WO2021109651A1 - 一种证书撤销列表更新方法及相关设备 - Google Patents

一种证书撤销列表更新方法及相关设备 Download PDF

Info

Publication number
WO2021109651A1
WO2021109651A1 PCT/CN2020/113299 CN2020113299W WO2021109651A1 WO 2021109651 A1 WO2021109651 A1 WO 2021109651A1 CN 2020113299 W CN2020113299 W CN 2020113299W WO 2021109651 A1 WO2021109651 A1 WO 2021109651A1
Authority
WO
WIPO (PCT)
Prior art keywords
certificate
revocation list
rsu
obu
certificate revocation
Prior art date
Application number
PCT/CN2020/113299
Other languages
English (en)
French (fr)
Inventor
潘凯
陈璟
王小军
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to EP20897003.8A priority Critical patent/EP4061025B1/en
Publication of WO2021109651A1 publication Critical patent/WO2021109651A1/zh
Priority to US17/831,136 priority patent/US20220294649A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/082Access security using revocation of authorisation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/84Vehicles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/40Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
    • H04W4/44Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P] for communication between vehicles and infrastructures, e.g. vehicle-to-cloud [V2C] or vehicle-to-home [V2H]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/005Moving wireless networks

Definitions

  • This application relates to the field of Internet of Vehicles, and in particular to a method for updating a certificate revocation list and related equipment.
  • the certificate revocation list (CRL) is used to determine whether the certificate used by the sender has been revoked.
  • CRL certificate revocation list
  • the embodiment of the present application provides a method for updating a certificate revocation list and related equipment, which can not only ensure the timely update of the certificate revocation list, but also reduce signaling overhead.
  • an embodiment of the present application provides a method for updating a certificate revocation list, including: the first roadside unit RSU determines the first on-board unit OBU within the coverage of the first RSU according to the first certificate revocation list stored by the first RSU The used certificate is revoked; a first notification message is sent to one or more OBUs within the coverage of the first RSU, and the first notification message is used to notify one or more OBUs to update the certificate revocation list. After determining that the certificate used by the first OBU within the coverage of the first RSU is revoked, a notification message is sent to trigger the OBU to update the certificate revocation list, which not only guarantees the timely update of the certificate revocation list, but also reduces signaling overhead.
  • the first notification message includes a first certificate revocation list
  • the first certificate revocation list is used to update the second certificate revocation list stored by one or more OBUs. Updating the certificate revocation list stored by the OBU through the first certificate revocation list included in the first notification message can not only ensure the timely update of the certificate revocation list, but also reduce signaling overhead.
  • the first notification message is used to trigger one or more OBUs to request the latest certificate revocation list from the certificate server.
  • the first notification message triggers the OBU to request the latest certificate revocation list to be updated, which not only guarantees the timely update of the certificate revocation list, but also reduces signaling overhead.
  • the first RSU receives the message sent by the first OBU; when the certificate used by the message belongs to the certificate corresponding to the first certificate revocation list, the first RSU determines that the certificate used by the first OBU is revoked. By checking the certificate used by the message sent by the first OBU, the legitimacy of the message is guaranteed.
  • the first RSU receives the first certificate revocation list from the certificate server.
  • the certificate server By receiving the first certificate revocation list from the certificate server, it is guaranteed that the certificate revocation list stored by the RSU can be updated in time.
  • the first RSU sends a second notification message to the second RSU, and the second notification message is used to indicate to the second RSU that the certificate used by the first OBU is revoked.
  • the second RSU can learn that the certificate used by the first OBU has been revoked, determine that the vehicle to which the first OBU belongs is an illegal vehicle, and stop information interaction with the vehicle, thereby ensuring the legality of information interaction .
  • the first RSU sends a request message to the certificate server; receives a response message sent by the certificate server, and the response message includes other certificates related to the revoked certificate of the first OBU. Then obtain all the revoked certificates of the first OBU, which can prevent the first OBU from using any revoked certificate for information exchange.
  • the first RSU may send the first notification message first, and then send the second notification message. It is also possible to send the second notification message first, and then send the first notification message.
  • the first RSU After the first RSU receives the message sent by the OBU in the area, if it determines that the certificate used by the message has been revoked, it will send a notification message to the OBU in the area to trigger the OBU update in the area. Certificate revocation list.
  • the first RSU may also broadcast the latest certificate revocation list to the OBUs in the area at a preset time interval without triggering, so that the OBUs in the area update the certificate revocation list.
  • This embodiment of the application can combine the above two methods to implement the OBU to update the certificate revocation list.
  • an embodiment of the present application provides a method for updating a certificate revocation list, including: an on-board unit OBU receives a first notification message sent by a first roadside unit RSU, and the first notification message is used to notify to update the certificate revocation list; OBU Update the certificate revocation list.
  • the first notification message includes the first certificate revocation list; the OBU updates the currently stored certificate revocation list to the first certificate revocation list.
  • the certificate revocation list stored in the OBU is updated through the first certificate revocation list included in the first notification message, so that not only the timely update of the certificate revocation list can be guaranteed, but also the signaling overhead can be reduced.
  • the OBU sends the first request message to the certificate server; the OBU receives the latest certificate revocation list from the certificate server; the OBU updates the currently stored certificate revocation list to the latest certificate revocation list.
  • the OBU sends a second request message to the first RSU; the OBU receives the first certificate revocation list from the first RSU; and updates the currently stored certificate revocation list to the first certificate revocation list.
  • the OBU sends a confirmation request to the certificate server, and the confirmation request is used to request the certificate server to confirm whether the certificate used by the first OBU is revoked; the OBU receives the response message sent by the certificate server.
  • the certificate server confirms whether the certificate used by the first OBU has been revoked, thereby improving the accuracy of information exchange.
  • the OBU can only save the certificate revocation list of its own area (such as a city or an administrative district), and does not need to save the certificate revocation list of the entire network. Every time the certificate revocation list is updated, it is only necessary to request the update of the certificate revocation list in this area. This can reduce storage overhead and increase query speed.
  • an embodiment of the present application provides a certificate revocation list update device, which is configured to implement the method and function performed by the first RSU in the first aspect described above, and is implemented by hardware/software.
  • the hardware/software includes modules corresponding to the above-mentioned functions.
  • the embodiments of the present application provide another certificate revocation list update device, which is configured to implement the methods and functions performed by the on-board unit in the second aspect described above, and is implemented by hardware/software.
  • the hardware/software includes modules corresponding to the above-mentioned functions.
  • an embodiment of the present application provides a first RSU, including: a processor, a memory, and a communication bus, where the communication bus is used to implement connection and communication between the processor and the memory, and the processor executes a program stored in the memory Used to implement the steps of the first aspect described above.
  • the first RSU provided in this application may include a module corresponding to the behavior of the first RSU in the above method design.
  • the module can be software and/or hardware.
  • an embodiment of the present application provides a vehicle-mounted unit, including: a processor, a memory, and a communication bus, where the communication bus is used to realize the connection and communication between the processor and the memory, and the processor executes the program stored in the memory.
  • the vehicle-mounted unit provided in this application may include modules corresponding to the behavior of the vehicle-mounted unit in the aforementioned method design.
  • the module can be software and/or hardware.
  • the embodiments of the present application provide a computer-readable storage medium, and the computer-readable storage medium stores instructions, which when run on a computer, cause the computer to execute the methods of the foregoing aspects.
  • embodiments of the present application provide a computer program product containing instructions, which when run on a computer, cause the computer to execute the methods of the above aspects.
  • an embodiment of the present application provides a chip including a processor, configured to call and execute instructions stored in the memory from the memory, so that the OBU or the first RSU with the chip installed executes the method of any one of the above aspects.
  • an embodiment of the present application provides a certificate revocation list update system, including a roadside unit RSU and a certificate server, wherein the RSU includes the certificate revocation list update device according to any one of the above third aspects.
  • FIG. 1 is a schematic structural diagram of a vehicle network system provided by an embodiment of the present application.
  • FIG. 2 is a schematic flowchart of a method for updating a certificate revocation list provided by an embodiment of the present application
  • FIG. 3 is a schematic structural diagram of an apparatus for updating a certificate revocation list provided by an embodiment of the present application
  • FIG. 4 is a schematic structural diagram of an apparatus for updating a certificate revocation list provided by an embodiment of the present application
  • FIG. 5 is a schematic structural diagram of a first RSU proposed in an embodiment of the present application.
  • Fig. 6 is a schematic structural diagram of a vehicle-mounted unit proposed in an embodiment of the present application.
  • FIG. 1 is a schematic structural diagram of a vehicle network system provided by an embodiment of the present application.
  • the vehicle network system includes at least one vehicle, at least one roadside unit (RSU), and a certificate server.
  • the vehicle can communicate with the RSU and the certificate server through the on-board unit (OBU).
  • the OBU enables the vehicle to have the function of sending and receiving messages in the Internet of Vehicles.
  • Figure 1 only shows the vehicle 1 and vehicle 2.
  • RSU can collect messages sent by all vehicles in the coverage area, and can also send broadcast messages to all vehicles in the coverage area. It can also communicate with the certificate server.
  • Figure 1 only shows RSU1 and RSU2.
  • the system can also include other RSU.
  • the certificate server may include a certificate authority (CA) and a certificate management platform, etc.
  • the CA or certificate management platform is a certificate authority that issues certificates for vehicles.
  • at least one RSU and a certificate server can form a certificate revocation list update system, which can be used to provide driving services for the vehicle, such as updating the certificate revocation list saved by the on-board unit.
  • the CRL issued by the Internet of Vehicles mainly includes: First, the OBU requests the CRL from the certificate server. However, it is impossible to determine the frequency of requesting CRLs. If the interval for requesting CRLs is too short, signaling overhead will increase and the load on the certificate server will increase. If the interval for requesting the CRL is too short, the OBU cannot identify the revoked certificate in time. Second, the certificate server pushes the CRL to the OBU.
  • the embodiments of the present application provide the following solutions.
  • FIG. 2 is a schematic flowchart of a method for updating a certificate revocation list provided by an embodiment of the present application. The method includes but is not limited to the following steps:
  • the first roadside unit RSU determines, according to the first certificate revocation list stored by the first RSU, that the certificate used by the first on-board unit OBU within the coverage of the first RSU is revoked.
  • the first RSU may receive the message sent by the first OBU; determine whether the certificate used by the message belongs to the certificate corresponding to the first certificate revocation list stored by the RSU, for example, determine whether the identity of the certificate used by the message is in In the first certificate revocation list stored by the RSU.
  • the first RSU determines that the certificate used by the first OBU is revoked, and when the certificate used by the message does not belong to the first certificate revocation list
  • the first RSU determines that the certificate used by the first OBU has not been revoked.
  • the first RSU For each message sent by the first OBU, the first RSU can determine whether the certificate used by the first OBU is revoked.
  • the message may include any type of message sent by the first OBU, such as a basic security message (BSM) or a request message. Revocation can also be called revocation.
  • BSM basic security message
  • Revocation can also be called revocation.
  • the first RSU may continue to receive the message sent by the first OBU.
  • the certificate used by the first OBU for sending messages is not checked within the preset time period, and the certificate used by the first OBU for sending messages is checked again after the preset time period has elapsed.
  • the first RSU may receive the first certificate revocation list from the certificate server, or request the first certificate revocation list from the certificate server according to a preset duration, and save the first certificate revocation list, where the first certificate revocation list
  • the list can be a certificate revocation list of the entire network, or a certificate revocation list of the area where the first RSU is located (such as a city or an administrative district). Since the number of RSUs is much smaller than the number of OBUs, the preset duration can be set to be smaller, so that the certificate revocation list saved by the RSU can be updated in time.
  • only one RSU may request the CRL from the certificate server, and distribute the CRL received by the RSU to other RSUs in the area. Thereby reducing the load of the certificate server.
  • the first OBU may broadcast to the outside Basic safety message
  • the first RSU may receive the basic safety message broadcast by the first OBU, and determine whether the certificate used by the basic safety message is revoked.
  • the basic safety message may include the driving position, direction, and speed of the vehicle to which the first OBU belongs.
  • the first RSU sends a first notification message to one or more OBUs within the coverage area of the first RSU, where the first notification message is used to notify the one or more OBUs to update the certificate revocation list.
  • the first RSU may save the certificate revocation list of the entire network, and may obtain the certificate revocation list saved by one or more OBUs within the coverage of the first RSU.
  • the first RSU may send to the second OBU The first notification message.
  • the first RSU may not need to The second OBU sends the first notification message.
  • the second OBU is located in the coverage area of the first RSU.
  • updating the currently stored certificate revocation list may include the following methods:
  • the first notification message includes the first certificate revocation list, and the first certificate revocation list is used to update a second certificate revocation list stored by the one or more OBUs.
  • the OBU may update the currently stored certificate revocation list to the first certificate revocation list.
  • the first notification message may be a broadcast message, and the one or more OBUs may include all OBUs within the coverage area of the first RSU, or may include some OBUs within the coverage area of the first RSU.
  • the first RSU may use the certificate of the first RSU to sign the first certificate revocation list.
  • the first notification message is used to trigger the one or more OBUs to request the latest certificate revocation list from the certificate server.
  • the first notification message does not include the first certificate revocation list.
  • the OBU can update the currently stored certificate revocation list in the following two ways, including:
  • the OBU receives the latest certificate revocation list from the certificate server; and updates the currently stored certificate revocation list to the latest certificate revocation list.
  • the OBU sends a second request message to the first RSU.
  • the OBU receives the first certificate revocation list from the first RSU; and updates the currently stored certificate revocation list to the first certificate revocation list.
  • the first certificate revocation list may be a certificate revocation list signed with the certificate of the first RSU.
  • OBU can only save the certificate revocation list of its own area (such as a city or an administrative district), and does not need to save the certificate revocation list of the entire network. Every time the certificate revocation list is updated, it is only necessary to request the update of the certificate revocation list in this area. This can reduce storage overhead and increase query speed.
  • the OBU may also perform the following operations:
  • the second OBU sends a confirmation request to the certificate server, where the confirmation request is used to request the certificate server to confirm whether the certificate used by the first OBU has been revoked;
  • the second OBU receives the response message sent by the certificate server. If the second OBU determines that the certificate used by the first OBU is revoked, it starts to update the currently stored certificate revocation list. If the second OBU determines that the certificate used by the first OBU has not been revoked, it does not need to update the currently stored certificate revocation list.
  • the certificate server may use the certificate of the certificate server (for example, the certificate of the CA) to sign the response message.
  • the steps in the embodiment of the present application may further include:
  • the first RSU may send a second notification message to the second RSU, where the second notification message is used to indicate to the second RSU that the certificate used by the first OBU is revoked.
  • the second notification message may include the revoked certificate of the first OBU.
  • the second RSU can learn that the certificate used by the first OBU has been revoked, determine that the vehicle to which the first OBU belongs is an illegal vehicle, and stop information interaction with the vehicle.
  • the second RSU may belong to the same area (such as a city or an administrative district) with the first RSU, or may belong to a different area from the first RSU.
  • step S205 and step S202 are performed in no particular order.
  • the first RSU may first send a first notification message, and then Send the second notification message. It is also possible to send the second notification message first, and then send the first notification message.
  • the steps in the embodiment of the present application may further include:
  • the first RSU sends a request message to the certificate server. After receiving the request message, the certificate server searches for other certificates related to the revoked certificate of the first OBU.
  • the first RSU receives a response message sent by the certificate server, where the response message includes other certificates related to the revoked certificate of the first OBU.
  • the second notification message may also include other certificates related to the revoked certificate of the first OBU.
  • other RSUs can learn that the certificate used by the first OBU and other certificates related to the certificate have been revoked.
  • the first RSU After the first RSU receives the message sent by the OBU in the area, if it determines that the certificate used by the message has been revoked, it will send a notification message to the OBU in the area to trigger the OBU update in the area. Certificate revocation list.
  • the first RSU may also broadcast the latest certificate revocation list to the OBUs in the area at a preset time interval without triggering, so that the OBUs in the area update the certificate revocation list.
  • This embodiment of the application can combine the above two methods to implement the OBU to update the certificate revocation list. Among them, the preset time interval can be set to be larger, which can reduce signaling overhead.
  • the first RSU after the first RSU receives the message sent by the OBU in the area, if it determines that the certificate used by the message is revoked, it sends a notification message to the OBU in the area, and then triggers the OBU in the area. Update the certificate revocation list. Using this trigger method to notify the OBU to update the certificate revocation list can not only ensure the timely update of the certificate revocation list, but also reduce signaling overhead.
  • FIG. 3 is a schematic structural diagram of a certificate revocation list update device provided by an embodiment of the present application.
  • the device includes a processing module 301, a sending module 302, and a receiving module 303, in which:
  • the processing module 301 is configured to determine, according to the first certificate revocation list stored by the first RSU, that the certificate used by the first on-board unit OBU within the coverage of the first RSU is revoked;
  • the sending module 302 is configured to send a first notification message to one or more OBUs within the coverage of the first RSU, where the first notification message is used to notify the one or more OBUs to update the certificate revocation list.
  • the first notification message includes the first certificate revocation list, and the first certificate revocation list is used to update the second certificate revocation list stored by the one or more OBUs.
  • the first notification message is used to trigger the one or more OBUs to request the latest certificate revocation list from the certificate server.
  • the receiving module 303 is configured to receive a message sent by the first OBU; the processing module 301 is also configured to determine that the certificate used by the message belongs to the certificate corresponding to the first certificate revocation list The certificate used by the first OBU was revoked.
  • the receiving module 303 is configured to receive the first certificate revocation list from the certificate server.
  • the sending module 302 is further configured to send a second notification message to the second RSU, where the second notification message is used to indicate to the second RSU that the certificate used by the first OBU is revoked.
  • the sending module 302 is further configured to send a request message to the certificate server; the receiving module 303 is configured to receive a response message sent by the certificate server, and the response message includes information related to the revoked certificate of the first OBU. Other certificates.
  • each module can also refer to the corresponding description of the method embodiment shown in FIG. 2 to execute the method and function performed by the first RSU in the above embodiment.
  • FIG. 4 is a schematic structural diagram of a certificate revocation list update apparatus provided by an embodiment of the present application.
  • the apparatus includes a receiving module 401, a processing module 402, and a sending module 403, wherein:
  • the receiving module 401 is configured to receive a first notification message sent by the first roadside unit RSU, where the first notification message is used to notify the update of the certificate revocation list;
  • the processing module 402 is used to update the certificate revocation list.
  • the first notification message includes a first certificate revocation list; the processing module 402 is further configured to update the currently stored certificate revocation list to the first certificate revocation list.
  • the sending module 403 is used to send the first request message to the certificate server; the receiving module 401 is also used to receive the latest certificate revocation list from the certificate server; the processing module 402 is also used to transfer the currently stored certificate The revocation list is updated to the latest certificate revocation list.
  • the sending module 403 is configured to send a second request message to the first RSU; the receiving module 401 is also configured to receive a first certificate revocation list from the first RSU; the processing module 402 is also configured to send The currently stored certificate revocation list is updated to the first certificate revocation list.
  • the sending module 403 is configured to send a confirmation request to the certificate server, where the confirmation request is used to request the certificate server to confirm whether the certificate used by the first OBU is revoked; the receiving module 401 is also used to receive the certificate. The response message sent by the certificate server.
  • each module can also refer to the corresponding description of the method embodiment shown in FIG. 2 to execute the methods and functions performed by the OBU in the foregoing embodiment.
  • FIG. 5 is a schematic structural diagram of a first RSU proposed in an embodiment of the present application.
  • the first RSU may include: at least one processor 501, at least one communication interface 502, at least one memory 503, and at least one communication bus 504.
  • the processor 501 may be a central processing unit, a general-purpose processor, a digital signal processor, an application specific integrated circuit, a field programmable gate array, or other programmable logic devices, transistor logic devices, hardware components, or any combination thereof. It can implement or execute various exemplary logical blocks, modules, and circuits described in conjunction with the disclosure of this application.
  • the processor may also be a combination that implements computing functions, for example, a combination of one or more microprocessors, a combination of a digital signal processor and a microprocessor, and so on.
  • the communication bus 504 may be a standard PCI bus for interconnecting peripheral components or an EISA bus with an extended industry standard structure. The bus can be divided into address bus, data bus, control bus, etc.
  • the communication bus 504 is used to implement connection and communication between these components.
  • the communication interface 502 of the device in the embodiment of the present application is used for signaling or data communication with other node devices.
  • the memory 503 may include volatile memory, such as nonvolatile random access memory (NVRAM), phase change RAM (PRAM), magnetoresistive random access memory (magetoresistive) RAM, MRAM), etc., and may also include non-volatile memory, such as at least one disk storage device, electrically erasable programmable read-only memory (electrically erasable programmable read-only memory, EEPROM), flash memory devices, such as reverse or flash memory (NOR flash memory) or reverse flash memory (NAND flash memory), semiconductor devices, such as solid state disks (SSD), etc.
  • the memory 503 may also be at least one storage device located far away from the aforementioned processor 501.
  • the memory 503 may also store a group of program codes.
  • the processor 501 may optionally execute a program stored in the memory 503.
  • the first notification message includes the first certificate revocation list, and the first certificate revocation list is used to update the second certificate revocation list stored by the one or more OBUs.
  • the first notification message is used to trigger the one or more OBUs to request the latest certificate revocation list from the certificate server.
  • the processor 501 is configured to perform the following operation steps:
  • the certificate used by the message belongs to the certificate corresponding to the first certificate revocation list, it is determined that the certificate used by the first OBU is revoked.
  • the processor 501 is configured to perform the following operation steps:
  • the processor 501 is configured to perform the following operation steps:
  • the processor 501 is configured to perform the following operation steps:
  • processor may also cooperate with the memory and the communication interface to perform the operation of the first RSU in the above-mentioned application embodiment.
  • FIG. 6 is a schematic structural diagram of a vehicle-mounted unit according to an embodiment of the present application.
  • the vehicle can communicate with the certificate server and the roadside unit in the Internet of Vehicles through the vehicle-mounted unit.
  • the vehicle-mounted unit may include: at least one processor 601, at least one communication interface 602, at least one memory 603, and at least one communication bus 604.
  • the processor 601 may be various types of processors mentioned above.
  • the communication bus 604 may be a standard PCI bus for interconnecting peripheral components or an extended industry standard structure EISA bus. The bus can be divided into address bus, data bus, control bus, etc. For ease of representation, only one thick line is used in FIG. 6, but it does not mean that there is only one bus or one type of bus.
  • the communication bus 604 is used to implement connection and communication between these components. Among them, the communication interface 602 of the device in the embodiment of the present application is used for signaling or data communication with other node devices.
  • the memory 603 may be the various types of memories mentioned above. Optionally, the memory 603 may also be at least one storage device located far away from the foregoing processor 601.
  • the memory 603 stores a group of program codes, and the processor 601 executes the programs in the memory 603.
  • the processor 601 is configured to perform the following operation steps:
  • Update the certificate revocation list including:
  • the processor 601 is configured to perform the following operation steps:
  • the currently stored certificate revocation list is updated to the latest certificate revocation list.
  • the processor 601 is configured to perform the following operation steps:
  • the processor 601 is configured to perform the following operation steps:
  • processor may also cooperate with the memory and the communication interface to perform the operation of the OBU in the above-mentioned application embodiment.
  • An embodiment of the present application also provides a chip system.
  • the chip system includes a processor for supporting the first RSU or OBU to implement the functions involved in any of the above embodiments, such as generating or processing the functions involved in the above methods. Data and/or information.
  • the chip system may further include a memory, and the memory is used for necessary program instructions and data of the first RSU or OBU.
  • the chip system can be composed of chips, or include chips and other discrete devices.
  • An embodiment of the present application also provides a processor, which is configured to be coupled with a memory and configured to execute any method and function related to the first RSU or OBU in any of the foregoing embodiments.
  • the embodiment of the present application also provides a computer program product containing instructions, which when running on a computer, causes the computer to execute any method and function related to the first RSU or OBU in any of the foregoing embodiments.
  • the embodiment of the present application also provides a device for executing any method and function related to the first RSU or OBU in any of the foregoing embodiments.
  • An embodiment of the present application also provides a wireless communication system, which includes at least one first RSU and at least one OBU involved in any of the foregoing embodiments.
  • the computer program product includes one or more computer instructions.
  • the computer may be a general-purpose computer, a special-purpose computer, a computer network, or other programmable devices.
  • the computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another computer-readable storage medium. For example, the computer instructions may be transmitted from a website, computer, server, or data center.
  • the computer-readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server or a data center integrated with one or more available media.
  • the usable medium may be a magnetic medium (for example, a floppy disk, a hard disk, and a magnetic tape), an optical medium (for example, a DVD), or a semiconductor medium (for example, a solid state disk (SSD)).

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

本申请实施例公开了一种证书撤销列表更新方法及相关设备,包括:第一路边单元RSU根据所述RSU存储的第一证书撤销列表,确定所述第一RSU覆盖范围内第一车载单元OBU使用的证书被撤销;所述第一RSU向所述第一RSU覆盖范围内的一个或多个OBU发送第一通知消息,所述第一通知消息用于通知所述一个或多个OBU更新证书撤销列表。采用本申请实施例,不仅可以保障证书撤销列表的及时更新,而且可以减少信令开销。

Description

一种证书撤销列表更新方法及相关设备
本申请要求于2019年12月6日提交中国专利局、申请号为201911240387.7、申请名称为“一种证书撤销列表更新方法及相关设备”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。
技术领域
本申请涉及车联网领域,尤其涉及一种证书撤销列表更新方法及相关设备。
背景技术
证书撤销列表(certificate revocation list,CRL)用于判断发送方所使用的证书是否被撤销。在传统基于证书的计算机通信中,由于连接到网络的任意两台计算机都可以相互通信,因此每台计算机都必须保存CRL。然而,在车联网环境中,无法保障每个车辆保存的CRL及时更新,或者由于CRL频繁更新导致信令开销很大。
发明内容
本申请实施例提供一种证书撤销列表更新方法及相关设备,不仅可以保障证书撤销列表的及时更新,而且可以减少信令开销。
第一方面,本申请实施例提供了一种证书撤销列表更新方法,包括:第一路边单元RSU根据第一RSU存储的第一证书撤销列表,确定第一RSU覆盖范围内第一车载单元OBU使用的证书被撤销;向第一RSU覆盖范围内的一个或多个OBU发送第一通知消息,第一通知消息用于通知一个或多个OBU更新证书撤销列表。通过确定第一RSU覆盖范围内第一OBU使用的证书被撤销后发送通知消息来触发OBU更新证书撤销列表,不仅可以保障证书撤销列表的及时更新,而且可以减少信令开销。
在一种可能的设计中,第一通知消息包括第一证书撤销列表,第一证书撤销列表用于更新一个或多个OBU存储的第二证书撤销列表。通过第一通知消息所包含的第一证书撤销列表来更新OBU存储的证书撤销列表,不仅可以保障证书撤销列表的及时更新,而且可以减少信令开销。
在另一种可能的设计中,第一通知消息用于触发一个或多个OBU向证书服务器请求最新的证书撤销列表。通过第一通知消息触发OBU请求最新的证书撤销列表进行更新,不仅可以保障证书撤销列表的及时更新,而且可以减少信令开销。
在另一种可能的设计中,第一RSU接收第一OBU发送的消息;当消息使用的证书属于第一证书撤销列表对应的证书时,第一RSU确定第一OBU使用的证书被撤销。通过对第一OBU发送的消息所使用的证书进行检查,保证消息的合法性。
在另一种可能的设计中,第一RSU从证书服务器接收第一证书撤销列表。通过从证书服务器中接收第一证书撤销列表,保障RSU存储的证书撤销列表可以及时更新。
在另一种可能的设计中,第一RSU向第二RSU发送第二通知消息,第二通知消息用于向第二RSU指示第一OBU使用的证书被撤销。第二RSU接收到第二通知消息之后, 可以获知第一OBU使用的证书已被撤销,确定该第一OBU所属的车辆为非法车辆,停止与该车辆进行信息交互,从而保障信息交互的合法性。
在另一种可能的设计中,第一RSU向证书服务器发送请求消息;接收证书服务器发送的响应消息,响应消息包括与第一OBU被撤销的证书相关的其他证书。进而获取第一OBU被撤销的全部证书,这样可以防止第一OBU使用任何一个被撤销的证书进行信息交互。
在另一种可能的设计中,第一RSU可以先发送第一通知消息,然后发送第二通知消息。也可以先发送第二通知消息,然后发送第一通知消息。
需要说明的是,第一RSU接收到本区域内的OBU发送的消息之后,如果确定该消息使用的证书已经被撤销,则向本区域内的OBU发送通知消息,进而触发本区域内的OBU更新证书撤销列表。第一RSU也可以在没有触发的情况下按照预设的时间间隔向本区域内的OBU广播最新的证书撤销列表,使得本区域内的OBU更新证书撤销列表。本申请实施例可以结合上述两种方式来实现OBU更新证书撤销列表。
第二方面,本申请实施例提供了一种证书撤销列表更新方法,包括:车载单元OBU接收第一路边单元RSU发送的第一通知消息,第一通知消息用于通知更新证书撤销列表;OBU更新证书撤销列表。通过接收通知消息触发OBU更新证书撤销列表,不仅可以保障证书撤销列表的及时更新,而且可以减少信令开销。
在另一种可能的设计中,第一通知消息包括第一证书撤销列表;OBU将当前存储的证书撤销列表更新为第一证书撤销列表。通过第一通知消息所包含的第一证书撤销列表来更新OBU存储的证书撤销列表,从而不仅可以保障证书撤销列表的及时更新,而且可以减少信令开销。
在另一种可能的设计中,OBU向证书服务器发送第一请求消息;OBU从证书服务器接收最新的证书撤销列表;OBU将当前存储的证书撤销列表更新为最新的证书撤销列表。通过从证书服务器请求最新的证书撤销列表进行更新,从而不仅可以保障证书撤销列表的及时更新,而且可以减少信令开销。
在另一种可能的设计中,OBU向第一RSU发送第二请求消息;OBU从第一RSU接收第一证书撤销列表;将当前存储的证书撤销列表更新为第一证书撤销列表。通过从第一RSU请求第一证书撤销列表进行更新,从而不仅可以保障证书撤销列表的及时更新,而且可以减少信令开销。
在另一种可能的设计中,OBU向证书服务器发送确认请求,确认请求用于请求证书服务器确认第一OBU使用的证书是否被撤销;OBU接收证书服务器发送的响应消息。通过证书服务器确认第一OBU使用的证书是否被撤销,从而提高信息交互的准确性。
在另一种可能的设计中,OBU可以只保存自身所在区域(如一个市或一个行政区)的证书撤销列表,无需保存全网的证书撤销列表。每次对证书撤销列表进行更新时,也只需要请求本区域的证书撤销列表进行更新。这样可以减少存储开销,也可以提高查询速度。
第三方面,本申请实施例提供了一种证书撤销列表更新装置,该证书撤销列表更新装置被配置为实现上述第一方面中第一RSU所执行的方法和功能,由硬件/软件实现,其硬件/软件包括与上述功能相应的模块。
第四方面,本申请实施例提供了另一种证书撤销列表更新装置,该证书撤销列表更新装置被配置为实现上述第二方面中车载单元所执行的方法和功能,由硬件/软件实现,其硬件/软件包括与上述功能相应的模块。
第五方面,本申请实施例提供了一种第一RSU,包括:处理器、存储器和通信总线,其中,通信总线用于实现处理器和存储器之间连接通信,处理器执行存储器中存储的程序用于实现上述第一方面的步骤。
在一个可能的设计中,本申请提供的第一RSU可以包含用于执行上述方法设计中第一RSU的行为相对应的模块。模块可以是软件和/或是硬件。
第六方面,本申请实施例提供了一种车载单元,包括:处理器、存储器和通信总线,其中,通信总线用于实现处理器和存储器之间连接通信,处理器执行存储器中存储的程序用于实现上述第二方面提供的步骤。
在一个可能的设计中,本申请提供的车载单元可以包含用于执行上述方法设计中车载单元的行为相对应的模块。模块可以是软件和/或是硬件。
第七方面,本申请实施例提供了一种计算机可读存储介质,计算机可读存储介质中存储有指令,当其在计算机上运行时,使得计算机执行上述各方面的方法。
第八方面,本申请实施例提供了一种包含指令的计算机程序产品,当其在计算机上运行时,使得计算机执行上述各方面的方法。
第九方面,本申请实施例提供了一种芯片,包括处理器,用于从存储器中调用并运行存储器中存储的指令,使得安装有芯片的OBU或第一RSU执行上述任一方面的方法。
第十方面,本申请实施例提供了一种证书撤销列表更新系统,包括路边单元RSU和证书服务器,其中,所述RSU包括上述第三方面中任一项所述的证书撤销列表更新装置。
附图说明
为了更清楚地说明本申请实施例或背景技术中的技术方案,下面将对本申请实施例或背景技术中所需要使用的附图进行说明。
图1是本申请实施例提供的一种车辆网系统的结构示意图;
图2是本申请实施例提供的一种证书撤销列表更新方法的流程示意图;
图3是本申请实施例提供的一种证书撤销列表更新装置的结构示意图;
图4是本申请实施例提供的一种证书撤销列表更新装置的结构示意图;
图5是本申请实施例提出的一种第一RSU的结构示意图;
图6是本申请实施例提出的一种车载单元的结构示意图。
具体实施方式
下面结合本申请实施例中的附图对本申请实施例进行描述。
请参见图1,图1是本申请实施例提供的一种车辆网系统的结构示意图,该车联网系统包括至少一个车辆、至少一个路边单元(road side unit,RSU)和证书服务器。其中,车辆可以通过车载单元(on board unit,OBU)分别与RSU和证书服务器通信,OBU使车辆具备收发车联网内的消息的功能,图1只给出了车辆1和车辆2,该系统还可以包括 其他车辆。RSU可以收集覆盖范围内所有车辆发送的消息,也可以向覆盖范围内的所有车辆发送广播消息等等,还可以与证书服务器通信,图1只给出了RSU1和RSU2,该系统还可以包括其他RSU。证书服务器可以包括证书中心(certificate authority,CA)和证书管理平台等等,CA或证书管理平台是一种为车辆签发证书的证书机构。另外,至少一个RSU和证书服务器可以构成一个证书撤销列表更新系统,可以用于为车辆提供驾驶服务,例如更新车载单元保存的证书撤销列表等。
在车联网环境中,只有相隔一定距离的车辆才会发生信息交互,这就意味着许多车辆之间可能永远都不会发生信息交互。因此,对于每个车辆的车载单元,保存与该车辆相关的全网CRL意义并不大。目前,车联网下发CRL主要包括:第一,由OBU向证书服务器请求CRL。但是,无法确定请求CRL的频率,如果请求CRL的间隔太短,会增加信令开销,导致证书服务器的负荷增大。如果请求CRL的间隔太短,则OBU无法及时识别已经撤销的证书。第二,由证书服务器向OBU推送CRL。但是,采用这种方式,如果出现信号问题OBU没有接收到证书服务器推送的CRL,则OBU必须等待证书服务器下一次推送CRL,这样也会导致OBU无法及时识别已经撤销的证书。为了解决上述技术问题,本申请实施例提供了如下解决方案。
请参见图2,图2是本申请实施例提供的一种证书撤销列表更新方法的流程示意图,该方法包括但不限于如下步骤:
S201,第一路边单元RSU根据所述第一RSU存储的第一证书撤销列表,确定所述第一RSU覆盖范围内第一车载单元OBU使用的证书被撤销。
具体的,第一RSU可以接收所述第一OBU发送的消息;确定所述消息使用的证书是否属于RSU存储的第一证书撤销列表对应的证书,例如确定所述消息使用的证书的标识是否在RSU存储的第一证书撤销列表中。当所述消息使用的证书属于所述第一证书撤销列表对应的证书时,第一RSU确定所述第一OBU使用的证书被撤销,当所述消息使用的证书不属于所述第一证书撤销列表对应的证书时,第一RSU确定所述第一OBU使用的证书没有被撤销。针对第一OBU发送的每个消息,第一RSU都可以确定第一OBU使用的证书是否被撤销。其中,消息可以包括第一OBU发送的任何一种消息,例如基本安全消息(basic security message,BSM)或请求消息等等。撤销也可以称为吊销。
可选的,如果确定第一OBU发送的消息使用的证书不属于第一RSU存储的第一证书撤销列表中,则第一RSU可以继续接收第一OBU发送的消息。在预设时间段内不对第一OBU发送消息使用的证书进行检查,在经过预设时间段后再对第一OBU发送消息使用的证书进行检查。
可选的,第一RSU可以从证书服务器接收第一证书撤销列表、或者按照预设时长向证书服务器请求第一证书撤销列表,并对第一证书撤销列表进行保存,其中,该第一证书撤销列表可以为全网的证书撤销列表,也可以为第一RSU所在区域(如一个市或一个行政区)的证书撤销列表。由于RSU的数量相比于OBU的数量少很多,预设时长可以设置较小,这样可以及时更新RSU保存的证书撤销列表。此外,在一个区域中,可以仅由一个RSU向证书服务器请求CRL,并将该RSU接收到的CRL分发给该区域的其他RSU。 从而减小证书服务器的负载。
可选的,在第一RSU根据所述第一RSU存储的第一证书撤销列表,确定所述第一RSU覆盖范围内第一车载单元OBU使用的证书被撤销之前,第一OBU可以向外广播基本安全消息,第一RSU可以接收第一OBU广播的基本安全消息,并确定基本安全消息使用的证书是否被撤销。其中,基本安全消息可以包括第一OBU所属车辆的行驶位置、方向和速度大小等等。
S202,第一RSU向所述第一RSU覆盖范围内的一个或多个OBU发送第一通知消息,所述第一通知消息用于通知所述一个或多个OBU更新证书撤销列表。
具体的,第一RSU可以保存全网的证书撤销列表,并且可以获取第一RSU覆盖范围内一个或多个OBU保存的证书撤销列表。第一RSU确定所述消息使用的证书属于所述第一证书撤销列表对应的证书、且所述消息使用的证书不在第二OBU保存的证书撤销列表中时,第一RSU可以向第二OBU发送第一通知消息。或者,第一RSU确定所述消息使用的证书属于所述第一证书撤销列表对应的证书、且所述消息使用的证书在第二OBU保存的证书撤销列表中时,第一RSU可以不需要向第二OBU发送第一通知消息。其中,第二OBU位于第一RSU覆盖范围内。
在本申请实施例中,OBU接收到第一通知消息之后,更新当前存储的证书撤销列表可以包括以下几种方式:
在一种实现方式中,所述第一通知消息包括所述第一证书撤销列表,所述第一证书撤销列表用于更新所述一个或多个OBU存储的第二证书撤销列表。OBU接收到第一通知消息之后,可以将当前存储的证书撤销列表更新为所述第一证书撤销列表。第一通知消息可以为广播消息,一个或多个OBU可以包括第一RSU覆盖范围内的所有OBU,也可以包括第一RSU覆盖范围内的部分OBU。可选的,第一RSU在发送第一通知消息之前,可以使用第一RSU的证书对第一证书撤销列表进行签名。
在另一种实现方式中,所述第一通知消息用于触发所述一个或多个OBU向证书服务器请求最新的证书撤销列表。其中,所述第一通知消息不包括所述第一证书撤销列表。如图2所示,在这种情况下,OBU可以通过以下两种方式对当前存储的证书撤销列表进行更新,包括:
第一种方式:
S208,OBU接收到第一通知消息之后,向证书服务器发送第一请求消息。
S209,OBU从所述证书服务器接收最新的证书撤销列表;将当前存储的证书撤销列表更新为所述最新的证书撤销列表。
第二种方式:
S210,OBU向所述第一RSU发送第二请求消息;
S211,OBU从所述第一RSU接收第一证书撤销列表;将当前存储的证书撤销列表更新为所述第一证书撤销列表。其中,第一证书撤销列表可以为使用第一RSU的证书签名后的证书撤销列表。
需要说明的是,OBU可以只保存自身所在区域(如一个市或一个行政区)的证书撤销列表,无需保存全网的证书撤销列表。每次对证书撤销列表进行更新时,也只需要请求 本区域的证书撤销列表进行更新。这样可以减少存储开销,也可以提高查询速度。
可选的,如图2所示,在OBU向证书服务器或者向第一RSU请求证书撤销列表之前,OBU还可以执行如下操作:
S206,第二OBU向证书服务器发送确认请求,所述确认请求用于请求所述证书服务器确认所述第一OBU使用的证书是否被撤销;
S207,第二OBU接收所述证书服务器发送的响应消息。如果第二OBU确定第一OBU使用的证书被撤销,则开始对当前存储的证书撤销列表进行更新。如果第二OBU确定第一OBU使用的证书没有被撤销,则不需要对当前存储的证书撤销列表进行更新。可选的,证书服务器可以使用证书服务器的证书(例如CA的证书)对响应消息进行签名。
可选的,如图2所示,本申请实施例中步骤还可以包括:
S205,第一RSU可以向第二RSU发送第二通知消息,所述第二通知消息用于向所述第二RSU指示所述第一OBU使用的证书被撤销。其中,第二通知消息可以包括第一OBU的已被撤销的证书。第二RSU接收到第二通知消息之后,可以获知第一OBU使用的证书已被撤销,确定该第一OBU所属的车辆为非法车辆,停止与该车辆进行信息交互。其中,第二RSU可以与第一RSU属于同一区域(如一个市或一个行政区),也可以与第一RSU属于不同区域。
需要说明的是,步骤S205与步骤S202执行顺序不分先后,在确定所述第一RSU覆盖范围内第一车载单元OBU使用的证书被撤销之后,第一RSU可以先发送第一通知消息,然后发送第二通知消息。也可以先发送第二通知消息,然后发送第一通知消息。
可选的,如图2所示,第一RSU可以向第二RSU发送第二通知消息之前,本申请实施例中步骤还可以包括:
S203,第一RSU向证书服务器发送请求消息。证书服务器接收到请求消息之后,查找与所述第一OBU被撤销的证书相关的其他证书。
S204,第一RSU接收所述证书服务器发送的响应消息,所述响应消息包括与所述第一OBU被撤销的证书相关的其他证书。这样,第二通知消息还可以包括与所述第一OBU被撤销的证书相关的其他证书。其他RSU接收到第二通知消息之后,可以获知第一OBU使用的证书和与该证书相关的其他证书都已经被撤销。
需要说明的是,第一RSU接收到本区域内的OBU发送的消息之后,如果确定该消息使用的证书已经被撤销,则向本区域内的OBU发送通知消息,进而触发本区域内的OBU更新证书撤销列表。第一RSU也可以在没有触发的情况下按照预设的时间间隔向本区域内的OBU广播最新的证书撤销列表,使得本区域内的OBU更新证书撤销列表。本申请实施例可以结合上述两种方式来实现OBU更新证书撤销列表。其中,预设的时间间隔可以设置大一点,这样可以减少信令开销。
在本申请实施例中,第一RSU接收到本区域内的OBU发送的消息之后,如果确定该消息使用的证书被撤销,则向本区域内的OBU发送通知消息,进而触发本区域内的OBU更新证书撤销列表。通过这种触发方式来通知OBU更新证书撤销列表,不仅可以保障证书撤销列表的及时更新,而且可以减少信令开销。
上述详细阐述了本申请实施例的方法,下面提供了本申请实施例的装置。
请参见图3,图3是本申请实施例提供的一种证书撤销列表更新装置的结构示意图,该装置包括处理模块301、发送模块302和接收模块303,其中:
处理模块301,用于根据第一RSU存储的第一证书撤销列表,确定所述第一RSU覆盖范围内第一车载单元OBU使用的证书被撤销;
发送模块302,用于向所述第一RSU覆盖范围内的一个或多个OBU发送第一通知消息,所述第一通知消息用于通知所述一个或多个OBU更新证书撤销列表。
其中,所述第一通知消息包括所述第一证书撤销列表,所述第一证书撤销列表用于更新所述一个或多个OBU存储的第二证书撤销列表。
其中,所述第一通知消息用于触发所述一个或多个OBU向证书服务器请求最新的证书撤销列表。
可选的,接收模块303,用于接收所述第一OBU发送的消息;处理模块301,还用于当所述消息使用的证书属于所述第一证书撤销列表对应的证书时,确定所述第一OBU使用的证书被撤销。
可选的,接收模块303,用于从证书服务器接收所述第一证书撤销列表。
可选的,发送模块302,还用于向第二RSU发送第二通知消息,所述第二通知消息用于向所述第二RSU指示所述第一OBU使用的证书被撤销。
可选的,发送模块302,还用于向证书服务器发送请求消息;接收模块303,用于接收所述证书服务器发送的响应消息,所述响应消息包括与所述第一OBU被撤销的证书相关的其他证书。
需要说明的是,各个模块的实现还可以对应参照图2所示的方法实施例的相应描述,执行上述实施例中第一RSU所执行的方法和功能。
请参见图4,图4是本申请实施例提供的一种证书撤销列表更新装置的结构示意图,该装置包括接收模块401、处理模块402和发送模块403,其中:
接收模块401,用于接收第一路边单元RSU发送的第一通知消息,所述第一通知消息用于通知更新证书撤销列表;
处理模块402,用于更新证书撤销列表。
可选的,所述第一通知消息包括第一证书撤销列表;处理模块402,还用于将当前存储的证书撤销列表更新为所述第一证书撤销列表。
可选的,发送模块403,用于向证书服务器发送第一请求消息;接收模块401,还用于从所述证书服务器接收最新的证书撤销列表;处理模块402,还用于将当前存储的证书撤销列表更新为所述最新的证书撤销列表。
可选的,发送模块403,用于向所述第一RSU发送第二请求消息;接收模块401,还用于从所述第一RSU接收第一证书撤销列表;处理模块402,还用于将当前存储的证书撤销列表更新为所述第一证书撤销列表。
可选的,发送模块403,用于向证书服务器发送确认请求,所述确认请求用于请求所述证书服务器确认所述第一OBU使用的证书是否被撤销;接收模块401,还用于接收所述证书服务器发送的响应消息。
需要说明的是,各个模块的实现还可以对应参照图2所示的方法实施例的相应描述,执行上述实施例中OBU所执行的方法和功能。
请继续参考图5,图5是本申请实施例提出的一种第一RSU的结构示意图。如图5所示,该第一RSU可以包括:至少一个处理器501,至少一个通信接口502,至少一个存储器503和至少一个通信总线504。
其中,处理器501可以是中央处理器单元,通用处理器,数字信号处理器,专用集成电路,现场可编程门阵列或者其他可编程逻辑器件、晶体管逻辑器件、硬件部件或者其任意组合。其可以实现或执行结合本申请公开内容所描述的各种示例性的逻辑方框,模块和电路。所述处理器也可以是实现计算功能的组合,例如包含一个或多个微处理器组合,数字信号处理器和微处理器的组合等等。通信总线504可以是外设部件互连标准PCI总线或扩展工业标准结构EISA总线等。所述总线可以分为地址总线、数据总线、控制总线等。为便于表示,图5中仅用一条粗线表示,但并不表示仅有一根总线或一种类型的总线。通信总线504用于实现这些组件之间的连接通信。其中,本申请实施例中设备的通信接口502用于与其他节点设备进行信令或数据的通信。存储器503可以包括易失性存储器,例如非挥发性动态随机存取内存(nonvolatile random access memory,NVRAM)、相变化随机存取内存(phase change RAM,PRAM)、磁阻式随机存取内存(magetoresistive RAM,MRAM)等,还可以包括非易失性存储器,例如至少一个磁盘存储器件、电子可擦除可编程只读存储器(electrically erasable programmable read-only memory,EEPROM)、闪存器件,例如反或闪存(NOR flash memory)或是反及闪存(NAND flash memory)、半导体器件,例如固态硬盘(solid state disk,SSD)等。存储器503可选的还可以是至少一个位于远离前述处理器501的存储装置。存储器503中可选的还可以存储一组程序代码。处理器501可选的还可以执行存储器503中所存储的程序。
根据所述第一RSU存储的第一证书撤销列表,确定所述第一RSU覆盖范围内第一车载单元OBU使用的证书被撤销;
向所述第一RSU覆盖范围内的一个或多个OBU发送第一通知消息,所述第一通知消息用于通知所述一个或多个OBU更新证书撤销列表。
其中,所述第一通知消息包括所述第一证书撤销列表,所述第一证书撤销列表用于更新所述一个或多个OBU存储的第二证书撤销列表。
其中,所述第一通知消息用于触发所述一个或多个OBU向证书服务器请求最新的证书撤销列表。
可选的,处理器501用于执行如下操作步骤:
接收所述第一OBU发送的消息;
当所述消息使用的证书属于所述第一证书撤销列表对应的证书时,确定所述第一OBU使用的证书被撤销。
可选的,处理器501用于执行如下操作步骤:
从证书服务器接收所述第一证书撤销列表。
可选的,处理器501用于执行如下操作步骤:
向第二RSU发送第二通知消息,所述第二通知消息用于向所述第二RSU指示所述第一OBU使用的证书被撤销。
可选的,处理器501用于执行如下操作步骤:
向证书服务器发送请求消息;
接收所述证书服务器发送的响应消息,所述响应消息包括与所述第一OBU被撤销的证书相关的其他证书。
进一步的,处理器还可以与存储器和通信接口相配合,执行上述申请实施例中第一RSU的操作。
请继续参考图6,图6是本申请实施例提出的一种车载单元的结构示意图。车辆可以通过该车载单元与车联网内的证书服务器和路边单元进行通信。如图所示,该车载单元可以包括:至少一个处理器601,至少一个通信接口602,至少一个存储器603和至少一个通信总线604。
其中,处理器601可以是前文提及的各种类型的处理器。通信总线604可以是外设部件互连标准PCI总线或扩展工业标准结构EISA总线等。所述总线可以分为地址总线、数据总线、控制总线等。为便于表示,图6中仅用一条粗线表示,但并不表示仅有一根总线或一种类型的总线。通信总线604用于实现这些组件之间的连接通信。其中,本申请实施例中设备的通信接口602用于与其他节点设备进行信令或数据的通信。存储器603可以是前文提及的各种类型的存储器。存储器603可选的还可以是至少一个位于远离前述处理器601的存储装置。存储器603中存储一组程序代码,且处理器601执行存储器603中程序。
接收第一路边单元RSU发送的第一通知消息,所述第一通知消息用于通知更新证书撤销列表;
更新证书撤销列表。
可选的,处理器601用于执行如下操作步骤:
更新证书撤销列表,包括:
将当前存储的证书撤销列表更新为所述第一证书撤销列表。
可选的,处理器601用于执行如下操作步骤:
向证书服务器发送第一请求消息;
从所述证书服务器接收最新的证书撤销列表;
将当前存储的证书撤销列表更新为所述最新的证书撤销列表。
可选的,处理器601用于执行如下操作步骤:
向所述第一RSU发送第二请求消息;
从所述第一RSU接收第一证书撤销列表;
将当前存储的证书撤销列表更新为所述第一证书撤销列表。
可选的,处理器601用于执行如下操作步骤:
向证书服务器发送确认请求,所述确认请求用于请求所述证书服务器确认所述第一OBU使用的证书是否被撤销;
接收所述证书服务器发送的响应消息。
进一步的,处理器还可以与存储器和通信接口相配合,执行上述申请实施例中OBU的操作。
本申请实施例还提供了一种芯片系统,该芯片系统包括处理器,用于支持第一RSU或OBU以实现上述任一实施例中所涉及的功能,例如生成或处理上述方法中所涉及的数据和/或信息。在一种可能的设计中,所述芯片系统还可以包括存储器,所述存储器,用于第一RSU或OBU必要的程序指令和数据。该芯片系统,可以由芯片构成,也可以包含芯片和其他分立器件。
本申请实施例还提供了一种处理器,用于与存储器耦合,用于执行上述各实施例中任一实施例中涉及第一RSU或OBU的任意方法和功能。
本申请实施例还提供了一种包含指令的计算机程序产品,其在计算机上运行时,使得计算机执行上述各实施例中任一实施例中涉及第一RSU或OBU的任意方法和功能。
本申请实施例还提供了一种装置,用于执行上述各实施例中任一实施例中涉及第一RSU或OBU的任意方法和功能。
本申请实施例还提供一种无线通信系统,该系统包括上述任一实施例中涉及的至少一个第一RSU和至少一个OBU。
在上述实施例中,可以全部或部分地通过软件、硬件、固件或者其任意组合来实现。当使用软件实现时,可以全部或部分地以计算机程序产品的形式实现。所述计算机程序产品包括一个或多个计算机指令。在计算机上加载和执行所述计算机程序指令时,全部或部分地产生按照本申请实施例所述的流程或功能。所述计算机可以是通用计算机、专用计算机、计算机网络、或者其他可编程装置。所述计算机指令可以存储在计算机可读存储介质中,或者从一个计算机可读存储介质向另一个计算机可读存储介质传输,例如,所述计算机指令可以从一个网站站点、计算机、服务器或数据中心通过有线(例如同轴电缆、光纤、数字用户线(DSL))或无线(例如红外、无线、微波等)方式向另一个网站站点、计算机、服务器或数据中心进行传输。所述计算机可读存储介质可以是计算机能够存取的任何可用介质或者是包含一个或多个可用介质集成的服务器、数据中心等数据存储设备。所述可用介质可以是磁性介质,(例如,软盘、硬盘、磁带)、光介质(例如,DVD)、或者半导体介质(例如固态硬盘solid state disk(SSD))等。

Claims (27)

  1. 一种证书撤销列表更新方法,其特征在于,包括:
    第一路边单元RSU根据所述第一RSU存储的第一证书撤销列表,确定所述第一RSU覆盖范围内第一车载单元OBU使用的证书被撤销;
    所述第一RSU向所述第一RSU覆盖范围内的一个或多个OBU发送第一通知消息,所述第一通知消息用于通知所述一个或多个OBU更新证书撤销列表。
  2. 如权利要求1所述的方法,其特征在于,所述第一通知消息包括所述第一证书撤销列表,所述第一证书撤销列表用于更新所述一个或多个OBU存储的第二证书撤销列表。
  3. 如权利要求1所述的方法,其特征在于,所述第一通知消息用于触发所述一个或多个OBU向证书服务器请求最新的证书撤销列表。
  4. 如权利要求1至3中任一项所述的方法,其特征在于,所述确定所述第一RSU覆盖范围内第一车载单元OBU使用的证书被撤销,包括:
    所述第一RSU接收所述第一OBU发送的消息;
    当所述消息使用的证书属于所述第一证书撤销列表对应的证书时,所述第一RSU确定所述第一OBU使用的证书被撤销。
  5. 如权利要求1至4中任一项所述的方法,其特征在于,所述确定所述第一RSU覆盖范围内第一车载单元OBU使用的证书被撤销之前,还包括:
    所述第一RSU从证书服务器接收所述第一证书撤销列表。
  6. 如权利要求1至5中任一项所述的方法,其特征在于,所述确定所述第一RSU覆盖范围内第一车载单元OBU使用的证书被撤销之后,还包括:
    所述第一RSU向第二RSU发送第二通知消息,所述第二通知消息用于向所述第二RSU指示所述第一OBU使用的证书被撤销。
  7. 如权利要求1至6中任一项所述的方法,其特征在于,所述确定所述第一RSU覆盖范围内第一车载单元OBU使用的证书被撤销之后,还包括:
    所述第一RSU向证书服务器发送请求消息;
    所述第一RSU接收所述证书服务器发送的响应消息,所述响应消息包括与所述第一OBU被撤销的证书相关的其他证书。
  8. 一种证书撤销列表更新方法,其特征在于,包括:
    车载单元OBU接收第一路边单元RSU发送的第一通知消息,所述第一通知消息用 于通知更新证书撤销列表;
    所述OBU更新证书撤销列表。
  9. 如权利要求8所述的方法,其特征在于,所述第一通知消息包括第一证书撤销列表;
    所述OBU更新证书撤销列表,包括:
    所述OBU将当前存储的证书撤销列表更新为所述第一证书撤销列表。
  10. 如权利要求8所述的方法,其特征在于,所述OBU接收第一路边单元RSU发送的第一通知消息后,还包括:
    所述OBU向证书服务器发送第一请求消息;
    所述OBU从所述证书服务器接收最新的证书撤销列表;
    所述OBU更新证书撤销列表,包括:
    所述OBU将当前存储的证书撤销列表更新为所述最新的证书撤销列表。
  11. 如权利要求8所述的方法,其特征在于,所述OBU接收第一路边单元RSU发送的第一通知消息后,还包括:
    所述OBU向所述第一RSU发送第二请求消息;
    所述OBU从所述第一RSU接收第一证书撤销列表;
    所述OBU更新证书撤销列表,包括:
    所述OBU将当前存储的证书撤销列表更新为所述第一证书撤销列表。
  12. 如权利要求8至11中任一项所述方法,其特征在于,所述OBU接收第一RSU发送的第一通知消息之后,还包括:
    所述OBU向证书服务器发送确认请求,所述确认请求用于请求所述证书服务器确认所述第一OBU使用的证书是否被撤销;
    所述OBU接收所述证书服务器发送的响应消息。
  13. 一种证书撤销列表更新装置,其特征在于,包括:
    处理模块,用于根据第一RSU存储的第一证书撤销列表,确定所述第一RSU覆盖范围内第一车载单元OBU使用的证书被撤销;
    发送模块,用于向所述第一RSU覆盖范围内的一个或多个OBU发送第一通知消息,所述第一通知消息用于通知所述一个或多个OBU更新证书撤销列表。
  14. 如权利要求13所述的装置,其特征在于,所述第一通知消息包括所述第一证书撤销列表,所述第一证书撤销列表用于更新所述一个或多个OBU存储的第二证书撤销列表。
  15. 如权利要求13所述的装置,其特征在于,所述第一通知消息用于触发所述一个或多个OBU向证书服务器请求最新的证书撤销列表。
  16. 如权利要求13至15中任一项所述的装置,其特征在于,所述装置还包括:
    接收模块,用于接收所述第一OBU发送的消息;
    所述处理模块,还用于当所述消息使用的证书属于所述第一证书撤销列表对应的证书时,确定所述第一OBU使用的证书被撤销。
  17. 如权利要求13至16中任一项所述的装置,其特征在于,所述装置还包括:
    接收模块,用于从证书服务器接收所述第一证书撤销列表。
  18. 如权利要求13至17中任一项所述的装置,其特征在于,
    所述发送模块,还用于向第二RSU发送第二通知消息,所述第二通知消息用于向所述第二RSU指示所述第一OBU使用的证书被撤销。
  19. 如权利要求13至18中任一项所述的装置,其特征在于,
    所述发送模块,还用于向证书服务器发送请求消息;
    所述装置还包括:
    接收模块,用于接收所述证书服务器发送的响应消息,所述响应消息包括与所述第一OBU被撤销的证书相关的其他证书。
  20. 一种证书撤销列表更新装置,其特征在于,包括:
    接收模块,用于接收第一路边单元RSU发送的第一通知消息,所述第一通知消息用于通知更新证书撤销列表;
    处理模块,用于更新证书撤销列表。
  21. 如权利要求20所述的装置,其特征在于,所述第一通知消息包括第一证书撤销列表;
    所述处理模块,还用于将当前存储的证书撤销列表更新为所述第一证书撤销列表。
  22. 如权利要求20所述的装置,其特征在于,所述装置还包括:
    发送模块,用于向证书服务器发送第一请求消息;
    所述接收模块,还用于从所述证书服务器接收最新的证书撤销列表;
    所述处理模块,还用于将当前存储的证书撤销列表更新为所述最新的证书撤销列表。
  23. 如权利要求20所述的装置,其特征在于,所述装置还包括:
    发送模块,用于向所述第一RSU发送第二请求消息;
    所述接收模块,还用于从所述第一RSU接收第一证书撤销列表;
    所述处理模块,还用于将当前存储的证书撤销列表更新为所述第一证书撤销列表。
  24. 如权利要求20至23中任一项所述装置,其特征在于,所述装置还包括:
    发送模块,用于向证书服务器发送确认请求,所述确认请求用于请求所述证书服务器确认所述第一OBU使用的证书是否被撤销;
    所述接收模块,还用于接收所述证书服务器发送的响应消息。
  25. 一种路边单元RSU,其特征在于,包括:存储器、通信总线以及处理器,其中,所述存储器用于存储程序代码,所述处理器用于调用所述程序代码,用于执行权利要求1至7任一项所述的方法。
  26. 一种车载单元OBU,其特征在于,包括:存储器、通信总线以及处理器,其中,所述存储器用于存储程序代码,所述处理器用于调用所述程序代码,用于执行权利要求8至12任一项所述的方法。
  27. 一种证书撤销列表更新系统,其特征在于,所述系统包括路边单元RSU和证书服务器,其中,所述RSU包括如权利要求13至19中任一项所述的装置。
PCT/CN2020/113299 2019-12-06 2020-09-03 一种证书撤销列表更新方法及相关设备 WO2021109651A1 (zh)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP20897003.8A EP4061025B1 (en) 2019-12-06 2020-09-03 Certificate revocation list updating method and related device
US17/831,136 US20220294649A1 (en) 2019-12-06 2022-06-02 Certificate Revocation List Updating Method and Related Device

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201911240387.7A CN112929174B (zh) 2019-12-06 2019-12-06 一种证书撤销列表更新方法及相关设备
CN201911240387.7 2019-12-06

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US17/831,136 Continuation US20220294649A1 (en) 2019-12-06 2022-06-02 Certificate Revocation List Updating Method and Related Device

Publications (1)

Publication Number Publication Date
WO2021109651A1 true WO2021109651A1 (zh) 2021-06-10

Family

ID=76161458

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/113299 WO2021109651A1 (zh) 2019-12-06 2020-09-03 一种证书撤销列表更新方法及相关设备

Country Status (4)

Country Link
US (1) US20220294649A1 (zh)
EP (1) EP4061025B1 (zh)
CN (1) CN112929174B (zh)
WO (1) WO2021109651A1 (zh)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115412264B (zh) * 2022-10-31 2022-12-27 北京金睛云华科技有限公司 基于Morton过滤器的车载自组织网络假名撤销方法

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103812605A (zh) * 2012-11-15 2014-05-21 电信科学技术研究院 车联网中的数据播发控制和数据播发方法及设备
CN104053149A (zh) * 2013-03-12 2014-09-17 电信科学技术研究院 一种实现车联网设备的安全机制的方法及系统
CN104901921A (zh) * 2014-03-03 2015-09-09 电信科学技术研究院 一种车联网系统中的消息传输方法和设备
US20180159693A1 (en) * 2016-12-06 2018-06-07 Veniam, Inc. Systems and methods for self and automated management of certificates in a network of moving things, for example including a network of autonomous vehicles
WO2018221805A1 (ko) * 2017-05-29 2018-12-06 엘지전자(주) V2x 통신 장치 및 그의 보안 통신 방법

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110191581A1 (en) * 2009-08-27 2011-08-04 Telcordia Technologies, Inc. Method and system for use in managing vehicle digital certificates
WO2011148744A1 (ja) * 2010-05-24 2011-12-01 ルネサスエレクトロニクス株式会社 通信システム、車載端末、路側装置
US9425967B2 (en) * 2013-03-20 2016-08-23 Industrial Technology Research Institute Method for certificate generation and revocation with privacy preservation
EP2916518B1 (en) * 2014-03-05 2018-10-17 Industrial Technology Research Institute Apparatuses and methods for certificate generation, certificate revocation and certificate verification
US9742569B2 (en) * 2014-05-05 2017-08-22 Nxp B.V. System and method for filtering digital certificates
KR101673310B1 (ko) * 2015-08-24 2016-11-07 현대자동차주식회사 인증서 기반의 차량 보안 접속 제어 방법 및 그를 위한 장치 및 시스템
TWI600334B (zh) * 2016-03-23 2017-09-21 財團法人工業技術研究院 車輛網路節點之安全憑證管理方法與應用其之車輛網路節 點

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103812605A (zh) * 2012-11-15 2014-05-21 电信科学技术研究院 车联网中的数据播发控制和数据播发方法及设备
CN104053149A (zh) * 2013-03-12 2014-09-17 电信科学技术研究院 一种实现车联网设备的安全机制的方法及系统
CN104901921A (zh) * 2014-03-03 2015-09-09 电信科学技术研究院 一种车联网系统中的消息传输方法和设备
US20180159693A1 (en) * 2016-12-06 2018-06-07 Veniam, Inc. Systems and methods for self and automated management of certificates in a network of moving things, for example including a network of autonomous vehicles
WO2018221805A1 (ko) * 2017-05-29 2018-12-06 엘지전자(주) V2x 통신 장치 및 그의 보안 통신 방법

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
ETSI MCC: "Report of 3GPP TSG RAN2#105bis meeting, Xi'an, China", 3GPP DRAFT; R2-1905501, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE, vol. RAN WG2, no. Xi'an, China ;20190408 - 20190412, 13 May 2019 (2019-05-13), Mobile Competence Centre ; 650, route des Lucioles ; F-06921 Sophia-Antipolis Cedex ; France, XP051729007 *
HUAWEI, HISILICON: "V2I with Service RSU", 3GPP DRAFT; S1-150144 V2I WITH SERVICE RSU, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE, vol. SA WG1, no. Sanya, P.R. China; 20150202 - 20150206, 24 January 2015 (2015-01-24), Mobile Competence Centre ; 650, route des Lucioles ; F-06921 Sophia-Antipolis Cedex ; France, XP050960333 *
See also references of EP4061025A4

Also Published As

Publication number Publication date
EP4061025B1 (en) 2024-08-21
EP4061025A1 (en) 2022-09-21
EP4061025A4 (en) 2022-12-21
CN112929174B (zh) 2022-07-22
CN112929174A (zh) 2021-06-08
US20220294649A1 (en) 2022-09-15

Similar Documents

Publication Publication Date Title
JP7325506B2 (ja) ブロックチェーンシステムに基づく業務処理方法、装置、電子機器及びコンピュータプログラム
US11323850B2 (en) Vehicle-to-everything communication solution
CN111263352B (zh) 车载设备的ota升级方法、系统、存储介质及车载设备
US9742569B2 (en) System and method for filtering digital certificates
US10503893B2 (en) Security certificate management method for a vehicular network node and vehicular network node applying the same
CN109697127B (zh) 一种对共享资源的访问操作加锁的方法和装置
WO2021057666A1 (zh) 传输控制方法、网管服务器、基站及存储介质
EP3719648A1 (en) Edge component computing system having integrated faas call handling capability
WO2021109651A1 (zh) 一种证书撤销列表更新方法及相关设备
CN116600295B (zh) 一种车联网通信方法及装置
CN111200495A (zh) 一种车联网的证书处理方法、装置和系统
JP2023518402A (ja) 証明書リスト更新方法および装置
WO2020259519A1 (zh) 一种证书更新方法以及相关设备
CN114116898A (zh) 用于边缘云处的内容获取的方法、装置和存储介质
CN113472541B (zh) 证书切换方法及装置
US20200012820A1 (en) Information processing device, mobile object, information processing method, and computer program product
CN114374516B (zh) 证书吊销列表分发方法、设备及存储介质、服务器、车联网设备
CN113010604B (zh) 一种地图数据同步方法、系统、云服务器及存储介质
US10896140B2 (en) Controlling operation of multiple computational engines
CN114172653A (zh) 数字证书的更新方法、终端设备、ca服务器及存储介质
CN111639089B (zh) 事务处理方法、装置、电子设备和计算机可读存储介质
JP7500359B2 (ja) データ参照サーバー、データベースシステム及び料金管理システム
CN110602026A (zh) 文件访问方法、控制节点、客户端和电子设备
US11558205B2 (en) Scalable certificate revocation truth distribution and verification using a bloom filter set and a false positive set for PKI-based IoT scenarios
CN111107037B (zh) 一种业务触发的方法及装置

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20897003

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2020897003

Country of ref document: EP

Effective date: 20220613

NENP Non-entry into the national phase

Ref country code: DE