EP4305802A1 - Authentifizierung von klartext und chiffretext in einer vehicle-to-everything (v2x)-nachricht - Google Patents

Authentifizierung von klartext und chiffretext in einer vehicle-to-everything (v2x)-nachricht

Info

Publication number
EP4305802A1
EP4305802A1 EP22701452.9A EP22701452A EP4305802A1 EP 4305802 A1 EP4305802 A1 EP 4305802A1 EP 22701452 A EP22701452 A EP 22701452A EP 4305802 A1 EP4305802 A1 EP 4305802A1
Authority
EP
European Patent Office
Prior art keywords
hash
message
ciphertext
plaintext message
plaintext
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
EP22701452.9A
Other languages
English (en)
French (fr)
Inventor
William Whyte
Sean Vincent Maschue
Drew Foster Van Duren
Virendra Kumar
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qualcomm Inc
Original Assignee
Qualcomm Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US17/497,120 external-priority patent/US11792645B2/en
Application filed by Qualcomm Inc filed Critical Qualcomm Inc
Publication of EP4305802A1 publication Critical patent/EP4305802A1/de
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/68Special signature format, e.g. XML format
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/76Proxy, i.e. using intermediary entity to perform cryptographic operations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/84Vehicles

Definitions

  • V2X Vehicle-To-Everything
  • V2X wireless technologies are also under consideration in different regions of the world. The techniques described herein are applicable to any V2X wireless technology.
  • the C-V2X protocol defines two transmission modes that, together, provide a 360° non-line-of-sight awareness and a higher level of predictability for enhanced road safety and autonomous driving.
  • a first transmission mode includes direct C-V2X, which includes vehi cl e-to- vehicle (V2V), vehicle-to-infrastructure (V2I), and vehicle-to-pedestrian (V2P), and that provides enhanced communication range and reliability in the dedicated Intelligent Transportation System (ITS) 5.9 gigahertz (GHz) spectrum that is independent of a cellular network.
  • ITS Intelligent Transportation System 5.9 gigahertz
  • a second transmission mode includes vehicle-to-network communications (V2N) in mobile broadband systems and technologies, such as third generation wireless mobile communication technologies (3G) (e.g., global system for mobile communications (GSM) evolution (EDGE) systems, code division multiple access (CDMA) 2000 systems, etc.), fourth generation wireless mobile communication technologies (4G) (e.g., long term evolution (LTE) systems, LTE-Advanced systems, mobile Worldwide Interoperability for Microwave Access (mobile WiMAX) systems, etc.), fifth generation new radio wireless mobile communication technologies (5GNR systems, etc.), and so forth.
  • 3G third generation wireless mobile communication technologies
  • GSM global system for mobile communications
  • EDGE global system for mobile communications
  • CDMA code division multiple access
  • 4G fourth generation wireless mobile communication technologies
  • LTE long term evolution
  • LTE-Advanced systems LTE-Advanced systems
  • mobile Worldwide Interoperability for Microwave Access mobile Worldwide Interoperability for Microwave Access
  • 5GNR systems etc.
  • V2X onboard equipment An element of V2X systems is the ability for a vehicle to broadcast Basic Safety Messages (BSM) in North America or Cooperative Awareness Messages (CAM) in Europe, which other vehicles can receive and process to improve traffic safety.
  • BSM Basic Safety Messages
  • CAM Cooperative Awareness Messages
  • V2X onboard equipment Onboard equipment that provide the vehicle-to-everything (V2X) functionality
  • Various aspects include methods and systems performed by endpoint nodes for authenticating plaintext and ciphertext in a message. Some aspects may include generating ciphertext from a plaintext message to be transmitted in a message, generating a hash of the ciphertext and a hash of the plaintext message, generating a digital signature of a concatenation of the hash of the ciphertext and the hash of the plaintext message, and sending to a network node a message that includes the ciphertext, the hash of the plaintext message, and the digital signature.
  • the ciphertext, the hash of the plaintext message, and the digital signature may be configured to enable the network node to verify that the endpoint node signed the signed concatenation.
  • the endpoint node may include a vehicle-to-everything (V2X) endpoint node, and the message may include a V2X message.
  • V2X vehicle-to-everything
  • the message may be configured for transmission over a limited bandwidth wireless communication link.
  • the message may be configured as one of a tolling message, a parking access message, a road condition message, a geonetworking message, or an emergency responder message.
  • the plaintext message may include one of tolling information, parking access information, road condition information, geonetworking information, and emergency responder information.
  • the concatenation of the hash of the ciphertext and the hash of the plaintext message may include a data structure that includes an identification of the ciphertext or the hash of the ciphertext and an identification of the plaintext message or the hash of the plaintext message.
  • Various aspects include methods and systems performed by a processor of a network node for processing a message. Some aspects may include receiving from an endpoint node a message including ciphertext, a hash of a plaintext message, and a digital signature of a concatenation of a hash of the ciphertext and the hash of the plaintext message, determining whether the endpoint node signed the concatenation of the hash of the ciphertext and the hash of the plaintext message, and sending to an encryption key device the ciphertext, the hash of the plaintext message, and the digital signature of the concatenation of the hash of the ciphertext and the hash of the plaintext message in response to determining that the endpoint node signed the concatenation of the hash of the ciphertext and the hash of the plaintext message.
  • the message may include a V2X message and the endpoint node may include a V2X endpoint node.
  • determining whether the endpoint node signed the concatenation of the hash of the ciphertext and the hash of the plaintext message may include generating a hash of the ciphertext, concatenating the hash of the plaintext message and the generated hash of the ciphertext, and providing the concatenation of the hash of the plaintext message and the generated hash of the ciphertext as an input to verify the digital signature using a public key of the endpoint node.
  • generating the hash of the ciphertext may include generating the hash of the ciphertext using a hash algorithm known to be used by an authentic endpoint node.
  • the message may be configured for transmission over a limited bandwidth wireless communication link.
  • the message may be configured as one of a tolling message, a parking access message, a road condition message, a geonetworking message, or an emergency responder message.
  • the concatenation of the hash of the ciphertext and the hash of the plaintext message may include a data structure that includes an identification of the hash of the ciphertext and an identification of the hash of the plaintext message.
  • sending to an encryption key device the ciphertext, the hash of the plaintext message, and the digital signature of the concatenation of the hash of the ciphertext and the hash of the plaintext message may include sending to an encryption key server the ciphertext, the hash of the plaintext message, and the digital signature of the concatenation of the hash of the ciphertext and the hash of the plaintext message.
  • sending to an encryption key device the ciphertext, the hash of the plaintext message, and the digital signature of the concatenation of the hash of the ciphertext and the hash of the plaintext message may include sending to an encryption key module the ciphertext, the hash of the plaintext message, and the digital signature of the concatenation of the hash of the ciphertext and the hash of the plaintext message.
  • Various aspects include methods and systems performed by a processor of a computing device for authenticating plaintext and ciphertext in a message. Some aspects may include receiving from an encryption key device a plaintext message originated by an endpoint node, a hash of ciphertext of the plaintext message, and a digital signature of a concatenation of the hash of the ciphertext and a hash of the plaintext message, determining whether the endpoint node signed the concatenation of the hash of the ciphertext and a hash of the plaintext message, and performing a data transaction for the endpoint node in response to determining that the endpoint node signed the concatenation of the ciphertext and the plaintext message.
  • the message may include a V2X message and the endpoint node may include a V2X endpoint node.
  • determining whether the endpoint node signed the concatenation of the hash of the ciphertext and a hash of the plaintext message may include generating a hash of the plaintext message, concatenating the generated hash of the plaintext message and the hash of the ciphertext, and providing the concatenation of the generated hash of the plaintext message and the hash of the ciphertext as an input to verify the digital signature using a public key of the endpoint node.
  • the plaintext message may include one of tolling information, parking access information, road condition information, geonetworking information, and emergency responder information.
  • the concatenation of the hash of the ciphertext and the hash of the plaintext message may include a data structure that includes an identification of the ciphertext or the hash of the ciphertext and an identification of the plaintext message or the hash of the plaintext message.
  • receiving from an encryption key device a plaintext message originated by an endpoint node, a hash of ciphertext of the plaintext message, and a digital signature of a concatenation of the hash of the ciphertext and a hash of the plaintext message may include receiving from an encryption key server the plaintext message originated by the endpoint node, a hash of ciphertext of the plaintext message, and a digital signature of a concatenation of the hash of the ciphertext and a hash of the plaintext message.
  • receiving from an encryption key device a plaintext message originated by an endpoint node, a hash of ciphertext of the plaintext message, and a digital signature of a concatenation of the hash of the ciphertext and a hash of the plaintext message may include receiving from an encryption key module the plaintext message originated by the endpoint node, a hash of ciphertext of the plaintext message, and a digital signature of a concatenation of the hash of the ciphertext and a hash of the plaintext message.
  • Various aspects include a system for authenticating plaintext and ciphertext in a message, including an endpoint node including a processor configured with processor- executable instructions to generate ciphertext from a plaintext message to be transmitted in a message, generate a hash of the ciphertext and a hash of the plaintext message, generate a digital signature of a concatenation of the hash of the ciphertext and the hash of the plaintext message, and send a message including the ciphertext, the hash of the plaintext message, and the digital signature.
  • the system also may include a network node including a processor configured with processor-executable instructions to receive from the endpoint node the message including the ciphertext, the hash of a plaintext message, and the digital signature, determine whether the endpoint node signed the concatenation of the hash of the ciphertext and the hash of the plaintext message, and send to an encryption key device the ciphertext, the hash of the plaintext message, and the digital signature in response to determining that the endpoint node signed the concatenation of the hash of the ciphertext and the hash of the plaintext message.
  • a network node including a processor configured with processor-executable instructions to receive from the endpoint node the message including the ciphertext, the hash of a plaintext message, and the digital signature, determine whether the endpoint node signed the concatenation of the hash of the ciphertext and the hash of the plaintext message, and send to an encryption key device the ciphertext, the hash of the plaintext
  • the system also may include a network processing device including a processor configured with processor-executable instructions to receive from an encryption key device the plaintext message originated by the endpoint node, a hash of ciphertext of the plaintext message, and a digital signature of a concatenation of the hash of the ciphertext and a hash of the plaintext message, determine whether the endpoint node signed the concatenation of the hash of the ciphertext and the hash of the plaintext message, and perform a data transaction for the endpoint node in response to determining that the endpoint node signed the concatenation of the ciphertext and the plaintext message.
  • a network processing device including a processor configured with processor-executable instructions to receive from an encryption key device the plaintext message originated by the endpoint node, a hash of ciphertext of the plaintext message, and a digital signature of a concatenation of the hash of the ciphertext and a hash of the plaintext message, determine whether the endpoint
  • Further aspects include an endpoint node, a network node, and/or a computing device including a memory and a processor configured to perform operations of any of the methods summarized above. Further aspects may include an endpoint node, a network node, and/or a computing device having various means for performing functions corresponding to any of the methods summarized above. Further aspects may include a non-transitory processor-readable storage medium having stored thereon processor-executable instructions configured to cause a processor of an endpoint node, a network node, and/or a computing device to perform various operations corresponding to any of the methods summarized above.
  • FIG. 1 A is a system block diagram illustrating an example V2X system suitable for implementing various embodiments.
  • FIG. IB is a conceptual diagram illustrating an example V2X communication protocol stack suitable for implementing various embodiments.
  • FIG. 2 is a component diagram of an example vehicle system suitable for implementing various embodiments.
  • FIG. 3 A is a message flow diagram illustrating examples of communications exchanged among network elements between the base station and a wireless device during the method for authenticating plaintext and ciphertext in a V2X message.
  • FIG. 3B illustrates an example data structure suitable for implementing various embodiments.
  • FIG. 4 is a process flow diagram illustrating a method performed by a processor of a V2X for authenticating plaintext and ciphertext in a V2X message according to various embodiments.
  • FIG. 5 is a process flow diagram illustrating a method performed by a processor of a network node for processing a V2X message according to various embodiments.
  • FIG. 6 is a process flow diagram illustrating a method performed by a processor of a computing device for authenticating plaintext and ciphertext in a V2X message according to various embodiments.
  • FIG. 7 is a component block diagram illustrating an example mobile computing device suitable for use with various embodiments.
  • FIG. 8 is a component block diagram illustrating an example mobile computing device suitable for use with various embodiments.
  • FIG. 9 is a component block diagram illustrating an example V2X onboard equipment suitable for use with various embodiments.
  • V2X endpoint node e.g., a vehicle
  • V2X message may be received by an intermediate network node (e.g., a roadside unit (RSU), a gantry-deployed unit, and the like), which verifies that over-the-air transmission of the message has not introduced errors into the message.
  • RSU roadside unit
  • gantry-deployed unit and the like
  • the intermediate network node may then pass the message on to a processing network node, which decrypts the message content and performs an operation based on the message content.
  • V2X vehicle-to-everything
  • ITS intelligent transportation system
  • V2X endpoint node which may be a mobile computing device, such as V2X onboard equipment of a vehicle, a mobile phone, a laptop, tablet, or another suitable computing device
  • an intermediate node such as another vehicle or mobile computing device, a roadside unit (RSU), a gantry unit (such as a tolling gantry unit)
  • an a network processing device such as a server, as may be used for a data transaction such as toll or parking payment processing, monitoring road conditions, screening of commercial vehicles, and other suitable applications
  • Authentication methods supported by various embodiments are particularly useful for V2X bandwidth- constrained messages.
  • V2X processing and communication systems may be implemented in a variety of vehicles, such as automobiles, trucks, buses, trailers, autonomous vehicles, robotic systems and the like.
  • an ITS or other V2X system include a number of fixed equipment installations, such as roadside units, access nodes, and wireless relay nodes.
  • various embodiments may be useful in systems that are unrelated to ITS functionality but make use of V2X capabilities, such as pay-to-park garages, wireless payment systems for a variety of commercial applications, emergency medical services, etc.
  • Various embodiments may be implemented in any of a variety of V2X-equipped vehicles, fixed installations, and other devices using V2X communication infrastructure.
  • V2X endpoint node is used in this description and the claims to refer generally to a mobile, semi-mobile, or fixed system that implements V2X communication functionality.
  • a non-limiting example of a V2X endpoint node that is used for describing is a vehicle, such as an automobile paying a toll while traveling on a toll road, but references to this and other examples are not intended to limit the scope of claims reciting a V2X endpoint node.
  • V2X endpoint node e.g., a V2X-equipped vehicle
  • an intermediate network node e.g., a roadside unit or other ITS node
  • An encryption key device may generate an encryption key and send the encryption key to an intermediate network node.
  • the encryption key device may be a separate device, such as an encryption key server.
  • the encryption key device may be a module, unit, or function of the intermediate network node (or of the network processing device).
  • the intermediate network node may send the encryption key to the V2X endpoint node with a request that the V2X provide certain information.
  • the V2X endpoint node may generate a responsive message, generate a digital signature of the message, encrypt the message, and generate a digital signature of the encrypted message.
  • the V2X endpoint node may send the encrypted message and the digital signature to the intermediate network node.
  • the intermediate network node may verify the digital signature of the encrypted message, which verifies the integrity of the messages sent from the V2X endpoint node.
  • the intermediate network node may pass the encrypted message to the encryption key device, which decrypts the message and sends the decrypted message and the digital signature of the message to the network processing device.
  • the network processing device may verify the digital signature of the message, and may perform some action or operation involving the message from the V2X endpoint node.
  • An example application of various embodiments involves performing a fee collection or toll collection operation for a V2X endpoint node, such as a V2X-equipped vehicle traveling on a toll road or entering a pay-to-park garage.
  • a tolling gantry device may detect the V2X endpoint node and send a message to the V2X mode requesting information for the fee collection operation (e.g., a tolling advertisement message (TAM)).
  • TAM tolling advertisement message
  • the V2X endpoint node may respond with a tolling upload message (TUM) that includes a responsive message, a digital signature of the message, an encrypted version of the message, and a digital signature of the encrypted message.
  • TUM tolling upload message
  • the tolling gantry device may use the digital signature of the encrypted message to verify that over-the-air transmission of the TUM has not introduced errors in the message.
  • a network node of a toll (fee) service provider may use the digital signature of the message (after decryption) to perform relevant financial transaction operations for the fee collection (provided that the digital signature of the message is verified).
  • each additional signature may add 100 bytes or more to a single message.
  • the additional overhead can have a significant detrimental impact on communication system resources, especially on communication resources in a bandwidth- constrained system such as a V2X communication system.
  • Various embodiments include methods, V2X processing devices, and systems configured to perform the methods for authenticating plaintext and ciphertext in a V2X message in a manner that improves the efficiency and reduces the processing and communication link overhead required to handle such V2X messages.
  • a V2X endpoint node may generate ciphertext from a plaintext message to be transmitted in a V2X message, generate a hash of the ciphertext and a hash of the plaintext message, generate a digital signature of a concatenation of the hash of the ciphertext and the hash of the plaintext message, and send to a network node a V2X message that includes the ciphertext, the hash of the plaintext message, and the digital signature.
  • the ciphertext, the hash of the plaintext message, and the digital signature may be configured to enable the network node to verify that the wireless device signed the signed concatenation of the hash of the ciphertext and the hash of the plaintext message.
  • the hash of the ciphertext and the hash of the plaintext message may be concatenated in any order.
  • the hash of the ciphertext and/or the hash of the plaintext message may be included in a data structure (such as may be described by a data structure description language such as Abstract Syntax Notation One (ASN.1) or another suitable data structure description language) that defines the location in the message (e.g., a defined byte range) of the hash of the ciphertext and the hash of the plaintext message.
  • ASN.1 Abstract Syntax Notation One
  • the hash of the ciphertext and/or the hash of the plaintext message may include an indication (e.g., a starting byte value or a field length value) that identifies locations of or a boundary between the ciphertext and/or the hash of the ciphertext and an identification of the plaintext message and/or the hash of the plaintext message.
  • an indication e.g., a starting byte value or a field length value
  • the V2X message is configured for transmission over a limited bandwidth wireless communication link, such as a bandwidth constrained V2X wireless communication link.
  • the V2X message may be configured according to one or more functions or systems.
  • the plaintext message may include sensitive financial information (e.g., account number, credit card number, etc.) about or associated with the V2X endpoint node that may enable a toll collection or fee collection operation related to the V2X endpoint node.
  • the V2X message may be configured as a tolling message (e.g., for a fee collection or toll collection system), a parking access message (e.g., for a parking payment system), a road condition message (e.g., a message to the another vehicle, to an RSU, or to a network node about traffic, observed vehicle behavior, road damage, a dangerous road condition such as ice or flooding, etc.), a geonetworking message (e.g., for use in a geonetworking message or messaging system), an emergency responder message (e.g., police, fire, emergency medical technician, or other emergency responder system), or another suitable message or messaging system.
  • a tolling message e.g., for a fee collection or toll collection system
  • a parking access message e.g., for a parking payment system
  • a road condition message e.g., a message to the another vehicle, to an RSU, or to a network node about traffic, observed vehicle behavior, road damage, a dangerous road condition
  • the plaintext message may include non-fmancial sensitive information, such as personal identity, medical information, classified or proprietary information, for which protection and authentication is appropriate.
  • the plaintext message may include parking access information, such as a parking location, timer period, and/or a parking fee.
  • the plaintext message may include road condition information.
  • the plaintext message may include geonetworking information.
  • the plaintext message may include emergency responder information, such as information about a dangerous condition, event, accident, and the like, identity information about suspects or victims, medical information, personal identifiable information (PII), and the like.
  • the content of the plaintext message may include information of a confidential or sensitive nature, or information that must be treated confidentially by law or regulation (e.g., financial accounts information, medical information, and so forth).
  • a network node may receive from a V2X endpoint node a V2X message that includes ciphertext, a hash of a plaintext message, and a digital signature of a concatenation of a hash of the ciphertext and the hash of the plaintext message.
  • the network node may determine whether the V2X endpoint node signed the concatenation of the hash of the ciphertext and the hash of the plaintext message by generating a hash of the ciphertext, using the generated hash of the ciphertext to construct a concatenation of the received hash of the plaintext message and the generated hash of the ciphertext, and using the concatenation of the received hash of the plaintext message and the generated hash of the ciphertext as an input to verify the digital signature using a public key of the V2X endpoint node.
  • the network node may send to an encryption key device the ciphertext, the hash of the plaintext message, and the digital signature of the concatenation of the hash of the ciphertext and the hash of the plaintext message.
  • a computing device may receive from an encryption key device a plaintext message originated by a V2X endpoint node, a hash of ciphertext of the plaintext message, and a digital signature of a concatenation of the hash of the ciphertext and a hash of the plaintext message.
  • the computing device may determine whether the V2X endpoint node signed the concatenation of the hash of the ciphertext and a hash of the plaintext message by generating a hash of the plaintext message, using the hash of the plaintext message to construct a concatenation of the generated hash of the plaintext message and the received hash of the ciphertext, and using the concatenation of the generated hash of the plaintext message and the received hash of the ciphertext as an input to verify the digital signature using a public key of the V2X endpoint node.
  • the computing device may perform a data transaction for the V2X endpoint node in response to determining that the V2X endpoint node signed the concatenation of the ciphertext and the plaintext message.
  • Various embodiments include methods, V2X processing devices, and systems configured to perform the methods for authenticating plaintext and ciphertext in a V2X message in a manner that improves processing and communication link efficiency, and reduces the processing and communication link overhead required to handle such V2X messages.
  • V2X vehicle-based communication standards, messages, protocols, and/or technologies.
  • BSMs Basic Safety Messages
  • the embodiments described herein may refer to a V2X processing system in a vehicle.
  • the V2X processing system may operate in or be included in mobile devices, mobile computers, RSUs, and other devices that are equipped to monitor road and vehicle conditions and to participate in V2X communications.
  • FIG. 1 A is a system block diagram illustrating an example V2X system 100 suitable for implementing various embodiments.
  • FIG. IB is a conceptual diagram illustrating an example V2X communication protocol stack 150 suitable for implementing various embodiments.
  • a vehicle 12, 14, 16 may include V2X onboard equipment 102, 104, 106, respectively, that may be configured to send and receive V2X messages, including periodically broadcasting Basic Safety Messages 112, 114, 116 for receipt and processing by other vehicles’ onboard equipment (e.g., 102, 104, 106).
  • a trailing vehicle 12 receiving Basic Safety Messages 114 from a leading vehicle 16 can determine the speed and location of the vehicle 16, enabling vehicle 12 to match the speed and maintain a safe separation distance 20.
  • the V2X equipment 102 in the trailing vehicle 12 can apply brakes simultaneously to maintain the safe separation distance 20 even when the leading vehicle 16 stops suddenly.
  • the V2X equipment 104 within the truck vehicle 14 may receive Basic Safety Messages 112, 116 from the two vehicles 12, 16, and thus be informed that the truck vehicle 14 should stop at an intersection to avoid a collision.
  • each of the vehicle V2X on board equipment 102, 104, 106 may communicate with one another using any of a variety close proximity communication protocols.
  • the vehicles may be able to transmit data and information regarding Basic Safety Messages and other V2X communications to a variety of network elements 132, 134, 136 via communication links 122, 124, 146 through a communication network 18 (e.g., V2X, cellular, WiFi, etc.)
  • network element 132 may be incorporate into, or may be in communication with, an RSU, a gantry unit, and/or the like.
  • the network element 134, 136 may be configured to perform a function or service related to a vehicle 12, 14, 16, such as payment processing, road condition monitoring, emergency provider message handling, and the like.
  • the network element 134, 136 may be configured to communicate with one another through wired or wireless networks 142, 144 to exchanging information associated with payment processing, road condition monitoring, emergency provider message handling, and similar services.
  • FIG. 2 is a component diagram of an example vehicle system 200 suitable for implementing various embodiments.
  • the system 200 may include a vehicle 202 that includes a V2X processing device 204 (for example, a telematics control unit or on-board unit (TCU/OBU).
  • the V2X processing device 202 may communicate with various systems and devices, such as an in-vehicle network 210, an infotainment system 212, various sensors 214, various actuators 216, and a radio frequency (RF) module 218.
  • the V2X processing device 202 also may communicate with various other vehicles 220, roadside units 222, base stations 224, and other external devices.
  • the TCU/OBU 204 may be configured to perform operations for authenticating plaintext and ciphertext as further described below.
  • the V2X processing device 204 may include a V2X antenna (e.g., an RF module 218), and may be configured to communicate with one or more ITS participants (e.g., stations) such as another vehicle 220, a roadside unit 222, and a base station 224 or another suitable network access point.
  • the V2X processing device 202 may receive information from a plurality of information sources, such as the in-vehicle network 210, infotainment system 212, various sensors 214, various actuators 216, and the RF module 218.
  • the V2X processing device 204 may detect a misbehavior condition in a system of the vehicle, such as one of the plurality of information sources 210-218, an application or service executing on the V2X processing device 204, or another system of the vehicle.
  • Examples of an in-vehicle network 210 include a Controller Area Network (CAN), a Local Interconnect Network (LIN), a network using the FlexRay protocol, a Media Oriented Systems Transport (MOST) network, and an Automotive Ethernet network.
  • Examples of vehicle sensors 214 include a location determining system (such as a Global Navigation Satellite Systems (GNSS) system, a camera, radar, lidar, ultrasonic sensors, infrared sensors, and other suitable sensor devices and systems.
  • Examples of vehicle actuators 216 include various physical control systems such as for steering, brakes, engine operation, lights, directional signals, and the like.
  • FIG. 3A is a message flow diagram 300 illustrating examples of communications exchanged among network elements between the base station and a wireless device during the method for authenticating plaintext and ciphertext in a V2X message.
  • FIG. 3B illustrates an example data structure 350 suitable for implementing various embodiments.
  • the network elements may include a V2X endpoint node 320 (e.g., the vehicle 12, 14, 16, 202), a network node 322 (e.g., another of the vehicles 12, 14, 16, 220, the RSU 132, 220), an encryption key device 324 (e.g., the network element 134, 136), and a network processing device 326 (e.g., the network element 134, 136).
  • the encryption key device 324 may be a separate device, such as an encryption key server.
  • the encryption key device 324 may be a module, unit, or function of the network node 322 or of the network processing device 326.
  • the encryption key device 324 may generate an encryption key and send the encryption key to the network node 322 in a message 302.
  • the encryption key may be or may include a public key.
  • the network node 322 may send the encryption key to the V2X endpoint node 320 with a request 304 that the V2X provide certain information.
  • the request 304 may be, or may be included in, a V2X message.
  • V2X messages are configured for use in a V2X communication system, formatted according to a V2X communication protocol, and configured for transmission via a bandwidth and/or other resource constrained wireless communication link.
  • the V2X endpoint node 320 may generate a response that includes a plaintext message.
  • the V2X endpoint node may generate ciphertext from the plaintext message, and may generate a hash of the ciphertext and a hash of the plaintext message.
  • the V2X endpoint node may generate the hash(es) using a hashing algorithm, such as any of the SHA-2 suite of algorithms and the like.
  • the V2X endpoint node 320 may generate a digital signature of a concatenation of the hash of the ciphertext and the hash of the plaintext message.
  • hash of the ciphertext and the hash of the plaintext message may be concatenated in any order.
  • the V2X endpoint node may generate a data structure, such as the data structure 350 (FIG. 3B), and the V2X endpoint node may generate the digital signature of the data structure.
  • the data structure 350 may include markers identifying the hash of the ciphertext and/or the hash of the plaintext message.
  • the data structure 350 also may include other data.
  • the data structure 350 may include a description 352 of its structure and/or contents, such as a hash of the plaintext message, or the plaintext message itself (“hOP HashOrPlaintext”), a hash of the ciphertext, or the ciphertext message itself (“hOC HashOrCiphertext”), etc.
  • the data structure 350 also may include a description 354 of the hash of the plaintext message or the plaintext message, a description 356 of the hash of the ciphertext or the ciphertext message, as well as other data fields, descriptors, markets, and/or other content.
  • the V2X endpoint node may send a V2X message 306 that includes the ciphertext, the hash of the plaintext message, and the digital signature to the network node 322.
  • the network node 322 may determine whether the V2X endpoint node 320 signed the concatenation of the hash of the ciphertext and the hash of the plaintext message by generating a hash of the ciphertext, using the generated hash of the ciphertext to construct an appropriately-encoded concatenation of the received hash of the plaintext message and the generated hash of the ciphertext, and using the concatenation of the received hash of the plaintext message and the generated hash of the ciphertext as an input to verify the digital signature using the V2X endpoint node’s public key.
  • the network node 322 may send the ciphertext, the hash of the plaintext message, and the digital signature to the encryption key device 324 in a message 308.
  • the encryption key device 324 may decrypt the ciphertext to generate the plaintext message.
  • the encryption key device 324 may then send in communication 310 the plaintext message, the hash of the ciphertext, and the digital signature (of the concatenation of the hash of the ciphertext and the hash of the plaintext message) to the network processing device 326.
  • the encryption key device 324 may return the plaintext message to the network node 322 in a message 312, and the network node 322 may send the plaintext message, the hash of the ciphertext, and the digital signature (of the concatenation of the hash of the ciphertext and the hash of the plaintext message) to the network processing device 326 in a message 314.
  • the network node 322 and the encryption key device 324 may be co located with or incorporated into the network node 322, and decryption operations may be performed near or in the network node 322
  • the endpoint node may send the ciphertext, the hash of the plaintext message, and the digital signature to the network processing device 326 in a message 316.
  • the network processing device 326 may determine whether the V2X endpoint node 320 signed the concatenation of the hash of the ciphertext and the hash of the plaintext message by generating a hash of the ciphertext, using the generated hash of the ciphertext to construct an appropriately-encoded concatenation of the received hash of the plaintext message and the generated hash of the ciphertext, and using the concatenation of the received hash of the plaintext message and the generated hash of the ciphertext as an input to verify the digital signature using the V2X endpoint node’s public key.
  • the network processing device 326 may send the ciphertext to the encryption key device 324 for decryption in a message 318.
  • the encryption key device may decrypt the ciphertext and may send the plaintext to the network processing device in a message 320.
  • the encryption key device 324 may be co-located with or incorporated into the network processing device 326, and decryption operations may be performed near or in the network processing device 326.
  • the network processing device 326 may determine whether the V2X endpoint node signed the concatenation of the hash of the ciphertext and the hash of the plaintext message by generating a hash of the plaintext message, using the hash of the plaintext message to construct an appropriately-encoded concatenation of the generated hash of the plaintext message and the received hash of the ciphertext, and using the concatenation of the generated hash of the plaintext message and the received hash of the ciphertext as an input to verify the digital signature using the V2X endpoint node’s public key. In response to determining that the V2X endpoint node signed the concatenation of the ciphertext and the plaintext message, the network processing device 326 may perform a data transaction for the V2X endpoint node.
  • the V2X messages 304 and 306 may be configured according to one or more functions or systems.
  • the V2X messages 304 and 306 may be configured as tolling messages (e.g., for a fee collection or toll collection system) or parking access messages (e.g., for a parking payment system).
  • the V2X messages 304 and 306 also may be configured as road condition messages (e.g., a message to another vehicle, to an RSU, or to a network node about traffic, observed vehicle behavior, road damage, a dangerous road condition such as ice or flooding, etc.).
  • the V2X messages 304 and 306 also may be configured as geonetworking message (e.g., for use in a geonetworking message or messaging system).
  • the V2X endpoint node may send a V2X message for conveyance to a particular set of other vehicles, RSUs, etc. such as along a road or path, or in a particular direction.
  • a geonetworking message may be used to notify other vehicles of a dangerous traffic or road situation along a specific road.
  • a geonetworking message may be used to notify other vehicles that emergency vehicles are approaching, so that the other vehicles may temporarily clear the roadway.
  • the V2X messages 304 and 306 also may be configured as an emergency responder message (e.g., for use by police, fire, emergency medical technician, or other emergency responder system).
  • emergency responder V2X messages may include information that is intended only for reception by other emergency responders and not by the general public, such as information about a dangerous condition, event, accident, and the like, identity information about suspects or victims, medical information (e.g., that must be treated confidentially), personal identifiable information (PII), and the like.
  • the content of the plaintext message may include information of a confidential or sensitive nature, or information that must be treated confidentially by law or regulation (e.g., financial accounts information, medical information, and so forth).
  • FIG. 4 is a process flow diagram illustrating a method 400 performed by a processor of a V2X endpoint node for authenticating plaintext and ciphertext in a V2X message according to various embodiments.
  • the operations of the method 400 may be performed by a V2X processing device in a V2X endpoint node (e.g., 12, 14, 16, 202, 320).
  • V2X processing device may generate ciphertext from a plaintext message to be transmitted in a V2X message.
  • the V2X processing device may generate a plaintext message, and then generate the ciphertext by encrypting the plaintext message.
  • the V2X processing device may generate a hash of the ciphertext and a hash of the plaintext message. Any form of hash function or algorithm may be used in generating the two hashes, and different hash functions or algorithms may be used in generating the hash of the ciphertext and the hash of the plaintext message.
  • the V2X processing device may generate a digital signature of a concatenation of the hash of the ciphertext and the hash of the plaintext message. Any form of signing function or algorithm may be used in generating the digital signature.
  • the V2X processing device may send to a network node a V2X message including the ciphertext, the hash of the plaintext message, and the digital signature.
  • the ciphertext, the hash of the plaintext message, and the digital signature may be configured to enable the network node to verify that the V2X endpoint node signed the signed concatenation.
  • the V2X message may be configured for transmission over a limited bandwidth wireless communication link, such as a V2X message transmitted by one V2X endpoint node and received by another V2X endpoint node.
  • the V2X message may be configured as a tolling message, a parking access message, a road condition message, a geonetworking message, or an emergency responder message.
  • the plaintext message may include one of tolling information, parking access information, road condition information, geonetworking information, and emergency responder information.
  • the concatenation of the hash of the ciphertext and the hash of the plaintext message may include, or be included in, a data structure that defines or specifies byte ranges or boundaries of the ciphertext and/or the hash of the ciphertext and an identification of the plaintext message and/or the hash of the plaintext message.
  • FIG. 5 is a process flow diagram illustrating a method 500 performed by a processor of a network node for processing a V2X message according to various embodiments.
  • the operations of the method 500 may be performed by a processing device (which may be a V2X processing device) in a network node (e.g., 12, 14, 16, 220,
  • the processing device may receive from a V2X endpoint node (e.g., 12, 14, 16, 202, 320) a V2X message including ciphertext, a hash of a plaintext message, and a digital signature of a concatenation of a hash of the ciphertext and the hash of the plaintext message.
  • a V2X endpoint node e.g., 12, 14, 16, 202, 320
  • a V2X message including ciphertext, a hash of a plaintext message, and a digital signature of a concatenation of a hash of the ciphertext and the hash of the plaintext message.
  • the processing device may determine whether the V2X endpoint node signed the concatenation of the hash of the ciphertext and the hash of the plaintext message. In some embodiments, the processing device may generate a hash of the ciphertext, use the generated hash of the ciphertext to construct a concatenation of the received hash of the plaintext message and the generated hash of the ciphertext, and using the concatenation of the received hash of the plaintext message and the generated hash of the ciphertext as an input to verify the digital signature using the V2X endpoint node’s public key.
  • the processing device may reject the V2X message from the V2X endpoint node in block 506. Rejecting the V2X message may include ignoring the V2X message, stopping further processing of the V2X message, and other suitable operations.
  • the processing device may send to an encryption key device the ciphertext, the hash of the plaintext message, and the digital signature of the concatenation of the hash of the ciphertext and the hash of the plaintext message in block 508.
  • the processing device may generate the hash of the ciphertext using a hash algorithm known to be used by an authentic V2X endpoint node.
  • the V2X message may be configured for transmission over a limited bandwidth wireless communication link.
  • the V2X message may be configured as a tolling message, a parking access message, a road condition message, a geonetworking message, or an emergency responder message.
  • the concatenation of the hash of the ciphertext and the hash of the plaintext message may include, or be included in, a data structure that includes an identification of the ciphertext and/or the hash of the ciphertext and an identification of the plaintext message and/or the hash of the plaintext message.
  • FIG. 6 is a process flow diagram illustrating a method 600 performed by a processor of a computing device for authenticating plaintext and ciphertext in a V2X message according to various embodiments.
  • the operations of the method 600 may be performed by a processing device in a network processing device (e.g., 134, 136).
  • the processing device may receive from an encryption key device (e.g., 324) a plaintext message originated by a V2X endpoint node (e.g., 12, 14, 16, 202, 320), a hash of ciphertext of the plaintext message, and a digital signature of a concatenation of the hash of the ciphertext and a hash of the plaintext message.
  • an encryption key device e.g., 324
  • a plaintext message originated by a V2X endpoint node e.g., 12, 14, 16, 202, 320
  • a hash of ciphertext of the plaintext message e.g., 12, 14, 16, 202, 320
  • a digital signature of a concatenation of the hash of the ciphertext and a hash of the plaintext message e.g., 322X endpoint node
  • the processing device may determine whether the V2X endpoint node signed the concatenation of the hash of the ciphertext and the hash of the plaintext message. In some embodiments, the processing device may generate a hash of the plaintext message, use the hash of the plaintext message to construct a concatenation of the generated hash of the plaintext message and the received hash of the ciphertext, and use the concatenation of the generated hash of the plaintext message and the received hash of the ciphertext as an input to verify the digital signature using the V2X endpoint node’s public key.
  • the concatenation of the hash of the ciphertext and the hash of the plaintext message may include a data structure that includes an identification of the ciphertext or the hash of the ciphertext and an identification of the plaintext message or the hash of the plaintext message.
  • the processing device may reject the V2X message from the V2X endpoint node in block 606. Rejecting the V2X message may include ignoring the V2X message, stopping further processing of the V2X message, and other suitable operations.
  • the processing device may perform a data transaction for the V2X endpoint node block 608.
  • FIG. 7 is a component block diagram illustrating an example mobile computing device 700 suitable for use with various embodiments.
  • the mobile computing device 700 may include a processor 702 coupled to a touchscreen controller 704 and an internal memory 706.
  • the processor 702 may be one or more multicore integrated circuits designated for general or specific processing tasks.
  • the internal memory 706 may be volatile or non-volatile memory, and may also be secure and/or encrypted memory, or unsecure and/or unencrypted memory, or any combination thereof.
  • Examples of memory types that can be leveraged include but are not limited to DDR, LPDDR, GDDR, WIDER), RAM, SRAM, DRAM, P-RAM, R-RAM, M- RAM, STT-RAM, and embedded DRAM.
  • the touchscreen controller 704 and the processor 702 may also be coupled to a touchscreen panel 712, such as a resistive-sensing touchscreen, capacitive-sensing touchscreen, infrared sensing touchscreen, etc. Additionally, the display of the mobile computing device 700 need not have touch screen capability.
  • the mobile computing device 700 may have one or more radio signal transceivers 708 (e.g., Peanut, Bluetooth, ZigBee, Wi-Fi, RF radio) and antennae 710, for sending and receiving communications, coupled to each other and/or to the processor 702.
  • the transceivers 708 and antennae 710 may be used with the above-mentioned circuitry to implement the various wireless transmission protocol stacks and interfaces.
  • the mobile computing device 700 may include a cellular network wireless modem chip 716 that enables communication via a cellular network and is coupled to the processor.
  • the mobile computing device 700 may include a peripheral device connection interface 718 coupled to the processor 702.
  • the peripheral device connection interface 718 may be singularly configured to accept one type of connection, or may be configured to accept various types of physical and communication connections, common or proprietary, such as Universal Serial Bus (USB), FireWire, Thunderbolt, or PCIe.
  • USB Universal Serial Bus
  • FireWire FireWire
  • Thunderbolt Thunderbolt
  • PCIe PCIe
  • the mobile computing device 700 may also include speakers 714 for providing audio outputs.
  • the mobile computing device 700 may also include a housing 720, constructed of a plastic, metal, or a combination of materials, for containing all or some of the components described herein.
  • the housing 720 may be a dashboard counsel of a vehicle in an on-board embodiment.
  • the mobile computing device 700 may include a power source 722 coupled to the processor 702, such as a disposable or rechargeable battery.
  • the rechargeable battery may also be coupled to the peripheral device connection port to receive a charging current from a source external to the mobile computing device 700.
  • the mobile computing device 700 may also include a physical button 724 for receiving user inputs.
  • the mobile computing device 700 may also include a power button 726 for turning the mobile computing device 700 on and off.
  • FIG. 8 is a component block diagram illustrating an example mobile computing device 800 suitable for use with various embodiments.
  • various embodiments may be implemented in a wide variety of computing systems including the example mobile computing device 800, which is illustrated as a laptop computer.
  • the mobile computing device 800 may include a touchpad touch surface 817 that serves as the computer’s pointing device, and thus may receive drag, scroll, and flick gestures similar to those implemented on computing devices equipped with a touch screen display and described above.
  • a mobile computing device 800 will typically include a processor 802 coupled to volatile memory 812 and a large capacity nonvolatile memory, such as a disk drive 813 of FLASH memory. Additionally, the mobile computing device 800 may have one or more antenna 808 for sending and receiving electromagnetic radiation that may be connected to a wireless data link and/or cellular telephone transceiver 816 coupled to the processor 802.
  • the mobile computing device 800 may also include a floppy disc drive 814 and a compact disc (CD) drive 815 coupled to the processor 802.
  • the computer housing includes the touchpad 817, the keyboard 818, and the display 819 all coupled to the processor 802.
  • Other configurations of the computing device may include a computer mouse or trackball coupled to the processor (e.g., via a USB input) as are well known, which may also be used in conjunction with various embodiments.
  • FIG. 9 is a component block diagram illustrating an example V2X onboard equipment 900 suitable for use with various embodiments.
  • V2X onboard equipment 900 may be configured to be implemented in a vehicle and connect to various vehicles systems and sensors.
  • the V2X onboard equipment 900 may include a processor 902 coupled to memory 904.
  • the memory 904 may be any form of non- transitory media (e.g., read only memory (ROM), FLASH memory, etc.) and may store data and processor-executable instructions configured to cause the processor 902 to perform operations of any of the embodiment methods described herein.
  • the processor 902 may also be coupled to a wireless transceiver 906 that is coupled to an antenna of the vehicle (not shown) and configured to transmit and receive V2X messages.
  • Implementation examples are described in the following paragraphs. While some of the following implementation examples are described in terms of example methods, further example implementations may include: the example methods discussed in the following paragraphs implemented by a V2X processing device that may be an on-board unit, mobile device unit, mobile computing unit, or stationary roadside unit), a network node, or a computing device, including a processor configured with processor-executable instructions to perform operations of the methods of the following implementation examples; the example methods discussed in the following paragraphs implemented by a V2X processing device, a network node processing device, or a network computing node processing device including means for performing functions of the methods of the following implementation examples; and the example methods discussed in the following paragraphs may be implemented as a non-transitory processor-readable storage medium having stored thereon processor- executable instructions configured to cause a processor of a V2X processing device, a network node processing device, or a network computing node processing device to perform the operations of the methods of the following implementation examples.
  • Example 1 A method performed by a processor of an endpoint node for authenticating plaintext and ciphertext in a message, including generating ciphertext from a plaintext message to be transmitted in a message; generating a hash of the ciphertext and a hash of the plaintext message; generating a digital signature of a concatenation of the hash of the ciphertext and the hash of the plaintext message; and sending to a network node a message including the ciphertext, the hash of the plaintext message, and the digital signature, in which the ciphertext, the hash of the plaintext message, and the digital signature are configured to enable the network node to verify that the endpoint node signed the signed concatenation.
  • Example 2 The method of example 1, in which the endpoint node includes a vehicle-to-everything (V2X) endpoint node, and the message includes a V2X message.
  • V2X vehicle-to-everything
  • Example 3 The method of any of examples 1 and 2, in which the message is configured for transmission over a limited bandwidth wireless communication link.
  • Example 4 The method of any of examples 1-3, in which the message is configured as one of a tolling message, a parking access message, a road condition message, a geonetworking message, or an emergency responder message.
  • Example 5 The method of any of examples 1-4, in which the plaintext message includes one of tolling information, parking access information, road condition information, geonetworking information, and emergency responder information.
  • Example 6 The method of any of examples 1-5, in which the concatenation of the hash of the ciphertext and the hash of the plaintext message includes a data structure that includes an identification of the ciphertext or the hash of the ciphertext and an identification of the plaintext message or the hash of the plaintext message.
  • Example 7 A method performed by a processor of a network node for processing a message, including receiving from an endpoint node a message including ciphertext, a hash of a plaintext message, and a digital signature of a concatenation of a hash of the ciphertext and the hash of the plaintext message; determining whether the endpoint node signed the concatenation of the hash of the ciphertext and the hash of the plaintext message; and sending to an encryption key device the ciphertext, the hash of the plaintext message, and the digital signature of the concatenation of the hash of the ciphertext and the hash of the plaintext message in response to determining that the endpoint node signed the concatenation of the hash of the ciphertext and the hash of the plaintext message.
  • Example 8 The method of example 7, in which the message includes a vehicle-to- everything (V2X) message and the endpoint node includes a V2X endpoint node.
  • V2X vehicle-to- everything
  • Example 9 The method of any of examples 7 and 8, in which determining whether the endpoint node signed the concatenation of the hash of the ciphertext and the hash of the plaintext message includes: generating a hash of the ciphertext; concatenating the hash of the plaintext message and the generated hash of the ciphertext; and providing the concatenation of the hash of the plaintext message and the generated hash of the ciphertext as an input to verify the digital signature using a public key of the endpoint node.
  • Example 10 The method of any of examples 7-9, in which generating the hash of the ciphertext includes generating the hash of the ciphertext using a hash algorithm known to be used by an authentic endpoint node.
  • Example 11 The method of any of examples 7-10, in which the message is configured for transmission over a limited bandwidth wireless communication link.
  • Example 12 The method of any of examples 7-11, in which the message is configured as one of a tolling message, a parking access message, a road condition message, a geonetworking message, or an emergency responder message.
  • Example 13 The method of any of examples 7-12, in which the concatenation of the hash of the ciphertext and the hash of the plaintext message includes a data structure that includes an identification of the ciphertext or the hash of the ciphertext and an identification of the plaintext message or the hash of the plaintext message.
  • Example 14 The method of any of examples 7-13, in which sending to an encryption key device the ciphertext, the hash of the plaintext message, and the digital signature of the concatenation of the hash of the ciphertext and the hash of the plaintext message includes sending to an encryption key server the ciphertext, the hash of the plaintext message, and the digital signature of the concatenation of the hash of the ciphertext and the hash of the plaintext message.
  • Example 15 The method of any of examples 7-14, in which sending to an encryption key device the ciphertext, the hash of the plaintext message, and the digital signature of the concatenation of the hash of the ciphertext and the hash of the plaintext message includes sending to an encryption key module the ciphertext, the hash of the plaintext message, and the digital signature of the concatenation of the hash of the ciphertext and the hash of the plaintext message.
  • Example 16 A method performed by a processor of a computing device for authenticating plaintext and ciphertext in a message, including: receiving from an encryption key device a plaintext message originated by an endpoint node, a hash of ciphertext of the plaintext message, and a digital signature of a concatenation of the hash of the ciphertext and a hash of the plaintext message; determining whether the endpoint node signed the concatenation of the hash of the ciphertext and a hash of the plaintext message; and performing a data transaction for the endpoint node in response to determining that the endpoint node signed the concatenation of the ciphertext and the plaintext message.
  • Example 17 The method of example 16, in which the message includes a vehicle-to- everything (V2X) message and the endpoint node includes a V2X endpoint node.
  • V2X vehicle-to- everything
  • Example 18 The method of any of examples 16 and 17, in which determining whether the endpoint node signed the concatenation of the hash of the ciphertext and a hash of the plaintext message includes: generating a hash of the plaintext message; concatenating the generated hash of the plaintext message and the hash of the ciphertext; and providing the concatenation of the generated hash of the plaintext message and the hash of the ciphertext as an input to verify the digital signature using a public key of the endpoint node.
  • Example 19 The method of any of examples 16-18, in which the plaintext message includes one of tolling information, parking access information, road condition information, geonetworking information, and emergency responder information.
  • Example 20 The method of any of examples 16-19, in which the concatenation of the hash of the ciphertext and the hash of the plaintext message includes a data structure that includes an identification of ciphertext or the hash of the ciphertext and an identification of the plaintext message or the hash of the plaintext message.
  • Example 21 The method of any of examples 16-20, in which receiving from an encryption key device a plaintext message originated by an endpoint node, a hash of ciphertext of the plaintext message, and a digital signature of a concatenation of the hash of the ciphertext and a hash of the plaintext message includes receiving from an encryption key server the plaintext message originated by the endpoint node, a hash of ciphertext of the plaintext message, and a digital signature of a concatenation of the hash of the ciphertext and a hash of the plaintext message.
  • Example 22 The method of any of examples 16-21, in which receiving from an encryption key device a plaintext message originated by an endpoint node, a hash of ciphertext of the plaintext message, and a digital signature of a concatenation of the hash of the ciphertext and a hash of the plaintext message includes receiving from an encryption key module the plaintext message originated by the endpoint node, a hash of ciphertext of the plaintext message, and a digital signature of a concatenation of the hash of the ciphertext and a hash of the plaintext message.
  • Example 23 A system for authenticating plaintext and ciphertext in a message, including: an endpoint node including a processor configured with processor-executable instructions to generate ciphertext from a plaintext message to be transmitted in a message; generate a hash of the ciphertext and a hash of the plaintext message; generate a digital signature of a concatenation of the hash of the ciphertext and the hash of the plaintext message; and send a message including the ciphertext, the hash of the plaintext message, and the digital signature; a network node including a processor configured with processor- executable instructions to receive from the endpoint node the message including the ciphertext, the hash of a plaintext message, and the digital signature; determine whether the endpoint node signed the concatenation of the hash of the ciphertext and the hash of the plaintext message; and send to an encryption key device the ciphertext, the hash of the plaintext message, and the digital signature in response to determining
  • DSP digital signal processor
  • TCUASIC application specific integrated circuit
  • FPGA field programmable gate array
  • a general-purpose processor may be a microprocessor, but, in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine.
  • a processor may also be implemented as a combination of computing devices, e.g., a combination of a DSP and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a DSP core, or any other such configuration. Alternatively, some operations or methods may be performed by circuitry that is specific to a given function.
  • the functions described may be implemented in hardware, software, firmware, or any combination thereof. If implemented in software, the functions may be stored as one or more instructions or code on a non-transitory computer- readable medium or non-transitory processor-readable medium.
  • the operations of a method or algorithm disclosed herein may be embodied in a processor-executable software module, which may reside on a non-transitory computer-readable or processor-readable storage medium.
  • Non-transitory computer-readable or processor-readable storage media may be any storage media that may be accessed by a computer or a processor.
  • non-transitory computer-readable or processor-readable media may include RAM, ROM, EEPROM, FLASH memory, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium that may be used to store desired program code in the form of instructions or data structures and that may be accessed by a computer.
  • Disk and disc includes compact disc (CD), laser disc, optical disc, digital versatile disc (DVD), floppy disk, and Blu-ray disc where disks usually reproduce data magnetically, while discs reproduce data optically with lasers. Combinations of the above are also included within the scope of non-transitory computer- readable and processor-readable media.
  • the operations of a method or algorithm may reside as one or any combination or set of codes and/or instructions on a non- transitory processor-readable medium and/or computer-readable medium, which may be incorporated into a computer program product.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Small-Scale Networks (AREA)
  • Mobile Radio Communication Systems (AREA)
EP22701452.9A 2021-03-10 2022-01-04 Authentifizierung von klartext und chiffretext in einer vehicle-to-everything (v2x)-nachricht Pending EP4305802A1 (de)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US202163158955P 2021-03-10 2021-03-10
US202163180450P 2021-04-27 2021-04-27
US17/497,120 US11792645B2 (en) 2021-03-10 2021-10-08 Authenticating plaintext and ciphertext in a vehicle-to-everything (V2X) message
PCT/US2022/011077 WO2022191908A1 (en) 2021-03-10 2022-01-04 Authenticating plaintext and ciphertext in a vehicle-to-everything (v2x) message

Publications (1)

Publication Number Publication Date
EP4305802A1 true EP4305802A1 (de) 2024-01-17

Family

ID=80122875

Family Applications (1)

Application Number Title Priority Date Filing Date
EP22701452.9A Pending EP4305802A1 (de) 2021-03-10 2022-01-04 Authentifizierung von klartext und chiffretext in einer vehicle-to-everything (v2x)-nachricht

Country Status (6)

Country Link
EP (1) EP4305802A1 (de)
JP (1) JP2024512289A (de)
KR (1) KR20230153382A (de)
BR (1) BR112023017604A2 (de)
TW (1) TW202236873A (de)
WO (1) WO2022191908A1 (de)

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7266847B2 (en) * 2003-09-25 2007-09-04 Voltage Security, Inc. Secure message system with remote decryption service
US20080263363A1 (en) * 2007-01-22 2008-10-23 Spyrus, Inc. Portable Data Encryption Device with Configurable Security Functionality and Method for File Encryption
CN108011715B (zh) * 2016-10-31 2021-03-23 华为技术有限公司 一种密钥的分发方法、相关设备和系统

Also Published As

Publication number Publication date
TW202236873A (zh) 2022-09-16
JP2024512289A (ja) 2024-03-19
WO2022191908A1 (en) 2022-09-15
BR112023017604A2 (pt) 2023-10-10
KR20230153382A (ko) 2023-11-06

Similar Documents

Publication Publication Date Title
KR102304709B1 (ko) V2x 통신 메시지에 대하여 적응적 보안 레벨을 적용하는 방법 및 장치
WO2020199134A1 (en) Methods and systems for provisioning of certificates for vehicle-based communication
CN110796853A (zh) 用于范围外车辆的中间车辆转发器
CN110149611B (zh) 一种身份验证方法、设备、系统及计算机可读介质
KR102348122B1 (ko) 차량 간 통신환경에서 차량 검증 방법 및 그 장치
JP2023517247A (ja) 通信方法、装置、およびシステム
KR102495705B1 (ko) 5g 통신 네트워크에 기반한 차량간 무선 결제 방법 및 그 시스템
US11716596B2 (en) Methods and systems for communication vehicle-to-everything (V2X) information
Tbatou et al. Security of communications in connected cars modeling and safety assessment
US11613264B2 (en) Transmit-side misbehavior condition management
US11792645B2 (en) Authenticating plaintext and ciphertext in a vehicle-to-everything (V2X) message
US11937087B2 (en) Vehicle-to-everything (V2X) participant type-based misbehavior detection
US12003966B2 (en) Local misbehavior prevention system for cooperative intelligent transportation systems
EP4305802A1 (de) Authentifizierung von klartext und chiffretext in einer vehicle-to-everything (v2x)-nachricht
CN117044162A (zh) 认证车联网(v2x)消息中的明文和密文
EP4305855A1 (de) Verfahren und systeme zur kommunikation von vehicle-to-everything (v2x)-informationen
CN110519708B (zh) 一种基于pc5接口点到多点的通信方法和装置
CN116918361A (zh) 用于传达车联网(v2x)信息的方法和系统
JP2024505423A (ja) 協調型高度道路交通システムのためのローカル誤動作防止システム
KR102654836B1 (ko) 커넥티드카 서비스 제공 시스템 및 그 방법
US20240137224A1 (en) Communication Method and Communication Apparatus
Patil et al. A Comprehensive Study on VANET Security
CN115119164A (zh) 一种通信方法、装置及设备
Koh et al. A Study on Secure Protocol Techniques Supporting TCUs in a Telematics Environment

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: UNKNOWN

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20230802

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)