utilizes the true random characteristic of a quantum key, ensures the security of a service key transmission path through layer-by-layer encryption, and ensures the security of vehicle cloud service data transmission by utilizing the service key on the basis. The method mainly comprises the steps of presetting a handshake key to a vehicle terminal and a cloud server, wherein the handshake key is not transmitted through a network, and cannot be stolen by a hacker; and then the handshake data and the reply packet carrying the service key of the reply handshake data are encrypted by using the handshake key, so that the transmission safety of the service key is ensured, and the safety communication flow is simplified. As the service key is issued by the quantum key distribution equipment, the service key has true random characteristics, and service messages Wen Moju between the vehicle clouds encrypted by the service key are deciphered; the cloud server is safely connected with the quantum key distribution equipment to apply for the service key, the vehicle terminal is not required to be communicated with the quantum key distribution equipment, and development cost is reduced; compared with the mode that the service key is generated by a terminal random number source in the prior art, the method does not need to configure a safety module with a complex structure at the terminal, and has small electronic interference on the vehicle terminal; and all communication data among the vehicle clouds are transmitted in ciphertext, so that the leakage of transmission information is fully avoided.
In a further specific embodiment, the method further comprises:
the flash key encryption is called by the uplink messages sent to the cloud server by the vehicle terminal; the cloud server receives the uplink message and calls the second cloud key storage area key for decryption; after the call, the second cloud key storage area key is subjected to storage transfer, and a service key Q2 is acquired and synchronized to the vehicle terminal.
Specifically, the vehicle terminal generates an uplink message which is pre-transmitted to the cloud server, firstly calls a flash internal key for encryption, and at the moment, the flash internal key is a service key Q1, and the encrypted flash internal key is sent to the cloud server; the cloud server receives the encrypted uplink message, calls a second cloud key storage area key to decrypt, at the moment, the second cloud key storage area key is the service key Q1, after the second cloud key storage area key is called, the cloud server automatically empties the first cloud key storage area, erases the original handshake key, immediately moves the service key Q1 of the second cloud key storage area into the cloud server, applies for the service key Q2 for encrypting the next round of service message to the sub-key distribution equipment, and stores the service key Q2 and sends the service key to the flash of the vehicle terminal. Therefore, the next round of service key application is triggered when the current uplink message is decrypted, the service key for encrypting each round of uplink message is updated, and the vehicle cloud communication safety is further enhanced.
In this embodiment, acquiring the service key Q2 to be synchronized to the vehicle terminal specifically includes: the cloud server decrypts the uplink message to generate a response packet, applies a service key Q2 to the quantum key distribution equipment, and distributes the service key Q2 to the second cloud key storage area; the service key Q2 is written into the response packet, and the vehicle terminal returns after the first cloud key storage area key is called to be encrypted; and the vehicle terminal calls the flash key to decrypt the response packet to obtain the service key Q2, and empties the flash into the service key Q2.
Specifically, the cloud server decrypts the uplink message to generate a response packet for returning the uplink message, and the active vector subkey distribution equipment applies for a new service key Q2, and distributes the service key Q2 to the second cloud key storage area; writing the service key Q2 into a response packet of the uplink message, calling a first cloud key storage area key to encrypt, wherein the first cloud key storage area key is the service key Q1, and the encryption is completed to return the response packet to the vehicle terminal; and the vehicle terminal receives the encrypted response packet, invokes the flash key to decrypt, and at the moment, the flash key is the service key Q1, so that response information and the service key Q2 are obtained, the flash data is emptied after the decryption of the response packet is completed, and the flash data is moved into the service key Q2 after the completion of the emptying. The vehicle terminal and the cloud server complete one round of uplink message transmission, and after the round of message transmission, the flash and the second cloud key storage area still have the same key, so that preparation is made for encryption and decryption processing of the next round of message transmission. The cloud server is arranged to generate the response packet aiming at the uplink message, and the updated service key is packaged into the response packet to return, so that the transmission closed loop is formed to ensure the reliability of data receiving, and meanwhile, the communication process is complicated and the encryption communication delay is caused due to the fact that the service key is independently packaged.
In a further specific embodiment, the method further comprises:
the cloud server generates a downlink message and applies a service key Q3 to the quantum key distribution equipment; packaging the service key Q3 into a downlink message data packet, calling the second cloud key storage area key to encrypt and then sending the encrypted second cloud key storage area key to a vehicle terminal; after the call, the second cloud key storage area key is subjected to storage transfer, and the service key Q3 is stored in the second cloud key storage area.
Specifically, the cloud server generates a downlink message pre-transmitted to the vehicle terminal, applies for the service key Q3 to the quantum key distribution device, and has a data buffer area, the quantum key distribution device issues the service key Q3 to the buffer area, and the buffer area is in communication connection with the second cloud key storage area. The buffer area and the cloud key storage unit are preferably arranged on a security chip in the cloud server, and can be arranged in a memory of a main control module of the cloud server. And packaging the service key Q3 into a downlink message data packet, and then calling a second cloud key storage area key for encryption, wherein the second cloud key storage area key can be the service key Q1 or the service key Q2. If the downlink message is the first transmission message after handshake between the two ends of the vehicle cloud, the second cloud key storage area key is the service key Q1 at this time, and if the downlink message is formed after the uplink message in the above embodiment, the second cloud key storage area key is the service key Q2 at this time. After the second cloud key storage area key is called, the cloud server automatically empties the first cloud key storage area, transfers the second cloud key storage area key to the first cloud key storage area, and then transfers the buffer area key to the second cloud key storage area.
For the case that the downlink message is formed after the uplink message in the above embodiment, the service key Q1 is automatically cleared, and the service key Q2 is moved into the first cloud key storage area. And then the buffer service key Q3 is moved into the second cloud key storage area. Therefore, the invention divides the service key of the cloud server into the applied key and the key to be applied, wherein the applied key refers to the key which is called by the security chip and is used for encrypting and decrypting the service message, the key to be applied does not contain the key which is called to be applied to encrypt and decrypt the service message, the key to be applied refers to the key which is not called to be applied to encrypt and decrypt the service message, the applied key is stored in the first cloud key storage area, the key to be applied is stored in the second cloud key storage area, and the first cloud key storage area is transferred and covered as long as the second cloud key storage area is called to be applied to encrypt and decrypt the service message, a special storage area is vacated for the service key which is applied to encrypt the next round of service message, the service key is convenient to update rapidly, and each service key is used for encrypting one service message.
The vehicle terminal receives the encrypted downlink message, and calls the flash key to decrypt the downlink message data packet to obtain the downlink message and the service key Q3, and the flash key is the service key Q2 at the moment after the downlink message is formed in the uplink message in the embodiment, so that the data packet decryption can be implemented; after decryption, flash is emptied and moved into a service key Q3, and synchronization of the service key for encrypting the next round of service message is completed. The vehicle terminal also generates a response packet for replying the downlink message, the response packet is encrypted by the flash key and then returns to the cloud server, at the moment, the flash key is the service key Q3, the cloud server receives the response packet, calls the second cloud key storage area key to decrypt, and at the moment, the second cloud key storage area key is the service key Q3. So far, the two ends of the vehicle cloud complete a round of downlink message transmission, after the round of message transmission, the flash and the second cloud key storage area still have the same key, no matter the vehicle terminal sends an uplink message or the cloud server sends a downlink message later, the service key Q3 is utilized when the flash and the second cloud key storage area are respectively called to implement encryption and decryption. It can be understood that, for the downlink message transmission, the service key Q3 at the cloud server end only decrypts the response packet, and does not encrypt and decrypt the service message, so that the transfer storage is not required. Thus, the invention fully protects the safety of message data aiming at the transmission of a service message, confirms the service key to be applied in the next round when the transmission of the message is completed, and avoids the too long delay caused by the encryption transmission; compared with the prior art, the invention aims at data encryption one-time pad, and avoids complicated communication caused by frequent application of service keys.
As shown in fig. 2, for the case that the downlink message is formed after handshake at two ends of the vehicle cloud, at this time, the first cloud key storage area key of the cloud server is a handshake key, and the second cloud key storage area key is a service key Q1; the cloud server applies for a new service key Q3 to the quantum key distribution equipment while generating a downlink message, and the service key Q3 is distributed to a cache region of the security chip; packaging the service key Q3 into a downlink message data packet, calling the service key Q1 of the second cloud key storage area to encrypt and then sending the encrypted service key Q1 to the vehicle terminal; the vehicle terminal receives the encrypted downlink message, calls the service key Q1 of the flash to decrypt, acquires the downlink message and the service key Q3 after decrypting, empties the flash and moves into the service key Q3; the vehicle terminal also generates a response packet for replying the downlink message, the response packet is encrypted by the service key Q3 in the flash and then returns to the cloud server, the cloud server receives the response packet, and the second cloud key storage area service key Q3 is called to decrypt and confirm the response information. Thus, the transmission of the downlink message of the round is completed.
In a further specific embodiment, the handshake data is generated again when the vehicle terminal is initialized, in other words, after the vehicle terminal is initialized, handshake with the cloud server needs to be re-established, and no handshake is needed again for vehicle power-off restarting, OTA upgrading and the like; and the handshake data is encrypted by the flash key of the vehicle terminal and then sent to the cloud server, namely, for the encrypted communication of the handshake again, the latest service key in the flash of the vehicle terminal is utilized, and the flash is not required to be electrically connected with the cloud server to copy the handshake key.
A second aspect of an embodiment of the present invention provides a vehicle cloud security communication system, including: the system comprises a vehicle terminal, a cloud server and quantum key distribution equipment, wherein the cloud server is in wired connection with the quantum key distribution equipment, the vehicle terminal is in communication connection with the cloud server, and the vehicle terminal and the cloud server are preset with the same handshake key; the vehicle terminal is used for generating handshake data, encrypting the handshake data by using the handshake key and then sending the handshake data to the cloud server; the cloud server is used for decrypting the handshake data by using the handshake key, applying a service key to the quantum key distribution equipment to form a response packet carrying the service key, encrypting by using the handshake key and returning to the vehicle terminal so that the vehicle terminal and the cloud server encrypt and decrypt a service message by using the service key; the quantum key distribution device is used for distributing the service key to the cloud server.
It should be noted that, encrypting and decrypting data by using a key in the present invention refers to encrypting and decrypting the data by substituting the key and the data into an encryption algorithm, where the encryption algorithm is a symmetric cryptographic algorithm, and the encryption algorithm includes, but is not limited to, SM4.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and not for limiting the same; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some or all of the technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the invention.

Claims (10)

1. The cloud security communication method is characterized by comprising the following steps of: the system comprises a vehicle terminal, a cloud server and quantum key distribution equipment, wherein the cloud server is safely connected with the quantum key distribution equipment; the method comprises the following steps:
presetting the same handshake key to the vehicle terminal and the cloud server;
the vehicle terminal firstly accesses the network to generate handshake data, encrypts the handshake data by using the handshake key of the local side and sends the handshake data to the cloud server;
the cloud server decrypts the handshake data to generate a response packet, applies a service key Q1 to the quantum key distribution equipment, writes the service key Q1 into the response packet, encrypts the response packet by using the handshake key of the self side and returns to the vehicle terminal;
the vehicle terminal decrypts the response packet to obtain the service key Q1, and the service key Q1 is used for encrypting the service message between the vehicle terminal and the cloud server.
2. The vehicle cloud secure communication method according to claim 1, wherein the same handshake key is stored in a flash of the vehicle terminal and a first cloud key storage area of the cloud server, respectively;
the service key Q1 is distributed to a second cloud key storage area of the cloud server;
after the vehicle terminal decrypts and acquires the service key Q1, the flash is emptied and moved into the service key Q1.
3. The vehicle cloud security communication method according to claim 2, wherein the flash key encryption is invoked by all uplink messages sent to the cloud server by the vehicle terminal;
the cloud server receives the uplink message and calls the second cloud key storage area key for decryption;
after the call, the second cloud key storage area key is subjected to storage transfer, and a service key Q2 is acquired and synchronized to the vehicle terminal.
4. The vehicle cloud security communication method according to claim 3, wherein obtaining the service key Q2 to be synchronized to the vehicle terminal specifically includes:
the cloud server decrypts the uplink message to generate a response packet, applies the service key Q2 to the quantum key distribution equipment, and distributes the service key Q2 to the second cloud key storage area;
the service key Q2 is written into the response packet, and the vehicle terminal returns after the first cloud key storage area key is called to be encrypted;
and the vehicle terminal calls the flash key to decrypt the response packet to obtain the service key Q2, empties the flash and moves into the service key Q2.
5. The vehicle cloud security communication method according to claim 4, wherein the cloud server applies for a service key Q3 to the quantum key distribution device while generating a downlink message;
packaging the service key Q3 into a downlink message data packet, calling the second cloud key storage area key to encrypt and then sending the encrypted second cloud key storage area key to a vehicle terminal;
after the call, the second cloud key storage area key is subjected to storage transfer, and the service key Q3 is stored in the second cloud key storage area.
6. The vehicle cloud security communication method according to claim 5, wherein the service key Q3 is issued to a cache area of the cloud server, and the cache area is communicatively connected to the second cloud key storage area.
7. The vehicle cloud security communication method according to claim 6, wherein the vehicle terminal calls the flash key to decrypt the downlink message data packet to obtain the service key Q3, empties the flash and moves into the service key Q3;
and the vehicle terminal generates a response packet, the flash key is called to encrypt and then returns to the cloud server, and the cloud server calls the second cloud key storage area key to decrypt.
8. The vehicle cloud security communication method according to claim 7, wherein the handshake data is generated again when the vehicle terminal is initialized, and the handshake data is encrypted by the flash key of the vehicle terminal and then sent to the cloud server.
9. The vehicle cloud security communication method according to any of claims 1 to 8, wherein presetting the same handshake key to the vehicle terminal and the cloud server specifically comprises:
the cloud server is filled with the handshake key generated by the quantum key distribution device, the handshake key is copied to a flash, and the flash is integrated on the vehicle-mounted of the vehicle terminal;
or the cloud server is provided with a random number generation unit, the handshake key generated by the random number generation unit is copied to the flash, and the flash is integrated in the vehicle-mounted device.
10. A vehicle cloud security communication system, comprising: the system comprises a vehicle terminal, a cloud server and quantum key distribution equipment, wherein the cloud server is in wired connection with the quantum key distribution equipment, the vehicle terminal is in communication connection with the cloud server, and the vehicle terminal and the cloud server are preset with the same handshake key;
the vehicle terminal is used for generating handshake data, encrypting the handshake data by using the handshake key and then sending the handshake data to the cloud server;
the cloud server is used for decrypting the handshake data by using the handshake key, applying a service key to the quantum key distribution equipment to form a response packet carrying the service key, encrypting by using the handshake key and returning to the vehicle terminal so that the vehicle terminal and the cloud server encrypt and decrypt a service message by using the service key;
the quantum key distribution device is used for distributing the service key to the cloud server.
CN202311359727.4A 2023-10-20 2023-10-20 Vehicle cloud safety communication method and system Active CN117119449B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311359727.4A CN117119449B (en) 2023-10-20 2023-10-20 Vehicle cloud safety communication method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311359727.4A CN117119449B (en) 2023-10-20 2023-10-20 Vehicle cloud safety communication method and system

Publications (2)

Publication Number Publication Date
CN117119449A CN117119449A (en) 2023-11-24
CN117119449B true CN117119449B (en) 2024-01-19

Family

ID=88805853

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311359727.4A Active CN117119449B (en) 2023-10-20 2023-10-20 Vehicle cloud safety communication method and system

Country Status (1)

Country Link
CN (1) CN117119449B (en)

Citations (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105635039A (en) * 2014-10-27 2016-06-01 阿里巴巴集团控股有限公司 Network safety communication method and device
CN105871538A (en) * 2015-01-22 2016-08-17 阿里巴巴集团控股有限公司 Quantum key distribution system, quantum key distribution method and device
CN106982419A (en) * 2016-01-18 2017-07-25 普天信息技术有限公司 A kind of broadband cluster system individual calling End to End Encryption method and system
CN108737092A (en) * 2018-06-15 2018-11-02 董绍锋 Mobile terminal administration server, mobile terminal, business cloud platform and application system
CN110212991A (en) * 2019-06-06 2019-09-06 江苏亨通问天量子信息研究院有限公司 Quantum wireless network communications system
CN110839240A (en) * 2018-08-17 2020-02-25 阿里巴巴集团控股有限公司 Method and device for establishing connection
CN111756528A (en) * 2019-03-28 2020-10-09 广东国盾量子科技有限公司 Quantum session key distribution method and device and communication architecture
WO2021047476A1 (en) * 2019-09-09 2021-03-18 科大国盾量子技术股份有限公司 Key distributing method and system, and wearable device
CN112839019A (en) * 2019-11-25 2021-05-25 广州汽车集团股份有限公司 Vehicle-mounted data transmission method, device and system
WO2022016593A1 (en) * 2020-07-23 2022-01-27 苏州大学 Quantum key distribution protection method and system based on service security level
WO2022021992A1 (en) * 2020-07-31 2022-02-03 深圳市燃气集团股份有限公司 Data transmission method and system based on nb-iot communication, and medium
CN114338003A (en) * 2021-12-06 2022-04-12 合肥工业大学 Vehicle road cloud remote control system and method based on quantum encryption
CN114419928A (en) * 2022-01-27 2022-04-29 合肥工业大学 Vehicle road cloud cooperative control system and method based on quantum communication
CN114696998A (en) * 2020-12-25 2022-07-01 科大国盾量子技术股份有限公司 Identity authentication method, device and system
WO2022153051A1 (en) * 2021-01-13 2022-07-21 Arqit Limited System and method for key establishment
WO2022199186A1 (en) * 2021-03-24 2022-09-29 嘉兴企树网络科技有限公司 Internet-of-things communication system based on quantum technology
CN115190154A (en) * 2022-08-12 2022-10-14 长江量子(武汉)科技有限公司 Car networking system and vehicle mounted terminal based on quantum is encrypted
CN115348085A (en) * 2022-08-12 2022-11-15 长江量子(武汉)科技有限公司 Epidemic prevention management method based on quantum encryption and epidemic prevention terminal

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108401011B (en) * 2018-01-30 2021-09-24 网宿科技股份有限公司 Acceleration method and device for handshake request in content distribution network and edge node
TWI670960B (en) * 2018-06-14 2019-09-01 笠眾實業有限公司 Vehicle networking system for verifying connection under public network and connection method thereof
CN116528228B (en) * 2023-07-03 2023-08-25 合肥工业大学 Internet of vehicles presetting and session key distribution method, communication method and system

Patent Citations (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105635039A (en) * 2014-10-27 2016-06-01 阿里巴巴集团控股有限公司 Network safety communication method and device
CN105871538A (en) * 2015-01-22 2016-08-17 阿里巴巴集团控股有限公司 Quantum key distribution system, quantum key distribution method and device
CN106982419A (en) * 2016-01-18 2017-07-25 普天信息技术有限公司 A kind of broadband cluster system individual calling End to End Encryption method and system
CN108737092A (en) * 2018-06-15 2018-11-02 董绍锋 Mobile terminal administration server, mobile terminal, business cloud platform and application system
CN110839240A (en) * 2018-08-17 2020-02-25 阿里巴巴集团控股有限公司 Method and device for establishing connection
CN111756528A (en) * 2019-03-28 2020-10-09 广东国盾量子科技有限公司 Quantum session key distribution method and device and communication architecture
CN110212991A (en) * 2019-06-06 2019-09-06 江苏亨通问天量子信息研究院有限公司 Quantum wireless network communications system
WO2021047476A1 (en) * 2019-09-09 2021-03-18 科大国盾量子技术股份有限公司 Key distributing method and system, and wearable device
CN112839019A (en) * 2019-11-25 2021-05-25 广州汽车集团股份有限公司 Vehicle-mounted data transmission method, device and system
WO2022016593A1 (en) * 2020-07-23 2022-01-27 苏州大学 Quantum key distribution protection method and system based on service security level
WO2022021992A1 (en) * 2020-07-31 2022-02-03 深圳市燃气集团股份有限公司 Data transmission method and system based on nb-iot communication, and medium
CN114696998A (en) * 2020-12-25 2022-07-01 科大国盾量子技术股份有限公司 Identity authentication method, device and system
WO2022153051A1 (en) * 2021-01-13 2022-07-21 Arqit Limited System and method for key establishment
WO2022199186A1 (en) * 2021-03-24 2022-09-29 嘉兴企树网络科技有限公司 Internet-of-things communication system based on quantum technology
CN114338003A (en) * 2021-12-06 2022-04-12 合肥工业大学 Vehicle road cloud remote control system and method based on quantum encryption
CN114419928A (en) * 2022-01-27 2022-04-29 合肥工业大学 Vehicle road cloud cooperative control system and method based on quantum communication
CN115190154A (en) * 2022-08-12 2022-10-14 长江量子(武汉)科技有限公司 Car networking system and vehicle mounted terminal based on quantum is encrypted
CN115348085A (en) * 2022-08-12 2022-11-15 长江量子(武汉)科技有限公司 Epidemic prevention management method based on quantum encryption and epidemic prevention terminal

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
低时延、高可靠的车云协同安全策略研究;梁洪源;《信息通信技术》;全文 *
基于量子密钥和云服务的身份加密方案;韩家伟;刘衍珩;孙鑫;宋立军;;吉林大学学报(工学版)(02);全文 *
基于量子密钥的车-云加密通信架构研究;石琴;《汽车工程》;第2-5节 *
面向车云网量子加密通信架构的轻量化身份认证方案研究;石琴;《汽车技术》;全文 *

Also Published As

Publication number Publication date
CN117119449A (en) 2023-11-24

Similar Documents

Publication Publication Date Title
CN115190154B (en) Quantum encryption-based Internet of vehicles system and vehicle-mounted terminal
CN104660602A (en) Quantum key transmission control method and system
CN101340443A (en) Session key negotiating method, system and server in communication network
CN115567210B (en) Method and system for realizing zero trust access by adopting quantum key distribution
CN103533539A (en) Virtual SIM (subscriber identity module) card parameter management method and device
ES2864676T3 (en) Communications system and procedure
CN115567324A (en) Data encryption transmission method, system, computer equipment and storage medium
CN117097462A (en) Vehicle-mounted intelligent software upgrading encryption system based on quantum key system
CN115567204A (en) 5G module based on quantum key, communication system, communication method and application
CN114142995B (en) Key security distribution method and device for block chain relay communication network
JP2017055335A (en) Moving body control system
CN117119449B (en) Vehicle cloud safety communication method and system
CN113312655A (en) File transmission method based on redirection, electronic equipment and readable storage medium
CN114697008A (en) Communication system and method based on quantum security SIM card, quantum security SIM card and key service platform
CN114531238B (en) Secret key safe filling method and system based on quantum secret key distribution
CN106961330A (en) Quantum key service station
EP3834361A1 (en) Method of managing private cryptographic keys
CN116346335A (en) Encryption communication method and encryption communication system for electric energy meter and concentrator
CN114143198B (en) Firmware upgrading method
CN109327452A (en) Encryption method, device, equipment and storage medium
CN115225389A (en) Communication encryption method, device, equipment and storage medium
CN110536287B (en) Forward safety implementation method and device
JP2000112860A (en) Method for safe information transmitting/sharing service
KR102708686B1 (en) Internet Key Exchange of Network Equipment
CN117478762B (en) Safe and high-speed transmission method and system for Internet of vehicles data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant