WO2021143178A1 - Vehicle-mounted sensor authentication method, apparatus, and system - Google Patents

Vehicle-mounted sensor authentication method, apparatus, and system Download PDF

Info

Publication number
WO2021143178A1
WO2021143178A1 PCT/CN2020/115732 CN2020115732W WO2021143178A1 WO 2021143178 A1 WO2021143178 A1 WO 2021143178A1 CN 2020115732 W CN2020115732 W CN 2020115732W WO 2021143178 A1 WO2021143178 A1 WO 2021143178A1
Authority
WO
WIPO (PCT)
Prior art keywords
authenticated
vehicle
key information
signature
information
Prior art date
Application number
PCT/CN2020/115732
Other languages
French (fr)
Chinese (zh)
Inventor
皇甫仁杰
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2021143178A1 publication Critical patent/WO2021143178A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Definitions

  • This application relates to the field of automobile technology, and in particular to an authentication method, device and system for vehicle-mounted sensors.
  • perception sensors such as cameras, millimeter wave radar, laser radar, ultrasonic radar, etc.
  • the embodiments of the present application provide a method and device for authenticating a vehicle-mounted sensor, which are used to improve the authentication efficiency and accuracy of the vehicle-mounted sensor, reduce the authentication cost, and thereby ensure the safe driving of a smart-driving vehicle.
  • this application provides a method for authenticating a vehicle-mounted sensor.
  • the method includes: when performing vehicle-mounted sensor authentication, the vehicle-mounted controller (such as the vehicle-mounted controller 103 in FIG. 1) first obtains from the vehicle cloud server (as shown in FIG. The car cloud server 101 in 1) obtains the public key information of the on-board sensor to be authenticated (such as the on-board sensor to be authenticated 102 in Fig. 1), and then receives the information sent by the on-board sensor to be authenticated (the on-board sensor 102 to be authenticated in Fig. 1) The signature to be authenticated; and the on-board controller (such as the on-board controller 103 in FIG. 1) can use the acquired public key information to authenticate the signature to be authenticated according to the BLS signature algorithm to obtain the authentication result.
  • the vehicle-mounted controller such as the vehicle-mounted controller 103 in FIG. 1
  • the on-board controller in the embodiment of this application uses the public key obtained from the car cloud server to authenticate the signature to be authenticated according to the mature BLS signature algorithm, so as to accurately identify the authenticity of the on-board sensor to be authenticated. Therefore, compared with the current method of authenticating the sensor device with the electromagnetic security chip attached to the sensor device and the method of relying on the two communicating parties to share the same key for sensor authentication, the vehicle can be authenticated without adding any hardware.
  • the rapid and accurate authentication of a large number of on-board sensors not only reduces the cost of authentication, but also improves the efficiency and accuracy of authentication, thereby ensuring the safe driving of intelligent driving vehicles.
  • obtaining the public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server includes: querying the public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server according to the to-be-signed information of the vehicle-mounted sensor to be authenticated.
  • the on-board controller or the on-board sensor to be authenticated is an updated sensor, and the on-board controller does not store the public key information sent by the car cloud server in advance, it can use the information to be signed from the on-board sensor to be authenticated.
  • the server queries the public key information associated with the information to be signed, thereby improving the authentication efficiency and accuracy.
  • the public key information is associated with the batch information of the sensor to be authenticated, so that the public key information can be subsequently used to authenticate the batch of sensors to be authenticated to improve the authentication accuracy rate.
  • the signature to be authenticated is generated by the sensor to be authenticated according to the BLS signature algorithm, the information to be signed, and the private key information of the sensor to be authenticated; where the private key information is generated by the car cloud server according to the BLS signature algorithm. So that the vehicle-mounted controller can use the public key information to perform the signature to be authenticated, and accurately determine the authenticity of the vehicle-mounted sensor device to be authenticated according to the authentication result.
  • receiving the signature to be certified sent by the vehicle-mounted sensor to be certified includes: receiving the signature to be certified sent by a plurality of vehicle-mounted sensors to be certified; according to the BLS signature algorithm, the public key information is used to perform the signature to be certified. Attestation, to obtain the authentication result, including: aggregating multiple signatures to be authenticated to obtain the aggregated signature result to be authenticated; according to the BLS signature algorithm, use public key information to authenticate the aggregated signature result to be authenticated to obtain the authentication result . In this way, it is possible to simultaneously perform aggregate authentication on multiple on-board sensors to be authenticated, which greatly improves authentication efficiency.
  • receiving the signature to be certified sent by the vehicle-mounted sensor to be certified includes: receiving the signature to be certified sent by a plurality of vehicle-mounted sensors to be certified; according to the BLS signature algorithm, the public key information is used to perform the signature to be certified. Attestation, to obtain the authentication result, including: aggregating all the signatures to be authenticated in the first group to obtain the first group of aggregated signature results to be authenticated; according to the BLS signature algorithm, the public key information is used to aggregate the first group of signatures.
  • the signature result to be authenticated is authenticated, and the authentication result is obtained; wherein the number of signatures to be authenticated included in the first group is less than the total number of signatures to be authenticated sent by the received multiple on-vehicle sensors to be authenticated.
  • each group of aggregated signature results to be authenticated can be simultaneously authenticated, and when the authentication fails, the faulty can be quickly and accurately located according to the type and label of the grouping. Sensor to be certified.
  • the authentication efficiency and accuracy of the vehicle-mounted sensor can be improved, the authentication cost can be reduced, and the safe driving of the intelligent driving vehicle can be ensured.
  • the present application also provides a method for authenticating a vehicle-mounted sensor.
  • the method includes: when the vehicle-mounted sensor is authenticated, the vehicle cloud server (such as the vehicle cloud server 101 in FIG. 1) first obtains the vehicle-mounted sensor to be authenticated ( The to-be-signed information of the vehicle-mounted sensor 102 to be authenticated in Figure 1 is then generated according to the BLS signature algorithm for the private key information and public key information of the vehicle-mounted sensor to be authenticated (such as the vehicle-mounted sensor 102 to be authenticated in Figure 1); The certified vehicle-mounted sensor (such as the to-be-certified vehicle-mounted sensor 102 in Figure 1) sends the acquired information to be signed and the produced private key information, so that the to-be-certified vehicle-mounted sensor (such as the to-be-certified vehicle-mounted sensor 102 in Figure 1) can be based on mature The BLS signature algorithm, the information to be signed, and the private key information generate the signature to be verified and send the signature to be verified to the vehicle controller (such as the vehicle controller 103 in Figure 1
  • the signature to be authenticated is authenticated, and the authentication result is obtained.
  • the generated private key information can be directly preset in the vehicle-mounted sensor to be authenticated, and the generated public key information can be sent to the vehicle-mounted controller in advance, without worrying about the leakage of each link of the key.
  • the problem is easy to manage, and the key management is carried out according to the batch information of the sensor, which reduces the cost.
  • the method further includes: opening the public key information query interface, so that the on-board controller can query the public key information of the on-board sensor to be authenticated from the car cloud server according to the on-board sensor to be authenticated. , Make public key information public for query, so that the on-board controller can directly query the public key information through the public key information query interface, which is not only convenient for query, but also does not require special processing after the device is updated.
  • this application also provides a method for authenticating a vehicle-mounted sensor.
  • the method includes: when the vehicle-mounted sensor is authenticated, the vehicle-mounted sensor to be authenticated (such as the vehicle-mounted sensor to be authenticated 102 in FIG. 1) first obtains the private key. Then, the signature to be verified can be generated according to the mature BLS signature algorithm, the information to be signed, and the private key information, and then the signature to be verified can be sent to the vehicle controller (such as the vehicle controller 103 in Fig. 1). So that the on-board controller (such as the on-board controller 103 in Fig. 1) can authenticate the signature to be authenticated according to the mature BLS signature algorithm to obtain the authentication result.
  • the vehicle controller such as the vehicle controller 103 in Fig. 1
  • obtaining the private key information of the vehicle-mounted sensor to be authenticated includes: obtaining the private key information of the vehicle-mounted sensor to be authenticated sent by the vehicle cloud server, and the private key information is generated by the vehicle cloud server according to the BLS signature algorithm.
  • generating the signature to be authenticated according to the BLS signature algorithm, the information to be signed, and the private key information includes: generating a hash digest according to the information to be signed; generating the curve hash value of the hash digest according to the BLS signature algorithm; The signature to be verified is generated according to the curve hash value and the private key information. It is convenient for the vehicle-mounted controller to use the public key information to perform the signature to be authenticated, and accurately determine the authenticity of the vehicle-mounted sensor device to be authenticated according to the authentication result.
  • the present application also provides a vehicle-mounted sensor authentication system, which includes: a vehicle cloud server, a vehicle-mounted sensor to be certified, and a vehicle-mounted controller; wherein the vehicle cloud server is used to obtain information to be signed; according to the BLS signature
  • the algorithm generates the private key information and public key information of the vehicle-mounted sensor to be authenticated; sends the public key information to the vehicle-mounted controller to be authenticated; sends the information to be signed and the private key information to the vehicle-mounted sensor to be authenticated; the vehicle-mounted sensor to be authenticated is used according to the BLS
  • the signature algorithm, the information to be signed, and the private key information generate the signature to be authenticated; send the signature to be authenticated to the on-board controller; the on-board controller is used to authenticate the signature to be authenticated by using the public key information according to the BLS signature algorithm to obtain the authentication result.
  • the car cloud server is also used to: open the public key information query interface, so that the on-board controller can query the public key information of the on-board sensor to be authenticated from the on-board sensor to be authenticated based on the signature information of the on-board sensor to be authenticated .
  • the vehicle-mounted sensor to be authenticated is specifically used to: generate a hash digest according to the information to be signed; generate the curve hash value of the hash digest according to the BLS signature algorithm; generate the curve hash value of the hash digest according to the curve hash value and private key information Certified signature.
  • the on-board controller is specifically configured to query the public key information of the on-board sensor to be authenticated from the on-vehicle cloud server according to the to-be-signed information of the on-board sensor to be authenticated.
  • the on-board controller is specifically used to: receive the respective signatures to be certified sent by multiple on-board sensors to be certified; aggregate the signatures to be certified to obtain the aggregated signature result to be certified; according to the BLS
  • the signature algorithm uses public key information to authenticate the aggregated signature result to be authenticated to obtain the authentication result.
  • the on-board controller is specifically configured to: receive respective signatures to be certified sent by multiple on-board sensors to be certified; aggregate all signatures to be certified in the first group to obtain the first group of aggregated signatures Signature result to be authenticated; according to the BLS signature algorithm, the public key information is used to authenticate the first group of aggregated signature results to be authenticated to obtain the authentication result; among them, the number of signatures to be authenticated contained in the first group is less than the received The total number of signatures to be authenticated sent by multiple on-board sensors to be authenticated.
  • this application also provides a vehicle-mounted sensor authentication system, which includes: a vehicle-mounted sensor to be certified and a vehicle-mounted controller; wherein the vehicle-mounted sensor to be certified is used to obtain private key information and information to be signed; according to the BLS The signature algorithm, the information to be signed, and the private key information generate the signature to be certified; the signature to be certified is sent to the on-board controller; the on-board controller is used to obtain the public key information of the on-board sensor to be certified; according to the BLS signature algorithm, the public key information is used, The signature to be authenticated is authenticated, and the authentication result is obtained.
  • a vehicle-mounted sensor authentication system which includes: a vehicle-mounted sensor to be certified and a vehicle-mounted controller; wherein the vehicle-mounted sensor to be certified is used to obtain private key information and information to be signed; according to the BLS The signature algorithm, the information to be signed, and the private key information generate the signature to be certified; the signature to be certified is sent to the on-board controller; the on-board controller is used to
  • the on-board controller is specifically configured to query the public key information of the on-board sensor to be authenticated from the on-vehicle cloud server according to the to-be-signed information of the on-board sensor to be authenticated.
  • the vehicle-mounted sensor to be authenticated is specifically used to: generate a hash digest according to the information to be signed; generate the curve hash value of the hash digest according to the BLS signature algorithm; according to the curve hash value and the private key information Generate a signature to be verified.
  • the on-board controller is specifically used to: receive the respective signatures to be certified sent by multiple on-board sensors to be certified; aggregate the signatures to be certified to obtain the aggregated signature result to be certified; according to the BLS
  • the signature algorithm uses public key information to authenticate the aggregated signature result to be authenticated to obtain the authentication result.
  • the on-board controller is specifically configured to: receive respective signatures to be certified sent by multiple on-board sensors to be certified; aggregate all signatures to be certified in the first group to obtain the first group of aggregated signatures Signature result to be authenticated; according to the BLS signature algorithm, the public key information is used to authenticate the first group of aggregated signature results to be authenticated to obtain the authentication result; among them, the number of signatures to be authenticated contained in the first group is less than the received The total number of signatures to be authenticated sent by the plurality of on-board sensors to be authenticated.
  • the present application also provides an authentication device for a vehicle-mounted sensor.
  • the device includes: an obtaining unit for obtaining public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server; and a receiving unit for receiving the vehicle-mounted sensor to be authenticated The sent signature to be authenticated; the authentication unit is used to authenticate the signature to be authenticated by using the public key information according to the BLS signature algorithm to obtain the authentication result.
  • the acquiring unit is specifically configured to query the public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server according to the information to be signed of the vehicle-mounted sensor to be authenticated.
  • the public key information is associated with the batch information of the sensor to be authenticated.
  • the signature to be authenticated is generated by the sensor to be authenticated according to the BLS signature algorithm, the information to be signed, and the private key information of the sensor to be authenticated; where the private key information is generated by the car cloud server according to the BLS signature algorithm.
  • the receiving unit is specifically configured to: receive respective signatures to be authenticated sent by a plurality of on-board sensors to be authenticated; the authentication unit includes: a first aggregation subunit, which is used to aggregate multiple signatures to be authenticated, Obtain the aggregated signature result to be authenticated; the first authentication subunit is used to authenticate the aggregated signature result to be authenticated by using the public key information according to the BLS signature algorithm to obtain the authentication result.
  • the receiving unit is specifically configured to: receive respective signatures to be authenticated sent by a plurality of on-board sensors to be authenticated;
  • the authentication unit includes: a second aggregation subunit, which is used to combine all the to-be-authenticated signatures in the first group The signatures are aggregated to obtain the first group of aggregated signature results to be authenticated;
  • the second authentication subunit is used to authenticate the first group of aggregated signature results to be authenticated by using public key information according to the BLS signature algorithm to obtain certification Result; where the number of signatures to be authenticated contained in the first group is less than the total number of signatures to be authenticated sent by the received multiple on-board sensors to be authenticated.
  • the present application also provides an authentication device for a vehicle-mounted sensor.
  • the device includes: an acquisition unit for acquiring information to be signed for the vehicle-mounted sensor to be authenticated; and a generating unit for generating the vehicle-mounted sensor to be authenticated according to the BLS signature algorithm
  • the first sending unit is used to send the information to be signed and the private key information to the vehicle-mounted sensor to be authenticated, so that the vehicle-mounted sensor to be authenticated generates the information to be authenticated according to the BLS signature algorithm, the information to be signed and the private key information Sign and send the signature to be authenticated to the on-board controller
  • the second sending unit is used to send public key information to the on-board controller, so that the on-board controller authenticates the signature to be authenticated according to the BLS signature algorithm and the public key information, and obtains the authentication result.
  • the device further includes: an opening unit for opening the public key information query interface, so that the on-board controller can query the on-board sensor to be authenticated from the car cloud server based on the to-be-signed information of the on-board sensor to be authenticated. Public key information.
  • the present application also provides an authentication device for a vehicle-mounted sensor.
  • the device includes: an acquisition unit for acquiring the private key information and the information to be signed of the vehicle-mounted sensor to be authenticated; and a generating unit for obtaining the private key information and the information to be signed according to the BLS signature algorithm, The information to be signed and the private key information generate the signature to be authenticated; the sending unit is used to send the signature to be authenticated to the on-board controller so that the on-board controller authenticates the signature to be authenticated according to the BLS signature algorithm to obtain the authentication result.
  • the obtaining unit is specifically configured to obtain the private key information of the vehicle-mounted sensor to be authenticated sent by the car cloud server, where the private key information is generated by the car cloud server according to the BLS signature algorithm.
  • the generating unit includes: a first generating subunit for generating a hash digest according to the information to be signed; a second generating subunit for generating a curve hash value of the hash digest according to the BLS signature algorithm ;
  • the third generation subunit is used to generate the signature to be authenticated according to the curve hash value and the private key information.
  • the present application also provides a vehicle-mounted sensor authentication device, which includes a memory and a processor;
  • the memory is used to store instructions; the processor is used to execute the instructions in the memory and execute any one of the methods in the first aspect.
  • the present application also provides a vehicle-mounted sensor authentication device, which includes a memory and a processor;
  • the memory is used to store instructions; the processor is used to execute the instructions in the memory and execute any one of the methods in the second aspect described above.
  • the present application also provides a vehicle-mounted sensor authentication device, which includes a memory and a processor;
  • the memory is used to store instructions; the processor is used to execute the instructions in the memory and execute any one of the methods in the third aspect.
  • this application also provides a computer-readable storage medium, including instructions, which when run on a computer, cause the computer to execute any of the above methods.
  • the vehicle-mounted controller when the vehicle-mounted sensor is authenticated, the vehicle-mounted controller first obtains the public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server, and then receives the to-be-authenticated signature sent by the vehicle-mounted sensor to be authenticated; the vehicle-mounted controller can then sign according to the BLS The algorithm uses the obtained public key information to authenticate the signature to be authenticated to obtain the authentication result. It can be seen that, because the on-board controller in this application uses the public key obtained from the car cloud server to authenticate the signature to be authenticated according to the mature BLS signature algorithm, so as to accurately identify the authenticity of the on-board sensor to be authenticated.
  • the method of authenticating the sensor device using the electromagnetic security chip attached to the sensor device and the method of relying on the two communicating parties to share the same key for sensor authentication can realize the detection of a large number of on-board sensors on the vehicle without adding any hardware.
  • Fast and accurate certification not only reduces certification costs, but also improves certification efficiency and accuracy, thereby ensuring the safe driving of intelligent driving vehicles.
  • FIG. 1 is a structural block diagram of an authentication system for a vehicle-mounted sensor according to an embodiment of the application
  • FIG. 2 is a flowchart of a method for authenticating a vehicle-mounted sensor according to an embodiment of the application
  • FIG. 3 is a schematic diagram of signature verification to be verified for a vehicle-mounted sensor to be verified according to an embodiment of the application;
  • FIG. 4 is a flowchart of another vehicle-mounted sensor authentication method provided by an embodiment of the application.
  • FIG. 5 is a flowchart of yet another vehicle-mounted sensor authentication method provided by an embodiment of the application.
  • FIG. 6 is a schematic diagram of generating a curve hash value provided by an embodiment of the application.
  • FIG. 7 is a schematic diagram of generating a signature to be authenticated according to an embodiment of the application.
  • FIG. 8 is an interaction flowchart of an authentication method for a vehicle-mounted sensor according to an embodiment of the application.
  • FIG. 9 is a structural block diagram of another vehicle-mounted sensor authentication system provided by an embodiment of the application.
  • FIG. 10 is a structural block diagram of an authentication device for a vehicle-mounted sensor according to an embodiment of the application.
  • FIG. 11 is a structural block diagram of another vehicle-mounted sensor authentication device provided by an embodiment of the application.
  • FIG. 12 is a structural block diagram of yet another vehicle-mounted sensor authentication device provided by an embodiment of the application.
  • FIG. 13 is a schematic structural diagram of an authentication device for a vehicle-mounted sensor according to an embodiment of the application.
  • FIG. 14 is a schematic structural diagram of another vehicle-mounted sensor authentication device provided by an embodiment of the application.
  • FIG. 15 is a schematic structural diagram of yet another vehicle-mounted sensor authentication device provided by an embodiment of the application.
  • the embodiments of the present application provide an authentication method, device, and system for vehicle-mounted sensors, which are used to improve the authentication efficiency and accuracy of vehicle-mounted sensors, reduce authentication costs, and thereby ensure safe driving of intelligent driving vehicles.
  • FIG. 1 shows a structural block diagram of a vehicle-mounted sensor authentication system provided by an embodiment of the present application.
  • the authentication system includes a vehicle cloud server 101, a vehicle-mounted sensor 102 to be authenticated, and a vehicle-mounted controller 103.
  • the vehicle cloud server 101 is connected to the vehicle-mounted sensor 102 to be certified
  • the vehicle cloud server 101 is connected to the vehicle-mounted controller 103
  • the vehicle-mounted sensor 102 to be certified is connected to the vehicle-mounted controller 103.
  • the above-mentioned "connection" may be a direct connection or an indirect connection.
  • the car cloud server 101 has storage functions and can communicate with the car controller 103 and can communicate with the car sensor 102 to be authenticated, and provides data support for the car sensor 102 to be authenticated and the car controller 103 Service equipment.
  • the car cloud server 101 may be, for example, a simple, efficient, safe, reliable, and elastically scalable computing service.
  • the car factory actually deploys the car cloud server 101, it can use independent equipment or a cluster server to implement it.
  • the vehicle-mounted sensor 102 to be certified refers to various sensing sensors installed on the vehicle, such as an inertial measurement unit (IMU), a lidar sensor, a camera sensor, a millimeter wave radar sensor, and the like.
  • the on-board controller 103 refers to a control device used to control the electrical system of the vehicle body, and may be, for example, an electronic control unit (ECU).
  • ECU electronice control unit
  • the car cloud server 101 is first used to obtain vehicle information sent by a car factory or sensor batch information sent by a sensor supplier as the information to be signed, and then sign according to the mature BLS (Boneh-Lynn-Shacham)
  • the algorithm generates the private key information and public key information of the vehicle-mounted sensor 102 to be authenticated, and sends the generated private key information and the information to be signed to the corresponding vehicle-mounted sensor 102 to be authenticated, and at the same time, sends the generated public key information to the vehicle controller 103.
  • the vehicle-mounted sensor 102 to be authenticated is used to generate the signature to be authenticated according to the BLS signature algorithm, the information to be signed, and the private key information after receiving the private key information and the information to be signed sent by the car cloud server 101, and then the signature to be authenticated Send to the onboard controller 103.
  • the on-board controller 103 is used to authenticate the signature to be authenticated sent by the on-board sensor 102 to be authenticated by using the received public key information according to the mature BLS signature algorithm, so as to obtain the certification of the on-board sensor 102 to be authenticated. result.
  • an embodiment of the present application provides an authentication method for a vehicle-mounted sensor, which is introduced below.
  • the vehicle-mounted controller in order to achieve accurate authentication of the vehicle-mounted sensor to be authenticated, the vehicle-mounted controller first needs to obtain the public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server, where the public key information is defined as pk.
  • the public key information pk is associated with the batch information of the sensor to be authenticated.
  • the batch information of the sensor to be authenticated refers to identification information that characterizes the uniqueness of the sensor to be authenticated. For example, it may include identity document (ID) information of the sensor to be authenticated or group information of the sensor to be authenticated.
  • the public key information pk of the vehicle-mounted sensor to be authenticated obtained by the vehicle-mounted controller from the vehicle cloud server is pre-generated by the vehicle cloud server according to the BLS signature algorithm, and each public key information pk corresponds to a private key information (this The office defines the private key information as sk), and the two constitute a public-private key pair.
  • the specific calculation formula is as follows:
  • pk represents the public key information
  • G represents the generator in the bilinear curve map G’, and G’ is the prime r factorial group
  • sk represents the private key information, with a value range of [0, r-1].
  • the car cloud server After the car cloud server receives the sensor batch information sent by the sensor supplier (which may also include the vehicle information sent by the car factory), it can use the sensor batch information as the information to be signed, here the information to be signed Defined as m. Use the pre-generated public key information pk and the corresponding private key information sk to establish an association relationship with the information to be signed, and send the private key information sk and the information to be signed m to the sensor to be authenticated. It should be noted that, The car cloud server can also first send the private key information sk and the information to be signed m to the sensor supplier server, and then through the sensor supplier, the private key information sk and the information to be signed m are burned in the same production line. In the batch of sensors to be certified.
  • the car cloud server will also send the pre-generated public key information pk corresponding to the private key information sk to the vehicle controller. It should be noted that if the current on-board controller is a replaced on-board controller, for example, if the previous on-board controller is damaged and updated to a new on-board controller, at this time, the current on-board controller is not stored The public key information pk sent by the car cloud server in advance.
  • the current on-board controller needs to receive the information to be signed m (such as sensor batch information) sent by the sensor to be authenticated, according to the information to be signed m , Query the public key information pk of the vehicle-mounted sensor to be authenticated from the car cloud server, that is, query the public key information pk associated with the to-be-signed information m.
  • the information to be signed m such as sensor batch information
  • the on-board controller does not store the on-board sensor to be certified.
  • the public key information pk corresponding to the on-board sensor.
  • the on-board controller needs to receive the to-be-signed information m (such as sensor batch information) sent by the to-be-certified sensor, according to the to-be-signed information m, from The car cloud server queries the public key information pk associated with the message m to be signed.
  • the on-board controller can establish a secure link channel with the car cloud server through a telematics box (TBOX) in advance, and then can link to the car cloud server through the secure link channel
  • TBOX telematics box
  • the query interface reserved by the server queries the public key information associated with the message m to be signed.
  • the on-board controller can also query the public key information corresponding to the on-board sensor to be authenticated from the car cloud server through other secure channels, which will not be repeated in this embodiment of the application.
  • S202 Receive the to-be-verified signature sent by the to-be-verified on-board sensor.
  • the vehicle-mounted controller in order to achieve accurate authentication of the vehicle-mounted sensor to be authenticated, the vehicle-mounted controller also needs to receive the to-be-authenticated signature sent by the vehicle-mounted sensor to be authenticated.
  • the to-be-authenticated signature is defined as S to perform the subsequent step S203. .
  • the signature S to be authenticated is generated by the sensor to be authenticated according to the BLS signature algorithm, the information to be signed m, and the private key information sk of the sensor to be authenticated.
  • the specific calculation formula is as follows:
  • S represents the signature to be authenticated generated by the sensor to be authenticated
  • sk represents the private key information of the sensor to be authenticated
  • H(m) represents the curve hash value generated according to the information m to be signed.
  • S203 According to the BLS signature algorithm, the public key information is used to authenticate the signature to be authenticated to obtain an authentication result.
  • the obtained signature can be further used according to the BLS signature algorithm.
  • the public key information pk of authenticates the received signature S to be authenticated, and obtains the authentication result.
  • the two points P and Q on the bilinear curve can be mapped to a number n, that is, e(P,Q) ⁇ n, and the pairing function
  • n e(P,Q) ⁇ n
  • e (x ⁇ P, Q) e(P, x ⁇ Q)
  • the public key information pk and the curve hash value of the vehicle-mounted sensor to be authenticated can be used based on the above formulas (1), (2) and (3).
  • H(m) and the signature S to be authenticated determine whether the calculation results on both sides of the equal sign in the following formula (4) are equal:
  • step S202 the on-board controller receives the signatures to be authenticated sent by multiple on-board sensors to be authenticated
  • the specific implementation process of step S203 may include the following steps A1-A2 :
  • Step A1 Aggregate multiple signatures to be authenticated to obtain an aggregated signature result to be authenticated.
  • the on-board controller receives the signatures to be authenticated sent by multiple on-board sensors to be authenticated, in order to improve the authentication efficiency, the received signatures to be authenticated can be aggregated to obtain the aggregated signatures to be authenticated. Authentication signature result. For example, these signatures to be verified can be added first to obtain the added signature result to be verified, which is used to perform the subsequent step A2.
  • n signatures to be verified namely S1, S2, ..., Sn
  • the n signatures to be verified are the respective signatures to be verified sent by n vehicle-mounted sensors to be verified.
  • Step A2 According to the BLS signature algorithm, the public key information is used to authenticate the aggregated signature result to be authenticated, and the authentication result is obtained.
  • the signature result can be substituted into the above formula (4) to determine whether the formula (4) is established. If it is established, it means that the plurality of signatures to be authenticated On-board sensor certification is passed, otherwise, it means that the certification is not passed.
  • the calculation result obtained by the calculation makes the above formula (5) valid, it indicates that the n on-board sensors to be authenticated have passed the certification, and the on-board controller can communicate with the n sensors normally. On the contrary, it indicates that the n vehicle-mounted sensors to be authenticated are not authenticated, and the vehicle-mounted controller cannot communicate with these n sensors normally, and it needs to troubleshoot them as soon as possible to ensure the safe driving of the intelligent driving vehicle.
  • step S202 the on-board controller receives the signatures to be authenticated sent by multiple on-board sensors to be authenticated
  • the specific implementation process of step S203 may also include the following steps B1- B2:
  • Step B1 Aggregate all signatures to be authenticated in the first group to obtain the signature result to be authenticated after aggregation of the first group.
  • the on-board controller receives the signatures to be authenticated sent by multiple on-board sensors to be authenticated, in order to improve the authentication efficiency, the received signatures to be authenticated can be grouped first, and in order to identify the faulty signatures.
  • these signatures to be certified can be grouped according to their respective types of sensors to be certified, and each signature to be certified can be labeled.
  • all radar sensors to be certified can be grouped together, and The signatures to be certified generated by all the radar sensors to be certified in the group are labeled.
  • the 5 signatures to be certified generated by the 5 radar sensors to be certified in the group can be labeled as 1, 2, 3, 4, and 4, respectively. 5.
  • step A1 All signatures to be verified in each group can be aggregated to obtain the result of signatures to be verified after aggregation of each group.
  • the specific process is similar to step A1.
  • the number of signatures to be authenticated contained in the first group is less than the total number of signatures to be authenticated sent by multiple on-vehicle sensors to be authenticated. For example, if the received The total number of signatures to be verified sent by the plurality of on-board sensors to be verified is 10, and the number of signatures to be verified included in the first group is less than 10.
  • the result of the signatures to be verified after the aggregation of the first group can be obtained, which is used to execute the subsequent step B2.
  • Step B2 According to the BLS signature algorithm, the public key information is used to authenticate the first group of aggregated signature results to be authenticated to obtain the authentication result.
  • step B1 after the first group of aggregated signature results to be verified is obtained through step B1, the signature result can be substituted into the above formula (5) to determine whether the formula (5) is established. All on-board sensors to be certified in a group have passed the certification, otherwise, it indicates that the certification has not passed.
  • the calculation result obtained by the calculation makes the above formula (6) true, it indicates that the i vehicle-mounted sensors to be authenticated in the first group are authenticated, and the vehicle-mounted controller can communicate with the i sensors normally. On the contrary, it indicates that the i vehicle-mounted sensors to be authenticated in the first group are not authenticated, and the vehicle-mounted controller cannot communicate with the i sensors normally, and it is necessary to troubleshoot them as soon as possible to ensure the safe driving of the intelligent driving vehicle.
  • the vehicle-mounted sensors to be authenticated contained in other groups can be authenticated to obtain the authentication result.
  • the second group of aggregated signature results to be authenticated is S (2) through step B1
  • S (2) S i+1 +S i+2 +...+S j
  • the following calculation results can be obtained:
  • each group of aggregated signature results to be authenticated can be simultaneously authenticated, and when the authentication fails, the fault can be quickly and accurately located according to the group type and label.
  • the sensor to be certified Thereby, the authentication efficiency and accuracy of the vehicle-mounted sensor can be improved, the authentication cost can be reduced, and the safe driving of the intelligent driving vehicle can be ensured.
  • the vehicle controller when performing vehicle sensor authentication, the vehicle controller first obtains the public key information of the vehicle sensor to be authenticated from the vehicle cloud server, and then receives the information sent by the vehicle sensor to be authenticated.
  • Signature to be authenticated in turn, the on-board controller can use the acquired public key information to authenticate the signature to be authenticated according to the BLS signature algorithm to obtain the authentication result. It can be seen that, because the on-board controller in this application uses the public key obtained from the car cloud server to authenticate the signature to be authenticated according to the mature BLS signature algorithm, so as to accurately identify the authenticity of the on-board sensor to be authenticated.
  • the method of authenticating the sensor device using the electromagnetic security chip attached to the sensor device and the method of relying on the two communicating parties to share the same key for sensor authentication can realize the detection of a large number of on-board sensors on the vehicle without adding any hardware.
  • Fast and accurate certification not only reduces certification costs, but also improves certification efficiency and accuracy, thereby ensuring the safe driving of intelligent driving vehicles.
  • FIG. 4 is a flowchart of another vehicle-mounted sensor authentication method provided by an embodiment of the application. The method is described below.
  • the car cloud server in order to achieve accurate authentication of the vehicle-mounted sensor to be certified, the car cloud server first needs to obtain the sensor batch information from the sensor supplier as the information to be signed, and can also obtain the vehicle information from the car factory and base it on the vehicle information.
  • the vehicle information can be a vehicle identification number (VIN), and further, the result of adding a random number and the VIN can be used as the information to be signed.
  • VIN vehicle identification number
  • S402 Generate private key information and public key information of the vehicle-mounted sensor to be authenticated according to the BLS signature algorithm.
  • step S402 is basically the same as the description content of the formula (1) in the above step S201, and will not be repeated here.
  • related content please refer to the above step S201.
  • S403 Send the information to be signed and the private key information to the vehicle-mounted sensor to be authenticated.
  • the information to be signed and the private key can be further sent to the vehicle-mounted sensor to be authenticated Information, so that the vehicle-mounted sensor to be authenticated generates the signature to be authenticated according to the BLS signature algorithm, the information to be signed, and the private key information and sends the signature to be authenticated to the on-board controller.
  • the specific implementation process of generating the signature to be authenticated please refer to the introduction of the subsequent embodiments.
  • S404 Send the public key information to the vehicle controller.
  • the public key information of the vehicle-mounted sensor to be authenticated may be further sent to the vehicle-mounted controller, so that the vehicle-mounted controller can be authenticated according to the BLS signature algorithm and public key information. Sign the authentication and get the authentication result.
  • the specific implementation process of the on-board controller generating the signature to be authenticated for authentication please refer to the introduction of step S203 above, which will not be repeated here.
  • the car cloud server also needs to open the public key information query interface, so that the on-board controller can query the car cloud server for the on-board sensor to be authenticated according to the signature information of the on-board sensor to be authenticated. Public key information.
  • the current on-board controller if the current on-board controller is a replaced on-board controller, for example, if the previous on-board controller is damaged, it will be updated to a new on-board controller.
  • the current on-board controller The device does not store the public key information sent by the car cloud server in advance.
  • the current on-board controller needs to receive the information to be signed from the sensor to be authenticated, and then use the car cloud server according to the information to be signed.
  • the public key information query interface opened in advance can query the public key information of the vehicle-mounted sensor to be authenticated from the car cloud server, that is, query the public key information associated with the information to be signed.
  • the on-board controller does not store the on-board sensor to be certified.
  • the public key information corresponding to the vehicle-mounted sensor In this case, the vehicle-mounted controller needs to query the public key information previously opened by the vehicle cloud server based on the information to be signed after receiving the information to be signed from the sensor to be authenticated. Interface to query the public key information associated with the information to be signed from the car cloud server.
  • FIG. 5 is a flowchart of yet another method for authenticating a vehicle-mounted sensor according to an embodiment of the application. The method is described below.
  • S501 Acquire private key information and information to be signed of the vehicle-mounted sensor to be authenticated.
  • the vehicle-mounted sensor to be authenticated first needs to obtain the private key information and the information to be signed sent by the car cloud server, where the private key information is determined by the car cloud server according to the The BLS signature algorithm is generated.
  • the specific generation process please refer to the introduction of step S402 above, which will not be repeated here.
  • S502 Generate a signature to be authenticated according to the BLS signature algorithm, the information to be signed, and the private key information.
  • the signature to be authenticated can be generated according to the mature BLS signature algorithm, the information to be signed, and the private key information.
  • the specific implementation process of this step S502 may include the following steps C1-C3:
  • Step C1 Generate a hash digest according to the information to be signed
  • the vehicle-mounted sensor to be authenticated can perform data processing on the information m to be signed to generate a hash digest corresponding to the information m to be signed.
  • the SHA256 algorithm can be used Data processing is performed on the signature information m to generate a hash digest.
  • Step C2 Generate the curve hash value of the hash digest according to the BLS signature algorithm.
  • the hash digest can be further used as the abscissa value of the point according to the BLS signature algorithm to query the corresponding point on the elliptic curve.
  • an elliptic curve contains 2 256 points, and the value of the SHA256 algorithm used is also exactly 256 bits. But for a valid abscissa x, one positive and one negative two ordinates y will be correspondingly queried (that is, the coordinates of the two corresponding points are (x, y) and (x, -y)).
  • Example: As shown in Fig. 6, an elliptic curve y 2 x 3 +7 defined on a finite field modulo 23 is taken as an example. Only half of the abscissa x can find the corresponding point on the elliptic curve.
  • a number such as 0, 1, 2 can be appended to the hash digest. If the corresponding point is not found, replace it The value of the attachment and re-query.
  • Step C3 Generate a signature to be authenticated according to the curve hash value and the private key information.
  • the vehicle-mounted sensor to be authenticated can generate the signature S to be authenticated according to the curve hash value H(m) and the private key information sk.
  • S503 Send the signature to be authenticated to the on-board controller, so that the on-board controller authenticates the signature to be authenticated according to the BLS signature algorithm, and obtains the authentication result.
  • the signature to be certified can be further sent to the on-board controller, so that the on-board controller can authenticate the signature to be certified according to the BLS signature algorithm and public key information, and obtain Authentication result.
  • the on-board controller can authenticate the signature to be certified according to the BLS signature algorithm and public key information, and obtain Authentication result.
  • FIG. 8 shows a schematic diagram of the interaction process of the on-board sensor authentication method provided in the embodiment of the present application, which may include the following steps:
  • the car cloud server obtains the to-be-signed information of the on-board sensor to be authenticated.
  • the car cloud server generates private key information and public key information of the vehicle-mounted sensor to be authenticated according to the BLS signature algorithm.
  • the car cloud server sends the information to be signed and the private key information to the vehicle sensor to be authenticated.
  • S804 The car cloud server sends the public key information to the car controller.
  • steps S801-S804 are the same as the above steps S401-S404.
  • steps S401-S404 please refer to the above introduction of steps S401-S404, which will not be repeated here.
  • the vehicle-mounted sensor to be authenticated generates a signature to be authenticated according to the BLS signature algorithm, the information to be signed, and the private key information.
  • S806 The on-board sensor to be authenticated sends the signature to be authenticated to the on-board controller.
  • steps S805-S806 are the same as steps S502-S503 above.
  • steps S502-S503 please refer to the introduction of steps S502-S503 above, which will not be repeated here.
  • the on-board controller uses the public key information to authenticate the signature to be authenticated according to the BLS signature algorithm, and obtains the authentication result.
  • step S807 is consistent with the above step S203, and for relevant details, please refer to the introduction of the above step S203, which will not be repeated here.
  • the vehicle-mounted sensor when the vehicle-mounted sensor is authenticated, after the vehicle cloud server obtains the to-be-signed information of the vehicle-mounted sensor to be authenticated, it first generates the private key information and public key information of the vehicle-mounted sensor to be authenticated according to the BLS signature algorithm, and It will send the signature information and private key information to the on-board sensor to be authenticated, and the public key information to the on-board controller; then the on-board sensor to be authenticated can generate the signature to be authenticated according to the BLS signature algorithm, the information to be signed and the private key information, and Send the signature to be authenticated to the on-board controller; in turn, the on-board controller may use the acquired public key information to authenticate the signature to be authenticated according to the BLS signature algorithm to obtain the authentication result.
  • the car cloud server first generates the private key and public key of the vehicle sensor to be certified and the signature to be certified based on the mature BLS signature algorithm, and then the vehicle controller uses the public key to be certified according to the BLS signature algorithm.
  • the signature to be authenticated generated by the sensor is authenticated to accurately identify the authenticity of the vehicle-mounted sensor to be authenticated.
  • the authentication system includes a car cloud server 101, a vehicle-mounted sensor 102 to be authenticated, and a vehicle-mounted controller 103.
  • the vehicle cloud server 101 is connected to the vehicle-mounted sensor 102 to be certified
  • the vehicle cloud server 101 is connected to the vehicle-mounted controller 103
  • the vehicle-mounted sensor 102 to be certified is connected to the vehicle-mounted controller 103.
  • the above-mentioned "connection" may be a direct connection or an indirect connection.
  • the car cloud server 101 is used to obtain the information to be signed; generate the private key information and public key information of the vehicle-mounted sensor to be authenticated according to the BLS signature algorithm; send the public key information to the vehicle-mounted controller to be authenticated; send the vehicle-mounted sensor to be authenticated
  • the information to be signed and the private key information please refer to the introduction of steps S401-S404 above, which will not be repeated here.
  • the vehicle-mounted sensor 102 to be authenticated is used to generate the signature to be authenticated according to the BLS signature algorithm, the information to be signed and the private key information; send the signature to be authenticated to the on-board controller; please refer to the introduction of steps S501-S503 above for the specific implementation process. I won't repeat them here.
  • the on-board controller 103 is used to authenticate the signature to be authenticated by using the public key information according to the BLS signature algorithm to obtain the authentication result.
  • the specific implementation process please refer to the introduction of steps S201-S203 above, which will not be repeated here.
  • the car cloud server 101 is also used to:
  • the public key information query interface is opened, so that the vehicle controller 103 can query the public key information of the vehicle sensor to be certified from the vehicle cloud server 101 according to the information to be signed by the vehicle sensor 102 to be certified.
  • the vehicle-mounted sensor 102 to be authenticated is specifically used for:
  • the on-board controller 103 is specifically configured to:
  • the public key information of the vehicle-mounted sensor to be authenticated is queried from the vehicle cloud server 101.
  • the on-board controller 103 is specifically configured to:
  • the on-board controller 103 is specifically configured to:
  • the number of signatures to be authenticated included in the first group is less than the total number of signatures to be authenticated sent by the received multiple on-board sensors to be authenticated.
  • the embodiment of the present application also provides another vehicle-mounted sensor authentication system.
  • the authentication system includes the vehicle-mounted sensor to be authenticated 901 and the vehicle-mounted controller 902, which can be directly connected or indirectly connected. connect.
  • the vehicle-mounted sensor 901 to be authenticated is used to obtain private key information and information to be signed; generate a signature to be authenticated according to the BLS signature algorithm, information to be signed, and private key information; send the signature to be authenticated to the on-board controller 902; specific implementation For the process, please refer to the introduction of steps S501-S503 above, which will not be repeated here.
  • the private key information and the information to be signed can also be obtained from other cloud servers. The specific obtaining process will not be repeated here.
  • the on-board controller 902 is used to obtain the public key information of the on-board sensor to be authenticated; according to the BLS signature algorithm, the public key information is used to authenticate the signature to be authenticated to obtain the authentication result.
  • the public key information of the vehicle-mounted sensor to be authenticated can also be obtained from other cloud servers, and the specific obtaining process will not be repeated here.
  • the on-board controller 902 is specifically configured to:
  • the public key information of the vehicle-mounted sensor to be authenticated is queried from the vehicle cloud server.
  • the vehicle-mounted sensor 901 to be authenticated is specifically used for:
  • the on-board controller 902 is specifically configured to:
  • the on-board controller 902 is specifically configured to:
  • the number of signatures to be authenticated included in the first group is less than the total number of signatures to be authenticated sent by the received multiple on-board sensors to be authenticated.
  • an authentication device 1000 for a vehicle-mounted sensor provided in an embodiment of the present application.
  • the device 1000 may include: an obtaining unit 1001, a receiving unit 1002, and an authentication unit 1003.
  • the acquiring unit 1001 is configured to execute S201 in the embodiment shown in FIG. 2.
  • the receiving unit 1002 is configured to execute S202 in the embodiment shown in FIG. 2.
  • the authentication unit 1003 is used to execute S203 in the embodiment shown in FIG. 2. specific,
  • the obtaining unit 1001 is configured to obtain the public key information of the vehicle-mounted sensor to be authenticated from the car cloud server;
  • the receiving unit 1002 is configured to receive the signature to be authenticated sent by the vehicle-mounted sensor to be authenticated;
  • the authentication unit 1003 is used to authenticate the signature to be authenticated by using public key information according to the BLS signature algorithm to obtain an authentication result.
  • the acquiring unit 1001 is specifically configured to query the public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server according to the to-be-signed information of the vehicle-mounted sensor to be authenticated.
  • the public key information is associated with the batch information of the sensor to be authenticated.
  • the signature to be authenticated is generated by the sensor to be authenticated according to the BLS signature algorithm, the information to be signed, and the private key information of the sensor to be authenticated; where the private key information is generated by the car cloud server according to the BLS signature algorithm .
  • the receiving unit 1002 is specifically configured to: receive respective signatures to be authenticated sent by a plurality of on-board sensors to be authenticated; the authentication unit 1003 includes:
  • the first aggregation subunit is used to aggregate a plurality of signatures to be verified to obtain an aggregated signature result to be verified;
  • the first authentication subunit is used to authenticate the aggregated signature result to be authenticated by using the public key information according to the BLS signature algorithm to obtain the authentication result.
  • the receiving unit 1002 is specifically configured to: receive respective signatures to be authenticated sent by a plurality of on-board sensors to be authenticated; the authentication unit 1003 includes:
  • the second aggregation subunit is used to aggregate all signatures to be authenticated in the first group to obtain the signature result to be authenticated after aggregation of the first group;
  • the second authentication subunit is used to authenticate the first group of aggregated signature results to be authenticated by using the public key information according to the BLS signature algorithm to obtain the authentication result;
  • the number of signatures to be authenticated included in the first group is less than the total number of signatures to be authenticated sent by the received multiple on-board sensors to be authenticated.
  • the vehicle-mounted controller when the vehicle-mounted sensor is authenticated, the vehicle-mounted controller first obtains the public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server, and then receives the information sent by the vehicle-mounted sensor to be authenticated. Signature to be authenticated; in turn, the on-board controller can use the acquired public key information to authenticate the signature to be authenticated according to the BLS signature algorithm to obtain the authentication result. It can be seen that, because the on-board controller in this application uses the public key obtained from the car cloud server to authenticate the signature to be authenticated according to the mature BLS signature algorithm, so as to accurately identify the authenticity of the on-board sensor to be authenticated.
  • the method of authenticating the sensor device using the electromagnetic security chip attached to the sensor device and the method of relying on the two communicating parties to share the same key for sensor authentication can realize the detection of a large number of on-board sensors on the vehicle without adding any hardware.
  • Fast and accurate certification not only reduces certification costs, but also improves certification efficiency and accuracy, thereby ensuring the safe driving of intelligent driving vehicles.
  • the apparatus 1100 may include: an acquiring unit 1101, a generating unit 1102, a first sending unit 1103, and a second sending unit 1104.
  • the acquiring unit 1101 is configured to execute S401 in the embodiment shown in FIG. 4.
  • the generating unit 1102 is configured to execute S402 in the embodiment shown in FIG. 4.
  • the first sending unit 1103 is configured to execute S403 in the embodiment shown in FIG. 4.
  • the second sending unit 1104 is configured to execute S404 in the embodiment shown in FIG. 4. specific,
  • the obtaining unit 1101 is configured to obtain the to-be-signed information of the vehicle-mounted sensor to be authenticated
  • the generating unit 1102 is configured to generate the private key information and public key information of the vehicle-mounted sensor to be authenticated according to the BLS signature algorithm;
  • the first sending unit 1103 is used to send the information to be signed and the private key information to the vehicle-mounted sensor to be authenticated, so that the vehicle-mounted sensor to be authenticated generates the signature to be authenticated according to the BLS signature algorithm, the information to be signed, and the private key information and sends it to the vehicle-mounted controller.
  • Certified signature
  • the second sending unit 1104 is configured to send the public key information to the on-board controller, so that the on-board controller authenticates the signature to be authenticated according to the BLS signature algorithm and the public key information, and obtains the authentication result.
  • the device further includes: an opening unit configured to open the public key information query interface, so that the on-board controller can query the vehicle cloud server to be authenticated according to the to-be-signed information of the on-board sensor to be authenticated Public key information of on-board sensors.
  • FIG. 12 is yet another vehicle-mounted sensor authentication device 1200 provided by an embodiment of the present application.
  • the apparatus 1200 may include: an obtaining unit 1201, a generating unit 1202, and a sending unit 1203.
  • the acquiring unit 1201 is configured to execute S501 in the embodiment shown in FIG. 5.
  • the generating unit 1202 is configured to execute S502 in the embodiment shown in FIG. 5.
  • the sending unit 1203 is configured to execute S503 in the embodiment shown in FIG. 5.
  • the obtaining unit 1201 is configured to obtain the private key information of the vehicle-mounted sensor to be authenticated and the information to be signed;
  • the generating unit 1202 is configured to generate the signature to be authenticated according to the BLS signature algorithm, the information to be signed, and the private key information;
  • the sending unit 1203 is configured to send the signature to be authenticated to the on-board controller, so that the on-board controller authenticates the signature to be authenticated according to the BLS signature algorithm, and obtains the authentication result.
  • the obtaining unit 1201 is specifically configured to obtain the private key information of the vehicle-mounted sensor to be authenticated sent by the car cloud server, where the private key information is generated by the car cloud server according to the BLS signature algorithm.
  • the generating unit 1202 includes:
  • the first generating subunit is used to generate a hash digest according to the information to be signed;
  • the second generating subunit is used to generate the curve hash value of the hash digest according to the BLS signature algorithm
  • the third generation subunit is used to generate the signature to be authenticated according to the curve hash value and the private key information.
  • an embodiment of the present application provides a vehicle-mounted sensor authentication device 1300.
  • the device includes a memory 1301, a processor 1302, and a communication interface 1303.
  • the memory 1301 is used to store instructions
  • the processor 1302 is configured to execute instructions in the memory 1301, and execute the above-mentioned authentication method applied to the vehicle-mounted sensor in the embodiment shown in FIG. 2;
  • the communication interface 1303 is used for communication.
  • the memory 1301, the processor 1302, and the communication interface 1303 are connected to each other through a bus 1304; the bus 1304 can be a peripheral component interconnect standard (PCI) bus or an extended industry standard architecture (EISA) bus Wait.
  • PCI peripheral component interconnect standard
  • EISA extended industry standard architecture
  • the bus can be divided into address bus, data bus, control bus and so on. For ease of presentation, only one thick line is used in FIG. 13, but it does not mean that there is only one bus or one type of bus.
  • the processor 1302 is configured to perform the authentication of the vehicle-mounted sensor, the vehicle-mounted controller first obtains the public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server, and then receives the to-be-authenticated signature sent by the vehicle-mounted sensor to be authenticated; The vehicle-mounted controller may use the obtained public key information to authenticate the signature to be authenticated according to the BLS signature algorithm to obtain the authentication result.
  • the vehicle-mounted controller may use the obtained public key information to authenticate the signature to be authenticated according to the BLS signature algorithm to obtain the authentication result.
  • an embodiment of the present application provides another vehicle-mounted sensor authentication device 1400.
  • the device includes a memory 1401, a processor 1402, and a communication interface 1403.
  • the memory 1401 is used to store instructions
  • the processor 1402 is configured to execute instructions in the memory 1401, and execute the above-mentioned authentication method applied to the vehicle-mounted sensor in the embodiment shown in FIG. 4;
  • the communication interface 1403 is used for communication.
  • the memory 1401, the processor 1402, and the communication interface 1403 are connected to each other through a bus 1404; the bus 1404 may be a peripheral component interconnect (PCI) bus or an extended industry standard architecture (EISA) bus Wait.
  • PCI peripheral component interconnect
  • EISA extended industry standard architecture
  • the bus can be divided into address bus, data bus, control bus and so on. For ease of representation, only one thick line is used in FIG. 14, but it does not mean that there is only one bus or one type of bus.
  • the processor 1402 is configured to perform the authentication of the vehicle-mounted sensor, the vehicle cloud server first obtains the information to be signed for the vehicle-mounted sensor to be authenticated, and then generates the private key information and the public key of the vehicle-mounted sensor to be authenticated according to the BLS signature algorithm Information, and then can send to the vehicle-mounted sensor to be authenticated the information to be signed and the private key information, so that the vehicle-mounted sensor to be authenticated generates the signature to be authenticated according to the BLS signature algorithm, the information to be signed and the private key information and sends the signature to be authenticated to the on-board controller ;
  • the car cloud server can also send public key information to the on-board controller, so that the on-board controller can authenticate the signature to be authenticated according to the BLS signature algorithm and the public key information, and obtain the authentication result.
  • S401, S402, S403, and S204 in the embodiment shown in FIG. 4, which will not be repeated
  • an embodiment of the present application provides yet another vehicle-mounted sensor authentication device 1500.
  • the device includes a memory 1501, a processor 1502, and a communication interface 1503.
  • the memory 1501 is used to store instructions
  • the processor 1502 is configured to execute instructions in the memory 1501, and execute the above-mentioned authentication method applied to the vehicle-mounted sensor in the embodiment shown in FIG. 5;
  • the communication interface 1503 is used for communication.
  • the memory 1501, the processor 1502, and the communication interface 1503 are connected to each other through a bus 1504;
  • the bus 1504 can be a peripheral component interconnect (PCI) bus or an extended industry standard architecture (EISA) bus Wait.
  • PCI peripheral component interconnect
  • EISA extended industry standard architecture
  • the bus can be divided into address bus, data bus, control bus and so on. For ease of representation, only one thick line is used in FIG. 15 to represent it, but it does not mean that there is only one bus or one type of bus.
  • the processor 1502 is configured to perform the authentication of the on-board sensor, the on-board sensor to be authenticated first obtains the private key information and the information to be signed, and then generates the signature to be authenticated according to the BLS signature algorithm, the information to be signed, and the private key information. Then, the signature to be authenticated can be sent to the on-board controller, so that the on-board controller can authenticate the signature to be authenticated according to the BLS signature algorithm to obtain the authentication result.
  • the processor 1502 please refer to the detailed description of S501, S502, and S503 in the embodiment shown in FIG. 5, which will not be repeated here.
  • memory 1301, memory 1401, and memory 1501 may be random-access memory (RAM), flash memory (flash), read only memory (ROM), erasable programmable read-only memory (erasable). programmable read only memory (EPROM), electrically erasable programmable read-only memory (electrically erasable programmable read only memory, EEPROM), register (register), hard disk, mobile hard disk, CD-ROM or any other known to those skilled in the art Form of storage media.
  • RAM random-access memory
  • flash memory flash memory
  • ROM read only memory
  • ROM read only memory
  • EPROM erasable programmable read only memory
  • EEPROM electrically erasable programmable read-only memory
  • register register
  • hard disk mobile hard disk
  • CD-ROM any other known to those skilled in the art Form of storage media.
  • the aforementioned processor 1302, processor 1402, and processor 1502 may be, for example, a central processing unit (CPU), a general-purpose processor, a digital signal processor (digital signal processor, DSP), and an application-specific integrated circuit (application-specific integrated circuit). circuit, ASIC), field programmable gate array (field programmable gate array, FPGA) or other programmable logic devices, transistor logic devices, hardware components, or any combination thereof. It can implement or execute various exemplary logical blocks, modules, and circuits described in conjunction with the disclosure of this application.
  • the processor may also be a combination of computing functions, for example, a combination of one or more microprocessors, a combination of a DSP and a microprocessor, and so on.
  • the aforementioned communication interface 1303, communication interface 1403, and communication interface 1503 may be, for example, an interface card, etc., and may be an ethernet interface or an asynchronous transfer mode (ATM) interface.
  • ATM asynchronous transfer mode
  • the embodiment of the present application also provides a computer-readable storage medium, including instructions, which when run on a computer, cause the computer to execute the above-mentioned vehicle-mounted sensor authentication method.
  • the disclosed system, device, and method can be implemented in other ways.
  • the device embodiments described above are only illustrative.
  • the division of the units is only a logical function division, and there may be other divisions in actual implementation, for example, multiple units or components may be combined or It can be integrated into another system, or some features can be ignored or not implemented.
  • the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical, mechanical or other forms.
  • the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or they may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the solutions of the embodiments.
  • the functional units in the various embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit.
  • the above-mentioned integrated unit can be implemented in the form of hardware or software functional unit.
  • the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a computer readable storage medium.
  • the technical solution of this application essentially or the part that contributes to the existing technology or all or part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium.
  • a computer device which may be a personal computer, a server, or a network device, etc.
  • the aforementioned storage media include: U disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disks or optical disks and other media that can store program codes. .
  • the functions described in the present invention can be implemented by hardware, software, firmware, or any combination thereof.
  • these functions can be stored in a computer-readable medium or transmitted as one or more instructions or codes on the computer-readable medium.
  • the computer-readable medium includes a computer storage medium and a communication medium, where the communication medium includes any medium that facilitates the transfer of a computer program from one place to another.
  • the storage medium may be any available medium that can be accessed by a general-purpose or special-purpose computer.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Lock And Its Accessories (AREA)
  • Traffic Control Systems (AREA)

Abstract

Disclosed in the embodiments of the present application are a vehicle-mounted sensor authentication method, apparatus, and system for use in the technical field of automobiles, and used for increasing vehicle-mounted sensor authentication efficiency and accuracy, reducing authentication costs, and ensuring the safe driving of smart driving vehicles. The method comprises: when implementing vehicle-mounted sensor authentication, a vehicle-mounted controller first acquires public key information of a vehicle-mounted sensor to be authenticated from a vehicle cloud server and then receives a signature to be authenticated sent by the vehicle-mounted sensor to be authenticated; and the vehicle-mounted controller uses the acquired public key information to perform authentication of the signature to be authenticated on the basis of a BLS signature algorithm in order to acquire an authentication result.

Description

一种车载传感器的认证方法、装置及系统Authentication method, device and system for vehicle-mounted sensor
本申请要求于2020年01月14日提交中国专利局、申请号为202010037875.4、发明名称为“一种车载传感器的认证方法、装置及系统”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of a Chinese patent application filed with the Chinese Patent Office on January 14, 2020, the application number is 202010037875.4, and the invention title is "A method, device and system for authenticating an on-board sensor", the entire content of which is incorporated by reference In this application.
技术领域Technical field
本申请涉及汽车技术领域,尤其涉及一种车载传感器的认证方法、装置及系统。This application relates to the field of automobile technology, and in particular to an authentication method, device and system for vehicle-mounted sensors.
背景技术Background technique
随着智能驾驶技术的发展,越来越多的车辆上配置了各种类型的感知传感器,如摄像头、毫米波雷达、激光雷达、超声波雷达等,用以辅助实现车辆的智能驾驶功能。With the development of intelligent driving technology, more and more vehicles are equipped with various types of perception sensors, such as cameras, millimeter wave radar, laser radar, ultrasonic radar, etc., to assist in realizing the intelligent driving function of the vehicle.
但随着车辆的使用,各个车载传感器都会产生不同程度的损伤和消耗,因此不可避免地会出现车载传感器更换的情况,并且,随着保有量加大,除了正规供应商外,陆续出现了大量“山寨”版传感器,由于车载传感器通常是依赖控制器局域网络(controller area network,CAN)总线或者以太网等方式连接到车载控制器,且车载传感器与车载控制器之间是通过明文进行通信,极易被破解,在这种情况下,若利用“山寨”版传感器后装到车辆中来替换出现损伤或消耗的正规传感器,将极有可能导致非常严重的后果,甚至威胁到用户的生命完全。因此,能否对各个车载传感器设备的真伪进行准确认证就变得尤为重要。However, with the use of vehicles, various on-board sensors will produce varying degrees of damage and consumption, so it is inevitable that on-board sensors will be replaced. Moreover, as the inventory increases, in addition to regular suppliers, a large number of The "cottage" version of the sensor, because the on-board sensor usually relies on the controller area network (CAN) bus or Ethernet to connect to the on-board controller, and the on-board sensor and the on-board controller communicate in clear text. It is very easy to be cracked. In this case, if the "cottage" version of the sensor is installed in the vehicle to replace the damaged or consumed regular sensor, it will most likely lead to very serious consequences and even threaten the life of the user. . Therefore, whether the authenticity of each vehicle-mounted sensor device can be accurately authenticated becomes particularly important.
目前,车载传感器的认证方法通常有两种:一种是利用贴附在传感器设备上的电磁安全芯片,来认证传感器设备,但该方法需要专门的安全芯片,且安全芯片与控制器需要进行配套设置,硬件成本过高,不适用于对数量越来越多的车载传感器进行认证;而另一种常用的认证方法则是基于密钥的认证方法,该方法虽然一定程度上能够对车载设备真伪进行认证,但该方法通常依赖通信双方共享同一密钥,所以,该方法比较适用于两个设备之间的互相认证,但每辆车需要认证的传感器数量众多,不适用于与车载控制器之间分别进行一一认证,响应时间过长。可见,目前常见的两种车载传感器的认证方法认证效率较低、成本较高且均无法实现同时对车辆上大量车载传感器的快速、准确认证,进而无法保证智能驾驶车辆的安全行驶。At present, there are usually two authentication methods for vehicle-mounted sensors: one is to use the electromagnetic security chip attached to the sensor device to authenticate the sensor device, but this method requires a special security chip, and the security chip needs to be matched with the controller. Setting, the hardware cost is too high, and it is not suitable for authenticating the increasing number of on-board sensors; another commonly used authentication method is the key-based authentication method, although this method can be true to the on-board equipment to a certain extent. Pseudo authentication, but this method usually relies on both parties sharing the same key. Therefore, this method is more suitable for mutual authentication between two devices. However, each vehicle needs to be authenticated with a large number of sensors, which is not suitable for communication with on-board controllers. Between each authentication, the response time is too long. It can be seen that the current two common authentication methods for vehicle-mounted sensors have low authentication efficiency and high cost, and neither can achieve rapid and accurate authentication of a large number of vehicle-mounted sensors on the vehicle at the same time, thereby failing to ensure the safe driving of intelligent driving vehicles.
发明内容Summary of the invention
本申请实施例提供了一种车载传感器的认证方法及装置,用于提高车载传感器的认证效率和准确性,降低认证成本,进而保证智能驾驶车辆的安全行驶。The embodiments of the present application provide a method and device for authenticating a vehicle-mounted sensor, which are used to improve the authentication efficiency and accuracy of the vehicle-mounted sensor, reduce the authentication cost, and thereby ensure the safe driving of a smart-driving vehicle.
第一方面,本申请提供了一种车载传感器的认证方法,该方法包括:在进行车载传感器的认证时,车载控制器(如图1中的车载控制器103)首先从车云服务器(如图1中的车云服务器101)获取待认证车载传感器(如图1中的待认证车载传感器102)的公钥信息,然后接收待认证车载传感器(如图1中的待认证车载传感器102)发送的待认证签名;进 而车载控制器(如图1中的车载控制器103)可以根据BLS签名算法,利用获取到的公钥信息,对该待认证签名进行认证,以获得认证结果。In the first aspect, this application provides a method for authenticating a vehicle-mounted sensor. The method includes: when performing vehicle-mounted sensor authentication, the vehicle-mounted controller (such as the vehicle-mounted controller 103 in FIG. 1) first obtains from the vehicle cloud server (as shown in FIG. The car cloud server 101 in 1) obtains the public key information of the on-board sensor to be authenticated (such as the on-board sensor to be authenticated 102 in Fig. 1), and then receives the information sent by the on-board sensor to be authenticated (the on-board sensor 102 to be authenticated in Fig. 1) The signature to be authenticated; and the on-board controller (such as the on-board controller 103 in FIG. 1) can use the acquired public key information to authenticate the signature to be authenticated according to the BLS signature algorithm to obtain the authentication result.
与传统技术相比,本申请实施例中的车载控制器是根据成熟的BLS签名算法,利用从车云服务器获取的公钥对待认证签名进行认证,来准确识别出待认证车载传感器的真伪,因此,相较于目前利用贴附在传感器设备上的电磁安全芯片来认证传感器设备的方法以及依赖通信双方共享同一密钥来进行传感器认证的方法而言,无需增加任何硬件,即可实现对车辆上大量车载传感器的快速、准确认证,不仅降低了认证成本,而且也提高了认证效率和准确性,进而保证了智能驾驶车辆的安全行驶。Compared with the traditional technology, the on-board controller in the embodiment of this application uses the public key obtained from the car cloud server to authenticate the signature to be authenticated according to the mature BLS signature algorithm, so as to accurately identify the authenticity of the on-board sensor to be authenticated. Therefore, compared with the current method of authenticating the sensor device with the electromagnetic security chip attached to the sensor device and the method of relying on the two communicating parties to share the same key for sensor authentication, the vehicle can be authenticated without adding any hardware. The rapid and accurate authentication of a large number of on-board sensors not only reduces the cost of authentication, but also improves the efficiency and accuracy of authentication, thereby ensuring the safe driving of intelligent driving vehicles.
一种可能的实现方式中,从车云服务器获取待认证车载传感器的公钥信息,包括:根据待认证车载传感器的待签名信息,从车云服务器处查询待认证车载传感器的公钥信息。In a possible implementation manner, obtaining the public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server includes: querying the public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server according to the to-be-signed information of the vehicle-mounted sensor to be authenticated.
这样,如果车载控制器或待认证车载传感器为更新后的传感器,且车载控制器未存储有车云服务器预先发送的公钥信息时,可以根据待认证车载传感器发送的待签名信息,从车云服务器处查询出与该待签名信息相关联的公钥信息,进而提高认证效率和准确性。In this way, if the on-board controller or the on-board sensor to be authenticated is an updated sensor, and the on-board controller does not store the public key information sent by the car cloud server in advance, it can use the information to be signed from the on-board sensor to be authenticated. The server queries the public key information associated with the information to be signed, thereby improving the authentication efficiency and accuracy.
一种可能的实现方式中,公钥信息和待认证传感器的批次信息相关联,以便后续可以利用该公钥信息对该批次的待认证传感器进行认证,提高认证准确率。In a possible implementation manner, the public key information is associated with the batch information of the sensor to be authenticated, so that the public key information can be subsequently used to authenticate the batch of sensors to be authenticated to improve the authentication accuracy rate.
一种可能的实现方式中,待认证签名为待认证传感器根据BLS签名算法、待签名信息以及待认证传感器的私钥信息生成;其中,私钥信息为车云服务器根据BLS签名算法生成。以便于车载控制器可以利用公钥信息对待认证签名进行,并根据认证结果准确判断出待认证车载传感器设备的真伪。In a possible implementation, the signature to be authenticated is generated by the sensor to be authenticated according to the BLS signature algorithm, the information to be signed, and the private key information of the sensor to be authenticated; where the private key information is generated by the car cloud server according to the BLS signature algorithm. So that the vehicle-mounted controller can use the public key information to perform the signature to be authenticated, and accurately determine the authenticity of the vehicle-mounted sensor device to be authenticated according to the authentication result.
一种可能的实现方式中,接收待认证车载传感器发送的待认证签名,包括:接收多个待认证车载传感器发送的各自的待认证签名;根据BLS签名算法,利用公钥信息,对待认证签名进行认证,获得认证结果,包括:将多个待认证签名进行聚合,得到聚合后的待认证签名结果;根据BLS签名算法,利用公钥信息,对聚合后的待认证签名结果进行认证,获得认证结果。这样,可以实现同时对多个待认证车载传感器进行聚合认证,大幅度提高了认证效率。In a possible implementation manner, receiving the signature to be certified sent by the vehicle-mounted sensor to be certified includes: receiving the signature to be certified sent by a plurality of vehicle-mounted sensors to be certified; according to the BLS signature algorithm, the public key information is used to perform the signature to be certified. Attestation, to obtain the authentication result, including: aggregating multiple signatures to be authenticated to obtain the aggregated signature result to be authenticated; according to the BLS signature algorithm, use public key information to authenticate the aggregated signature result to be authenticated to obtain the authentication result . In this way, it is possible to simultaneously perform aggregate authentication on multiple on-board sensors to be authenticated, which greatly improves authentication efficiency.
一种可能的实现方式中,接收待认证车载传感器发送的待认证签名,包括:接收多个待认证车载传感器发送的各自的待认证签名;根据BLS签名算法,利用公钥信息,对待认证签名进行认证,获得认证结果,包括:将第一组中的所有待认证签名进行聚合,得到第一组聚合后的待认证签名结果;根据BLS签名算法,利用公钥信息,对第一组聚合后的待认证签名结果进行认证,获得认证结果;其中,第一组中包含的待认证签名的个数小于接收到的多个待认证车载传感器发送的待认证签名的总个数。In a possible implementation manner, receiving the signature to be certified sent by the vehicle-mounted sensor to be certified includes: receiving the signature to be certified sent by a plurality of vehicle-mounted sensors to be certified; according to the BLS signature algorithm, the public key information is used to perform the signature to be certified. Attestation, to obtain the authentication result, including: aggregating all the signatures to be authenticated in the first group to obtain the first group of aggregated signature results to be authenticated; according to the BLS signature algorithm, the public key information is used to aggregate the first group of signatures. The signature result to be authenticated is authenticated, and the authentication result is obtained; wherein the number of signatures to be authenticated included in the first group is less than the total number of signatures to be authenticated sent by the received multiple on-vehicle sensors to be authenticated.
这样,通过分组聚合的认证方式,可以对每一组聚合的待认证签名结果进行同步认证,并且,当出现认证不通过时,可以根据分组的类型和标号,快速、准确地定位到出现故障的待认证传感器。从而能够提高车载传感器的认证效率和准确性,降低认证成本,进而保证智能驾驶车辆的安全行驶。In this way, through the grouping and aggregation authentication method, each group of aggregated signature results to be authenticated can be simultaneously authenticated, and when the authentication fails, the faulty can be quickly and accurately located according to the type and label of the grouping. Sensor to be certified. Thereby, the authentication efficiency and accuracy of the vehicle-mounted sensor can be improved, the authentication cost can be reduced, and the safe driving of the intelligent driving vehicle can be ensured.
第二方面,本申请还提供了一种车载传感器的认证方法,该方法包括:在进行车载传感器的认证时,车云服务器(如图1中的车云服务器101)首先获取待认证车载传感器(如 图1中的待认证车载传感器102)的待签名信息,然后根据BLS签名算法生成待认证车载传感器(如图1中的待认证车载传感器102)的私钥信息和公钥信息;并向待认证车载传感器(如图1中的待认证车载传感器102)发送获取到的待签名信息以及生产的私钥信息,以便待认证车载传感器(如图1中的待认证车载传感器102)可以根据成熟的BLS签名算法、待签名信息以及私钥信息生成待认证签名并向车载控制器(如图1中的车载控制器103)发送该待认证签名;同时,车云服务器(如图1中的车云服务器101)还可以向车载控制器(如图1中的车载控制器103)发送公钥信息,以便车载控制器(如图1中的车载控制器103)可以根据成熟的BLS签名算法和公钥信息,对待认证签名进行认证,得到认证结果。这样,通过成熟的BLS签名算法进行认证,可以将生成的私钥信息直接预置在待认证车载传感器中,并将生成的公钥信息预先发送至车载控制器,无需担心密钥各个环节的泄露问题,便于管理,并且按照传感器的批次信息进行密钥管理,降低了成本。In the second aspect, the present application also provides a method for authenticating a vehicle-mounted sensor. The method includes: when the vehicle-mounted sensor is authenticated, the vehicle cloud server (such as the vehicle cloud server 101 in FIG. 1) first obtains the vehicle-mounted sensor to be authenticated ( The to-be-signed information of the vehicle-mounted sensor 102 to be authenticated in Figure 1 is then generated according to the BLS signature algorithm for the private key information and public key information of the vehicle-mounted sensor to be authenticated (such as the vehicle-mounted sensor 102 to be authenticated in Figure 1); The certified vehicle-mounted sensor (such as the to-be-certified vehicle-mounted sensor 102 in Figure 1) sends the acquired information to be signed and the produced private key information, so that the to-be-certified vehicle-mounted sensor (such as the to-be-certified vehicle-mounted sensor 102 in Figure 1) can be based on mature The BLS signature algorithm, the information to be signed, and the private key information generate the signature to be verified and send the signature to be verified to the vehicle controller (such as the vehicle controller 103 in Figure 1); at the same time, the vehicle cloud server (such as the vehicle cloud server in Figure 1) The server 101) can also send public key information to the vehicle controller (such as the vehicle controller 103 in Figure 1) so that the vehicle controller (such as the vehicle controller 103 in Figure 1) can be based on the mature BLS signature algorithm and public key. Information, the signature to be authenticated is authenticated, and the authentication result is obtained. In this way, through the mature BLS signature algorithm for authentication, the generated private key information can be directly preset in the vehicle-mounted sensor to be authenticated, and the generated public key information can be sent to the vehicle-mounted controller in advance, without worrying about the leakage of each link of the key. The problem is easy to manage, and the key management is carried out according to the batch information of the sensor, which reduces the cost.
一种可能的实现方式中,该方法还包括:开放公钥信息查询接口,以便车载控制器根据待认证车载传感器的待签名信息,从车云服务器处查询待认证车载传感器的公钥信息,这样,将公钥信息公开进行查询,以便车载控制器可以直接通过公钥信息查询接口查询公钥信息,不仅查询方便,并且也不需要在器件更新之后做特殊处理。In a possible implementation, the method further includes: opening the public key information query interface, so that the on-board controller can query the public key information of the on-board sensor to be authenticated from the car cloud server according to the on-board sensor to be authenticated. , Make public key information public for query, so that the on-board controller can directly query the public key information through the public key information query interface, which is not only convenient for query, but also does not require special processing after the device is updated.
第三方面,本申请还提供了一种车载传感器的认证方法,该方法包括:在进行车载传感器的认证时,待认证车载传感器(如图1中的待认证车载传感器102)首先获取到私钥信息和带签名信息,然后可以根据成熟的BLS签名算法、待签名信息以及私钥信息生成待认证签名,进而可以向车载控制器(如图1中的车载控制器103)发送该待认证签名,以便车载控制器(如图1中的车载控制器103)可以根据成熟的BLS签名算法,对该待认证签名进行认证,得到认证结果,这样,相较于目前利用贴附在传感器设备上的电磁安全芯片来认证传感器设备的方法而言,无需增加任何硬件,即可实现对车辆上大量车载传感器的快速、准确认证,不仅降低了认证成本,而且也提高了认证效率和准确性,进而保证了智能驾驶车辆的安全行驶。In the third aspect, this application also provides a method for authenticating a vehicle-mounted sensor. The method includes: when the vehicle-mounted sensor is authenticated, the vehicle-mounted sensor to be authenticated (such as the vehicle-mounted sensor to be authenticated 102 in FIG. 1) first obtains the private key. Then, the signature to be verified can be generated according to the mature BLS signature algorithm, the information to be signed, and the private key information, and then the signature to be verified can be sent to the vehicle controller (such as the vehicle controller 103 in Fig. 1). So that the on-board controller (such as the on-board controller 103 in Fig. 1) can authenticate the signature to be authenticated according to the mature BLS signature algorithm to obtain the authentication result. In this way, compared with the current use of electromagnetic equipment attached to the sensor device As far as the security chip is used to authenticate the sensor device, the rapid and accurate authentication of a large number of on-board sensors on the vehicle can be achieved without adding any hardware, which not only reduces the authentication cost, but also improves the authentication efficiency and accuracy, thereby ensuring Safe driving of intelligent driving vehicles.
一种可能的实现方式中,获取待认证车载传感器的私钥信息,包括:获取车云服务器发送的待认证车载传感器的私钥信息,私钥信息是由车云服务器根据BLS签名算法生成的。In a possible implementation manner, obtaining the private key information of the vehicle-mounted sensor to be authenticated includes: obtaining the private key information of the vehicle-mounted sensor to be authenticated sent by the vehicle cloud server, and the private key information is generated by the vehicle cloud server according to the BLS signature algorithm.
一种可能的实现方式中,根据BLS签名算法、待签名信息以及私钥信息生成待认证签名,包括:根据待签名信息生成哈希摘要;根据BLS签名算法生成哈希摘要的曲线哈希值;根据曲线哈希值和私钥信息生成待认证签名。便于车载控制器可以利用公钥信息对该待认证签名进行,并根据认证结果准确判断出待认证车载传感器设备的真伪。In a possible implementation, generating the signature to be authenticated according to the BLS signature algorithm, the information to be signed, and the private key information includes: generating a hash digest according to the information to be signed; generating the curve hash value of the hash digest according to the BLS signature algorithm; The signature to be verified is generated according to the curve hash value and the private key information. It is convenient for the vehicle-mounted controller to use the public key information to perform the signature to be authenticated, and accurately determine the authenticity of the vehicle-mounted sensor device to be authenticated according to the authentication result.
第四方面,本申请还提供了一种车载传感器的认证系统,该系统包括:车云服务器、待认证车载传感器、车载控制器;其中,车云服务器,用于获取待签名信息;根据BLS签名算法生成待认证车载传感器的私钥信息和公钥信息;向待车载控制器发送公钥信息;向待认证车载传感器发送待签名信息和所述私钥信息;待认证车载传感器,用于根据BLS签名算法、待签名信息以及私钥信息生成待认证签名;向车载控制器发送待认证签名;车载控制器,用于根据BLS签名算法,利用公钥信息,对待认证签名进行认证,获得认证结果。In a fourth aspect, the present application also provides a vehicle-mounted sensor authentication system, which includes: a vehicle cloud server, a vehicle-mounted sensor to be certified, and a vehicle-mounted controller; wherein the vehicle cloud server is used to obtain information to be signed; according to the BLS signature The algorithm generates the private key information and public key information of the vehicle-mounted sensor to be authenticated; sends the public key information to the vehicle-mounted controller to be authenticated; sends the information to be signed and the private key information to the vehicle-mounted sensor to be authenticated; the vehicle-mounted sensor to be authenticated is used according to the BLS The signature algorithm, the information to be signed, and the private key information generate the signature to be authenticated; send the signature to be authenticated to the on-board controller; the on-board controller is used to authenticate the signature to be authenticated by using the public key information according to the BLS signature algorithm to obtain the authentication result.
一种可能的实现方式中,车云服务器还用于:开放公钥信息查询接口,以便车载控制器根据待认证车载传感器的待签名信息,从车云服务器处查询待认证车载传感器的公钥信息。In a possible implementation, the car cloud server is also used to: open the public key information query interface, so that the on-board controller can query the public key information of the on-board sensor to be authenticated from the on-board sensor to be authenticated based on the signature information of the on-board sensor to be authenticated .
一种可能的实现方式中,待认证车载传感器具体用于:根据待签名信息生成哈希摘要;根据BLS签名算法生成哈希摘要的曲线哈希值;根据曲线哈希值和私钥信息生成待认证签名。In a possible implementation, the vehicle-mounted sensor to be authenticated is specifically used to: generate a hash digest according to the information to be signed; generate the curve hash value of the hash digest according to the BLS signature algorithm; generate the curve hash value of the hash digest according to the curve hash value and private key information Certified signature.
一种可能的实现方式中,车载控制器具体用于:根据待认证车载传感器的待签名信息,从车云服务器处查询待认证车载传感器的公钥信息。In a possible implementation manner, the on-board controller is specifically configured to query the public key information of the on-board sensor to be authenticated from the on-vehicle cloud server according to the to-be-signed information of the on-board sensor to be authenticated.
一种可能的实现方式中,车载控制器具体用于:接收多个待认证车载传感器发送的各自的待认证签名;将多个待认证签名进行聚合,得到聚合后的待认证签名结果;根据BLS签名算法,利用公钥信息,对聚合后的待认证签名结果进行认证,获得认证结果。In a possible implementation, the on-board controller is specifically used to: receive the respective signatures to be certified sent by multiple on-board sensors to be certified; aggregate the signatures to be certified to obtain the aggregated signature result to be certified; according to the BLS The signature algorithm uses public key information to authenticate the aggregated signature result to be authenticated to obtain the authentication result.
一种可能的实现方式中,车载控制器具体用于:接收多个待认证车载传感器发送的各自的待认证签名;将第一组中的所有待认证签名进行聚合,得到第一组聚合后的待认证签名结果;根据BLS签名算法,利用公钥信息,对第一组聚合后的待认证签名结果进行认证,获得认证结果;其中,第一组中包含的待认证签名的个数小于接收到的多个待认证车载传感器发送的待认证签名的总个数。In a possible implementation, the on-board controller is specifically configured to: receive respective signatures to be certified sent by multiple on-board sensors to be certified; aggregate all signatures to be certified in the first group to obtain the first group of aggregated signatures Signature result to be authenticated; according to the BLS signature algorithm, the public key information is used to authenticate the first group of aggregated signature results to be authenticated to obtain the authentication result; among them, the number of signatures to be authenticated contained in the first group is less than the received The total number of signatures to be authenticated sent by multiple on-board sensors to be authenticated.
第五方面,本申请还提供了一种车载传感器的认证系统,该系统包括:待认证车载传感器和车载控制器;其中,待认证车载传感器,用于获取私钥信息和待签名信息;根据BLS签名算法、待签名信息以及私钥信息生成待认证签名;向车载控制器发送待认证签名;车载控制器,用于获取待认证车载传感器的公钥信息;根据BLS签名算法,利用公钥信息,对待认证签名进行认证,获得认证结果。In a fifth aspect, this application also provides a vehicle-mounted sensor authentication system, which includes: a vehicle-mounted sensor to be certified and a vehicle-mounted controller; wherein the vehicle-mounted sensor to be certified is used to obtain private key information and information to be signed; according to the BLS The signature algorithm, the information to be signed, and the private key information generate the signature to be certified; the signature to be certified is sent to the on-board controller; the on-board controller is used to obtain the public key information of the on-board sensor to be certified; according to the BLS signature algorithm, the public key information is used, The signature to be authenticated is authenticated, and the authentication result is obtained.
一种可能的实现方式中,车载控制器具体用于:根据待认证车载传感器的待签名信息,从车云服务器处查询待认证车载传感器的公钥信息。In a possible implementation manner, the on-board controller is specifically configured to query the public key information of the on-board sensor to be authenticated from the on-vehicle cloud server according to the to-be-signed information of the on-board sensor to be authenticated.
一种可能的实现方式中,待认证车载传感器具体用于:根据待签名信息生成哈希摘要;根据BLS签名算法生成哈希摘要的曲线哈希值;根据曲线哈希值和所述私钥信息生成待认证签名。In a possible implementation, the vehicle-mounted sensor to be authenticated is specifically used to: generate a hash digest according to the information to be signed; generate the curve hash value of the hash digest according to the BLS signature algorithm; according to the curve hash value and the private key information Generate a signature to be verified.
一种可能的实现方式中,车载控制器具体用于:接收多个待认证车载传感器发送的各自的待认证签名;将多个待认证签名进行聚合,得到聚合后的待认证签名结果;根据BLS签名算法,利用公钥信息,对聚合后的待认证签名结果进行认证,获得认证结果。In a possible implementation, the on-board controller is specifically used to: receive the respective signatures to be certified sent by multiple on-board sensors to be certified; aggregate the signatures to be certified to obtain the aggregated signature result to be certified; according to the BLS The signature algorithm uses public key information to authenticate the aggregated signature result to be authenticated to obtain the authentication result.
一种可能的实现方式中,车载控制器具体用于:接收多个待认证车载传感器发送的各自的待认证签名;将第一组中的所有待认证签名进行聚合,得到第一组聚合后的待认证签名结果;根据BLS签名算法,利用公钥信息,对第一组聚合后的待认证签名结果进行认证,获得认证结果;其中,第一组中包含的待认证签名的个数小于接收到的多个所述待认证车载传感器发送的待认证签名的总个数。In a possible implementation, the on-board controller is specifically configured to: receive respective signatures to be certified sent by multiple on-board sensors to be certified; aggregate all signatures to be certified in the first group to obtain the first group of aggregated signatures Signature result to be authenticated; according to the BLS signature algorithm, the public key information is used to authenticate the first group of aggregated signature results to be authenticated to obtain the authentication result; among them, the number of signatures to be authenticated contained in the first group is less than the received The total number of signatures to be authenticated sent by the plurality of on-board sensors to be authenticated.
第六方面,本申请还提供了一种车载传感器的认证装置,该装置包括:获取单元,用于从车云服务器获取待认证车载传感器的公钥信息;接收单元,用于接收待认证车载传感 器发送的待认证签名;认证单元,用于根据BLS签名算法,利用公钥信息,对待认证签名进行认证,获得认证结果。In a sixth aspect, the present application also provides an authentication device for a vehicle-mounted sensor. The device includes: an obtaining unit for obtaining public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server; and a receiving unit for receiving the vehicle-mounted sensor to be authenticated The sent signature to be authenticated; the authentication unit is used to authenticate the signature to be authenticated by using the public key information according to the BLS signature algorithm to obtain the authentication result.
一种可能的实现方式中,获取单元具体用于:根据待认证车载传感器的待签名信息,从车云服务器处查询待认证车载传感器的公钥信息。In a possible implementation manner, the acquiring unit is specifically configured to query the public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server according to the information to be signed of the vehicle-mounted sensor to be authenticated.
一种可能的实现方式中,公钥信息和待认证传感器的批次信息相关联。In a possible implementation, the public key information is associated with the batch information of the sensor to be authenticated.
一种可能的实现方式中,待认证签名为待认证传感器根据BLS签名算法、待签名信息以及待认证传感器的私钥信息生成;其中,私钥信息为车云服务器根据BLS签名算法生成。In a possible implementation, the signature to be authenticated is generated by the sensor to be authenticated according to the BLS signature algorithm, the information to be signed, and the private key information of the sensor to be authenticated; where the private key information is generated by the car cloud server according to the BLS signature algorithm.
一种可能的实现方式中,接收单元具体用于:接收多个待认证车载传感器发送的各自的待认证签名;认证单元包括:第一聚合子单元,用于将多个待认证签名进行聚合,得到聚合后的待认证签名结果;第一认证子单元,用于根据BLS签名算法,利用公钥信息,对聚合后的待认证签名结果进行认证,获得认证结果。In a possible implementation manner, the receiving unit is specifically configured to: receive respective signatures to be authenticated sent by a plurality of on-board sensors to be authenticated; the authentication unit includes: a first aggregation subunit, which is used to aggregate multiple signatures to be authenticated, Obtain the aggregated signature result to be authenticated; the first authentication subunit is used to authenticate the aggregated signature result to be authenticated by using the public key information according to the BLS signature algorithm to obtain the authentication result.
一种可能的实现方式中,接收单元具体用于:接收多个待认证车载传感器发送的各自的待认证签名;认证单元包括:第二聚合子单元,用于将第一组中的所有待认证签名进行聚合,得到第一组聚合后的待认证签名结果;第二认证子单元,用于根据BLS签名算法,利用公钥信息,对第一组聚合后的待认证签名结果进行认证,获得认证结果;其中,第一组中包含的待认证签名的个数小于接收到的多个待认证车载传感器发送的待认证签名的总个数。In a possible implementation, the receiving unit is specifically configured to: receive respective signatures to be authenticated sent by a plurality of on-board sensors to be authenticated; the authentication unit includes: a second aggregation subunit, which is used to combine all the to-be-authenticated signatures in the first group The signatures are aggregated to obtain the first group of aggregated signature results to be authenticated; the second authentication subunit is used to authenticate the first group of aggregated signature results to be authenticated by using public key information according to the BLS signature algorithm to obtain certification Result; where the number of signatures to be authenticated contained in the first group is less than the total number of signatures to be authenticated sent by the received multiple on-board sensors to be authenticated.
第七方面,本申请还提供了一种车载传感器的认证装置,该装置包括:获取单元,用于获取待认证车载传感器的待签名信息;生成单元,用于根据BLS签名算法生成待认证车载传感器的私钥信息和公钥信息;第一发送单元,用于向待认证车载传感器发送待签名信息和私钥信息,以便待认证车载传感器根据BLS签名算法、待签名信息以及私钥信息生成待认证签名并向车载控制器发送待认证签名;第二发送单元,用于向车载控制器发送公钥信息,以便车载控制器根据BLS签名算法和公钥信息,对待认证签名进行认证,得到认证结果。In a seventh aspect, the present application also provides an authentication device for a vehicle-mounted sensor. The device includes: an acquisition unit for acquiring information to be signed for the vehicle-mounted sensor to be authenticated; and a generating unit for generating the vehicle-mounted sensor to be authenticated according to the BLS signature algorithm The first sending unit is used to send the information to be signed and the private key information to the vehicle-mounted sensor to be authenticated, so that the vehicle-mounted sensor to be authenticated generates the information to be authenticated according to the BLS signature algorithm, the information to be signed and the private key information Sign and send the signature to be authenticated to the on-board controller; the second sending unit is used to send public key information to the on-board controller, so that the on-board controller authenticates the signature to be authenticated according to the BLS signature algorithm and the public key information, and obtains the authentication result.
一种可能的实现方式中,该装置还包括:开放单元,用于开放公钥信息查询接口,以便车载控制器根据待认证车载传感器的待签名信息,从车云服务器处查询待认证车载传感器的公钥信息。In a possible implementation, the device further includes: an opening unit for opening the public key information query interface, so that the on-board controller can query the on-board sensor to be authenticated from the car cloud server based on the to-be-signed information of the on-board sensor to be authenticated. Public key information.
第八方面,本申请还提供了一种车载传感器的认证装置,该装置包括:获取单元,用于获取待认证车载传感器的私钥信息和待签名信息;生成单元,用于根据BLS签名算法、待签名信息以及私钥信息生成待认证签名;发送单元,用于向车载控制器发送待认证签名,以便车载控制器根据BLS签名算法,对待认证签名进行认证,得到认证结果。In an eighth aspect, the present application also provides an authentication device for a vehicle-mounted sensor. The device includes: an acquisition unit for acquiring the private key information and the information to be signed of the vehicle-mounted sensor to be authenticated; and a generating unit for obtaining the private key information and the information to be signed according to the BLS signature algorithm, The information to be signed and the private key information generate the signature to be authenticated; the sending unit is used to send the signature to be authenticated to the on-board controller so that the on-board controller authenticates the signature to be authenticated according to the BLS signature algorithm to obtain the authentication result.
一种可能的实现方式中,获取单元具体用于:获取车云服务器发送的待认证车载传感器的私钥信息,其中,私钥信息是由车云服务器根据BLS签名算法生成的。In a possible implementation manner, the obtaining unit is specifically configured to obtain the private key information of the vehicle-mounted sensor to be authenticated sent by the car cloud server, where the private key information is generated by the car cloud server according to the BLS signature algorithm.
一种可能的实现方式中,生成单元包括:第一生成子单元,用于根据待签名信息生成哈希摘要;第二生成子单元,用于根据BLS签名算法生成哈希摘要的曲线哈希值;第三生成子单元,用于根据曲线哈希值和私钥信息生成待认证签名。In a possible implementation manner, the generating unit includes: a first generating subunit for generating a hash digest according to the information to be signed; a second generating subunit for generating a curve hash value of the hash digest according to the BLS signature algorithm ; The third generation subunit is used to generate the signature to be authenticated according to the curve hash value and the private key information.
第九方面,本申请还提供了一种车载传感器的认证设备,该设备包括存储器、处理器;In a ninth aspect, the present application also provides a vehicle-mounted sensor authentication device, which includes a memory and a processor;
存储器,用于存储指令;处理器,用于执行存储器中的所述指令,执行上述第一方面的任意一项方法。The memory is used to store instructions; the processor is used to execute the instructions in the memory and execute any one of the methods in the first aspect.
第十方面,本申请还提供了一种车载传感器的认证设备,该设备包括存储器、处理器;In a tenth aspect, the present application also provides a vehicle-mounted sensor authentication device, which includes a memory and a processor;
存储器,用于存储指令;处理器,用于执行存储器中的指令,执行上述第二方面的任意一项方法。The memory is used to store instructions; the processor is used to execute the instructions in the memory and execute any one of the methods in the second aspect described above.
第十一方面,本申请还提供了一种车载传感器的认证设备,该设备包括存储器、处理器;In an eleventh aspect, the present application also provides a vehicle-mounted sensor authentication device, which includes a memory and a processor;
存储器,用于存储指令;处理器,用于执行存储器中的指令,执行上述第三方面的任意一项方法。The memory is used to store instructions; the processor is used to execute the instructions in the memory and execute any one of the methods in the third aspect.
第十二方面,本申请还提供了一种计算机可读存储介质,包括指令,当其在计算机上运行时,使得计算机执行上述任意一项方法。In a twelfth aspect, this application also provides a computer-readable storage medium, including instructions, which when run on a computer, cause the computer to execute any of the above methods.
从以上技术方案可以看出,本申请实施例具有以下优点:It can be seen from the above technical solutions that the embodiments of the present application have the following advantages:
本申请实施例在进行车载传感器的认证时,车载控制器首先从车云服务器获取待认证车载传感器的公钥信息,然后接收待认证车载传感器发送的待认证签名;进而车载控制器可以根据BLS签名算法,利用获取到的公钥信息,对该待认证签名进行认证,以获得认证结果。可见,由于本申请中的车载控制器是根据成熟的BLS签名算法,利用从车云服务器获取的公钥对待认证签名进行认证,来准确识别出待认证车载传感器的真伪,因此,相较于目前利用贴附在传感器设备上的电磁安全芯片来认证传感器设备的方法以及依赖通信双方共享同一密钥来进行传感器认证的方法而言,无需增加任何硬件,即可实现对车辆上大量车载传感器的快速、准确认证,不仅降低了认证成本,而且也提高了认证效率和准确性,进而保证了智能驾驶车辆的安全行驶。In the embodiment of the present application, when the vehicle-mounted sensor is authenticated, the vehicle-mounted controller first obtains the public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server, and then receives the to-be-authenticated signature sent by the vehicle-mounted sensor to be authenticated; the vehicle-mounted controller can then sign according to the BLS The algorithm uses the obtained public key information to authenticate the signature to be authenticated to obtain the authentication result. It can be seen that, because the on-board controller in this application uses the public key obtained from the car cloud server to authenticate the signature to be authenticated according to the mature BLS signature algorithm, so as to accurately identify the authenticity of the on-board sensor to be authenticated. Therefore, compared with At present, the method of authenticating the sensor device using the electromagnetic security chip attached to the sensor device and the method of relying on the two communicating parties to share the same key for sensor authentication can realize the detection of a large number of on-board sensors on the vehicle without adding any hardware. Fast and accurate certification not only reduces certification costs, but also improves certification efficiency and accuracy, thereby ensuring the safe driving of intelligent driving vehicles.
附图说明Description of the drawings
为了更清楚地说明本申请实施例中的技术方案,下面将对实施例描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请中记载的一些实施例,对于本领域普通技术人员来讲,还可以根据这些附图获得其他的附图。In order to more clearly describe the technical solutions in the embodiments of the present application, the following will briefly introduce the drawings needed in the description of the embodiments. Obviously, the drawings in the following description are only some of the implementations recorded in the present application. For example, for those of ordinary skill in the art, other drawings can be obtained based on these drawings.
图1为本申请实施例提供的车载传感器的认证系统的结构框图;FIG. 1 is a structural block diagram of an authentication system for a vehicle-mounted sensor according to an embodiment of the application;
图2为本申请实施例提供的一种车载传感器的认证方法的流程图;FIG. 2 is a flowchart of a method for authenticating a vehicle-mounted sensor according to an embodiment of the application;
图3为本申请实施例提供的对待认证车载传感器的待认证签名认证的示意图;FIG. 3 is a schematic diagram of signature verification to be verified for a vehicle-mounted sensor to be verified according to an embodiment of the application;
图4为本申请实施例提供的另一种车载传感器的认证方法的流程图;FIG. 4 is a flowchart of another vehicle-mounted sensor authentication method provided by an embodiment of the application;
图5为本申请实施例提供的又一种车载传感器的认证方法的流程图;FIG. 5 is a flowchart of yet another vehicle-mounted sensor authentication method provided by an embodiment of the application;
图6为本申请实施例提供的曲线哈希值的生成示意图;FIG. 6 is a schematic diagram of generating a curve hash value provided by an embodiment of the application;
图7为本申请实施例提供的待认证签名的生成示意图;FIG. 7 is a schematic diagram of generating a signature to be authenticated according to an embodiment of the application;
图8为本申请实施例提供的车载传感器的认证方法的交互流程图;FIG. 8 is an interaction flowchart of an authentication method for a vehicle-mounted sensor according to an embodiment of the application;
图9为本申请实施例提供的另外一个车载传感器的认证系统的结构框图;FIG. 9 is a structural block diagram of another vehicle-mounted sensor authentication system provided by an embodiment of the application;
图10为本申请实施例提供的一种车载传感器的认证装置的结构框图;FIG. 10 is a structural block diagram of an authentication device for a vehicle-mounted sensor according to an embodiment of the application;
图11为本申请实施例提供的另一种车载传感器的认证装置的结构框图;11 is a structural block diagram of another vehicle-mounted sensor authentication device provided by an embodiment of the application;
图12为本申请实施例提供的又一种车载传感器的认证装置的结构框图;FIG. 12 is a structural block diagram of yet another vehicle-mounted sensor authentication device provided by an embodiment of the application;
图13为本申请实施例提供的一种车载传感器的认证设备的结构示意图;FIG. 13 is a schematic structural diagram of an authentication device for a vehicle-mounted sensor according to an embodiment of the application;
图14为本申请实施例提供的另一种车载传感器的认证设备的结构示意图;14 is a schematic structural diagram of another vehicle-mounted sensor authentication device provided by an embodiment of the application;
图15为本申请实施例提供的又一种车载传感器的认证设备的结构示意图。FIG. 15 is a schematic structural diagram of yet another vehicle-mounted sensor authentication device provided by an embodiment of the application.
具体实施方式Detailed ways
本申请实施例提供了一种车载传感器的认证方法、装置及系统,用于提高车载传感器的认证效率和准确性,降低认证成本,进而保证智能驾驶车辆的安全行驶。The embodiments of the present application provide an authentication method, device, and system for vehicle-mounted sensors, which are used to improve the authentication efficiency and accuracy of vehicle-mounted sensors, reduce authentication costs, and thereby ensure safe driving of intelligent driving vehicles.
下面结合附图,对本申请的实施例进行描述。The embodiments of the present application will be described below in conjunction with the drawings.
参见图1,其示出了本申请实施例提供的车载传感器的认证系统结构框图,该认证系统包括车云服务器101、待认证车载传感器102和车载控制器103。车云服务器101与待认证车载传感器102连接,车云服务器101与车载控制器103连接,待认证车载传感器102与车载控制器103连接。上述“连接”可以是直接连接,也可以是间接连接。尤其是车云服务器101与待认证车载传感器102之间的连接,车云服务器101与待认证车载传感器102之间可以有其他供应商服务器。Referring to FIG. 1, it shows a structural block diagram of a vehicle-mounted sensor authentication system provided by an embodiment of the present application. The authentication system includes a vehicle cloud server 101, a vehicle-mounted sensor 102 to be authenticated, and a vehicle-mounted controller 103. The vehicle cloud server 101 is connected to the vehicle-mounted sensor 102 to be certified, the vehicle cloud server 101 is connected to the vehicle-mounted controller 103, and the vehicle-mounted sensor 102 to be certified is connected to the vehicle-mounted controller 103. The above-mentioned "connection" may be a direct connection or an indirect connection. Especially for the connection between the car cloud server 101 and the vehicle-mounted sensor 102 to be certified, there may be other provider servers between the vehicle cloud server 101 and the vehicle-mounted sensor 102 to be certified.
其中,从硬件实现上来讲,车云服务器101是指具有存储功能和能够与车载控制器103通信以及能够与待认证车载传感器102通信,并为待认证车载传感器102和车载控制器103提供数据支持的服务设备。车云服务器101例如可以是简单高效、安全可靠、处理能力可弹性伸缩的计算服务,车厂在实际部署车云服务器101时,可以采用独立的设备,也可以采用集群服务器来实现。Among them, in terms of hardware implementation, the car cloud server 101 has storage functions and can communicate with the car controller 103 and can communicate with the car sensor 102 to be authenticated, and provides data support for the car sensor 102 to be authenticated and the car controller 103 Service equipment. The car cloud server 101 may be, for example, a simple, efficient, safe, reliable, and elastically scalable computing service. When the car factory actually deploys the car cloud server 101, it can use independent equipment or a cluster server to implement it.
而待认证车载传感器102是指安装在车辆上的各种感知传感器,例如可以是惯性测量单元(inertial measurement unit,IMU)、激光雷达传感器、相机传感器、毫米波雷达传感器等。车载控制器103是指用于控制车身电器系统的控制设备,例如可以是电子控制单元(electronic control unit,ECU)。The vehicle-mounted sensor 102 to be certified refers to various sensing sensors installed on the vehicle, such as an inertial measurement unit (IMU), a lidar sensor, a camera sensor, a millimeter wave radar sensor, and the like. The on-board controller 103 refers to a control device used to control the electrical system of the vehicle body, and may be, for example, an electronic control unit (ECU).
在本申请实施例中,车云服务器101首先用于获取车厂发送的车辆信息或者传感器供应商发送的传感器批次信息等,作为待签名信息,然后根据成熟的BLS(Boneh-Lynn-Shacham)签名算法生成待认证车载传感器102的私钥信息和公钥信息,并将生成的私钥信息以及待签名信息发送给对应的待认证车载传感器102,同时,将生成的公钥信息发送给车载控制器103。而待认证车载传感器102则用于在接收到车云服务器101发送的私钥信息以及待签名信息后,根据BLS签名算法、待签名信息以及私钥信息生成待认证签名,然后将该待认证签名发送给车载控制器103。在此基础上,车载控制器103则用于根据成熟的BLS签名算法,利用接收到的公钥信息,对待认证车载传感器102发送的待认证签名进行认证,进而可以获得对待认证车载传感器102的认证结果。In the embodiment of the present application, the car cloud server 101 is first used to obtain vehicle information sent by a car factory or sensor batch information sent by a sensor supplier as the information to be signed, and then sign according to the mature BLS (Boneh-Lynn-Shacham) The algorithm generates the private key information and public key information of the vehicle-mounted sensor 102 to be authenticated, and sends the generated private key information and the information to be signed to the corresponding vehicle-mounted sensor 102 to be authenticated, and at the same time, sends the generated public key information to the vehicle controller 103. The vehicle-mounted sensor 102 to be authenticated is used to generate the signature to be authenticated according to the BLS signature algorithm, the information to be signed, and the private key information after receiving the private key information and the information to be signed sent by the car cloud server 101, and then the signature to be authenticated Send to the onboard controller 103. On this basis, the on-board controller 103 is used to authenticate the signature to be authenticated sent by the on-board sensor 102 to be authenticated by using the received public key information according to the mature BLS signature algorithm, so as to obtain the certification of the on-board sensor 102 to be authenticated. result.
需要注意的是,上述应用场景仅是为了便于理解本申请而示出,本申请的实施方式在此方面不受任何限制。相反,本申请的实施方式可以应用于适用的任何场景。It should be noted that the above application scenarios are only shown to facilitate the understanding of this application, and the implementation of this application is not limited in this respect. On the contrary, the embodiments of the present application can be applied to any applicable scenarios.
基于以上应用场景,本申请实施例提供了一种车载传感器的认证方法,下面对该方法进行介绍。Based on the above application scenarios, an embodiment of the present application provides an authentication method for a vehicle-mounted sensor, which is introduced below.
S201:从车云服务器获取待认证车载传感器的公钥信息。S201: Obtain the public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server.
在本申请实施例中,为了实现对待认证车载传感器的准确认证,车载控制器首先需要从车云服务器获取待认证车载传感器的公钥信息,此处将该公钥信息定义为pk。其中,公钥信息pk和待认证传感器的批次信息相关联。待认证传感器的批次信息指的是表征待认证传感器唯一性的标识信息,例如可以包括待认证传感器的身份标识(Identity document,ID)信息或待认证传感器所在组信息等。In the embodiment of the present application, in order to achieve accurate authentication of the vehicle-mounted sensor to be authenticated, the vehicle-mounted controller first needs to obtain the public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server, where the public key information is defined as pk. Among them, the public key information pk is associated with the batch information of the sensor to be authenticated. The batch information of the sensor to be authenticated refers to identification information that characterizes the uniqueness of the sensor to be authenticated. For example, it may include identity document (ID) information of the sensor to be authenticated or group information of the sensor to be authenticated.
具体来讲,车载控制器从车云服务器获取到的待认证车载传感器的公钥信息pk是由车云服务器根据BLS签名算法预先生成的,且每一公钥信息pk对应一个私钥信息(此处将私钥信息定义为sk),二者构成一个公私钥对,具体计算公式如下:Specifically, the public key information pk of the vehicle-mounted sensor to be authenticated obtained by the vehicle-mounted controller from the vehicle cloud server is pre-generated by the vehicle cloud server according to the BLS signature algorithm, and each public key information pk corresponds to a private key information (this The office defines the private key information as sk), and the two constitute a public-private key pair. The specific calculation formula is as follows:
pk=sk*G             (1)pk=sk*G (1)
其中,pk表示公钥信息;G表示双线性曲线映射G’中的生成元,且G’为素数r阶乘法群;sk表示私钥信息,取值范围为[0,r-1]。Among them, pk represents the public key information; G represents the generator in the bilinear curve map G’, and G’ is the prime r factorial group; sk represents the private key information, with a value range of [0, r-1].
在此基础上,车云服务器在接收到传感器供应商发送的传感器批次信息(还可以包括车厂发送的车辆信息)后,可以将传感器批次信息作为待签名信息,此处将该待签名信息定义为m。利用预先生成的公钥信息pk和对应的私钥信息sk,与该待签名信息建立关联关系,并将其中的私钥信息sk和该待签名信息m发送给待认证传感器,需要说明的是,车云服务器也可以先将私钥信息sk和待签名信息m发送至传感器供应商服务器,再经由传感器供应商将私钥信息sk和待签名信息m通过产线烧录的方式,预置于同一批次的待认证传感器中。On this basis, after the car cloud server receives the sensor batch information sent by the sensor supplier (which may also include the vehicle information sent by the car factory), it can use the sensor batch information as the information to be signed, here the information to be signed Defined as m. Use the pre-generated public key information pk and the corresponding private key information sk to establish an association relationship with the information to be signed, and send the private key information sk and the information to be signed m to the sensor to be authenticated. It should be noted that, The car cloud server can also first send the private key information sk and the information to be signed m to the sensor supplier server, and then through the sensor supplier, the private key information sk and the information to be signed m are burned in the same production line. In the batch of sensors to be certified.
同时,车云服务器还会将预先生成的该私钥信息sk对应的公钥信息pk发送给车载控制器。需要说明的是,若当前车载控制器是被更换后的车载控制器,比如,若之前的车载控制器出现损坏,更新为新的车载控制器后,此时,当前车载控制器并未存储有车云服务器预先发送的公钥信息pk,在这种情况下,当前车载控制器则需要在接收到待认证传感器发送的待签名信息m(如传感器批次信息)后,根据该待签名信息m,从车云服务器处查询待认证车载传感器的公钥信息pk,即查询出与该待签名信息m相关联的公钥信息pk。At the same time, the car cloud server will also send the pre-generated public key information pk corresponding to the private key information sk to the vehicle controller. It should be noted that if the current on-board controller is a replaced on-board controller, for example, if the previous on-board controller is damaged and updated to a new on-board controller, at this time, the current on-board controller is not stored The public key information pk sent by the car cloud server in advance. In this case, the current on-board controller needs to receive the information to be signed m (such as sensor batch information) sent by the sensor to be authenticated, according to the information to be signed m , Query the public key information pk of the vehicle-mounted sensor to be authenticated from the car cloud server, that is, query the public key information pk associated with the to-be-signed information m.
或者,若待认证车载传感器是被更换后的传感器,比如,若之前的车载传感器出现损坏,更新为新的车载传感器作为待认证车载传感器后,此时,车载控制器并未存储有该待认证车载传感器对应的公钥信息pk,在这种情况下,车载控制器则需要在接收到该待认证传感器发送的待签名信息m(如传感器批次信息)后,根据该待签名信息m,从车云服务器处查询出与该待签名信息m相关联的公钥信息pk。Or, if the on-board sensor to be certified is a sensor that has been replaced, for example, if the previous on-board sensor is damaged, after updating to a new on-board sensor as the on-board sensor to be certified, the on-board controller does not store the on-board sensor to be certified. The public key information pk corresponding to the on-board sensor. In this case, the on-board controller needs to receive the to-be-signed information m (such as sensor batch information) sent by the to-be-certified sensor, according to the to-be-signed information m, from The car cloud server queries the public key information pk associated with the message m to be signed.
在本实施例的一种可能的实现方式中,车载控制器可以通过远程信息处理器(telematics box,TBOX)预先与车云服务器建立安全链接通道,进而可以通过该安全链接通道,链接到车云服务器预留的查询接口,查询出与待签名信息m相关联的公钥信息。或者,车载控制器也可以通过其他安全通道从车云服务器处查询待认证车载传感器对应的公钥信息,本申请实施例在此不再赘述。In a possible implementation of this embodiment, the on-board controller can establish a secure link channel with the car cloud server through a telematics box (TBOX) in advance, and then can link to the car cloud server through the secure link channel The query interface reserved by the server queries the public key information associated with the message m to be signed. Alternatively, the on-board controller can also query the public key information corresponding to the on-board sensor to be authenticated from the car cloud server through other secure channels, which will not be repeated in this embodiment of the application.
S202:接收待认证车载传感器发送的待认证签名。S202: Receive the to-be-verified signature sent by the to-be-verified on-board sensor.
在本申请实施例中,为了实现对待认证车载传感器的准确认证,车载控制器还需要接 收待认证车载传感器发送的待认证签名,此处将该待认证签名定义为S,用以执行后续步骤S203。In this embodiment of the application, in order to achieve accurate authentication of the vehicle-mounted sensor to be authenticated, the vehicle-mounted controller also needs to receive the to-be-authenticated signature sent by the vehicle-mounted sensor to be authenticated. Here, the to-be-authenticated signature is defined as S to perform the subsequent step S203. .
其中,待认证签名S是待认证传感器根据BLS签名算法、待签名信息m以及待认证传感器的私钥信息sk生成,具体计算公式如下:Among them, the signature S to be authenticated is generated by the sensor to be authenticated according to the BLS signature algorithm, the information to be signed m, and the private key information sk of the sensor to be authenticated. The specific calculation formula is as follows:
S=sk*H(m)           (2)S=sk*H(m) (2)
其中,S表示待认证传感器生成的待认证签名;sk表示待认证传感器的私钥信息;H(m)表示根据待签名信息m生成的曲线哈希值,具体生成过程请参见后续实施例的介绍。Among them, S represents the signature to be authenticated generated by the sensor to be authenticated; sk represents the private key information of the sensor to be authenticated; H(m) represents the curve hash value generated according to the information m to be signed. For the specific generation process, please refer to the introduction of subsequent embodiments .
S203:根据BLS签名算法,利用公钥信息,对待认证签名进行认证,获得认证结果。S203: According to the BLS signature algorithm, the public key information is used to authenticate the signature to be authenticated to obtain an authentication result.
在本申请实施例中,通过步骤S201获取到待认证车载传感器的公钥信息pk,以及通过步骤S202接收到待认证车载传感器发送的待认证签名S后,进一步可以根据BLS签名算法,利用获取到的公钥信息pk,对接收到的待认证签名S进行认证,获得认证结果。In this embodiment of the application, after obtaining the public key information pk of the vehicle-mounted sensor to be authenticated through step S201, and receiving the signature S sent by the vehicle-mounted sensor to be authenticated through step S202, the obtained signature can be further used according to the BLS signature algorithm. The public key information pk of, authenticates the received signature S to be authenticated, and obtains the authentication result.
具体来讲,由于BLS签名算法中具有一个特殊的配对函数,能够把双线性曲线上的两个点P和Q映射为一个数n,即e(P,Q)→n,并且该配对函数还有一个特性为:对于未知数x来说,将其代入该配对函数中,无论将其与曲线上的P和Q哪个点相乘,得到的结果均相同(映射为同一个数),即e(x×P,Q)=e(P,x×Q)。进一步的,基于该等式,还可以保证如下公式(3)所示的等式成立,具体推算过程与现有方法一致,在此不再赘述。Specifically, because the BLS signature algorithm has a special pairing function, the two points P and Q on the bilinear curve can be mapped to a number n, that is, e(P,Q)→n, and the pairing function There is also a feature: for the unknown number x, substituting it into the pairing function, no matter which point it is multiplied by P and Q on the curve, the result is the same (mapped to the same number), that is, e (x×P, Q)=e(P, x×Q). Furthermore, based on this equation, it can also be ensured that the equation shown in the following equation (3) is established, and the specific calculation process is consistent with the existing method, and will not be repeated here.
e(a×P,b×Q)=e(P,a×b×Q)=e(a×b×P,Q)=e(P,Q)×(a,b)    (3)e(a×P,b×Q)=e(P,a×b×Q)=e(a×b×P,Q)=e(P,Q)×(a,b) (3)
因此,为了实现对待认证车载传感器的待认证签名S的认证,可以基于上述公式(1)、(2)和(3),利用获取到的待认证车载传感器的公钥信息pk、曲线哈希值H(m)以及待认证签名S,判断下述公式(4)中等号两侧的计算结果是否相等:Therefore, in order to realize the authentication of the signature S to be authenticated for the vehicle-mounted sensor to be authenticated, the public key information pk and the curve hash value of the vehicle-mounted sensor to be authenticated can be used based on the above formulas (1), (2) and (3). H(m) and the signature S to be authenticated, determine whether the calculation results on both sides of the equal sign in the following formula (4) are equal:
e(pk,H(m))=e(sk×G,H(m))=e(G,sk×H(m))=e(G,S)      (4)e(pk,H(m))=e(sk×G,H(m))=e(G,sk×H(m))=e(G,S) (4)
若上述公式(4)中等号两侧的计算结果相等,则表明双线性曲线上公钥信息pk对应的点和曲线哈希值对应的点映射的数,与双线性曲线上曲线生成元G对应的点和待认证签名S对应的点映射的数是同一个数,如图3所示,图中所有箭头指向的为同一点。此时,则表明待认证传感器认证通过,车载控制器可以与该传感器进行正常通信。If the calculation results on both sides of the equal sign in the above formula (4) are equal, it indicates that the number of points corresponding to the public key information pk on the bilinear curve and the point corresponding to the hash value of the curve is mapped to the curve generator on the bilinear curve. The number of points corresponding to G and the number of points corresponding to the signature S to be authenticated is the same number, as shown in Figure 3, where all arrows in the figure point to the same point. At this time, it indicates that the sensor to be authenticated has passed the authentication, and the on-board controller can communicate with the sensor normally.
若上述公式(4)中等号两侧的计算结果不相等,则表明双线性曲线上公钥信息pk对应的点和曲线哈希值H(m)对应的点映射的数,与双线性曲线上曲线生成元G对应的点和待认证签名S对应的点映射的数不是同一个数,即图3中所有箭头指向不为同一点。此时,表明该待认证传感器认证不通过,即,该待认证传感器可能出现了故障,车载控制器无法与该传感器进行正常通信,进一步的,可以将该认证传感器出现故障的情况进行上报,以便尽早对其进行故障处理,保证智能驾驶车辆的安全行驶。If the calculation results on both sides of the equal sign in the above formula (4) are not equal, it indicates that the number of points corresponding to the public key information pk on the bilinear curve and the point corresponding to the curve hash value H(m) is the same as that of the bilinear curve. The number of points corresponding to the curve generator G on the curve and the point corresponding to the signature S to be authenticated are not the same number, that is, all the arrows in FIG. 3 point to the same point. At this time, it indicates that the authentication of the sensor to be authenticated has not passed, that is, the sensor to be authenticated may be malfunctioning, and the on-board controller cannot communicate with the sensor normally. Further, the malfunction of the authentication sensor can be reported to facilitate Troubleshoot them as soon as possible to ensure the safe driving of intelligent driving vehicles.
在本实施例的一种可能的实现方式中,若在步骤S202中,车载控制器接收多个待认证车载传感器发送的待认证签名,则步骤S203的具体实现过程可以包括下述步骤A1-A2:In a possible implementation of this embodiment, if in step S202, the on-board controller receives the signatures to be authenticated sent by multiple on-board sensors to be authenticated, the specific implementation process of step S203 may include the following steps A1-A2 :
步骤A1:将多个待认证签名进行聚合,得到聚合后的待认证签名结果。Step A1: Aggregate multiple signatures to be authenticated to obtain an aggregated signature result to be authenticated.
在本实现方式中,若车载控制器接收了多个待认证车载传感器发送的待认证签名,则为了提高认证效率,可以先将接收到的这些待认证签名进行聚合处理,以得到聚合后的待认证签名结果。比如,可以先将这些待认证签名相加,得到相加后的待认证签名结果,用以执行后续步骤A2。In this implementation, if the on-board controller receives the signatures to be authenticated sent by multiple on-board sensors to be authenticated, in order to improve the authentication efficiency, the received signatures to be authenticated can be aggregated to obtain the aggregated signatures to be authenticated. Authentication signature result. For example, these signatures to be verified can be added first to obtain the added signature result to be verified, which is used to perform the subsequent step A2.
举例说明:假设车载控制器接收了n个待认证签名,分别为S1、S2、…、Sn,且这n个待认证签名分别是由n个待认证车载传感器发送的各自的待认证签名。此时,可以将这n个待认证签名相加,得到相加后的待认证签名结果S,即S=S1+S2+…+Sn,用以执行后续步骤A2,实现对这n个待认证车载传感器的认证。For example: suppose that the vehicle-mounted controller receives n signatures to be verified, namely S1, S2, ..., Sn, and the n signatures to be verified are the respective signatures to be verified sent by n vehicle-mounted sensors to be verified. At this time, the n signatures to be certified can be added to obtain the summed signature result S to be certified, namely S=S1+S2+...+Sn, which is used to perform the subsequent step A2 to realize the verification of the n vehicles to be certified Sensor certification.
步骤A2:根据BLS签名算法,利用公钥信息,对聚合后的待认证签名结果进行认证,获得认证结果。Step A2: According to the BLS signature algorithm, the public key information is used to authenticate the aggregated signature result to be authenticated, and the authentication result is obtained.
在本实现方式中,通过步骤A1得到聚合后的待认证签名结果后,可以将该签名结果代入上述公式(4),以判断公式(4)是否成立,若成立,则说明这多个待认证车载传感器认证通过,反之,则表明认证不通过。In this implementation, after the aggregated signature result to be authenticated is obtained through step A1, the signature result can be substituted into the above formula (4) to determine whether the formula (4) is established. If it is established, it means that the plurality of signatures to be authenticated On-board sensor certification is passed, otherwise, it means that the certification is not passed.
具体来讲,若通过步骤A1得到聚合后的待认证签名结果为S,且S=S1+S2+…+Sn,则根据聚合认证原理,将S代入上述公式(4),并基于上述公式(1)、(2)和(3),可以得到如下计算结果:Specifically, if the result of the signature to be verified after aggregation obtained through step A1 is S, and S=S1+S2+...+Sn, then according to the principle of aggregation authentication, S is substituted into the above formula (4), and based on the above formula (1 ), (2) and (3), the following calculation results can be obtained:
Figure PCTCN2020115732-appb-000001
Figure PCTCN2020115732-appb-000001
若通过计算得到的计算结果使得上述公式(5)成立,则表明这n个待认证车载传感器认证通过,车载控制器可以与这n个传感器进行正常通信。反之,则表明n个待认证车载传感器认证不通过,车载控制器无法与这n个传感器进行正常通信,需要尽早对其进行故障处理,以保证智能驾驶车辆的安全行驶。If the calculation result obtained by the calculation makes the above formula (5) valid, it indicates that the n on-board sensors to be authenticated have passed the certification, and the on-board controller can communicate with the n sensors normally. On the contrary, it indicates that the n vehicle-mounted sensors to be authenticated are not authenticated, and the vehicle-mounted controller cannot communicate with these n sensors normally, and it needs to troubleshoot them as soon as possible to ensure the safe driving of the intelligent driving vehicle.
在本实施例的一种可能的实现方式中,若在步骤S202中,车载控制器接收多个待认证车载传感器发送的待认证签名,则步骤S203的具体实现过程还可以包括下述步骤B1-B2:In a possible implementation of this embodiment, if in step S202, the on-board controller receives the signatures to be authenticated sent by multiple on-board sensors to be authenticated, the specific implementation process of step S203 may also include the following steps B1- B2:
步骤B1:将第一组中的所有待认证签名进行聚合,得到第一组聚合后的待认证签名结果。Step B1: Aggregate all signatures to be authenticated in the first group to obtain the signature result to be authenticated after aggregation of the first group.
在本实现方式中,若车载控制器接收了多个待认证车载传感器发送的待认证签名,则为了提高认证效率,可以先将接收到的这些待认证签名进行分组,并且,为了对出现故障的传感器类型进行准确定位,可以将这些待认证签名按照各自所属待认证传感器的类型进行分组,并对每一待认证签名进行标号,比如,可以将所有待认证的雷达传感器分为一组,并对该组中所有待认证的雷达传感器生成的待认证签名进行标号,例如,可以将该组中包含的5个待认证雷达传感器生成的5个待认证签名分别标号为1、2、3、4、5。In this implementation, if the on-board controller receives the signatures to be authenticated sent by multiple on-board sensors to be authenticated, in order to improve the authentication efficiency, the received signatures to be authenticated can be grouped first, and in order to identify the faulty signatures. For accurate positioning of sensor types, these signatures to be certified can be grouped according to their respective types of sensors to be certified, and each signature to be certified can be labeled. For example, all radar sensors to be certified can be grouped together, and The signatures to be certified generated by all the radar sensors to be certified in the group are labeled. For example, the 5 signatures to be certified generated by the 5 radar sensors to be certified in the group can be labeled as 1, 2, 3, 4, and 4, respectively. 5.
进一步的,可以将每一分组中所有待认证签名进行聚合,得到每一分组聚合后的 待认证签名结果,具体过程与步骤A1类似,相关内容请参见步骤A1。Further, all signatures to be verified in each group can be aggregated to obtain the result of signatures to be verified after aggregation of each group. The specific process is similar to step A1. For related content, please refer to step A1.
其中,以各个分组中的第一组为例,第一组中包含的待认证签名的个数小于接收到的多个待认证车载传感器发送的待认证签名的总个数,例如,若接收到的多个待认证车载传感器发送的待认证签名的总个数为10,则第一组中包含的待认证签名的个数小于10。通过对第一组中的所有待认证签名进行聚合,可以得到该第一组聚合后的待认证签名结果,用以执行后续步骤B2。Among them, taking the first group in each group as an example, the number of signatures to be authenticated contained in the first group is less than the total number of signatures to be authenticated sent by multiple on-vehicle sensors to be authenticated. For example, if the received The total number of signatures to be verified sent by the plurality of on-board sensors to be verified is 10, and the number of signatures to be verified included in the first group is less than 10. By aggregating all the signatures to be verified in the first group, the result of the signatures to be verified after the aggregation of the first group can be obtained, which is used to execute the subsequent step B2.
步骤B2:根据BLS签名算法,利用公钥信息,对第一组聚合后的待认证签名结果进行认证,获得认证结果。Step B2: According to the BLS signature algorithm, the public key information is used to authenticate the first group of aggregated signature results to be authenticated to obtain the authentication result.
在本实现方式中,通过步骤B1得到第一组聚合后的待认证签名结果后,可以将该签名结果代入上述公式(5),以判断公式(5)是否成立,若成立,则说明这第一组中包含的所有待认证车载传感器认证通过,反之,则表明认证不通过。In this implementation, after the first group of aggregated signature results to be verified is obtained through step B1, the signature result can be substituted into the above formula (5) to determine whether the formula (5) is established. All on-board sensors to be certified in a group have passed the certification, otherwise, it indicates that the certification has not passed.
具体来讲,若通过步骤B1得到第一组聚合后的待认证签名结果为S (1),且S (1)=S 1+S 2+…+S i,则根据聚合认证原理,将S (1)代入上述公式(5),可以得到如下计算结果: Specifically, if the first group of aggregated signature results to be authenticated is S (1) obtained through step B1, and S (1) = S 1 + S 2 +...+S i , then according to the principle of aggregation authentication, S (1) Substituting the above formula (5), the following calculation results can be obtained:
e(G,S (1))=e(pk 1,H(m 1))×e(pk 2,H(m 2))×...×e(pk i,H(m i))    (6) e(G,S (1) )=e(pk 1 ,H(m 1 ))×e(pk 2 ,H(m 2 ))×...×e(pk i ,H(m i )) ( 6)
若通过计算得到的计算结果使得上述公式(6)成立,则表明这第一组中的i个待认证车载传感器认证通过,车载控制器可以与这i个传感器进行正常通信。反之,则表明这第一组中的i个待认证车载传感器认证不通过,车载控制器无法与这i个传感器进行正常通信,需要尽早对其进行故障处理,以保证智能驾驶车辆的安全行驶。If the calculation result obtained by the calculation makes the above formula (6) true, it indicates that the i vehicle-mounted sensors to be authenticated in the first group are authenticated, and the vehicle-mounted controller can communicate with the i sensors normally. On the contrary, it indicates that the i vehicle-mounted sensors to be authenticated in the first group are not authenticated, and the vehicle-mounted controller cannot communicate with the i sensors normally, and it is necessary to troubleshoot them as soon as possible to ensure the safe driving of the intelligent driving vehicle.
同理,可以对其他分组包含的待认证车载传感器进行认证,得到认证结果,比如,若通过步骤B1得到第二组聚合后的待认证签名结果为S (2),且S (2)=S i+1+S i+2+…+S j,则根据聚合认证原理,将S (2)代入上述公式(5),可以得到如下计算结果: In the same way, the vehicle-mounted sensors to be authenticated contained in other groups can be authenticated to obtain the authentication result. For example, if the second group of aggregated signature results to be authenticated is S (2) through step B1, and S (2) = S i+1 +S i+2 +…+S j , according to the principle of aggregation authentication, substituting S (2) into the above formula (5), the following calculation results can be obtained:
e(G,S (2))=e(pk i+1,H(m i+1))×e(pk i+2,H(m i+2))×...×e(pk j,H(m j))   (7) e(G,S (2) )=e(pk i+1 ,H(m i+1 ))×e(pk i+2 ,H(m i+2 ))×...×e(pk j ,H(m j )) (7)
同理,若通过计算得到的计算结果使得上述公式(7)成立,则表明这第二组中的j-i个待认证车载传感器认证通过,车载控制器可以与这j-i个传感器进行正常通信。反之,则表明这第二组中的j-i个待认证车载传感器认证不通过,车载控制器无法与这j-i个传感器进行正常通信,需要尽早对其进行故障处理,以保证智能驾驶车辆的安全行驶。Similarly, if the calculation result obtained by calculation makes the above formula (7) true, it indicates that the j-i on-board sensors to be authenticated in the second group have passed the certification, and the on-board controller can communicate with these j-i sensors normally. On the contrary, it indicates that the j-i on-board sensors to be authenticated in the second group are not authenticated, and the on-board controller cannot communicate with these j-i sensors normally, and it is necessary to troubleshoot them as soon as possible to ensure the safe driving of the intelligent driving vehicle.
这样,通过上述分组聚合认证的方式,可以对每一组聚合的待认证签名结果进行同步认证,并且,当出现认证不通过时,可以根据分组的类型和标号,快速、准确地定位到出现故障的待认证传感器。从而能够提高车载传感器的认证效率和准确性,降低认证成本,进而保证智能驾驶车辆的安全行驶。In this way, through the above group aggregation authentication method, each group of aggregated signature results to be authenticated can be simultaneously authenticated, and when the authentication fails, the fault can be quickly and accurately located according to the group type and label. The sensor to be certified. Thereby, the authentication efficiency and accuracy of the vehicle-mounted sensor can be improved, the authentication cost can be reduced, and the safe driving of the intelligent driving vehicle can be ensured.
综上,本实施例提供的一种车载传感器的认证方法,在进行车载传感器的认证时,车载控制器首先从车云服务器获取待认证车载传感器的公钥信息,然后接收待认证车载传感器发送的待认证签名;进而车载控制器可以根据BLS签名算法,利用获取到的 公钥信息,对该待认证签名进行认证,以获得认证结果。可见,由于本申请中的车载控制器是根据成熟的BLS签名算法,利用从车云服务器获取的公钥对待认证签名进行认证,来准确识别出待认证车载传感器的真伪,因此,相较于目前利用贴附在传感器设备上的电磁安全芯片来认证传感器设备的方法以及依赖通信双方共享同一密钥来进行传感器认证的方法而言,无需增加任何硬件,即可实现对车辆上大量车载传感器的快速、准确认证,不仅降低了认证成本,而且也提高了认证效率和准确性,进而保证了智能驾驶车辆的安全行驶。In summary, in the method for authenticating a vehicle sensor provided in this embodiment, when performing vehicle sensor authentication, the vehicle controller first obtains the public key information of the vehicle sensor to be authenticated from the vehicle cloud server, and then receives the information sent by the vehicle sensor to be authenticated. Signature to be authenticated; in turn, the on-board controller can use the acquired public key information to authenticate the signature to be authenticated according to the BLS signature algorithm to obtain the authentication result. It can be seen that, because the on-board controller in this application uses the public key obtained from the car cloud server to authenticate the signature to be authenticated according to the mature BLS signature algorithm, so as to accurately identify the authenticity of the on-board sensor to be authenticated. Therefore, compared with At present, the method of authenticating the sensor device using the electromagnetic security chip attached to the sensor device and the method of relying on the two communicating parties to share the same key for sensor authentication can realize the detection of a large number of on-board sensors on the vehicle without adding any hardware. Fast and accurate certification not only reduces certification costs, but also improves certification efficiency and accuracy, thereby ensuring the safe driving of intelligent driving vehicles.
参见图4,该图为本申请实施例提供的另一种车载传感器的认证方法的流程图。下面对该方法进行介绍。Refer to FIG. 4, which is a flowchart of another vehicle-mounted sensor authentication method provided by an embodiment of the application. The method is described below.
S401:获取待认证车载传感器的待签名信息。S401: Obtain information to be signed of the vehicle-mounted sensor to be authenticated.
在本申请实施例中,为了实现对待认证车载传感器的准确认证,车云服务器首先需要从传感器供应商获取传感器批次信息,作为待签名信息,并且还可以从车厂获取车辆信息并根据该车辆信息,生成待签名信息,比如,车辆信息可以是车辆识别代码(vehicle identification number,VIN),则进一步的,可以利用随机数与VIN相加后的结果作为待签名信息。In the embodiment of this application, in order to achieve accurate authentication of the vehicle-mounted sensor to be certified, the car cloud server first needs to obtain the sensor batch information from the sensor supplier as the information to be signed, and can also obtain the vehicle information from the car factory and base it on the vehicle information. To generate the information to be signed, for example, the vehicle information can be a vehicle identification number (VIN), and further, the result of adding a random number and the VIN can be used as the information to be signed.
S402:根据BLS签名算法生成待认证车载传感器的私钥信息和公钥信息。S402: Generate private key information and public key information of the vehicle-mounted sensor to be authenticated according to the BLS signature algorithm.
在本申请实施例中,本步骤S402的实现过程与上述步骤S201中关于公式(1)的描述内容基本相同,此处不再赘述,相关内容请参见上文步骤S201。In the embodiment of the present application, the implementation process of this step S402 is basically the same as the description content of the formula (1) in the above step S201, and will not be repeated here. For related content, please refer to the above step S201.
S403:向待认证车载传感器发送待签名信息和私钥信息。S403: Send the information to be signed and the private key information to the vehicle-mounted sensor to be authenticated.
在本申请实施例中,通过步骤S401获取到待认证车载传感器的待签名信息,以及通过步骤S402生成待认证车载传感器的私钥信息后,进一步可以向待认证车载传感器发送待签名信息和私钥信息,以便待认证车载传感器根据BLS签名算法、待签名信息以及私钥信息生成待认证签名并向车载控制器发送所述待认证签名。其中,生成待认证签名的具体实现过程请参见后续实施例的介绍。In this embodiment of the application, after obtaining the signature information of the vehicle-mounted sensor to be authenticated through step S401, and generating the private key information of the vehicle-mounted sensor to be authenticated through step S402, the information to be signed and the private key can be further sent to the vehicle-mounted sensor to be authenticated Information, so that the vehicle-mounted sensor to be authenticated generates the signature to be authenticated according to the BLS signature algorithm, the information to be signed, and the private key information and sends the signature to be authenticated to the on-board controller. For the specific implementation process of generating the signature to be authenticated, please refer to the introduction of the subsequent embodiments.
S404:向车载控制器发送公钥信息。S404: Send the public key information to the vehicle controller.
在本申请实施例中,通过步骤S402生成待认证车载传感器的公钥信息后,进一步可以向车载控制器发送该公钥信息,以便车载控制器根据所述BLS签名算法和公钥信息,对待认证签名进行认证,得到认证结果。其中,车载控制器生成对待认证签名进行认证的具体实现过程请参见上文步骤S203的介绍,在此不再赘述。In the embodiment of the present application, after the public key information of the vehicle-mounted sensor to be authenticated is generated in step S402, the public key information may be further sent to the vehicle-mounted controller, so that the vehicle-mounted controller can be authenticated according to the BLS signature algorithm and public key information. Sign the authentication and get the authentication result. For the specific implementation process of the on-board controller generating the signature to be authenticated for authentication, please refer to the introduction of step S203 above, which will not be repeated here.
在本实施例的一种可能的实现方式中,车云服务器还需要开放公钥信息查询接口,以便车载控制器根据待认证车载传感器的待签名信息,从车云服务器处查询待认证车载传感器的公钥信息。In a possible implementation of this embodiment, the car cloud server also needs to open the public key information query interface, so that the on-board controller can query the car cloud server for the on-board sensor to be authenticated according to the signature information of the on-board sensor to be authenticated. Public key information.
具体来讲,在本实现方式中,若当前车载控制器是被更换后的车载控制器,比如,若之前的车载控制器出现损坏,更新为新的车载控制器后,此时,当前车载控制器并未存储有车云服务器预先发送的公钥信息,在这种情况下,当前车载控制器则需要在接收到待认证传感器发送的待签名信息后,根据该待签名信息,通过车云服务器预先 开放的公钥信息查询接口,从车云服务器处查询出待认证车载传感器的公钥信息,即查询出与该待签名信息相关联的公钥信息。Specifically, in this implementation, if the current on-board controller is a replaced on-board controller, for example, if the previous on-board controller is damaged, it will be updated to a new on-board controller. At this time, the current on-board controller The device does not store the public key information sent by the car cloud server in advance. In this case, the current on-board controller needs to receive the information to be signed from the sensor to be authenticated, and then use the car cloud server according to the information to be signed. The public key information query interface opened in advance can query the public key information of the vehicle-mounted sensor to be authenticated from the car cloud server, that is, query the public key information associated with the information to be signed.
或者,若待认证车载传感器是被更换后的传感器,比如,若之前的车载传感器出现损坏,更新为新的车载传感器作为待认证车载传感器后,此时,车载控制器并未存储有该待认证车载传感器对应的公钥信息,在这种情况下,车载控制器则需要在接收到该待认证传感器发送的待签名信息后,根据该待签名信息,通过车云服务器预先开放的公钥信息查询接口,从车云服务器处查询查询出与该待签名信息相关联的公钥信息。Or, if the on-board sensor to be certified is a sensor that has been replaced, for example, if the previous on-board sensor is damaged, after updating to a new on-board sensor as the on-board sensor to be certified, the on-board controller does not store the on-board sensor to be certified. The public key information corresponding to the vehicle-mounted sensor. In this case, the vehicle-mounted controller needs to query the public key information previously opened by the vehicle cloud server based on the information to be signed after receiving the information to be signed from the sensor to be authenticated. Interface to query the public key information associated with the information to be signed from the car cloud server.
参见图5,该图为本申请实施例提供的又一种车载传感器的认证方法的流程图。下面对该方法进行介绍。Refer to FIG. 5, which is a flowchart of yet another method for authenticating a vehicle-mounted sensor according to an embodiment of the application. The method is described below.
S501:获取待认证车载传感器的私钥信息和待签名信息。S501: Acquire private key information and information to be signed of the vehicle-mounted sensor to be authenticated.
在本申请实施例中,为了实现对待认证车载传感器的准确认证,待认证车载传感器首先需要获取车云服务器发送的私钥信息和待签名信息,其中,私钥信息是由车云服务器根据所述BLS签名算法生成的,具体生成过程请参见上文步骤S402的介绍,在此不再赘述。In this embodiment of the application, in order to achieve accurate authentication of the vehicle-mounted sensor to be authenticated, the vehicle-mounted sensor to be authenticated first needs to obtain the private key information and the information to be signed sent by the car cloud server, where the private key information is determined by the car cloud server according to the The BLS signature algorithm is generated. For the specific generation process, please refer to the introduction of step S402 above, which will not be repeated here.
S502:根据BLS签名算法、待签名信息以及私钥信息生成待认证签名。S502: Generate a signature to be authenticated according to the BLS signature algorithm, the information to be signed, and the private key information.
在本申请实施例中,通过步骤S501获取到待认证车载传感器的私钥信息和待签名信息后,可以根据成熟的BLS签名算法、待签名信息以及私钥信息生成待认证签名。In the embodiment of the present application, after obtaining the private key information and the information to be signed of the vehicle-mounted sensor to be authenticated in step S501, the signature to be authenticated can be generated according to the mature BLS signature algorithm, the information to be signed, and the private key information.
具体来讲,在本实施例的一种可能的实现方式中,本步骤S502的具体实现过程可以包括下述步骤C1-C3:Specifically, in a possible implementation manner of this embodiment, the specific implementation process of this step S502 may include the following steps C1-C3:
步骤C1:根据待签名信息生成哈希摘要;Step C1: Generate a hash digest according to the information to be signed;
在本实现方式中,待认证车载传感器在获取到待签名信息m后,可以对该待签名信息m进行数据处理,以生成该该待签名信息m对应的哈希摘要,比如,可以采用SHA256算法对待签名信息m进行数据处理,以生成哈希摘要。In this implementation, after obtaining the information m to be signed, the vehicle-mounted sensor to be authenticated can perform data processing on the information m to be signed to generate a hash digest corresponding to the information m to be signed. For example, the SHA256 algorithm can be used Data processing is performed on the signature information m to generate a hash digest.
步骤C2:根据BLS签名算法生成哈希摘要的曲线哈希值。Step C2: Generate the curve hash value of the hash digest according to the BLS signature algorithm.
在本实现方式中,通过步骤C1生成哈希摘要后,进一步可以根据BLS签名算法,将该哈希摘要作为点的横坐标值,查询出椭圆曲线上的对应点。通常来说,椭圆曲线包含有2 256个点,而采用的SHA256算法的值也恰好是256位。但对于一个有效的横坐标x来说,会对应查询出一正一负两个纵坐标y(即两个对应点坐标分别为(x,y)和(x,-y))。所以,在查询过程中,会有50%的概率在椭圆曲线上找到2个对应点,另50%的概率则一个点也查询不到,此时,则需要在该横坐标x后附加一个随机数后,再次进行查询,直至查询到两个对应点,并从中选择出纵坐标y较小的点作为最终的查询结果,以确定出最终的曲线哈希值。 In this implementation, after the hash digest is generated in step C1, the hash digest can be further used as the abscissa value of the point according to the BLS signature algorithm to query the corresponding point on the elliptic curve. Generally speaking, an elliptic curve contains 2 256 points, and the value of the SHA256 algorithm used is also exactly 256 bits. But for a valid abscissa x, one positive and one negative two ordinates y will be correspondingly queried (that is, the coordinates of the two corresponding points are (x, y) and (x, -y)). Therefore, in the query process, there will be a 50% probability that two corresponding points will be found on the elliptic curve, and another 50% probability will not be queried for a single point. In this case, you need to add a random number after the abscissa x After counting, the query is performed again until two corresponding points are queried, and the point with the smaller ordinate y is selected as the final query result to determine the final curve hash value.
举例说明:如图6所示,以在模为23的有限域上定义的椭圆曲线y 2=x 3+7为例。只有一半的横坐标x在椭圆曲线上能找到对应点。在求哈希摘要的曲线哈希值时,为确保能在椭圆曲线上找到对应点,可以在哈希摘要后附加一个数(比如0、1、2),若 查询不到对应点,则更换该附件数值并重新进行查询。比如,如果在哈希摘要后附加0(如图6中左侧箭头所示的hash(m||0))没有找到对应点,则继续尝试在哈希摘要后附加1(即图6中右侧箭头所示的hash(m||1)),以及在哈希摘要后附加2(即图6中中间箭头所示的hash(m||2))等,直到查询到两个对应点为止,并从中选择出纵坐标y较小的点作为最终的查询结果,以确定出最终的曲线哈希值,如图6中标示出的H(m)。 Example: As shown in Fig. 6, an elliptic curve y 2 =x 3 +7 defined on a finite field modulo 23 is taken as an example. Only half of the abscissa x can find the corresponding point on the elliptic curve. When calculating the curve hash value of the hash digest, in order to ensure that the corresponding point can be found on the elliptic curve, a number (such as 0, 1, 2) can be appended to the hash digest. If the corresponding point is not found, replace it The value of the attachment and re-query. For example, if 0 is appended to the hash digest (hash(m||0) as shown by the arrow on the left in Figure 6) and no corresponding point is found, then continue to try to append 1 to the hash digest (that is, the right in Figure 6). The hash(m||1)) shown by the side arrow, and the addition of 2 (that is, the hash(m||2) shown by the middle arrow in Figure 6) after the hash digest, etc., until two corresponding points are queried , And select the point with the smaller ordinate y as the final query result to determine the final curve hash value, as indicated by H(m) in Figure 6.
步骤C3:根据曲线哈希值和私钥信息生成待认证签名。Step C3: Generate a signature to be authenticated according to the curve hash value and the private key information.
在本实现方式中,通过步骤C2生成曲线哈希值H(m)后,待认证车载传感器可以根据该曲线哈希值H(m)和私钥信息sk生成待认证签名S,具体计算公式为上述公式(2),即S=sk*H(m),得到的待认证签名S仍为椭圆曲线上的一个点,如图7所示。In this implementation, after the curve hash value H(m) is generated in step C2, the vehicle-mounted sensor to be authenticated can generate the signature S to be authenticated according to the curve hash value H(m) and the private key information sk. The specific calculation formula is The above formula (2), that is, S=sk*H(m), the obtained signature S to be authenticated is still a point on the elliptic curve, as shown in FIG. 7.
S503:向车载控制器发送待认证签名,以便车载控制器根据BLS签名算法,对待认证签名进行认证,得到认证结果。S503: Send the signature to be authenticated to the on-board controller, so that the on-board controller authenticates the signature to be authenticated according to the BLS signature algorithm, and obtains the authentication result.
在本申请实施例中,通过步骤S502生成待认证签名后,进一步可以向车载控制器发送该待认证签名,以便车载控制器根据BLS签名算法和公钥信息,对改待认证签名进行认证,得到认证结果。其中,车载控制器生成对待认证签名进行认证的具体实现过程请参见上文步骤S203的介绍,在此不再赘述。In the embodiment of the present application, after the signature to be certified is generated in step S502, the signature to be certified can be further sent to the on-board controller, so that the on-board controller can authenticate the signature to be certified according to the BLS signature algorithm and public key information, and obtain Authentication result. For the specific implementation process of the on-board controller generating the signature to be authenticated for authentication, please refer to the introduction of step S203 above, which will not be repeated here.
为便于理解本申请提供的车载传感器的认证方法,参见图8,其示出了本申请实施例提供的车载传感器的认证方法的交互过程示意图,可以包括以下步骤:In order to facilitate the understanding of the on-board sensor authentication method provided by this application, refer to FIG. 8, which shows a schematic diagram of the interaction process of the on-board sensor authentication method provided in the embodiment of the present application, which may include the following steps:
S801:车云服务器获取待认证车载传感器的待签名信息。S801: The car cloud server obtains the to-be-signed information of the on-board sensor to be authenticated.
S802:车云服务器根据BLS签名算法生成待认证车载传感器的私钥信息和公钥信息。S802: The car cloud server generates private key information and public key information of the vehicle-mounted sensor to be authenticated according to the BLS signature algorithm.
S803:车云服务器向待认证车载传感器发送待签名信息和私钥信息。S803: The car cloud server sends the information to be signed and the private key information to the vehicle sensor to be authenticated.
S804:车云服务器向车载控制器发送公钥信息。S804: The car cloud server sends the public key information to the car controller.
需要说明的是,步骤S801-S804与上文步骤S401-S404一致,相关之处请参见上文步骤S401-S404的介绍,在此不再赘述。It should be noted that steps S801-S804 are the same as the above steps S401-S404. For details, please refer to the above introduction of steps S401-S404, which will not be repeated here.
S805:待认证车载传感器根据BLS签名算法、待签名信息以及私钥信息生成待认证签名。S805: The vehicle-mounted sensor to be authenticated generates a signature to be authenticated according to the BLS signature algorithm, the information to be signed, and the private key information.
S806:待认证车载传感器向车载控制器发送待认证签名。S806: The on-board sensor to be authenticated sends the signature to be authenticated to the on-board controller.
需要说明的是,步骤S805-S806与上文步骤S502-S503一致,相关之处请参见上文步骤S502-S503的介绍,在此不再赘述。It should be noted that steps S805-S806 are the same as steps S502-S503 above. For details, please refer to the introduction of steps S502-S503 above, which will not be repeated here.
S807:车载控制器根据BLS签名算法,利用公钥信息,对待认证签名进行认证,获得认证结果。S807: The on-board controller uses the public key information to authenticate the signature to be authenticated according to the BLS signature algorithm, and obtains the authentication result.
需要说明的是,本步骤S807与上文步骤S203一致,相关之处请参见上文步骤S203的介绍,在此不再赘述。It should be noted that this step S807 is consistent with the above step S203, and for relevant details, please refer to the introduction of the above step S203, which will not be repeated here.
这样,本申请实施例在进行车载传感器的认证时,车云服务器在获取到待认证车载传感器的待签名信息后,首先根据BLS签名算法生成待认证车载传感器的私钥信息和公钥信息,并将向待认证车载传感器待签名信息和私钥信息,以及向车载控制器发 送公钥信息;然后待认证车载传感器可以根据根据BLS签名算法、待签名信息以及私钥信息生成待认证签名,并将向车载控制器发送该待认证签名;进而车载控制器可以根据BLS签名算法,利用获取到的公钥信息,对该待认证签名进行认证,以获得认证结果。可见,本申请首先是由车云服务器基于成熟的BLS签名算法生成了待认证车载传感器的私钥和公钥以及待认证签名,然后再由车载控制器根据BLS签名算法,利用该公钥对待认证传感器生成的待认证签名进行认证,以准确识别出待认证车载传感器的真伪,因此,相较于目前利用贴附在传感器设备上的电磁安全芯片来认证传感器设备的方法以及依赖通信双方共享同一密钥来进行传感器认证的方法而言,无需增加任何硬件,即可实现对车辆上大量车载传感器的快速、准确认证,不仅降低了认证成本,而且也提高了认证效率和准确性,进而保证了智能驾驶车辆的安全行驶。In this way, in the embodiment of the present application, when the vehicle-mounted sensor is authenticated, after the vehicle cloud server obtains the to-be-signed information of the vehicle-mounted sensor to be authenticated, it first generates the private key information and public key information of the vehicle-mounted sensor to be authenticated according to the BLS signature algorithm, and It will send the signature information and private key information to the on-board sensor to be authenticated, and the public key information to the on-board controller; then the on-board sensor to be authenticated can generate the signature to be authenticated according to the BLS signature algorithm, the information to be signed and the private key information, and Send the signature to be authenticated to the on-board controller; in turn, the on-board controller may use the acquired public key information to authenticate the signature to be authenticated according to the BLS signature algorithm to obtain the authentication result. It can be seen that in this application, the car cloud server first generates the private key and public key of the vehicle sensor to be certified and the signature to be certified based on the mature BLS signature algorithm, and then the vehicle controller uses the public key to be certified according to the BLS signature algorithm. The signature to be authenticated generated by the sensor is authenticated to accurately identify the authenticity of the vehicle-mounted sensor to be authenticated. Therefore, compared with the current method of authenticating the sensor device by using an electromagnetic security chip attached to the sensor device, and relying on the communication parties to share the same As far as the method of sensor authentication with the key is concerned, it is possible to achieve fast and accurate authentication of a large number of on-board sensors on the vehicle without adding any hardware, which not only reduces the authentication cost, but also improves the authentication efficiency and accuracy, thereby ensuring Safe driving of intelligent driving vehicles.
接下来,对本申请实施例提供的一种车载传感器的认证系统进行介绍。Next, an authentication system for a vehicle-mounted sensor provided by an embodiment of the present application will be introduced.
参见图1,该认证系统包括车云服务器101、待认证车载传感器102和车载控制器103。车云服务器101与待认证车载传感器102连接,车云服务器101与车载控制器103连接,待认证车载传感器102与车载控制器103连接。上述“连接”可以是直接连接,也可以是间接连接。尤其是车云服务器101与待认证车载传感器102之间的连接,车云服务器101与待认证车载传感器102之间可以有其他供应商服务器。Referring to FIG. 1, the authentication system includes a car cloud server 101, a vehicle-mounted sensor 102 to be authenticated, and a vehicle-mounted controller 103. The vehicle cloud server 101 is connected to the vehicle-mounted sensor 102 to be certified, the vehicle cloud server 101 is connected to the vehicle-mounted controller 103, and the vehicle-mounted sensor 102 to be certified is connected to the vehicle-mounted controller 103. The above-mentioned "connection" may be a direct connection or an indirect connection. Especially for the connection between the car cloud server 101 and the vehicle-mounted sensor 102 to be certified, there may be other provider servers between the vehicle cloud server 101 and the vehicle-mounted sensor 102 to be certified.
其中,车云服务器101,用于获取待签名信息;根据BLS签名算法生成待认证车载传感器的私钥信息和公钥信息;向待车载控制器发送所述公钥信息;向待认证车载传感器发送所述待签名信息和所述私钥信息;具体实现过程请参见上文步骤S401-S404的介绍,在此不再赘述。Wherein, the car cloud server 101 is used to obtain the information to be signed; generate the private key information and public key information of the vehicle-mounted sensor to be authenticated according to the BLS signature algorithm; send the public key information to the vehicle-mounted controller to be authenticated; send the vehicle-mounted sensor to be authenticated The information to be signed and the private key information; for the specific implementation process, please refer to the introduction of steps S401-S404 above, which will not be repeated here.
待认证车载传感器102,用于根据BLS签名算法、待签名信息以及私钥信息生成待认证签名;向车载控制器发送所述待认证签名;具体实现过程请参见上文步骤S501-S503的介绍,在此不再赘述。The vehicle-mounted sensor 102 to be authenticated is used to generate the signature to be authenticated according to the BLS signature algorithm, the information to be signed and the private key information; send the signature to be authenticated to the on-board controller; please refer to the introduction of steps S501-S503 above for the specific implementation process. I won't repeat them here.
车载控制器103,用于根据BLS签名算法,利用公钥信息,对待认证签名进行认证,获得认证结果。具体实现过程请参见上文步骤S201-S203的介绍,在此不再赘述。The on-board controller 103 is used to authenticate the signature to be authenticated by using the public key information according to the BLS signature algorithm to obtain the authentication result. For the specific implementation process, please refer to the introduction of steps S201-S203 above, which will not be repeated here.
在本实施例的一种可能的实现方式中,车云服务器101还用于:In a possible implementation of this embodiment, the car cloud server 101 is also used to:
开放公钥信息查询接口,以便车载控制器103根据待认证车载传感器102的待签名信息,从车云服务器101处查询待认证车载传感器的公钥信息。The public key information query interface is opened, so that the vehicle controller 103 can query the public key information of the vehicle sensor to be certified from the vehicle cloud server 101 according to the information to be signed by the vehicle sensor 102 to be certified.
在本实施例的一种可能的实现方式中,待认证车载传感器102具体用于:In a possible implementation of this embodiment, the vehicle-mounted sensor 102 to be authenticated is specifically used for:
根据待签名信息生成哈希摘要;根据BLS签名算法生成哈希摘要的曲线哈希值;根据曲线哈希值和私钥信息生成待认证签名。Generate a hash digest according to the information to be signed; generate a curve hash value of the hash digest according to the BLS signature algorithm; generate a signature to be authenticated according to the curve hash value and private key information.
在本实施例的一种可能的实现方式中,车载控制器103具体用于:In a possible implementation of this embodiment, the on-board controller 103 is specifically configured to:
根据待认证车载传感器102的待签名信息,从车云服务器101处查询待认证车载传感器的公钥信息。According to the to-be-signed information of the vehicle-mounted sensor 102 to be authenticated, the public key information of the vehicle-mounted sensor to be authenticated is queried from the vehicle cloud server 101.
在本实施例的一种可能的实现方式中,车载控制器103具体用于:In a possible implementation of this embodiment, the on-board controller 103 is specifically configured to:
接收多个待认证车载传感器发送的各自的待认证签名;将多个待认证签名进行聚 合,得到聚合后的待认证签名结果;根据BLS签名算法,利用公钥信息,对聚合后的待认证签名结果进行认证,获得认证结果。Receive respective signatures to be certified sent by multiple on-board sensors to be certified; aggregate multiple signatures to be certified to obtain the result of the signature to be certified after aggregation; according to the BLS signature algorithm, use public key information to aggregate the signature to be certified The result is certified, and the certification result is obtained.
在本实施例的一种可能的实现方式中,车载控制器103具体用于:In a possible implementation of this embodiment, the on-board controller 103 is specifically configured to:
接收多个待认证车载传感器发送的各自的待认证签名;将第一组中的所有待认证签名进行聚合,得到第一组聚合后的待认证签名结果;根据BLS签名算法,利用公钥信息,对第一组聚合后的待认证签名结果进行认证,获得认证结果;Receive the respective signatures to be certified sent by multiple on-board sensors to be certified; aggregate all signatures to be certified in the first group to obtain the signature result of the first group after aggregation; use the public key information according to the BLS signature algorithm, Perform authentication on the first group of aggregated signature results to be authenticated, and obtain authentication results;
其中,第一组中包含的待认证签名的个数小于接收到的多个待认证车载传感器发送的待认证签名的总个数。Wherein, the number of signatures to be authenticated included in the first group is less than the total number of signatures to be authenticated sent by the received multiple on-board sensors to be authenticated.
本申请实施例还提供了另一种车载传感器的认证系统,如图9所示,该认证系统包括待认证车载传感器901和车载控制器902,二者之间可以是直接连接,也可以是间接连接。The embodiment of the present application also provides another vehicle-mounted sensor authentication system. As shown in FIG. 9, the authentication system includes the vehicle-mounted sensor to be authenticated 901 and the vehicle-mounted controller 902, which can be directly connected or indirectly connected. connect.
其中,待认证车载传感器901,用于获取私钥信息和待签名信息;根据BLS签名算法、待签名信息以及私钥信息生成待认证签名;向车载控制器902发送所述待认证签名;具体实现过程请参见上文步骤S501-S503的介绍,在此不再赘述。其中,私钥信息和待签名信息也可以从其他云服务器中获取,具体获取过程,在此不再赘述。Among them, the vehicle-mounted sensor 901 to be authenticated is used to obtain private key information and information to be signed; generate a signature to be authenticated according to the BLS signature algorithm, information to be signed, and private key information; send the signature to be authenticated to the on-board controller 902; specific implementation For the process, please refer to the introduction of steps S501-S503 above, which will not be repeated here. Among them, the private key information and the information to be signed can also be obtained from other cloud servers. The specific obtaining process will not be repeated here.
车载控制器902,用于获取待认证车载传感器的公钥信息;根据BLS签名算法,利用公钥信息,对待认证签名进行认证,获得认证结果。具体实现过程请参见上文步骤S201-S203的介绍,在此不再赘述。其中,待认证车载传感器的公钥信息也可以从其他云服务器中获取,具体获取过程,在此不再赘述。The on-board controller 902 is used to obtain the public key information of the on-board sensor to be authenticated; according to the BLS signature algorithm, the public key information is used to authenticate the signature to be authenticated to obtain the authentication result. For the specific implementation process, please refer to the introduction of steps S201-S203 above, which will not be repeated here. Among them, the public key information of the vehicle-mounted sensor to be authenticated can also be obtained from other cloud servers, and the specific obtaining process will not be repeated here.
在本实施例的一种可能的实现方式中,车载控制器902具体用于:In a possible implementation of this embodiment, the on-board controller 902 is specifically configured to:
根据待认证车载传感器901的待签名信息,从车云服务器处查询待认证车载传感器的公钥信息。According to the information to be signed of the vehicle-mounted sensor to be authenticated 901, the public key information of the vehicle-mounted sensor to be authenticated is queried from the vehicle cloud server.
在本实施例的一种可能的实现方式中,待认证车载传感器901具体用于:In a possible implementation of this embodiment, the vehicle-mounted sensor 901 to be authenticated is specifically used for:
根据待签名信息生成哈希摘要;根据BLS签名算法生成哈希摘要的曲线哈希值;根据曲线哈希值和私钥信息生成待认证签名。Generate a hash digest according to the information to be signed; generate a curve hash value of the hash digest according to the BLS signature algorithm; generate a signature to be authenticated according to the curve hash value and private key information.
在本实施例的一种可能的实现方式中,车载控制器902具体用于:In a possible implementation of this embodiment, the on-board controller 902 is specifically configured to:
接收多个待认证车载传感器发送的各自的待认证签名;将多个待认证签名进行聚合,得到聚合后的待认证签名结果;根据BLS签名算法,利用公钥信息,对聚合后的待认证签名结果进行认证,获得认证结果。Receive respective signatures to be certified sent by multiple on-board sensors to be certified; aggregate multiple signatures to be certified to obtain the result of the signature to be certified after aggregation; according to the BLS signature algorithm, use public key information to aggregate the signature to be certified The result is certified, and the certification result is obtained.
在本实施例的一种可能的实现方式中,车载控制器902具体用于:In a possible implementation of this embodiment, the on-board controller 902 is specifically configured to:
接收多个待认证车载传感器发送的各自的待认证签名;将第一组中的所有待认证签名进行聚合,得到第一组聚合后的待认证签名结果;根据BLS签名算法,利用公钥信息,对第一组聚合后的待认证签名结果进行认证,获得认证结果;Receive the respective signatures to be certified sent by multiple on-board sensors to be certified; aggregate all signatures to be certified in the first group to obtain the signature result of the first group after aggregation; use the public key information according to the BLS signature algorithm, Perform authentication on the first group of aggregated signature results to be authenticated, and obtain authentication results;
其中,第一组中包含的待认证签名的个数小于接收到的多个待认证车载传感器发送的待认证签名的总个数。Wherein, the number of signatures to be authenticated included in the first group is less than the total number of signatures to be authenticated sent by the received multiple on-board sensors to be authenticated.
为便于更好的实施本申请实施例的上述方案,下面还提供用于实施上述方案的一种相关装置。请参见图10所示,本申请实施例提供的一种车载传感器的认证装置1000。该装置1000可以包括:获取单元1001、接收单元1002和认证单元1003。其中,获取单元1001用于执行图2所示实施例中的S201。接收单元1002用于执行图2所示实施例中的S202。认证单元1003用于执行图2所示实施例中的S203。具体的,In order to facilitate better implementation of the foregoing solutions of the embodiments of the present application, a related device for implementing the foregoing solutions is also provided below. Please refer to FIG. 10, an authentication device 1000 for a vehicle-mounted sensor provided in an embodiment of the present application. The device 1000 may include: an obtaining unit 1001, a receiving unit 1002, and an authentication unit 1003. Wherein, the acquiring unit 1001 is configured to execute S201 in the embodiment shown in FIG. 2. The receiving unit 1002 is configured to execute S202 in the embodiment shown in FIG. 2. The authentication unit 1003 is used to execute S203 in the embodiment shown in FIG. 2. specific,
获取单元1001,用于从车云服务器获取待认证车载传感器的公钥信息;The obtaining unit 1001 is configured to obtain the public key information of the vehicle-mounted sensor to be authenticated from the car cloud server;
接收单元1002,用于接收待认证车载传感器发送的待认证签名;The receiving unit 1002 is configured to receive the signature to be authenticated sent by the vehicle-mounted sensor to be authenticated;
认证单元1003,用于根据BLS签名算法,利用公钥信息,对待认证签名进行认证,获得认证结果。The authentication unit 1003 is used to authenticate the signature to be authenticated by using public key information according to the BLS signature algorithm to obtain an authentication result.
在本实施例的一种实现方式中,获取单元1001具体用于:根据待认证车载传感器的待签名信息,从车云服务器处查询待认证车载传感器的公钥信息。In an implementation of this embodiment, the acquiring unit 1001 is specifically configured to query the public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server according to the to-be-signed information of the vehicle-mounted sensor to be authenticated.
在本实施例的一种实现方式中,公钥信息和待认证传感器的批次信息相关联。In an implementation of this embodiment, the public key information is associated with the batch information of the sensor to be authenticated.
在本实施例的一种实现方式中,待认证签名为待认证传感器根据BLS签名算法、待签名信息以及待认证传感器的私钥信息生成;其中,私钥信息为车云服务器根据BLS签名算法生成。In an implementation of this embodiment, the signature to be authenticated is generated by the sensor to be authenticated according to the BLS signature algorithm, the information to be signed, and the private key information of the sensor to be authenticated; where the private key information is generated by the car cloud server according to the BLS signature algorithm .
在本实施例的一种实现方式中,接收单元1002具体用于:接收多个待认证车载传感器发送的各自的待认证签名;认证单元1003包括:In an implementation of this embodiment, the receiving unit 1002 is specifically configured to: receive respective signatures to be authenticated sent by a plurality of on-board sensors to be authenticated; the authentication unit 1003 includes:
第一聚合子单元,用于将多个待认证签名进行聚合,得到聚合后的待认证签名结果;The first aggregation subunit is used to aggregate a plurality of signatures to be verified to obtain an aggregated signature result to be verified;
第一认证子单元,用于根据BLS签名算法,利用公钥信息,对聚合后的待认证签名结果进行认证,获得认证结果。The first authentication subunit is used to authenticate the aggregated signature result to be authenticated by using the public key information according to the BLS signature algorithm to obtain the authentication result.
在本实施例的一种实现方式中,接收单元1002具体用于:接收多个待认证车载传感器发送的各自的待认证签名;认证单元1003包括:In an implementation of this embodiment, the receiving unit 1002 is specifically configured to: receive respective signatures to be authenticated sent by a plurality of on-board sensors to be authenticated; the authentication unit 1003 includes:
第二聚合子单元,用于将第一组中的所有待认证签名进行聚合,得到第一组聚合后的待认证签名结果;The second aggregation subunit is used to aggregate all signatures to be authenticated in the first group to obtain the signature result to be authenticated after aggregation of the first group;
第二认证子单元,用于根据BLS签名算法,利用公钥信息,对第一组聚合后的待认证签名结果进行认证,获得认证结果;The second authentication subunit is used to authenticate the first group of aggregated signature results to be authenticated by using the public key information according to the BLS signature algorithm to obtain the authentication result;
其中,第一组中包含的待认证签名的个数小于接收到的多个待认证车载传感器发送的待认证签名的总个数。Wherein, the number of signatures to be authenticated included in the first group is less than the total number of signatures to be authenticated sent by the received multiple on-board sensors to be authenticated.
综上,本实施例提供的一种车载传感器的认证装置,在进行车载传感器的认证时,车载控制器首先从车云服务器获取待认证车载传感器的公钥信息,然后接收待认证车载传感器发送的待认证签名;进而车载控制器可以根据BLS签名算法,利用获取到的公钥信息,对该待认证签名进行认证,以获得认证结果。可见,由于本申请中的车载控制器是根据成熟的BLS签名算法,利用从车云服务器获取的公钥对待认证签名进行认证,来准确识别出待认证车载传感器的真伪,因此,相较于目前利用贴附在传感器设备上的电磁安全芯片来认证传感器设备的方法以及依赖通信双方共享同一密钥来进行传感器认证的方法而言,无需增加任何硬件,即可实现对车辆上大量车载传感器的 快速、准确认证,不仅降低了认证成本,而且也提高了认证效率和准确性,进而保证了智能驾驶车辆的安全行驶。In summary, in the authentication device for a vehicle-mounted sensor provided in this embodiment, when the vehicle-mounted sensor is authenticated, the vehicle-mounted controller first obtains the public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server, and then receives the information sent by the vehicle-mounted sensor to be authenticated. Signature to be authenticated; in turn, the on-board controller can use the acquired public key information to authenticate the signature to be authenticated according to the BLS signature algorithm to obtain the authentication result. It can be seen that, because the on-board controller in this application uses the public key obtained from the car cloud server to authenticate the signature to be authenticated according to the mature BLS signature algorithm, so as to accurately identify the authenticity of the on-board sensor to be authenticated. Therefore, compared with At present, the method of authenticating the sensor device using the electromagnetic security chip attached to the sensor device and the method of relying on the two communicating parties to share the same key for sensor authentication can realize the detection of a large number of on-board sensors on the vehicle without adding any hardware. Fast and accurate certification not only reduces certification costs, but also improves certification efficiency and accuracy, thereby ensuring the safe driving of intelligent driving vehicles.
为便于更好的实施本申请实施例的上述方案,下面还提供用于实施上述方案的另一种相关装置。请参见图11所示,本申请实施例提供的另一种车载传感器的认证装置1100。该装置1100可以包括:获取单元1101、生成单元1102、第一发送单元1103和第二发送单元1104其中,获取单元1101用于执行图4所示实施例中的S401。生成单元1102用于执行图4所示实施例中的S402。第一发送单元1103用于执行图4所示实施例中的S403。第二发送单元1104用于执行图4所示实施例中的S404。具体的,In order to facilitate better implementation of the foregoing solutions of the embodiments of the present application, another related device for implementing the foregoing solutions is also provided below. Please refer to FIG. 11, another vehicle-mounted sensor authentication device 1100 provided in an embodiment of the present application. The apparatus 1100 may include: an acquiring unit 1101, a generating unit 1102, a first sending unit 1103, and a second sending unit 1104. The acquiring unit 1101 is configured to execute S401 in the embodiment shown in FIG. 4. The generating unit 1102 is configured to execute S402 in the embodiment shown in FIG. 4. The first sending unit 1103 is configured to execute S403 in the embodiment shown in FIG. 4. The second sending unit 1104 is configured to execute S404 in the embodiment shown in FIG. 4. specific,
获取单元1101,用于获取待认证车载传感器的待签名信息;The obtaining unit 1101 is configured to obtain the to-be-signed information of the vehicle-mounted sensor to be authenticated;
生成单元1102,用于根据BLS签名算法生成待认证车载传感器的私钥信息和公钥信息;The generating unit 1102 is configured to generate the private key information and public key information of the vehicle-mounted sensor to be authenticated according to the BLS signature algorithm;
第一发送单元1103,用于向待认证车载传感器发送待签名信息和私钥信息,以便待认证车载传感器根据BLS签名算法、待签名信息以及私钥信息生成待认证签名并向车载控制器发送待认证签名;The first sending unit 1103 is used to send the information to be signed and the private key information to the vehicle-mounted sensor to be authenticated, so that the vehicle-mounted sensor to be authenticated generates the signature to be authenticated according to the BLS signature algorithm, the information to be signed, and the private key information and sends it to the vehicle-mounted controller. Certified signature
第二发送单元1104,用于向车载控制器发送所述公钥信息,以便车载控制器根据BLS签名算法和公钥信息,对待认证签名进行认证,得到认证结果。The second sending unit 1104 is configured to send the public key information to the on-board controller, so that the on-board controller authenticates the signature to be authenticated according to the BLS signature algorithm and the public key information, and obtains the authentication result.
在本实施例的一种实现方式中,该装置还包括:开放单元,用于开放公钥信息查询接口,以便车载控制器根据待认证车载传感器的待签名信息,从车云服务器处查询待认证车载传感器的公钥信息。In an implementation of this embodiment, the device further includes: an opening unit configured to open the public key information query interface, so that the on-board controller can query the vehicle cloud server to be authenticated according to the to-be-signed information of the on-board sensor to be authenticated Public key information of on-board sensors.
为便于更好的实施本申请实施例的上述方案,下面还提供用于实施上述方案的又一种相关装置。请参见图12所示,本申请实施例提供的又一种车载传感器的认证装置1200。该装置1200可以包括:获取单元1201、生成单元1202和发送单元1203。其中,获取单元1201用于执行图5所示实施例中的S501。生成单元1202用于执行图5所示实施例中的S502。发送单元1203用于执行图5所示实施例中的S503。具体的,In order to facilitate better implementation of the foregoing solutions of the embodiments of the present application, another related device for implementing the foregoing solutions is also provided below. Please refer to FIG. 12, which is yet another vehicle-mounted sensor authentication device 1200 provided by an embodiment of the present application. The apparatus 1200 may include: an obtaining unit 1201, a generating unit 1202, and a sending unit 1203. Wherein, the acquiring unit 1201 is configured to execute S501 in the embodiment shown in FIG. 5. The generating unit 1202 is configured to execute S502 in the embodiment shown in FIG. 5. The sending unit 1203 is configured to execute S503 in the embodiment shown in FIG. 5. specific,
获取单元1201,用于获取待认证车载传感器的私钥信息和待签名信息;The obtaining unit 1201 is configured to obtain the private key information of the vehicle-mounted sensor to be authenticated and the information to be signed;
生成单元1202,用于根据BLS签名算法、待签名信息以及私钥信息生成待认证签名;The generating unit 1202 is configured to generate the signature to be authenticated according to the BLS signature algorithm, the information to be signed, and the private key information;
发送单元1203,用于向车载控制器发送待认证签名,以便车载控制器根据BLS签名算法,对待认证签名进行认证,得到认证结果。The sending unit 1203 is configured to send the signature to be authenticated to the on-board controller, so that the on-board controller authenticates the signature to be authenticated according to the BLS signature algorithm, and obtains the authentication result.
在本实施例的一种实现方式中,获取单元1201具体用于:获取车云服务器发送的待认证车载传感器的私钥信息,其中,私钥信息是由车云服务器根据BLS签名算法生成的。In an implementation of this embodiment, the obtaining unit 1201 is specifically configured to obtain the private key information of the vehicle-mounted sensor to be authenticated sent by the car cloud server, where the private key information is generated by the car cloud server according to the BLS signature algorithm.
在本实施例的一种实现方式中,生成单元1202包括:In an implementation manner of this embodiment, the generating unit 1202 includes:
第一生成子单元,用于根据待签名信息生成哈希摘要;The first generating subunit is used to generate a hash digest according to the information to be signed;
第二生成子单元,用于根据BLS签名算法生成哈希摘要的曲线哈希值;The second generating subunit is used to generate the curve hash value of the hash digest according to the BLS signature algorithm;
第三生成子单元,用于根据曲线哈希值和私钥信息生成待认证签名。The third generation subunit is used to generate the signature to be authenticated according to the curve hash value and the private key information.
参见图13,本申请实施例提供了一种车载传感器的认证设备1300,该设备包括存储器1301、处理器1302和通信接口1303,Referring to FIG. 13, an embodiment of the present application provides a vehicle-mounted sensor authentication device 1300. The device includes a memory 1301, a processor 1302, and a communication interface 1303.
存储器1301,用于存储指令;The memory 1301 is used to store instructions;
处理器1302,用于执行存储器1301中的指令,执行上述应用于图2所示实施例中的车载传感器的认证方法;The processor 1302 is configured to execute instructions in the memory 1301, and execute the above-mentioned authentication method applied to the vehicle-mounted sensor in the embodiment shown in FIG. 2;
通信接口1303,用于进行通信。The communication interface 1303 is used for communication.
存储器1301、处理器1302和通信接口1303通过总线1304相互连接;总线1304可以是外设部件互连标准(peripheral component interconnect,简称PCI)总线或扩展工业标准结构(extended industry standard architecture,简称EISA)总线等。总线可以分为地址总线、数据总线、控制总线等。为便于表示,图13中仅用一条粗线表示,但并不表示仅有一根总线或一种类型的总线。The memory 1301, the processor 1302, and the communication interface 1303 are connected to each other through a bus 1304; the bus 1304 can be a peripheral component interconnect standard (PCI) bus or an extended industry standard architecture (EISA) bus Wait. The bus can be divided into address bus, data bus, control bus and so on. For ease of presentation, only one thick line is used in FIG. 13, but it does not mean that there is only one bus or one type of bus.
在具体实施例中,处理器1302用于在进行车载传感器的认证时,车载控制器首先从车云服务器获取待认证车载传感器的公钥信息,然后接收待认证车载传感器发送的待认证签名;进而车载控制器可以根据BLS签名算法,利用获取到的公钥信息,对该待认证签名进行认证,以获得认证结果。该处理器1302的详细处理过程请参考上述图2所示实施例中S201、S202和S203的详细描述,这里不再赘述。In a specific embodiment, the processor 1302 is configured to perform the authentication of the vehicle-mounted sensor, the vehicle-mounted controller first obtains the public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server, and then receives the to-be-authenticated signature sent by the vehicle-mounted sensor to be authenticated; The vehicle-mounted controller may use the obtained public key information to authenticate the signature to be authenticated according to the BLS signature algorithm to obtain the authentication result. For the detailed processing process of the processor 1302, please refer to the detailed description of S201, S202, and S203 in the embodiment shown in FIG. 2, which will not be repeated here.
参见图14,本申请实施例提供了另一种车载传感器的认证设备1400,该设备包括存储器1401、处理器1402和通信接口1403,Referring to FIG. 14, an embodiment of the present application provides another vehicle-mounted sensor authentication device 1400. The device includes a memory 1401, a processor 1402, and a communication interface 1403.
存储器1401,用于存储指令;The memory 1401 is used to store instructions;
处理器1402,用于执行存储器1401中的指令,执行上述应用于图4所示实施例中的车载传感器的认证方法;The processor 1402 is configured to execute instructions in the memory 1401, and execute the above-mentioned authentication method applied to the vehicle-mounted sensor in the embodiment shown in FIG. 4;
通信接口1403,用于进行通信。The communication interface 1403 is used for communication.
存储器1401、处理器1402和通信接口1403通过总线1404相互连接;总线1404可以是外设部件互连标准(peripheral component interconnect,简称PCI)总线或扩展工业标准结构(extended industry standard architecture,简称EISA)总线等。总线可以分为地址总线、数据总线、控制总线等。为便于表示,图14中仅用一条粗线表示,但并不表示仅有一根总线或一种类型的总线。The memory 1401, the processor 1402, and the communication interface 1403 are connected to each other through a bus 1404; the bus 1404 may be a peripheral component interconnect (PCI) bus or an extended industry standard architecture (EISA) bus Wait. The bus can be divided into address bus, data bus, control bus and so on. For ease of representation, only one thick line is used in FIG. 14, but it does not mean that there is only one bus or one type of bus.
在具体实施例中,处理器1402用于在进行车载传感器的认证时,车云服务器首先获取待认证车载传感器的待签名信息,然后根据BLS签名算法生成待认证车载传感器的私钥信息和公钥信息,进而可以向待认证车载传感器发送待签名信息和私钥信息,以便待认证车载传感器根据BLS签名算法、待签名信息以及私钥信息生成待认证签名并向车载控制器发送所述待认证签名;同时,车云服务器还可以向车载控制器发送公钥信息,以便车载控制器根据BLS签名算法和公钥信息,对待认证签名进行认证,得到认证结果。该处理器1402的详细处理过程请参考上述图4所示实施例中S401、S402、 S403和S204的详细描述,这里不再赘述。In a specific embodiment, the processor 1402 is configured to perform the authentication of the vehicle-mounted sensor, the vehicle cloud server first obtains the information to be signed for the vehicle-mounted sensor to be authenticated, and then generates the private key information and the public key of the vehicle-mounted sensor to be authenticated according to the BLS signature algorithm Information, and then can send to the vehicle-mounted sensor to be authenticated the information to be signed and the private key information, so that the vehicle-mounted sensor to be authenticated generates the signature to be authenticated according to the BLS signature algorithm, the information to be signed and the private key information and sends the signature to be authenticated to the on-board controller ; At the same time, the car cloud server can also send public key information to the on-board controller, so that the on-board controller can authenticate the signature to be authenticated according to the BLS signature algorithm and the public key information, and obtain the authentication result. For the detailed processing process of the processor 1402, please refer to the detailed description of S401, S402, S403, and S204 in the embodiment shown in FIG. 4, which will not be repeated here.
参见图15,本申请实施例提供了又一种车载传感器的认证设备1500,该设备包括存储器1501、处理器1502和通信接口1503,Referring to FIG. 15, an embodiment of the present application provides yet another vehicle-mounted sensor authentication device 1500. The device includes a memory 1501, a processor 1502, and a communication interface 1503.
存储器1501,用于存储指令;The memory 1501 is used to store instructions;
处理器1502,用于执行存储器1501中的指令,执行上述应用于图5所示实施例中的车载传感器的认证方法;The processor 1502 is configured to execute instructions in the memory 1501, and execute the above-mentioned authentication method applied to the vehicle-mounted sensor in the embodiment shown in FIG. 5;
通信接口1503,用于进行通信。The communication interface 1503 is used for communication.
存储器1501、处理器1502和通信接口1503通过总线1504相互连接;总线1504可以是外设部件互连标准(peripheral component interconnect,简称PCI)总线或扩展工业标准结构(extended industry standard architecture,简称EISA)总线等。总线可以分为地址总线、数据总线、控制总线等。为便于表示,图15中仅用一条粗线表示,但并不表示仅有一根总线或一种类型的总线。The memory 1501, the processor 1502, and the communication interface 1503 are connected to each other through a bus 1504; the bus 1504 can be a peripheral component interconnect (PCI) bus or an extended industry standard architecture (EISA) bus Wait. The bus can be divided into address bus, data bus, control bus and so on. For ease of representation, only one thick line is used in FIG. 15 to represent it, but it does not mean that there is only one bus or one type of bus.
在具体实施例中,处理器1502用于在进行车载传感器的认证时,待认证车载传感器首先获取私钥信息和待签名信息,然后根据BLS签名算法、待签名信息以及私钥信息生成待认证签名,进而可以向车载控制器发送待认证签名,以便车载控制器根据BLS签名算法,对待认证签名进行认证,得到认证结果。该处理器1502的详细处理过程请参考上述图5所示实施例中S501、S502和S503的详细描述,这里不再赘述。In a specific embodiment, the processor 1502 is configured to perform the authentication of the on-board sensor, the on-board sensor to be authenticated first obtains the private key information and the information to be signed, and then generates the signature to be authenticated according to the BLS signature algorithm, the information to be signed, and the private key information. Then, the signature to be authenticated can be sent to the on-board controller, so that the on-board controller can authenticate the signature to be authenticated according to the BLS signature algorithm to obtain the authentication result. For the detailed processing process of the processor 1502, please refer to the detailed description of S501, S502, and S503 in the embodiment shown in FIG. 5, which will not be repeated here.
上述存储器1301、存储器1401和存储器1501可以是随机存取存储器(random-access memory,RAM)、闪存(flash)、只读存储器(read only memory,ROM)、可擦写可编程只读存储器(erasable programmable read only memory,EPROM)、电可擦除可编程只读存储器(electrically erasable programmable read only memory,EEPROM)、寄存器(register)、硬盘、移动硬盘、CD-ROM或者本领域技术人员知晓的任何其他形式的存储介质。The foregoing memory 1301, memory 1401, and memory 1501 may be random-access memory (RAM), flash memory (flash), read only memory (ROM), erasable programmable read-only memory (erasable). programmable read only memory (EPROM), electrically erasable programmable read-only memory (electrically erasable programmable read only memory, EEPROM), register (register), hard disk, mobile hard disk, CD-ROM or any other known to those skilled in the art Form of storage media.
上述处理器1302、处理器1402和处理器1502例如可以是中央处理器(central processing unit,CPU)、通用处理器、数字信号处理器(digital signal processor,DSP)、专用集成电路(application-specific integrated circuit,ASIC)、现场可编程门阵列(field programmable gate array,FPGA)或者其他可编程逻辑器件、晶体管逻辑器件、硬件部件或者其任意组合。其可以实现或执行结合本申请公开内容所描述的各种示例性的逻辑方框,模块和电路。处理器也可以是实现计算功能的组合,例如包含一个或多个微处理器组合,DSP和微处理器的组合等等。The aforementioned processor 1302, processor 1402, and processor 1502 may be, for example, a central processing unit (CPU), a general-purpose processor, a digital signal processor (digital signal processor, DSP), and an application-specific integrated circuit (application-specific integrated circuit). circuit, ASIC), field programmable gate array (field programmable gate array, FPGA) or other programmable logic devices, transistor logic devices, hardware components, or any combination thereof. It can implement or execute various exemplary logical blocks, modules, and circuits described in conjunction with the disclosure of this application. The processor may also be a combination of computing functions, for example, a combination of one or more microprocessors, a combination of a DSP and a microprocessor, and so on.
上述通信接口1303、通信接口1403和通信接口1503例如可以是接口卡等,可以为以太(ethernet)接口或异步传输模式(asynchronous transfer mode,ATM)接口。The aforementioned communication interface 1303, communication interface 1403, and communication interface 1503 may be, for example, an interface card, etc., and may be an ethernet interface or an asynchronous transfer mode (ATM) interface.
本申请实施例还提供了一种计算机可读存储介质,包括指令,当其在计算机上运行时,使得计算机执行上述车载传感器的认证方法。The embodiment of the present application also provides a computer-readable storage medium, including instructions, which when run on a computer, cause the computer to execute the above-mentioned vehicle-mounted sensor authentication method.
本申请的说明书和权利要求书及上述附图中的术语“第一”、“第二”、“第三”、“第四”等(如果存在)是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。应该理解这样使用的数据在适当情况下可以互换,以便这里描述的实施例能够以除了在这里图示或描述的内容以外的顺序实施。此外,术语“包括”和“具有”以及他们的任何变形,意图在于覆盖不排他的包含,例如,包含了一系列步骤或单元的过程、方法、系统、产品或设备不必限于清楚地列出的那些步骤或单元,而是可包括没有清楚地列出的或对于这些过程、方法、产品或设备固有的其它步骤或单元。The terms "first", "second", "third", "fourth", etc. (if any) in the description and claims of this application and the above-mentioned drawings are used to distinguish similar objects, without having to use To describe a specific order or sequence. It should be understood that the data used in this way can be interchanged under appropriate circumstances so that the embodiments described herein can be implemented in a sequence other than the content illustrated or described herein. In addition, the terms "including" and "having" and any variations of them are intended to cover non-exclusive inclusions. For example, a process, method, system, product, or device that includes a series of steps or units is not necessarily limited to those clearly listed. Those steps or units may include other steps or units that are not clearly listed or are inherent to these processes, methods, products, or equipment.
所属领域的技术人员可以清楚地了解到,为描述的方便和简洁,上述描述的系统,装置和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。Those skilled in the art can clearly understand that, for the convenience and conciseness of the description, the specific working process of the above-described system, device, and unit can refer to the corresponding process in the foregoing method embodiment, which will not be repeated here.
在本申请所提供的几个实施例中,应该理解到,所揭露的系统,装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。In the several embodiments provided in this application, it should be understood that the disclosed system, device, and method can be implemented in other ways. For example, the device embodiments described above are only illustrative. For example, the division of the units is only a logical function division, and there may be other divisions in actual implementation, for example, multiple units or components may be combined or It can be integrated into another system, or some features can be ignored or not implemented. In addition, the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical, mechanical or other forms.
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or they may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the solutions of the embodiments.
另外,在本申请各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。In addition, the functional units in the various embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit. The above-mentioned integrated unit can be implemented in the form of hardware or software functional unit.
所述集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的全部或部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本申请各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。If the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a computer readable storage medium. Based on this understanding, the technical solution of this application essentially or the part that contributes to the existing technology or all or part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium. , Including several instructions to make a computer device (which may be a personal computer, a server, or a network device, etc.) execute all or part of the steps of the methods described in the various embodiments of the present application. The aforementioned storage media include: U disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disks or optical disks and other media that can store program codes. .
本领域技术人员应该可以意识到,在上述一个或多个示例中,本发明所描述的功能可以用硬件、软件、固件或它们的任意组合来实现。当使用软件实现时,可以将这些功能存储在计算机可读介质中或者作为计算机可读介质上的一个或多个指令或代码进行传输。计算机可读介质包括计算机存储介质和通信介质,其中通信介质包括便于从一个地方向另一个地方传送计算机程序的任何介质。存储介质可以是通用或专用计算机能够存取的任何可用介质。Those skilled in the art should be aware that, in one or more of the above examples, the functions described in the present invention can be implemented by hardware, software, firmware, or any combination thereof. When implemented by software, these functions can be stored in a computer-readable medium or transmitted as one or more instructions or codes on the computer-readable medium. The computer-readable medium includes a computer storage medium and a communication medium, where the communication medium includes any medium that facilitates the transfer of a computer program from one place to another. The storage medium may be any available medium that can be accessed by a general-purpose or special-purpose computer.
以上所述的具体实施方式,对本发明的目的、技术方案和有益效果进行了进一步 详细说明,所应理解的是,以上所述仅为本发明的具体实施方式而已。The specific embodiments described above further describe the objectives, technical solutions and beneficial effects of the present invention in further detail. It should be understood that the above descriptions are only specific embodiments of the present invention.
以上所述,以上实施例仅用以说明本申请的技术方案,而非对其限制;尽管参照前述实施例对本申请进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本申请各实施例技术方案的范围。As mentioned above, the above embodiments are only used to illustrate the technical solutions of the present application, but not to limit them; although the present application has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that: The technical solutions recorded in the embodiments are modified, or some of the technical features are equivalently replaced; these modifications or replacements do not cause the essence of the corresponding technical solutions to deviate from the scope of the technical solutions of the embodiments of the present application.

Claims (37)

  1. 一种车载传感器的认证方法,其特征在于,所述方法包括:An authentication method for vehicle-mounted sensors, characterized in that the method includes:
    从车云服务器获取待认证车载传感器的公钥信息;Obtain the public key information of the vehicle-mounted sensor to be authenticated from the car cloud server;
    接收所述待认证车载传感器发送的待认证签名;Receiving the to-be-verified signature sent by the to-be-verified on-board sensor;
    根据BLS签名算法,利用所述公钥信息,对所述待认证签名进行认证,获得认证结果。According to the BLS signature algorithm, the public key information is used to authenticate the signature to be authenticated, and the authentication result is obtained.
  2. 根据权利要求1所述的方法,其特征在于,所述从车云服务器获取待认证车载传感器的公钥信息,包括:The method according to claim 1, wherein the obtaining the public key information of the vehicle-mounted sensor to be authenticated from the vehicle cloud server comprises:
    根据所述待认证车载传感器的待签名信息,从所述车云服务器处查询所述待认证车载传感器的公钥信息。According to the to-be-signed information of the vehicle-mounted sensor to be authenticated, the public key information of the vehicle-mounted sensor to be authenticated is queried from the vehicle cloud server.
  3. 根据权利要求1所述的方法,其特征在于,所述公钥信息和所述待认证传感器的批次信息相关联。The method according to claim 1, wherein the public key information is associated with batch information of the sensor to be authenticated.
  4. 根据权利要求1所述的方法,其特征在于,所述待认证签名为所述待认证传感器根据所述BLS签名算法、待签名信息以及所述待认证传感器的私钥信息生成;所述私钥信息为所述车云服务器根据所述BLS签名算法生成。The method according to claim 1, wherein the signature to be authenticated is generated by the sensor to be authenticated according to the BLS signature algorithm, information to be signed, and private key information of the sensor to be authenticated; the private key The information is generated by the car cloud server according to the BLS signature algorithm.
  5. 根据权利要求1所述的方法,其特征在于,所述接收所述待认证车载传感器发送的待认证签名,包括:接收多个所述待认证车载传感器发送的各自的待认证签名;The method according to claim 1, wherein the receiving the signature to be authenticated sent by the on-board sensor to be authenticated comprises: receiving respective signatures to be authenticated sent by a plurality of the on-board sensors to be authenticated;
    所述根据BLS签名算法,利用所述公钥信息,对所述待认证签名进行认证,获得认证结果,包括:The step of using the public key information to authenticate the signature to be authenticated according to the BLS signature algorithm to obtain an authentication result includes:
    将所述多个待认证签名进行聚合,得到聚合后的待认证签名结果;Aggregating the multiple signatures to be verified to obtain an aggregated signature result to be verified;
    根据BLS签名算法,利用所述公钥信息,对所述聚合后的待认证签名结果进行认证,获得认证结果。According to the BLS signature algorithm, the public key information is used to authenticate the aggregated signature result to be authenticated, and the authentication result is obtained.
  6. 根据权利要求1所述的方法,其特征在于,所述接收所述待认证车载传感器发送的待认证签名,包括:接收多个所述待认证车载传感器发送的各自的待认证签名;The method according to claim 1, wherein the receiving the signature to be authenticated sent by the on-board sensor to be authenticated comprises: receiving respective signatures to be authenticated sent by a plurality of the on-board sensors to be authenticated;
    所述根据BLS签名算法,利用所述公钥信息,对所述待认证签名进行认证,获得认证结果,包括:The step of using the public key information to authenticate the signature to be authenticated according to the BLS signature algorithm to obtain an authentication result includes:
    将第一组中的所有待认证签名进行聚合,得到所述第一组聚合后的待认证签名结果;Aggregate all signatures to be verified in the first group to obtain a signature result to be verified after aggregation of the first group;
    根据所述BLS签名算法,利用所述公钥信息,对所述第一组聚合后的待认证签名结果进行认证,获得认证结果;According to the BLS signature algorithm, the public key information is used to authenticate the first group of aggregated signature results to be authenticated to obtain an authentication result;
    其中,所述第一组中包含的待认证签名的个数小于所述接收到的多个所述待认证车载传感器发送的待认证签名的总个数。Wherein, the number of signatures to be authenticated included in the first group is less than the total number of signatures to be authenticated sent by the received plurality of vehicle-mounted sensors to be authenticated.
  7. 一种车载传感器的认证方法,其特征在于,所述方法包括:An authentication method for vehicle-mounted sensors, characterized in that the method includes:
    获取待认证车载传感器的待签名信息;Obtain the information to be signed of the vehicle-mounted sensor to be authenticated;
    根据BLS签名算法生成所述待认证车载传感器的私钥信息和公钥信息;Generating the private key information and public key information of the vehicle-mounted sensor to be authenticated according to the BLS signature algorithm;
    向所述待认证车载传感器发送所述待签名信息和所述私钥信息,以便所述待认证车载传感器根据所述BLS签名算法、所述待签名信息以及所述私钥信息生成待认证签名并向车载控制器发送所述待认证签名;Send the information to be signed and the private key information to the vehicle-mounted sensor to be authenticated, so that the vehicle-mounted sensor to be authenticated generates a signature to be authenticated according to the BLS signature algorithm, the information to be signed, and the private key information. Sending the signature to be authenticated to the on-board controller;
    向所述车载控制器发送所述公钥信息,以便所述车载控制器根据所述BLS签名算法和 所述公钥信息,对所述待认证签名进行认证,得到认证结果。The public key information is sent to the on-board controller, so that the on-board controller authenticates the signature to be authenticated according to the BLS signature algorithm and the public key information, and obtains an authentication result.
  8. 根据权利要求7所述的方法,其特征在于,所述方法还包括:The method according to claim 7, wherein the method further comprises:
    开放公钥信息查询接口,以便所述车载控制器根据所述待认证车载传感器的待签名信息,从所述车云服务器处查询所述待认证车载传感器的公钥信息。The public key information query interface is opened, so that the on-board controller can query the public key information of the on-board sensor to be authenticated from the car cloud server based on the on-board sensor to be authenticated.
  9. 一种车载传感器的认证方法,其特征在于,所述方法包括:An authentication method for vehicle-mounted sensors, characterized in that the method includes:
    获取待认证车载传感器的私钥信息和待签名信息;Obtain the private key information of the vehicle-mounted sensor to be authenticated and the information to be signed;
    根据BLS签名算法、所述待签名信息以及所述私钥信息生成待认证签名;Generating a signature to be authenticated according to the BLS signature algorithm, the information to be signed, and the private key information;
    向车载控制器发送所述待认证签名,以便所述车载控制器根据所述BLS签名算法,对所述待认证签名进行认证,得到认证结果。Send the signature to be authenticated to the on-board controller, so that the on-board controller authenticates the signature to be authenticated according to the BLS signature algorithm to obtain an authentication result.
  10. 根据权利要求9所述的方法,其特征在于,所述获取待认证车载传感器的私钥信息,包括:The method according to claim 9, wherein the obtaining the private key information of the vehicle-mounted sensor to be authenticated comprises:
    获取车云服务器发送的所述待认证车载传感器的私钥信息,所述私钥信息是由所述车云服务器根据所述BLS签名算法生成的。Acquire the private key information of the vehicle-mounted sensor to be authenticated sent by the vehicle cloud server, where the private key information is generated by the vehicle cloud server according to the BLS signature algorithm.
  11. 根据权利要求9所述的方法,其特征在于,所述根据BLS签名算法、所述待签名信息以及所述私钥信息生成待认证签名,包括:The method according to claim 9, wherein the generating the signature to be authenticated according to the BLS signature algorithm, the information to be signed, and the private key information comprises:
    根据所述待签名信息生成哈希摘要;Generating a hash digest according to the information to be signed;
    根据BLS签名算法生成所述哈希摘要的曲线哈希值;Generating the curve hash value of the hash digest according to the BLS signature algorithm;
    根据所述曲线哈希值和所述私钥信息生成待认证签名。Generate a signature to be authenticated according to the curve hash value and the private key information.
  12. 一种车载传感器的认证系统,其特征在于,所述系统包括:车云服务器、待认证车载传感器、车载控制器;A vehicle-mounted sensor authentication system, characterized in that the system includes: a vehicle cloud server, a vehicle-mounted sensor to be certified, and a vehicle-mounted controller;
    所述车云服务器,用于获取待签名信息;根据BLS签名算法生成所述待认证车载传感器的私钥信息和公钥信息;向所述待车载控制器发送所述公钥信息;向所述待认证车载传感器发送所述待签名信息和所述私钥信息;The vehicle cloud server is configured to obtain information to be signed; generate private key information and public key information of the vehicle-mounted sensor to be authenticated according to the BLS signature algorithm; send the public key information to the vehicle-mounted controller to be verified; The vehicle-mounted sensor to be authenticated sends the information to be signed and the private key information;
    所述待认证车载传感器,用于根据BLS签名算法、所述待签名信息以及所述私钥信息生成待认证签名;向所述车载控制器发送所述待认证签名;The vehicle-mounted sensor to be verified is configured to generate a signature to be verified according to the BLS signature algorithm, the information to be signed, and the private key information; send the signature to be verified to the vehicle controller;
    所述车载控制器,用于根据所述BLS签名算法,利用所述公钥信息,对所述待认证签名进行认证,获得认证结果。The vehicle-mounted controller is configured to authenticate the signature to be authenticated by using the public key information according to the BLS signature algorithm, and obtain an authentication result.
  13. 根据权利要求12所述的系统,其特征在于,所述车云服务器还用于:The system according to claim 12, wherein the car cloud server is further used for:
    开放公钥信息查询接口,以便所述车载控制器根据所述待认证车载传感器的待签名信息,从所述车云服务器处查询所述待认证车载传感器的公钥信息。The public key information query interface is opened, so that the on-board controller can query the public key information of the on-board sensor to be authenticated from the car cloud server based on the on-board sensor to be authenticated.
  14. 根据权利要求12所述的系统,其特征在于,所述待认证车载传感器具体用于:The system according to claim 12, wherein the vehicle-mounted sensor to be authenticated is specifically used for:
    根据所述待签名信息生成哈希摘要;根据所述BLS签名算法生成所述哈希摘要的曲线哈希值;根据所述曲线哈希值和所述私钥信息生成待认证签名。Generate a hash digest according to the information to be signed; generate a curve hash value of the hash digest according to the BLS signature algorithm; generate a signature to be authenticated according to the curve hash value and the private key information.
  15. 根据权利要求12所述的系统,其特征在于,所述车载控制器具体用于:The system according to claim 12, wherein the on-board controller is specifically used for:
    根据所述待认证车载传感器的待签名信息,从所述车云服务器处查询所述待认证车载传感器的公钥信息。According to the to-be-signed information of the vehicle-mounted sensor to be authenticated, the public key information of the vehicle-mounted sensor to be authenticated is queried from the vehicle cloud server.
  16. 根据权利要求12所述的系统,其特征在于,所述车载控制器具体用于:The system according to claim 12, wherein the on-board controller is specifically used for:
    接收多个所述待认证车载传感器发送的各自的待认证签名;将所述多个待认证签名进行聚合,得到聚合后的待认证签名结果;根据所述BLS签名算法,利用所述公钥信息,对所述聚合后的待认证签名结果进行认证,获得认证结果。Receive the respective signatures to be certified sent by the plurality of on-board sensors to be certified; aggregate the signatures to be certified to obtain the aggregated signature result to be certified; use the public key information according to the BLS signature algorithm , To authenticate the aggregated signature result to be authenticated, and obtain an authentication result.
  17. 根据权利要求12所述的系统,其特征在于,所述车载控制器具体用于:The system according to claim 12, wherein the on-board controller is specifically used for:
    接收多个所述待认证车载传感器发送的各自的待认证签名;将第一组中的所有待认证签名进行聚合,得到所述第一组聚合后的待认证签名结果;根据所述BLS签名算法,利用所述公钥信息,对所述第一组聚合后的待认证签名结果进行认证,获得认证结果;Receive the respective signatures to be certified sent by the plurality of on-board sensors to be certified; aggregate all signatures to be certified in the first group to obtain the signature result to be certified after the aggregation of the first group; according to the BLS signature algorithm , Using the public key information to authenticate the first group of aggregated signature results to be authenticated to obtain an authentication result;
    其中,所述第一组中包含的待认证签名的个数小于所述接收到的多个所述待认证车载传感器发送的待认证签名的总个数。Wherein, the number of signatures to be authenticated included in the first group is less than the total number of signatures to be authenticated sent by the received plurality of vehicle-mounted sensors to be authenticated.
  18. 一种车载传感器的认证系统,其特征在于,所述系统包括:待认证车载传感器和车载控制器;A vehicle-mounted sensor authentication system, characterized in that the system includes: a vehicle-mounted sensor to be authenticated and a vehicle-mounted controller;
    所述待认证车载传感器,用于获取私钥信息和待签名信息;根据BLS签名算法、所述待签名信息以及所述私钥信息生成待认证签名;向所述车载控制器发送所述待认证签名;The vehicle-mounted sensor to be authenticated is used to obtain private key information and information to be signed; generate a signature to be authenticated according to the BLS signature algorithm, the information to be signed, and the private key information; and send the to-be-authenticated controller to the vehicle controller sign;
    所述车载控制器,用于获取所述待认证车载传感器的公钥信息;根据所述BLS签名算法,利用所述公钥信息,对所述待认证签名进行认证,获得认证结果。The on-board controller is used to obtain the public key information of the on-board sensor to be authenticated; according to the BLS signature algorithm, the public key information is used to authenticate the signature to be authenticated, and the authentication result is obtained.
  19. 根据权利要求18所述的系统,其特征在于,所述车载控制器具体用于:The system according to claim 18, wherein the on-board controller is specifically used for:
    根据所述待认证车载传感器的待签名信息,从车云服务器处查询所述待认证车载传感器的公钥信息。According to the information to be signed of the vehicle-mounted sensor to be authenticated, the public key information of the vehicle-mounted sensor to be authenticated is queried from the vehicle cloud server.
  20. 根据权利要求18所述的系统,其特征在于,所述待认证车载传感器具体用于:The system according to claim 18, wherein the vehicle-mounted sensor to be authenticated is specifically used for:
    根据所述待签名信息生成哈希摘要;根据BLS签名算法生成所述哈希摘要的曲线哈希值;根据所述曲线哈希值和所述私钥信息生成待认证签名。Generate a hash digest according to the information to be signed; generate a curve hash value of the hash digest according to a BLS signature algorithm; generate a signature to be authenticated according to the curve hash value and the private key information.
  21. 根据权利要求18所述的系统,其特征在于,所述车载控制器具体用于:The system according to claim 18, wherein the on-board controller is specifically used for:
    接收多个所述待认证车载传感器发送的各自的待认证签名;将所述多个待认证签名进行聚合,得到聚合后的待认证签名结果;根据所述BLS签名算法,利用所述公钥信息,对所述聚合后的待认证签名结果进行认证,获得认证结果。Receive the respective signatures to be certified sent by the plurality of on-board sensors to be certified; aggregate the signatures to be certified to obtain the aggregated signature result to be certified; use the public key information according to the BLS signature algorithm , To authenticate the aggregated signature result to be authenticated, and obtain an authentication result.
  22. 根据权利要求18所述的系统,其特征在于,所述车载控制器具体用于:The system according to claim 18, wherein the on-board controller is specifically used for:
    接收多个所述待认证车载传感器发送的各自的待认证签名;将第一组中的所有待认证签名进行聚合,得到所述第一组聚合后的待认证签名结果;根据所述BLS签名算法,利用所述公钥信息,对所述第一组聚合后的待认证签名结果进行认证,获得认证结果;Receive the respective signatures to be certified sent by the plurality of on-board sensors to be certified; aggregate all signatures to be certified in the first group to obtain the signature result to be certified after the aggregation of the first group; according to the BLS signature algorithm , Using the public key information to authenticate the first group of aggregated signature results to be authenticated to obtain an authentication result;
    其中,所述第一组中包含的待认证签名的个数小于所述接收到的多个所述待认证车载传感器发送的待认证签名的总个数。Wherein, the number of signatures to be authenticated included in the first group is less than the total number of signatures to be authenticated sent by the received plurality of vehicle-mounted sensors to be authenticated.
  23. 一种车载传感器的认证装置,其特征在于,所述装置包括:A vehicle-mounted sensor authentication device, characterized in that the device includes:
    获取单元,用于从车云服务器获取待认证车载传感器的公钥信息;The obtaining unit is used to obtain the public key information of the vehicle-mounted sensor to be authenticated from the car cloud server;
    接收单元,用于接收所述待认证车载传感器发送的待认证签名;A receiving unit, configured to receive a signature to be authenticated sent by the vehicle-mounted sensor to be authenticated;
    认证单元,用于根据BLS签名算法,利用所述公钥信息,对所述待认证签名进行认证,获得认证结果。The authentication unit is configured to authenticate the signature to be authenticated by using the public key information according to the BLS signature algorithm to obtain an authentication result.
  24. 根据权利要求23所述的装置,其特征在于,所述获取单元具体用于:The device according to claim 23, wherein the acquiring unit is specifically configured to:
    根据所述待认证车载传感器的待签名信息,从所述车云服务器处查询所述待认证车载传感器的公钥信息。According to the to-be-signed information of the vehicle-mounted sensor to be authenticated, the public key information of the vehicle-mounted sensor to be authenticated is queried from the vehicle cloud server.
  25. 根据权利要求23所述的装置,其特征在于,所述公钥信息和所述待认证传感器的批次信息相关联。The device according to claim 23, wherein the public key information is associated with batch information of the sensor to be authenticated.
  26. 根据权利要求23所述的装置,其特征在于,所述待认证签名为所述待认证传感器根据所述BLS签名算法、待签名信息以及所述待认证传感器的私钥信息生成;所述私钥信息为所述车云服务器根据所述BLS签名算法生成。The device according to claim 23, wherein the signature to be authenticated is generated by the sensor to be authenticated according to the BLS signature algorithm, information to be signed, and private key information of the sensor to be authenticated; the private key The information is generated by the car cloud server according to the BLS signature algorithm.
  27. 根据权利要求23所述的装置,其特征在于,所述接收单元具体用于:接收多个所述待认证车载传感器发送的各自的待认证签名;所述认证单元包括:The device according to claim 23, wherein the receiving unit is specifically configured to: receive respective signatures to be authenticated sent by a plurality of on-board sensors to be authenticated; the authentication unit comprises:
    第一聚合子单元,用于将所述多个待认证签名进行聚合,得到聚合后的待认证签名结果;The first aggregation subunit is used to aggregate the multiple signatures to be authenticated to obtain an aggregated signature result to be authenticated;
    第一认证子单元,用于根据BLS签名算法,利用所述公钥信息,对所述聚合后的待认证签名结果进行认证,获得认证结果。The first authentication subunit is configured to use the public key information to authenticate the aggregated signature result to be authenticated according to the BLS signature algorithm to obtain the authentication result.
  28. 根据权利要求23所述的装置,其特征在于,所述接收单元具体用于:接收多个所述待认证车载传感器发送的各自的待认证签名;所述认证单元包括:The device according to claim 23, wherein the receiving unit is specifically configured to: receive respective signatures to be authenticated sent by a plurality of on-board sensors to be authenticated; the authentication unit comprises:
    第二聚合子单元,用于将第一组中的所有待认证签名进行聚合,得到所述第一组聚合后的待认证签名结果;The second aggregation subunit is used to aggregate all signatures to be authenticated in the first group to obtain the signature result to be authenticated after aggregation of the first group;
    第二认证子单元,用于根据所述BLS签名算法,利用所述公钥信息,对所述第一组聚合后的待认证签名结果进行认证,获得认证结果;The second authentication subunit is configured to authenticate the first group of aggregated signature results to be authenticated by using the public key information according to the BLS signature algorithm to obtain an authentication result;
    其中,所述第一组中包含的待认证签名的个数小于所述接收到的多个所述待认证车载传感器发送的待认证签名的总个数。Wherein, the number of signatures to be authenticated included in the first group is less than the total number of signatures to be authenticated sent by the received plurality of vehicle-mounted sensors to be authenticated.
  29. 一种车载传感器的认证装置,其特征在于,所述装置包括:A vehicle-mounted sensor authentication device, characterized in that the device includes:
    获取单元,用于获取待认证车载传感器的待签名信息;The obtaining unit is used to obtain the to-be-signed information of the vehicle-mounted sensor to be authenticated;
    生成单元,用于根据BLS签名算法生成所述待认证车载传感器的私钥信息和公钥信息;A generating unit, configured to generate private key information and public key information of the vehicle-mounted sensor to be authenticated according to the BLS signature algorithm;
    第一发送单元,用于向所述待认证车载传感器发送所述待签名信息和所述私钥信息,以便所述待认证车载传感器根据所述BLS签名算法、所述待签名信息以及所述私钥信息生成待认证签名并向车载控制器发送所述待认证签名;The first sending unit is configured to send the information to be signed and the private key information to the on-board sensor to be authenticated, so that the on-board sensor to be authenticated is based on the BLS signature algorithm, the information to be signed, and the private key. Key information to generate a signature to be verified and send the signature to be verified to the vehicle controller;
    第二发送单元,用于向所述车载控制器发送所述公钥信息,以便所述车载控制器根据所述BLS签名算法和所述公钥信息,对所述待认证签名进行认证,得到认证结果。The second sending unit is configured to send the public key information to the on-board controller, so that the on-board controller authenticates the signature to be authenticated according to the BLS signature algorithm and the public key information, and obtains authentication result.
  30. 根据权利要求29所述的装置,其特征在于,所述装置还包括:The device according to claim 29, wherein the device further comprises:
    开放单元,用于开放公钥信息查询接口,以便所述车载控制器根据所述待认证车载传感器的待签名信息,从所述车云服务器处查询所述待认证车载传感器的公钥信息。The opening unit is configured to open the public key information query interface, so that the on-board controller can query the public key information of the on-board sensor to be authenticated from the car cloud server according to the on-board sensor to be authenticated information to be signed.
  31. 一种车载传感器的认证装置,其特征在于,所述装置包括:A vehicle-mounted sensor authentication device, characterized in that the device includes:
    获取单元,用于获取待认证车载传感器的私钥信息和待签名信息;The obtaining unit is used to obtain the private key information of the vehicle-mounted sensor to be authenticated and the information to be signed;
    生成单元,用于根据BLS签名算法、所述待签名信息以及所述私钥信息生成待认证签名;A generating unit, configured to generate a signature to be authenticated according to the BLS signature algorithm, the information to be signed, and the private key information;
    发送单元,用于向车载控制器发送所述待认证签名,以便所述车载控制器根据所述BLS 签名算法,对所述待认证签名进行认证,得到认证结果。The sending unit is configured to send the signature to be authenticated to the onboard controller, so that the onboard controller authenticates the signature to be authenticated according to the BLS signature algorithm to obtain the authentication result.
  32. 根据权利要求31所述的装置,其特征在于,所述获取单元具体用于:The device according to claim 31, wherein the acquiring unit is specifically configured to:
    获取车云服务器发送的所述待认证车载传感器的私钥信息,所述私钥信息是由所述车云服务器根据所述BLS签名算法生成的。Acquire the private key information of the vehicle-mounted sensor to be authenticated sent by the vehicle cloud server, where the private key information is generated by the vehicle cloud server according to the BLS signature algorithm.
  33. 根据权利要求31所述的装置,其特征在于,所述生成单元包括:The device according to claim 31, wherein the generating unit comprises:
    第一生成子单元,用于根据所述待签名信息生成哈希摘要;The first generating subunit is configured to generate a hash digest according to the information to be signed;
    第二生成子单元,用于根据BLS签名算法生成所述哈希摘要的曲线哈希值;The second generating subunit is configured to generate the curve hash value of the hash digest according to the BLS signature algorithm;
    第三生成子单元,用于根据所述曲线哈希值和所述私钥信息生成待认证签名。The third generation subunit is used to generate a signature to be authenticated according to the curve hash value and the private key information.
  34. 一种车载传感器的认证设备,其特征在于,所述设备包括存储器、处理器;An authentication device for vehicle-mounted sensors, characterized in that the device includes a memory and a processor;
    所述存储器,用于存储指令;The memory is used to store instructions;
    所述处理器,用于执行所述存储器中的所述指令,执行权利要求1-6任意一项所述的方法。The processor is configured to execute the instructions in the memory, and execute the method according to any one of claims 1-6.
  35. 一种车载传感器的认证设备,其特征在于,所述设备包括存储器、处理器;An authentication device for vehicle-mounted sensors, characterized in that the device includes a memory and a processor;
    所述存储器,用于存储指令;The memory is used to store instructions;
    所述处理器,用于执行所述存储器中的所述指令,执行权利要求7-8任意一项所述的方法。The processor is configured to execute the instructions in the memory, and execute the method according to any one of claims 7-8.
  36. 一种车载传感器的认证设备,其特征在于,所述设备包括存储器、处理器;An authentication device for vehicle-mounted sensors, characterized in that the device includes a memory and a processor;
    所述存储器,用于存储指令;The memory is used to store instructions;
    所述处理器,用于执行所述存储器中的所述指令,执行权利要求9-11任意一项所述的方法。The processor is configured to execute the instructions in the memory, and execute the method according to any one of claims 9-11.
  37. 一种计算机可读存储介质,包括指令,当其在计算机上运行时,使得所述计算机执行以上权利要求1-11任意一项所述的方法。A computer-readable storage medium, including instructions, which when run on a computer, cause the computer to execute the method according to any one of claims 1-11.
PCT/CN2020/115732 2020-01-14 2020-09-17 Vehicle-mounted sensor authentication method, apparatus, and system WO2021143178A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202010037875.4A CN113193959B (en) 2020-01-14 2020-01-14 Authentication method, device and system of vehicle-mounted sensor
CN202010037875.4 2020-01-14

Publications (1)

Publication Number Publication Date
WO2021143178A1 true WO2021143178A1 (en) 2021-07-22

Family

ID=76864724

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/115732 WO2021143178A1 (en) 2020-01-14 2020-09-17 Vehicle-mounted sensor authentication method, apparatus, and system

Country Status (2)

Country Link
CN (1) CN113193959B (en)
WO (1) WO2021143178A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115963808A (en) * 2022-12-30 2023-04-14 阿波罗智联(北京)科技有限公司 Method, device, electronic equipment and storage medium for remotely controlling vehicle
CN116132179A (en) * 2023-02-16 2023-05-16 蚂蚁区块链科技(上海)有限公司 Digital signature function expansion method, device and equipment

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024060166A1 (en) * 2022-09-23 2024-03-28 华为技术有限公司 Sensor software change method and apparatus, and intelligent driving device

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6490513B1 (en) * 2001-08-22 2002-12-03 Matsushita Electrical Industrial Co., Ltd. Automobile data archive system having securely authenticated instrumentation data storage
CN108718309A (en) * 2018-05-11 2018-10-30 中国联合网络通信集团有限公司 The authentication method and device of vehicle identification
CN109495441A (en) * 2018-09-10 2019-03-19 北京车和家信息技术有限公司 Access authentication method, device, relevant device and computer readable storage medium
CN110113745A (en) * 2019-04-29 2019-08-09 中兴新能源汽车有限责任公司 Verification method, server, mobile unit and the storage medium of mobile unit
CN110322246A (en) * 2019-07-09 2019-10-11 深圳市网心科技有限公司 A kind of optimization method and relevant device of block chain Transaction Information
CN110365488A (en) * 2019-07-23 2019-10-22 上海铂英飞信息技术有限公司 Based on the authentication method under untrusted environment, apparatus and system

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8429232B1 (en) * 2003-10-03 2013-04-23 Voltage Security, Inc. Message authentication using signatures
US9667616B2 (en) * 2013-01-08 2017-05-30 Mitsubishi Electric Corporation Authentication processing apparatus, authentication processing system, authentication processing method and authentication processing program
CN106302379B (en) * 2015-06-26 2020-02-21 比亚迪股份有限公司 Authentication method, system and device for vehicle-mounted electric appliance

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6490513B1 (en) * 2001-08-22 2002-12-03 Matsushita Electrical Industrial Co., Ltd. Automobile data archive system having securely authenticated instrumentation data storage
CN108718309A (en) * 2018-05-11 2018-10-30 中国联合网络通信集团有限公司 The authentication method and device of vehicle identification
CN109495441A (en) * 2018-09-10 2019-03-19 北京车和家信息技术有限公司 Access authentication method, device, relevant device and computer readable storage medium
CN110113745A (en) * 2019-04-29 2019-08-09 中兴新能源汽车有限责任公司 Verification method, server, mobile unit and the storage medium of mobile unit
CN110322246A (en) * 2019-07-09 2019-10-11 深圳市网心科技有限公司 A kind of optimization method and relevant device of block chain Transaction Information
CN110365488A (en) * 2019-07-23 2019-10-22 上海铂英飞信息技术有限公司 Based on the authentication method under untrusted environment, apparatus and system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115963808A (en) * 2022-12-30 2023-04-14 阿波罗智联(北京)科技有限公司 Method, device, electronic equipment and storage medium for remotely controlling vehicle
CN116132179A (en) * 2023-02-16 2023-05-16 蚂蚁区块链科技(上海)有限公司 Digital signature function expansion method, device and equipment

Also Published As

Publication number Publication date
CN113193959B (en) 2023-07-18
CN113193959A (en) 2021-07-30

Similar Documents

Publication Publication Date Title
WO2021143178A1 (en) Vehicle-mounted sensor authentication method, apparatus, and system
CN109726229B (en) Block chain data storage method and device
CN113826350B (en) Secure communication in a traffic control network
EP3902012A1 (en) Fault diagnostic method and apparatus, and vehicle
US11329820B2 (en) System and method for secure authentication and authorization
US11177953B2 (en) Trusted authentication of automotive microcontroller
CN111198867A (en) Device, vehicle, network component and method for generating an identification of an equipment state
US12095901B2 (en) Device update transmission using a filter
JP2022079490A (en) Vehicle communication method, device, storage medium, and program
CN105515778A (en) Cloud storage data integrity service signature method
EP4040720A1 (en) Secure identity card using unclonable functions
US20230168825A1 (en) Trusted systems for decentralized data storage
US11463266B2 (en) System and method for secure authentication and authorization
CN108763303B (en) Platform verification method and device, computer equipment and storage medium
CN112261112A (en) Information sharing method, device and system, electronic equipment and storage medium
WO2021143027A1 (en) Transaction endorsement processing method, server, and computer-readable storage medium
CN115001698B (en) Aggregate signature method, apparatus, device and storage medium
US11886316B2 (en) Platform measurement collection mechanism
Mayilsamy et al. A hybrid approach to enhance data security in wireless vehicle firmware update process
CN110597466B (en) Control method and device of block chain node, storage medium and computer equipment
CN111343062B (en) In-vehicle electronic control unit identification method, system and storage medium
CN114826613B (en) Identity information query method, device, equipment and storage medium based on blockchain
CN114531454B (en) Unmanned data set credibility evaluation system based on blockchain
WO2021212611A1 (en) Encrypted data peer-to-peer relationship parameter inspection method and apparatus, and device and storage medium
US20240313978A1 (en) Methods and apparatuses for providing a proof of authenticity of image data

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20913548

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20913548

Country of ref document: EP

Kind code of ref document: A1