CN117812585A

CN117812585A - Vehicle cloud communication method and communication system in multi-cloud environment

Info

Publication number: CN117812585A
Application number: CN202410232193.7A
Authority: CN
Inventors: 张强; 田成平; 程腾; 石琴; 王文冲
Original assignee: Hefei University of Technology
Current assignee: Hefei University of Technology
Priority date: 2024-03-01
Filing date: 2024-03-01
Publication date: 2024-04-02
Anticipated expiration: 2044-03-01
Also published as: CN117812585B

Abstract

The invention belongs to the technical field of Internet of vehicles, and particularly relates to a vehicle cloud communication method and system in a multi-cloud environment. The communication method comprises the following steps: the security chip is filled with the quantum key sequence and the security chip identity number and then is installed on a vehicle, and vehicle registration information is synchronized into each cloud platform; after the vehicle generates a vehicle cloud key, the vehicle is encrypted by using a preset key in a security chip, and then the vehicle cloud key and vehicle data are transmitted to a cloud platform in a current service area; the cloud platform in the current service area extracts the corresponding preset key and decrypts the corresponding preset key to obtain a vehicle cloud key and vehicle data; the cloud platform in the current service area negotiates with the cloud platform in the next service area to obtain a cloud platform session key, encrypts data of the current vehicle by using the cloud platform session key and then sends the data to the cloud platform in the next service area. The method and the system can avoid the condition that the service of the Internet of vehicles is interrupted when the vehicles enter the new service area every time, and ensure safe and efficient communication between the vehicles and the cloud platform.

Description

Vehicle cloud communication method and communication system in multi-cloud environment

Technical Field

The invention belongs to the technical field of Internet of vehicles, and particularly relates to a vehicle cloud communication method and system in a multi-cloud environment.

Background

The vehicle information service cloud platform (Telematics Service Provider, TSP) is called as a cloud platform for short, and the cloud platform provides rich internet of vehicles services for all parties such as vehicle owners, vehicle manufacturers, third party service providers and the like, such as navigation, route planning, remote monitoring, vehicle diagnosis and the like through integrating technologies such as vehicle data, communication technologies, cloud computing and the like.

Typically each cloud platform provides internet of vehicles services within a respective service area. With the increase of the number of cloud platforms, the internet of vehicles service basically achieves full coverage of the area, and even considering the vehicle density under extreme conditions (such as sudden increase of self-driving traveling vehicles in a transportation hub city in a holiday) and the total communication overhead of the internet of vehicles in the service area, in order to better provide the internet of vehicles service, the service areas of some cloud platforms are overlapped.

However, when the vehicle passes through a plurality of service areas in long-distance driving, and the vehicle enters a new service area, in order to ensure the communication safety, the vehicle needs to carry out identity authentication with a cloud platform in the current service area again; in order to continue to enjoy the internet of vehicles service, the vehicle also needs to request the internet of vehicles service from the cloud platform in the current area and upload the vehicle data again, so that the communication overhead of the vehicle is greatly increased. In addition, in order to successfully pass the identity authentication with the cloud platform, the vehicle may need to store a plurality of keys of the cloud platform, and the storage space of the vehicle is also occupied in a large amount. Even part of vehicles can be old due to the fact that software and hardware of the vehicles are old, calculation speed and response speed are low, when entering a new service area each time, due to the fact that identity authentication and/or time consumption of uploading vehicle data are/is carried out, the service of the internet of vehicles is interrupted, the communication efficiency of the cloud of vehicles is low, experience of the service of the internet of vehicles is poor, and driving accidents are possibly caused. For example, a vehicle losing route planning at an intersection of a highway may result in misleading, and a subsequent vehicle may take several hours to re-enter the correct ramp. Also, for example, vehicles traveling at high speeds, a brief loss of route planning may enter a non-driving road segment causing driving accidents.

Disclosure of Invention

The invention aims to overcome the defects of the prior art, and provides a vehicle cloud communication method in a multi-cloud environment, which can avoid the condition that the service of the Internet of vehicles is interrupted when vehicles enter a new service area every time, and ensure safe and efficient communication between the vehicles and a cloud platform.

In order to achieve the above purpose, the present invention adopts the following technical scheme:

a vehicle cloud communication method in a multi-cloud environment comprises the following steps:

before the safety chip leaves the factory, filling a quantum key sequence and an identity number of the safety chip at a quantum key filling machine, and synchronizing filling information of each safety chip into each cloud platform through an off-line safety channel by the quantum key filling machine;

step 2, the security chip is installed on a vehicle V after leaving the factory, and registration information of the vehicle V is synchronized into each cloud platform through an off-line security channel;

step 3, the vehicle V generates a vehicle cloud key, encrypts vehicle data by using the vehicle cloud key to generate a vehicle data ciphertext, meanwhile, the vehicle V extracts a quantum key from the security chip as a preset key, encrypts the current vehicle cloud key into an encryption key, and then forms first vehicle information M3 together with the vehicle data ciphertext and sends the first vehicle information M3 to a cloud platform in a current service area;

Step 4, after receiving the first vehicle information M3, the cloud platform in the current service area extracts a corresponding preset key decryption encryption key from the registration information of the vehicle V stored in the cloud platform to obtain a vehicle cloud key, and then decrypts the vehicle data ciphertext by using the vehicle cloud key to obtain vehicle data; the subsequent communication between the cloud platform in the current service area and the vehicle V is encrypted and decrypted by using the vehicle cloud key;

step 5, when the vehicle V is about to drive out of the current service area, negotiating a cloud platform in the current service area with a cloud platform in an adjacent service area, namely, after a cloud platform session key is obtained by a cloud platform in the next service area, encrypting vehicle data of the vehicle V by the cloud platform in the current service area by using the cloud platform session key, and then sending the encrypted vehicle data to the cloud platform in the next service area;

and 6, when the vehicle V enters the next service area, returning to the step 3.

Preferably, in step 1, the following sub-steps are further included:

step 11, before the secure chip SMC leaves the factory, the quantum key filling machine generates m quantum keys, and after hash operation is carried out on the m quantum keys respectively, the first k characters of hash operation values of the quantum keys are taken as identifiers of the quantum keys respectively;

Wherein m is more than or equal to 2, k is more than or equal to 2 and less than or equal to the length of the quantum key, and m and k are positive integers;

step 12, arranging m quantum keys into a quantum key sequence according to the corresponding identifiers Fu Daxiao in an ascending order, and binding each quantum key in the quantum key sequence with the corresponding identifier one by one;

step 13, the quantum keys in the current quantum key sequence are connected by connectors and then hash operation is carried out, so that an identity number (SMC) of the current security chip SMC is generated;

step 14, the quantum key filling machine fills the identity number ID (SMC) and the current quantum key sequence into the security chip SMC; and simultaneously, the quantum key filling machine synchronizes filling information of the security chip SMC into each cloud platform database through an off-line security channel.

Preferably, in step 2, the following sub-steps are further included:

step 21, the vehicle V sends a registration application to a trusted authority under the line, wherein the registration application comprises the vehicle V identity number ID (V) and the identity number ID (SMC) of a security chip SMC mounted on the vehicle V;

step 22, after the trusted authority receives the registration application, the identity number ID (V) of the vehicle V and the identity number ID (SMC) of the security chip SMC are extracted from the registration application and compared with the stored identity numbers in the database of the trusted authority,

If the current vehicle V ID (V) and the ID (SMC) of the security chip SMC do not exist in the trusted authority database, the trusted authority generates a pair of asymmetric keys and marks the public key as P _bv The private key is denoted as P _rv The trusted authority binds the current vehicle V ID (V), the ID (SMC) of the security chip SMC and the current generated pair of public and private keys and stores the same in a trusted authority database, and the trusted authority returns a public key P to the current vehicle V _bv And a registration feedback message M1 of each cloud platform identity number, the trusted authority synchronizes the registration information M2 of the current vehicle V into each cloud platform database through an off-line security channel, wherein the registration information M2 comprises the current vehicle V identity number ID (V), the identity number ID (SMC) of the security chip SMC and the private key P _rv ；

If the current vehicle V identity number ID (V) and/or the security chip SMC identity number ID (SMC) exist in the trusted authority database, the trusted authority returns the repeatedly registered message information to the current vehicle V.

Preferably, after the vehicle V is powered on each time, the vehicle V performs identity authentication with the cloud platform in the current service area, and after the identity authentication is successful, step 3 is performed.

Preferably, after each time of starting and powering up the vehicle V, performing identity authentication with the cloud platform in the current service area further includes the following sub-steps:

Step 111, after the vehicle V starts to power up, the vehicle V transmits the power to the cloud platform TSP in the current service area _A Sending an authentication message M4: m4= { ID (V) ||p _bv [ID(SMC)||ID(TSP _A )]And (2) wherein I isConnection operator, ID (TSP) _A ) Representing cloud platform TSP within current service area _A The ID (SMC) indicates the ID (SMC) of the security chip SMC mounted on the vehicle V, P _bv [ID(SMC)||ID(TSP _A )]Public key P indicating use of vehicle V _bv Asymmetric encryption ID (SMC) ||ID (TSP) _A ) ID (V) represents the vehicle V identity number;

step 112, cloud platform TSP in current service area _A The identity number ID (V) of the vehicle V is extracted from the authentication message M4 and stored in the cloud platform TSP _A The database of the vehicle V is called the identity number ID (SMC) and the private key P of the security chip SMC bound with the identity number ID (V) of the current vehicle V _rv Cloud platform TSP _A Using private key P _rv Asymmetric decryption P _bv [ID(SMC)||ID(TSP _A )]Then obtaining the identity number copy ID (SMC) of the security chip SMC and the cloud platform TSP _A Identity number copy ID (TSP) _A )*，

If ID (SMC) =id (SMC), and ID (TSP) _A )*=ID(TSP _A ) I.e. identity authentication is passed, cloud platform TSP in current service area _A Returning the message information passing the identity authentication to the vehicle V;

if cloud platform TSP _A The database of (a) is free of the identity number ID (V) of the current vehicle V, or ID (SMC) +.id (SMC) and/or ID (TSP) _A )*≠ID(TSP _A ) The identity authentication fails, and the cloud platform TSP in the current service area _A The authentication message M4 is discarded.

Preferably, the step 3 further comprises the following substeps:

step 31, a quantum random number generator on the vehicle V generates a vehicle cloud key K1 of a true random number, and the vehicle V symmetrically encrypts the vehicle data D1 by using the vehicle cloud key K1 to form a vehicle data ciphertext G1, i.e., g1=k1 (D1);

step 32, the vehicle V extracts a quantum key from the security chip SMC according to the sequence of quantum keys as the preset key PFK1, and generates the first vehicle information M3 to send to the cloud platform TSP in the current service area _A Inner: m3= { ID (V) || cek1||g1} = { ID (V) PFK1 (K1) K1 (D1), where CEK1 is the encryption key, PFK1 (K1) means thatThe vehicle cloud key K1, cek1=pfk1 (K1), is encrypted symmetrically with the preset key PFK 1.

Preferably, the following are further included in step 4:

cloud platform TSP in current service area _A On the cloud platform TSP, according to the identity number ID (V) of the vehicle V in the first vehicle information M3 _A Finding filling information of a security chip SMC bound with an ID (V), extracting a preset key copy PFK1 from the filling information of the security chip SMC according to the sequence of quantum key sequences, symmetrically decrypting an encryption key CEK1 obtained from first vehicle information M3 by using the preset key copy PFK1 to obtain a vehicle cloud key copy K1, symmetrically decrypting a vehicle data ciphertext G1 obtained from the first vehicle information M3 by using the vehicle cloud key copy K1, and finally obtaining a vehicle data copy D1; cloud platform TSP in subsequent current service area _A The vehicle V symmetrically encrypts and transmits the information sent to the vehicle V or symmetrically decrypts and receives the information of the vehicle V by using a vehicle cloud key copy K1, and the vehicle V symmetrically encrypts and transmits the information to a cloud platform TSP in the current service area _A Receiving the information or symmetric decryption of the cloud platform TSP in the current service area _A The vehicle cloud key K1 is used for information of the (b).

Preferably, in step 3, the following sub-steps are further included:

step 31', a quantum random number generator on the vehicle V generates a vehicle cloud key K1 of a true random number, and the vehicle V symmetrically encrypts vehicle data D1 by using the vehicle cloud key K1 to form a vehicle data ciphertext G1, namely g1=k1 (D1);

step 32', after the vehicle V arbitrarily extracts a quantum key from the quantum key sequence in the security chip SMC as the preset key PFK1, the first vehicle information M3 is generated and sent to the cloud platform TSP in the current service area _A Inner:

m3= { ID (V) |code 1|cek1|g1 } = { ID (V) |code 1|pfk1 (K1) |k1 (D1) }, wherein CODE1 is an identifier to which a preset key PFK1 is bound, CEK1 is an encryption key, cek1=pfk1 (K1), pfk1 (K1) represents symmetric encryption of the vehicle cloud key K1 using the preset key PFK 1;

the following are also included in step 4:

cloud platform TSP in current service area _A Based on the identity number ID (V) in the first vehicle information M3, the cloud platform TSP _A Finding the filling information of the security chip SMC bound with the ID (V) in the database; cloud platform TSP in current service area _A Then, according to the identifier CODE1 in the first vehicle information M3, a corresponding preset key copy PFK1 is found in the charging information of the security chip SMC; cloud platform TSP _A Symmetrically decrypting an encryption key CEK1 obtained from the first vehicle information M3 by using a preset key copy PFK1 to obtain a vehicle cloud key copy K1, symmetrically decrypting a vehicle data ciphertext G1 obtained from the first vehicle information M3 by using the vehicle cloud key copy K1, and finally obtaining a vehicle data copy D1; cloud platform TSP in subsequent current service area _A The vehicle V symmetrically encrypts and transmits the information sent to the vehicle V or symmetrically decrypts and receives the information of the vehicle V by using a vehicle cloud key copy K1, and the vehicle V symmetrically encrypts and transmits the information to a cloud platform TSP in the current service area _A Receiving the information or symmetric decryption of the cloud platform TSP in the current service area _A The vehicle cloud key K1 is used for information of the (b).

Preferably, in step 5, the following sub-steps are further included:

step 51, when the vehicle V is about to exit the current service area, the cloud platform TSP in the current service area _A According to the running direction and the real-time position of the vehicle V, an inquiry message M5 is sent to the vehicle V, and the inquiry message M5 comprises whether to continue enjoying the Internet of vehicles service and the identification information confirmation of the cloud platform in the next service area;

Step 52, vehicle V generates and sends reply message M6 to cloud platform TSP in the current service area _A If the content of the reply message M6 is that the vehicle V does not continue to enjoy the internet of vehicles service, the cloud platform TSP in the current service area _A The communication with the vehicle V ends; if the content of the reply message M6 is that the vehicle V continues to enjoy the internet of vehicles service and confirms the cloud platform identity information in the next service area, the cloud platform TSP in the current service area _A Extracting cloud platform TSP in next service area from reply message M6 _B Identity information ID (TSP) _B )；

Step 53, in the current service areaCloud platform TSP _A Simultaneously, a first negotiation application A1 is initiated to the cloud dispatching platform, an access request A2 is sent, the first negotiation application A1 contains the message type of the first negotiation application A1,

the access request A2 contains the message type of the access request A2, the identity information of the communication destination and the identity information of the communication initiator,

identity information of communication target, namely cloud platform TSP in next service area _B Identity information ID (TSP) _B ) Cloud platform TSP in current service area as identity information of communication initiator _A Identity information ID (TSP) _A ) The message type of the first negotiation application A1 is a key request message, and the message type of the access request A2 is an access request message;

Step 54, after receiving the first negotiation application A1, the cloud scheduling platform and the cloud platform TSP in the current service area _A Negotiating between to generate a first cloud platform session key CK1, i.e. a cloud platform TSP _A Simultaneously obtaining a first cloud platform session key CK1 with a cloud dispatching platform; meanwhile, the cloud scheduling platform forwards the access request A2 to a corresponding communication target, namely a cloud platform TSP in the next service area _B An inner part;

step 55, cloud platform TSP in next service area _B After receiving the access request A2, initiating a second negotiation application A3 to the cloud scheduling platform, and after receiving the second negotiation application A3, the cloud scheduling platform and the cloud platform TSP in the next service area _B Negotiating between to generate a second cloud platform session key CK2, i.e. a cloud platform TSP _B Simultaneously obtaining a second cloud platform session key CK2 with the cloud dispatching platform; cloud platform TSP in next service area _B Binding the second cloud platform session key CK2 with the identity information of the communication initiator extracted from the access request A2 and then storing the binding;

step 56, the cloud dispatching platform symmetrically encrypts the second cloud platform session key CK2 by using the first cloud platform session key CK1 to form key distribution information M7, and then sends the key distribution information M7 to the cloud platform TSP in the current service area _A The method comprises the steps of carrying out a first treatment on the surface of the Cloud platform TSP in current service area _A Symmetric decryption key distribution using first cloud platform session key CK1Obtaining a second cloud platform session key copy CK2 after the information M7;

step 57, cloud platform TSP in current service area _A Symmetrically encrypting the historical data RD1 of the vehicle V by using a second cloud platform session key copy CK2 to form historical information M8 and transmitting the historical information M8 to a cloud platform TSP in a next service area _B In (a) and (b); cloud platform TSP in next service area _B Upon receiving the history information M8, the user and the history information M8 sender, i.e., the cloud platform TSP _A And symmetrically decrypting the bound second cloud platform session key CK2 to obtain a historical data copy RD 1.

The invention also provides a vehicle cloud communication system in a multi-cloud environment, which comprises: a vehicle V, a plurality of cloud platforms and a cloud dispatching platform,

the vehicle V is provided with a security chip SMC, each cloud platform provides a vehicle networking service for the vehicle in the service area of the vehicle V, and the vehicle V enjoys the vehicle networking service by carrying out vehicle cloud communication with the cloud platform in the current service area;

cloud platform session keys are generated through negotiation between the cloud scheduling platform and each cloud platform, and the cloud scheduling platform and each cloud platform are communicated to distribute the cloud platform session keys;

The cloud platform in the current service area encrypts historical data related to the vehicle V by using a session key distributed by the cloud dispatching platform and then transmits the historical data to the cloud platform in the next service area;

each vehicle, the security chip, the cloud platform and the cloud dispatching platform are programmed or configured to execute the vehicle cloud communication method in the multi-cloud environment.

The invention has the beneficial effects that:

(1) According to the vehicle cloud communication method under the multi-cloud environment, in the running process of a vehicle, identity authentication is carried out on the vehicle and a cloud platform in a current service area again after the vehicle enters a new service area as in the prior art, and the vehicle cloud communication method further does not need to request the vehicle networking service from the cloud platform in the current area and upload vehicle data again in order to continue enjoying the vehicle networking service; after the identity authentication is passed, as long as the vehicle is not powered off, no matter which service area the vehicle is running in, the identity authentication is not needed, and meanwhile, when the vehicle is about to drive out of the current service area, the cloud platform in the current service area encrypts and transmits historical data related to the current enjoying of the vehicle networking service to the cloud platform in the next service area; therefore, after entering the new service area, the vehicle can directly enjoy the internet of vehicles service provided by the cloud platform in the new service area, and in the process, the vehicle can formally communicate with the cloud platform in the new service area by directly encrypting the newly generated vehicle data into new vehicle ciphertext data by using the new vehicle cloud key and sending the new vehicle ciphertext data to the cloud platform in the new service area. The vehicle cloud communication method provided by the invention has the advantages that the condition that the service of the vehicle networking is interrupted when the vehicle enters a new service area every time is avoided, the communication delay when the vehicle enters the new service area is reduced, and the continuity of the service of the vehicle networking in a cloudy environment is improved.

(2) In each service area, a vehicle in the invention is newly generated by a quantum random number generator on the vehicle into a vehicle cloud key in the current area, the vehicle cloud key is encrypted by using a preset key after being generated, and then the vehicle cloud key and a vehicle data ciphertext together form a first vehicle information to be transmitted to a cloud platform in the current service area, the vehicle data ciphertext is obtained after the vehicle data is encrypted by using the current vehicle cloud key, the preset key is also extracted from a security chip installed on the current vehicle, no matter the preset key is sequentially extracted from a quantum key sequence of the security chip or is randomly extracted from a quantum key sequence of the security chip, the maximum of the preset key identifier is obtained by irreversible hash calculation, and even if the first vehicle information is intercepted, the preset key in the current service area cannot be known, and even if the vehicle cloud key which can be obtained after the symmetric decryption of the preset key is not needed, the vehicle cloud key cannot be naturally decrypted by using the vehicle cloud key to obtain the vehicle data; only the first vehicle information which is not tampered/forged by a hacker can be correctly decrypted by the cloud platform in the current area and corresponding internet of vehicles services are executed. That is, in the invention, the safety degree of communication between the vehicle and the cloud platform in the current service is extremely high in each service area.

(3) After the vehicle enters the new service area, the vehicle cloud key used for communication is not required to be determined by repeated communication with the cloud platform in the current service area, and the first vehicle information containing the vehicle data ciphertext is directly sent to the cloud platform in the current service area, so that the communication expense and the calculation amount of the vehicle are reduced, the communication delay when the vehicle enters the new service area is further reduced, and the vehicle cloud communication efficiency is improved.

(4) In the invention, one vehicle cloud key can only be used for a specific vehicle in a specific service area, and for the same service area, once the vehicle exits, the vehicle cloud key used by the vehicle is different from the vehicle cloud key used by the last vehicle in the service area, so that even if a hacker acquires the vehicle cloud key in a certain service area, the scene used by the hacker is limited by the service area, the specific vehicle and the time. The vehicle cloud key used for communication between the vehicle and the cloud platform is changed along with the difference of the vehicle, the difference of service areas and the difference of time, so that when the vehicle runs in one service area while the safety of vehicle cloud communication is ensured, the same vehicle cloud key is used for symmetrically encrypting and decrypting with the cloud platform in the current service area to carry out communication, the communication efficiency is high, and the calculation cost is lower.

(5) Before the cloud platform in the current service area acquires the second cloud platform session key, the cloud platform in the current service area cannot directly communicate with the cloud platform in the next service area, the cloud platform in the current service area needs to forward an access request to the cloud platform in the next service area by means of the cloud scheduling platform, the cloud platform in the next service area and the cloud scheduling platform can negotiate the second cloud platform session key, the second cloud platform session key is encrypted by using the first cloud platform session key and then transmitted to the cloud platform in the current service area, namely, in the process, any piece of information is tampered/forged by a hacker, so that the cloud platform in the current service area cannot acquire the correct second cloud platform session key, and further the cloud platform in the next service area cannot decrypt historical data or decrypt messy historical data, so that the cloud platform in the next service area cannot execute corresponding malicious operations as expected by a hacker. I.e., hackers cannot perform malicious operations by tampering/forging the communication information between cloud platforms. Meanwhile, because the first cloud platform session key is generated through negotiation, a hacker cannot intercept the first cloud platform session key, so that the first cloud platform session key is used for decrypting key distribution information to obtain a second cloud platform session key, and then the second cloud platform session key is used for decrypting historical data, namely the safety degree of communication among cloud platforms is extremely high.

(6) According to the vehicle cloud communication method, the vehicle is not required to store keys of a plurality of cloud platforms, encryption transmission of vehicle history data is also carried out by the cloud platform with powerful calculation and storage functions, so that the vehicle cloud communication method has low requirements on software and hardware of the vehicle and calculation speed, universality is achieved, the vehicle response speed is low due to the fact that the vehicle does not occupy too much storage space of the vehicle, safety and reliability in the vehicle cloud communication and vehicle driving processes are improved, driving accidents are avoided, and experience of vehicle networking service is further improved.

Drawings

FIG. 1 is a flow chart of a vehicle cloud communication method in a multi-cloud environment;

fig. 2 is a schematic diagram of an overall architecture of the vehicle cloud communication system according to the present invention.

Detailed Description

In order to make the technical scheme of the invention clearer and more definite, the invention is clearly and completely described below with reference to the accompanying drawings, and the technical characteristics of the technical scheme of the invention are equivalently replaced and the scheme obtained by conventional reasoning is within the protection scope of the invention under the premise of not making creative labor by a person of ordinary skill in the art.

Each cloud platform provides internet of vehicles service in a respective service area, and vehicles pass through at least one service area in a one-time driving process, so that the internet of vehicles service provided by one or more cloud platforms is defined as a multi-cloud environment in a one-time power-on to power-off process for convenience of description.

The process that the vehicle enjoys the internet of vehicles service is the process of communicating with the cloud platform.

Example 1

As shown in fig. 1, the present invention is a flow chart of a vehicle cloud communication method in a multi-cloud environment, which specifically includes the following steps:

s1, before a security chip leaves a factory, filling a quantum key sequence and a security chip identity number at a quantum key filling machine, and synchronizing filling information of each security chip into each cloud platform through an off-line security channel by the quantum key filling machine;

the filling information of the security chip comprises the identity number and the quantum key sequence of the current security chip to be filled;

s2, the security chip is installed on a vehicle V after leaving a factory, the vehicle V is registered in a trusted authority, and the trusted authority synchronizes the registration information of the vehicle V into each cloud platform through an off-line security channel;

s3, after the vehicle V is started and electrified, identity authentication is carried out with the cloud platform in the current service area;

s4, after the identity authentication is successful, the vehicle V generates a vehicle cloud key, vehicle data ciphertext is generated after the vehicle data is encrypted by using the vehicle cloud key, meanwhile, the vehicle V extracts a quantum key from the security chip as a preset key, encrypts the current vehicle cloud key into an encryption key, and then forms first vehicle information M3 together with the vehicle data ciphertext and sends the first vehicle information M3 to a cloud platform in a current service area;

S5, after the cloud platform in the current service area receives the first vehicle information M3, extracting a corresponding preset key decryption encryption key from the registration information of the vehicle V stored by the cloud platform to obtain a vehicle cloud key, and decrypting a vehicle data ciphertext by using the vehicle cloud key to obtain vehicle data; the communication between the cloud platform in the current service area and the vehicle V is encrypted and decrypted by using the vehicle cloud key;

s6, when the vehicle V is about to drive out of the current service area, negotiating a cloud platform in the current service area with a cloud platform in an adjacent service area, namely, after a cloud platform session key is obtained by the cloud platform in the next service area, encrypting data of the current vehicle by the cloud platform in the current service area by using the cloud platform session key, and then sending the data to the cloud platform in the next service area;

s7, when the vehicle V enters the next service area, returning to S4.

S8, starting to power up again after the power of the vehicle V is off, and returning to S3; otherwise, after the vehicle V is powered off, the vehicle V and the cloud platform in the current service area end communication.

In S1 the following sub-steps are also included:

s11, before a security chip SMC leaves a factory, a quantum key filling machine generates m quantum keys, hash operations are respectively carried out on the m quantum keys, and then the first k characters of hash operation values of the quantum keys are respectively taken as identifiers of the quantum keys;

s12, arranging m quantum keys into a quantum key sequence according to the corresponding identifiers Fu Daxiao in an ascending order, and binding each quantum key in the quantum key sequence with the corresponding identifier one by one;

s13, connecting quantum keys in the current quantum key sequence by connectors and then carrying out hash operation to generate an identity number (SMC) of the current security chip SMC;

s14, the quantum key filling machine fills the identity number ID (SMC) and the current quantum key sequence into the security chip SMC; and simultaneously, the quantum key filling machine synchronizes filling information of the security chip SMC into each cloud platform database through an off-line security channel.

In S11, each quantum key generated by the quantum key charger is negotiated between two key distribution terminals through a quantum network (optical fiber communication).

The hash operation in this embodiment uses a SHA-256 hash function, which is not a limitation of the present invention.

In S12, the following is also included:

in the current m quantum keys, if identifiers corresponding to a quantum keys are the same, respectively replacing the same identifiers corresponding to the a quantum keys with quantum random numbers with the length of (k-n+1) from the nth character to the kth character from the left, and arranging the m quantum keys into a quantum key sequence according to the new corresponding identifiers Fu Daxiao in an ascending order; wherein n is more than or equal to 1 and less than or equal to k, and n is a positive integer. Quantum random numbers are also negotiated between two key distribution terminals through a quantum network (optical fiber communication).

This ensures that the identifier corresponding to each of the current m quantum keys is unique.

In this embodiment, k=10, n=6.

For example, in the current 30 quantum keys, the identifiers corresponding to the quantum keys PK1, PK2 and PK3 are the same and are all "7568573026", and the 6 th to 10 th characters from the left of the identifiers are respectively replaced by a quantum random number with a length of 5, the identifier newly corresponding to the quantum key PK1 after replacement is "7568562037", the identifier newly corresponding to the quantum key PK2 is "7568562583", and the identifier newly corresponding to the quantum key PK3 is "7568577758".

In S2 the following sub-steps are also included:

s21, transmitting a registration application to a trusted authority under the V-line of the vehicle, wherein the registration application comprises an identity number ID (V) of the vehicle V and an identity number ID (SMC) of a security chip SMC mounted on the vehicle V;

s22, after receiving the registration application, the trusted authority extracts the ID (V) of the vehicle V and the ID (SMC) of the security chip SMC from the registration application, compares the ID (V) with the stored ID in the database of the trusted authority,

if the current vehicle V ID (V) and the ID (SMC) of the security chip SMC do not exist in the trusted authority database, the trusted authority generates a pair of asymmetric keys and marks the public key as P _bv The private key is denoted as P _rv The trusted authority binds the current vehicle V ID (V), the ID (SMC) of the security chip SMC and the current generated pair of public and private keys and stores the same in a trusted authority database, and the trusted authority returns a public key P to the current vehicle V _bv And registration feedback information M1 of each cloud platform identity number, the trusted authority registers the current vehicle V with the registration informationThe information M2 is synchronized into each cloud platform database through an off-line security channel, and the registration information M2 comprises the current vehicle V identity number ID (V), the identity number ID (SMC) of a security chip SMC and a private key P _rv ；

In the present invention, the trusted authority uses the true random number generated by the quantum random number generator as a public and private key that is returned to each registered vehicle.

In S3 the following sub-steps are also included:

s31, after the vehicle V is started and electrified, the vehicle V transmits to the cloud platform TSP in the current service area _A Sending an authentication message M4: m4= { ID (V) ||p _bv [ID(SMC)||ID(TSP _A )]And, where, is the join operator, ID (TSP) _A ) Representing cloud platform TSP within current service area _A Identity number, P _bv [ID(SMC)||ID(TSP _A )]Public key P indicating use of vehicle V _bv Asymmetric encryption ID (SMC) ||ID (TSP) _A )；

S32, cloud platform TSP in current service area _A The identity number ID (V) of the vehicle V is extracted from the authentication message M4 and stored in the cloud platform TSP _A The database of the vehicle V is called the identity number ID (SMC) and the private key P of the security chip SMC bound with the identity number ID (V) of the current vehicle V _rv Cloud platform TSP _A Using private key P _rv Asymmetric decryption P _bv [ID(SMC)||ID(TSP _A )]Then obtaining the identity number copy ID (SMC) of the security chip SMC and the cloud platform TSP _A Identity number copy ID (TSP) _A )*，

if cloud platform TSP _A The database of (a) is free of the identity number ID (V) of the current vehicle V, or ID (SMC) +.id (SMC) and/or ID (TSP) _A )*≠ID(TSP _A )，Identity authentication fails and cloud platform TSP in current service area _A The authentication message M4 is discarded.

Cloud platform TSP _A After discarding the authentication message M4, when the operator of the vehicle V does not receive the message information passing the identity authentication for a long time, it may be determined whether to perform the identity authentication again according to the own requirement, and if so, the operator may manually operate and return to S31 again.

The vehicle V with legal identity in the present invention refers to a vehicle registered in a trusted authority.

Optionally, if the identity of the vehicle V is legal, after the moment of sending the authentication message M4, the vehicle V is greater than the set first time threshold Δt1, and does not receive the message information that passes the identity authentication sent by the cloud platform, and returns to S31 again. In this embodiment, Δt1=30 seconds.

Optionally, if the identity authentication fails, the cloud platform TSP in the current service area _A And returning message information of identity authentication failure to the vehicle V.

If the vehicle V is transmitting an authentication message M4 to the cloud platform TSP in the current service area _A Network packet loss occurs in the process of (1) or cloud platform TSP in the current service area _A Discarding authentication message M4, again or cloud platform TSP in current service area _A When the network packet loss occurs when the message information of passing/failing of the identity authentication is returned to the vehicle V, after the moment of sending the authentication message M4, the vehicle V with legal identity is larger than the set first time threshold delta t1 and does not receive the message information of passing of the identity authentication sent by the cloud platform, new authentication messages are automatically recalculated and generated and sent, so that the vehicle V with legal identity can finish the identity authentication with the cloud platform as soon as possible, and the time-consuming waiting of the vehicle V with legal identity due to the fact that the identity authentication process between the vehicle V with legal identity and the cloud platform is not known is stopped is avoided.

In S4 the following sub-steps are also included:

s41, after receiving the message information passing through the identity authentication, the vehicle V generates a vehicle cloud key K1 with a true random number by a quantum random number generator on the vehicle V, and the vehicle V symmetrically encrypts the vehicle data D1 by using the vehicle cloud key K1 to form a vehicle data ciphertext G1, namely G1=K1 (D1).

The vehicle V hopes to enjoy the internet of vehicles service, various vehicle data are acquired through the sensors of the vehicle V and are sent to the cloud platform in the current service area, so that the cloud platform in the current service area can calculate based on the received vehicle data, and cloud platform data, namely the internet of vehicles service data required by the vehicle V, are obtained and then returned to the vehicle V.

S42, the vehicle V extracts a quantum key from the security chip SMC according to the sequence of the quantum key as a preset key PFK1, and generates first vehicle information M3 to be sent to the cloud platform TSP in the current service area _A Inner: m3= { ID (V) ||cek1||g1} = { ID (V) PFK1 (K1) K1 (D1), where CEK1 is the encryption key, cek1=pfk1 (K1), PFK1 (K1) representing symmetric encryption of the vehicle cloud key K1 using the preset key PFK 1.

Alternatively, in S4 the following sub-steps are also included:

s41', after receiving message information passing through identity authentication, a vehicle V generates a vehicle cloud key K1 with true random numbers by a quantum random number generator on the vehicle V, and the vehicle V symmetrically encrypts vehicle data D1 by using the vehicle cloud key K1 to form a vehicle data ciphertext G1, namely G1=K1 (D1);

S42', the vehicle V randomly extracts one quantum key from the quantum key sequence in the security chip SMC as a preset key PFK1, and generates first vehicle information M3 to be sent to a cloud platform TSP in the current service area _A Inner: m3= { ID (V) |code 1|cek1|g1 } = { ID (V) |code 1|pfk1 (K1) |k1 (D1) }, where CODE1 is an identifier to which the preset key PFK1 is bound, CEK1 is an encryption key, cek1=pfk1 (K1), PFK1 (K1) represents symmetric encryption of the vehicle cloud key K1 using the preset key PFK 1.

Optionally, each quantum key in the quantum key sequence in the security chip SMC is a disposable key, that is, after each time the vehicle V extracts the quantum key from the security chip SMC as a preset key, the quantum key extracted from the current security chip SMC is destroyed; and the vehicle V destroys the last used preset key.

After all the quantum keys in the current security chip SMC are destroyed, the vehicle V needs to go to the quantum key filling machine in the past, the quantum key filling machine fills the new identity number ID (SMC) and the quantum key sequence into the security chip SMC installed on the vehicle V, and then the vehicle V goes to the trusted institution to update registration information.

After S41 to S42, S5 further includes the following:

Normally, the vehicle cloud key copy K1 is identical to the vehicle cloud key K1, but when the first vehicle information M3 is intercepted and tampered by a hacker, it is sent to the cloud platform TSP in the current service area _A Or a hacker falsifies the first vehicle information M3 to be sent to the cloud platform TSP in the current service area _A All the cloud key copies K1 are different from the cloud key K1, and further, the cloud platform TSP in the current service area _A In a subsequent communication process with the vehicle V, the cloud platform TSP is caused _A Vehicle V cannot decrypt vehicle data or obtain scrambled vehicle data, and vehicle V cannot decrypt cloud platform data or obtain scrambled cloud platform data, so vehicle V and cloud platform TSP _A Will not execute corresponding malicious operations as would be expected by hackers, and will not be blackenedThe passenger decrypts the vehicle data that is desired to be acquired.

After S41 '-S42', S5 further includes the following:

In S6 the following sub-steps are also included:

s61, when the vehicle V is about to exit the current service area, the cloud platform TSP in the current service area _A According to the running direction and the real-time position of the vehicle V, an inquiry message M5 is sent to the vehicle V, and the inquiry message M5 comprises whether to continue enjoying the Internet of vehicles service and the cloud platform identity information confirmation in the next service area.

The edge position of the current service area may be led to more than one service area, and each of these adjacent service areas may become the next service area into which the current vehicle V is about to drive.

S62, the vehicle V generates a reply message M6 and sends the reply message M6 to the cloud platform TSP in the current service area _A If the content of the reply message M6 is that the vehicle V does not continue to enjoy the internet of vehicles service, the cloud platform TSP in the current service area _A The communication with the vehicle V ends; if the content of the reply message M6 is that the vehicle V continues to enjoy the internet of vehicles service and confirms the cloud platform identity information in the next service area, the cloud platform TSP in the current service area _A Extracting cloud platform TSP in next service area from reply message M6 _B Identity information ID (TSP) _B )。

S63, cloud platform TSP in current service area _A Simultaneously, a first negotiation application A1 is initiated to the cloud dispatching platform, an access request A2 is sent, the first negotiation application A1 contains the message type of the first negotiation application A1,

s64, after receiving the first negotiation application A1, the cloud scheduling platform and the cloud platform TSP in the current service area _A Negotiating between to generate a first cloud platform session key CK1, i.e. a cloud platform TSP _A Simultaneously obtaining a first cloud platform session key CK1 with a cloud dispatching platform; meanwhile, the cloud scheduling platform forwards the access request A2 to a corresponding communication target, namely a cloud platform TSP in the next service area _B An inner part;

s65, cloud platform TSP in next service area _B After receiving the access request A2, initiating a second negotiation application A3 to the cloud scheduling platform, and after receiving the second negotiation application A3, the cloud scheduling platform and the cloud platform TSP in the next service area _B Negotiating between to generate a second cloud platform session key CK2, i.e. a cloud platform TSP _B Simultaneously obtaining a second cloud platform session key CK2 with the cloud dispatching platform; cloud platform TSP in next service area _B Initiating communication between second cloud platform session key CK2 and access request A2The identity information of the person is stored after being bound;

s66, the cloud scheduling platform symmetrically encrypts the second cloud platform session key CK2 by using the first cloud platform session key CK1 to form key distribution information M7, and then sends the key distribution information M7 to the cloud platform TSP in the current service area _A The method comprises the steps of carrying out a first treatment on the surface of the Cloud platform TSP in current service area _A Symmetrically decrypting the key distribution information M7 by using the first cloud platform session key CK1 to obtain a second cloud platform session key copy CK2;

s67, cloud platform TSP in current service area _A The history data RD1 related to the current enjoying car networking service of the vehicle V is symmetrically encrypted by using a second cloud platform session key copy CK2 to form history information M8 and is sent to a cloud platform TSP in the next service area _B In (a) and (b); cloud platform TSP in next service area _B Upon receiving the history information M8, the user and the history information M8 sender, i.e., the cloud platform TSP _A And symmetrically decrypting the bound second cloud platform session key CK2 to obtain a historical data copy RD 1.

The history data RD1 includes an identity information ID (V) of the vehicle V, an identity information ID (SMC) of the security chip SMC on the vehicle V, vehicle data, and the like. The vehicle data may be real-time vehicle speed, fuel tank remaining, vehicle location, etc. When the substeps included in S4 are S41 to S42, the history data RD1 further includes the cloud platform TSP in the current service area _A And the position of the preset key copy extracted from the quantum key sequence of the security chip SMC corresponding to the vehicle V.

In this embodiment, the cloud scheduling platform may negotiate a cloud platform session key for generating a true random number with any one cloud platform based on the BB84 protocol through a quantum network (optical fiber communication). Because quanta forming single photons have invisibility, when the cloud platform session key negotiation is carried out between the cloud scheduling platform and the cloud platform, only true quantum random numbers which are not interfered by the third party behaviors can be simultaneously acquired by both parties of the negotiation and become the cloud platform session key; once the third party behavior interference exists, the quantum random numbers acquired by the two negotiation parties are different, namely the cloud platform session key negotiation fails, and the two negotiation parties cannot acquire the cloud platform session key.

The message type is briefly described: in the internet of vehicles service, there are many messages, such as a key request message, an access request message, etc., and an identifier of a message type is manually defined, for example, the first negotiation application A1 in S63 of the present invention is a key request message, and the message type identifier is defined as 001; the access request A2 is an access request message whose message type identifier is defined as 002. The message type contains the requirements of the message sender, and the message receiver can execute corresponding requirements according to the message type. The specific setting of the message type identifier is not a limitation of the present invention.

Likewise, the second cloud platform session key copy CK2 is normally identical to the second cloud platform session key CK2, but is sent to the cloud platform TSP in the current service area after the key distribution information M7 is intercepted and tampered by a hacker _A Or a hacker falsifies the key distribution information M7 to send to the cloud platform TSP in the current service area _A All this results in the second cloud platform session key replica CK2 being different from the second cloud platform session key CK 2. Further, if the history information M8 is intercepted and tampered by a hacker or is falsified, the cloud platform TSP in the next service area _B The correct historical data RD1 cannot be decrypted, so that the communication safety between cloud platforms is ensured, and the cloud platform TSP in the next service area is ensured _B The vehicle cloud communication method in the multi-cloud environment is superior to the prior art in that the continuity of the vehicle networking service in the multi-cloud environment is greatly improved, and the condition that the vehicle networking service is interrupted every time the vehicle enters a new service area is avoided.

When the substep of S4 is S41 to S42, in S67, the history data RD1 further includes the preset key PFK1 used by the vehicle V in the current service area, and the cloud platform TSP in the next service area _B Symmetrically decrypting the history information M8 to obtain a history data copy RD1, and obtaining an identity information copy of the vehicle V, an identity information copy of a security chip SMC on the vehicle V and a preset key copy PFK1 from the history data copy RD1 #* Thereafter, cloud platform TSP _B Finding out filling information corresponding to identity information copy of security chip SMC in database, cloud platform TSP _B And placing the extraction position of the quantum key sequence in the current security chip SMC on one quantum key after the current preset key copy PFK 1. I.e. after the vehicle V enters the next service area, the cloud platform TSP _B And taking one quantum key after PFK1 is extracted from the quantum key sequence in the current security chip SMC as a preset key copy in the service area.

Normally, if the history information M8 is not forged or tampered by a hacker, the history data copy RD1 is identical to the history data RD1, and the preset key copy PFK1 is identical to the preset key PFK1 used in the current service area.

The flow of information of the vehicle V passing through the plurality of service areas during traveling is shown in fig. 2, the broken line indicates the negotiation generation key, and the solid line indicates the flow of information during communication.

The invention discloses a vehicle cloud communication method in a multi-cloud environment, which comprises the following steps:

1. in the running process of the vehicle, the identity authentication with the cloud platform in the current service area is carried out again after entering a new service area as in the prior art, and the internet of vehicles service is requested to the cloud platform in the current area and the vehicle data is uploaded again in order to continue enjoying the internet of vehicles service; after the identity authentication is passed, as long as the vehicle is not powered off, no matter which service area the vehicle is running in, the identity authentication is not needed, and meanwhile, when the vehicle is about to drive out of the current service area, the cloud platform in the current service area encrypts and transmits historical data related to the current enjoying of the vehicle networking service to the cloud platform in the next service area; therefore, after entering the new service area, the vehicle can directly enjoy the internet of vehicles service provided by the cloud platform in the new service area, and in the process, the vehicle can formally communicate with the cloud platform in the new service area by directly encrypting the newly generated vehicle data into new vehicle ciphertext data by using the new vehicle cloud key and sending the new vehicle ciphertext data to the cloud platform in the new service area. The vehicle cloud communication method provided by the invention has the advantages that the condition that the service of the vehicle networking is interrupted when the vehicle enters a new service area every time is avoided, the communication delay when the vehicle enters the new service area is reduced, and the continuity of the service of the vehicle networking in a cloudy environment is improved.

2. In each service area, a vehicle cloud key in the current area is newly generated by a quantum random number generator on the vehicle, the vehicle cloud key is encrypted by using a preset key, and then the first vehicle information is formed together with a vehicle data ciphertext and is transmitted to a cloud platform in the current service area, the vehicle data ciphertext is obtained after the vehicle data is encrypted by using the current vehicle cloud key, the preset key is also extracted from a security chip installed on the current vehicle, no matter the preset key is sequentially extracted from a quantum key sequence of the security chip or is randomly extracted, the first vehicle information has no plaintext of the preset key, at most only the identifier of the preset key is obtained through irreversible hash calculation, even if a hacker intercepts the first vehicle information, the preset key in the current service area cannot be known, and even if the vehicle cloud key which can be obtained after symmetric decryption by the preset key is not needed, the vehicle cloud key cannot be naturally decrypted to obtain the vehicle data; only the first vehicle information which is not tampered/forged by a hacker can be correctly decrypted by the cloud platform in the current area and corresponding internet of vehicles services are executed. That is, in the invention, the safety degree of communication between the vehicle and the cloud platform in the current service is extremely high in each service area.

3. After the vehicle enters the new service area, the vehicle cloud key used for communication is not required to be determined by repeated communication with the cloud platform in the current service area, and the first vehicle information containing the vehicle data ciphertext is directly sent to the cloud platform in the current service area, so that the communication expense and the calculation amount of the vehicle are reduced, the communication delay when the vehicle enters the new service area is further reduced, and the vehicle cloud communication efficiency is improved.

4. One cloud key can only be used on a specific vehicle in a specific service area, and for the same service area, once the vehicle exits, the cloud key used by the vehicle is different from the cloud key used by the last vehicle in the service area, so even if a hacker acquires the cloud key in a certain service area (extremely tiny probability), the scene used by the cloud key is limited by the service area, the specific vehicle and the time (once the specific vehicle exits from the current service area, the cloud key is not used). The vehicle cloud key used for communication between the vehicle and the cloud platform is changed along with the difference of the vehicle, the difference of service areas and the difference of time, so that when the vehicle runs in one service area while the safety of vehicle cloud communication is ensured, the same vehicle cloud key is used for symmetrically encrypting and decrypting with the cloud platform in the current service area to carry out communication, and the communication efficiency is high and the calculation cost is low.

5. Before the cloud platform in the current service area acquires the second cloud platform session key, the cloud platform in the current service area cannot directly communicate with the cloud platform in the next service area, the cloud platform in the current service area needs to forward an access request to the cloud platform in the next service area by means of the cloud scheduling platform, the cloud platform in the next service area and the cloud scheduling platform can negotiate the second cloud platform session key, the second cloud platform session key is encrypted by using the first cloud platform session key and then transmitted to the cloud platform in the current service area, namely, in the process, any piece of information is tampered/forged by a hacker, so that the cloud platform in the current service area cannot acquire the correct second cloud platform session key, and further the cloud platform in the next service area cannot decrypt historical data or decrypt messy historical data, so that the cloud platform in the next service area cannot execute corresponding malicious operations as expected by a hacker. I.e., hackers cannot perform malicious operations by tampering/forging the communication information between cloud platforms. Meanwhile, because the first cloud platform session key is generated through negotiation, a hacker cannot intercept the first cloud platform session key, so that the first cloud platform session key is used for decrypting key distribution information to obtain a second cloud platform session key, and then the second cloud platform session key is used for decrypting historical data, namely the safety degree of communication among cloud platforms is extremely high.

6. According to the vehicle cloud communication method, the vehicle is not required to store keys of a plurality of cloud platforms, encryption transmission of vehicle history data is also carried out by the cloud platform with powerful calculation and storage functions, so that the vehicle cloud communication method has low requirements on software and hardware of the vehicle and calculation speed, universality is achieved, the vehicle response speed is low due to the fact that the vehicle does not occupy too much storage space of the vehicle, safety and reliability in the vehicle cloud communication and vehicle driving processes are improved, driving accidents are avoided, and experience of vehicle networking service is further improved.

Example 2

As shown in fig. 2, the present invention further provides a vehicle cloud communication system in a multi-cloud environment, including:

a vehicle V, a plurality of cloud platforms and a cloud dispatching platform,

and the cloud platform in the current service area encrypts historical data related to the vehicle V by using a session key distributed by the cloud dispatching platform and then transmits the historical data to the cloud platform in the next service area.

Each vehicle, security chip, cloud platform, cloud dispatch platform is programmed or configured within to perform a vehicle cloud communication method in a multi-cloud environment as described in embodiment 1.

The technology, shape, and construction parts of the present invention, which are not described in detail, are known in the art.

Claims

1. The vehicle cloud communication method in the multi-cloud environment is characterized by comprising the following steps of:

2. The vehicle cloud communication method in a multi-cloud environment according to claim 1, further comprising the sub-steps of:

3. The vehicle cloud communication method in a multi-cloud environment according to claim 1, wherein: the step 2 also comprises the following substeps:

if the current vehicle V ID (V) and the ID (SMC) of the security chip SMC do not exist in the trusted authority database, the trusted authority generates a pair of asymmetric keys and marks the public key as P _bv The private key is denoted as P _rv The trusted authority binds the current vehicle V ID (V), the ID (SMC) of the security chip SMC and the current generated pair of public and private keys and stores the same in a trusted authority database, and the trusted authority returns a public key P to the current vehicle V _bv And registration feedback information M1 of each cloud platform identity number, the trusted authority passes the registration information M2 of the current vehicle V throughThe offline security channel is synchronized into each cloud platform database, and the registration information M2 comprises the current vehicle V identity number ID (V), the identity number ID (SMC) of the security chip SMC and the private key P _rv ；

4. The vehicle cloud communication method in a multi-cloud environment according to any one of claim 1, wherein: after the vehicle V is started and electrified each time, the vehicle V performs identity authentication with the cloud platform in the current service area, and after the identity authentication is successful, the step 3 is executed.

5. The vehicle cloud communication method in a multi-cloud environment according to claim 4, wherein the identity authentication with the cloud platform in the current service area after each time the vehicle V is powered on, further comprises the following sub-steps:

Step 111, after the vehicle V starts to power up, the vehicle V transmits the power to the cloud platform TSP in the current service area _A Sending an authentication message M4: m4= { ID (V) ||p _bv [ID(SMC)||ID(TSP _A )]And, where, is the join operator, ID (TSP) _A ) Representing cloud platform TSP within current service area _A The ID (SMC) indicates the ID (SMC) of the security chip SMC mounted on the vehicle V, P _bv [ID(SMC)||ID(TSP _A )]Public key P indicating use of vehicle V _bv Asymmetric encryption ID (SMC) ||ID (TSP) _A ) ID (V) represents the vehicle V identity number;

step 112, cloud platform TSP in current service area _A The identity number ID (V) of the vehicle V is extracted from the authentication message M4 and stored in the cloud platform TSP _A The database of the vehicle V is called the identity number ID (SMC) and the private key P of the security chip SMC bound with the identity number ID (V) of the current vehicle V _rv Cloud platform TSP _A Using private key P _rv Asymmetric decryption P _bv [ID(SMC)||ID(TSP _A )]Obtaining identity number copy of the security chip SMCID (SMC) cloud platform TSP _A Identity number copy ID (TSP) _A )*，

6. The vehicle cloud communication method in a multi-cloud environment according to claim 1, wherein the step 3 further comprises the following sub-steps:

step 32, the vehicle V extracts a quantum key from the security chip SMC according to the sequence of quantum keys as the preset key PFK1, and generates the first vehicle information M3 to send to the cloud platform TSP in the current service area _A Inner: m3= { ID (V) ||cek1||g1} = { ID (V) PFK1 (K1) K1 (D1), where CEK1 is the encryption key, PFK1 (K1) represents a symmetric encryption of the vehicle cloud key K1 using the preset key PFK1, cek1=pfk1 (K1).

7. The vehicle cloud communication method in a multi-cloud environment according to claim 6, wherein step 4 further comprises the following steps:

cloud platform TSP in current service area _A On the cloud platform TSP, according to the identity number ID (V) of the vehicle V in the first vehicle information M3 _A Finding the filling information of the security chip SMC bound with the ID (V), extracting a preset key copy PFK1 from the filling information of the security chip SMC according to the sequence of the quantum key sequences, and symmetrically decrypting the first vehicle by using the preset key copy PFK1 After an encryption key CEK1 obtained in the vehicle information M3 is obtained, a vehicle cloud key copy K1 is obtained, and then the vehicle data ciphertext G1 obtained from the first vehicle information M3 is symmetrically decrypted by using the vehicle cloud key copy K1, and finally a vehicle data copy D1 is obtained; cloud platform TSP in subsequent current service area _A The vehicle V symmetrically encrypts and transmits the information sent to the vehicle V or symmetrically decrypts and receives the information of the vehicle V by using a vehicle cloud key copy K1, and the vehicle V symmetrically encrypts and transmits the information to a cloud platform TSP in the current service area _A Receiving the information or symmetric decryption of the cloud platform TSP in the current service area _A The vehicle cloud key K1 is used for information of the (b).

8. The vehicle cloud communication method in a multi-cloud environment according to claim 2, wherein:

the step 3 also comprises the following substeps:

the following are also included in step 4:

cloud platform TSP in current service area _A Based on the identity number ID (V) in the first vehicle information M3, the cloud platform TSP _A Finding the filling information of the security chip SMC bound with the ID (V) in the database; cloud platform TSP in current service area _A Then, according to the identifier CODE1 in the first vehicle information M3, a corresponding preset key copy PFK1 is found in the charging information of the security chip SMC; cloud platform TSP _A Using pre-treatmentAfter the encryption key CEK1 obtained from the first vehicle information M3 is symmetrically decrypted by the set key copy PFK1, a vehicle cloud key copy K1 is obtained, and then the vehicle data ciphertext G1 obtained from the first vehicle information M3 is symmetrically decrypted by the vehicle cloud key copy K1, and finally a vehicle data copy D1 is obtained; cloud platform TSP in subsequent current service area _A The vehicle V symmetrically encrypts and transmits the information sent to the vehicle V or symmetrically decrypts and receives the information of the vehicle V by using a vehicle cloud key copy K1, and the vehicle V symmetrically encrypts and transmits the information to a cloud platform TSP in the current service area _A Receiving the information or symmetric decryption of the cloud platform TSP in the current service area _A The vehicle cloud key K1 is used for information of the (b).

9. The vehicle cloud communication method in a multi-cloud environment as claimed in claim 1, further comprising the sub-steps of:

Step 53, cloud platform TSP in current service area _A Simultaneously, a first negotiation application A1 is initiated to the cloud dispatching platform, an access request A2 is sent, the first negotiation application A1 contains the message type of the first negotiation application A1,

step 56, the cloud dispatching platform symmetrically encrypts the second cloud platform session key CK2 by using the first cloud platform session key CK1 to form key distribution information M7, and then sends the key distribution information M7 to the cloud platform TSP in the current service area _A The method comprises the steps of carrying out a first treatment on the surface of the Cloud platform TSP in current service area _A Symmetrically decrypting the key distribution information M7 by using the first cloud platform session key CK1 to obtain a second cloud platform session key copy CK2;

step 57, cloud platform TSP in current service area _A The historical data RD1 of the vehicle V is symmetrical by using the second cloud platform session key copy CK2 #After encryption, forming history information M8 and sending the information to a cloud platform TSP in the next service area _B In (a) and (b); cloud platform TSP in next service area _B Upon receiving the history information M8, the user and the history information M8 sender, i.e., the cloud platform TSP _A And symmetrically decrypting the bound second cloud platform session key CK2 to obtain a historical data copy RD 1.

10. A vehicle cloud communication system in a multi-cloud environment, comprising:

a vehicle V, a plurality of cloud platforms and a cloud dispatching platform,

each vehicle, security chip, cloud platform, cloud dispatch platform is programmed or configured to perform a vehicle cloud communication method in a multi-cloud environment as claimed in claim 9.