WO2022142895A1 - 一种基于车联网的信息传输方法及其相关设备 - Google Patents

一种基于车联网的信息传输方法及其相关设备 Download PDF

Info

Publication number
WO2022142895A1
WO2022142895A1 PCT/CN2021/133057 CN2021133057W WO2022142895A1 WO 2022142895 A1 WO2022142895 A1 WO 2022142895A1 CN 2021133057 W CN2021133057 W CN 2021133057W WO 2022142895 A1 WO2022142895 A1 WO 2022142895A1
Authority
WO
WIPO (PCT)
Prior art keywords
spdu
information
computing unit
signature
communication unit
Prior art date
Application number
PCT/CN2021/133057
Other languages
English (en)
French (fr)
Inventor
李添泽
杨淼
李明超
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2022142895A1 publication Critical patent/WO2022142895A1/zh

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/40Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/009Security arrangements; Authentication; Protecting privacy or anonymity specially adapted for networks, e.g. wireless sensor networks, ad-hoc networks, RFID networks or cloud networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Definitions

  • the present application relates to the technical field of connected vehicles, and in particular, to an information transmission method based on the Internet of Vehicles and related equipment.
  • a vehicle can broadcast the surrounding conditions of the vehicle (for example, obstacles around the vehicle, pedestrians, etc.) or the status of the vehicle (for example, the vehicle is ready to Turning, lane changing, etc.), so that the surrounding vehicles can adjust their own motion decisions (for example, path planning) based on this part of the V2X information, so as to realize the application of perception fusion and cooperative control.
  • the surrounding conditions of the vehicle for example, obstacles around the vehicle, pedestrians, etc.
  • the status of the vehicle for example, the vehicle is ready to Turning, lane changing, etc.
  • V2X information involves vehicle motion decision-making and vehicle control, it is necessary to ensure that this part of the information has higher reliability, validity, and integrity, so as to avoid vehicle driving hazards. Therefore, in the vehicle networking communication system, the equipment that transmits V2X information also needs to have a certain level of functional safety to ensure the safe transmission of V2X information.
  • the following description will be given by taking the Internet of Vehicles communication system including a first device (a vehicle-mounted device or a roadside device) and a second device (another vehicle-mounted device) as an example, wherein the first device and the second device both include a communication unit (for transmitting V2X information) and computing unit (for acquiring and using V2X information).
  • the digital signature technology can be used between the first communication unit of the first device and the second communication unit of the second device to ensure the secure transmission of V2X information between the devices.
  • the embodiments of the present application provide an information transmission method and related equipment based on the Internet of Vehicles, which can ensure the safe transmission of V2X information in the entire transmission link at a low hardware cost, and promote the commercial implementation of the Internet of Vehicles communication system.
  • a first aspect of the embodiments of the present application provides an information transmission method based on the Internet of Vehicles.
  • the method is implemented by a first device, where the first device includes a first communication unit and a first computing unit, and the method includes:
  • the first computing unit of the first device may first acquire first information, where the first information is used to indicate the first At least one of the surroundings of the device or the state of the first device.
  • the first information may be used to indicate obstacles around the first device and vulnerable traffic participants (eg, pedestrians, bicycles, etc.).
  • the first device is an in-vehicle device, the first information can be used to indicate that the first device is about to turn, which is equivalent to the first information being used to indicate that the vehicle where the first device is located is about to turn and so on.
  • the first computing unit of the first device signs the first information to obtain a first SPDU, where the first SPDU includes the first information.
  • the format of the first SPDU is the security message format specified by the communication protocol in the Internet of Vehicles communication system, so the first SPDU can be used as a safety message in the Internet of Vehicles communication system. and transfer between devices.
  • the first computing unit of the first device sends the first SPDU to the first communication unit of the first device, so that the first communication unit of the first device sends the first SPDU to the second device.
  • the second communication unit of the second device may perform a second signature verification on the first SPDU. If the second signature verification is successful, it proves that the first information in the first SPDU has not been tampered with, then the The second communication unit of the two devices forwards the first SPDU to the second computing unit of the second device. If the verification of the second signature fails, it proves that the first information in the first SPDU is before reaching the second device (that is, the first information is in The internal transmission process of the first device and the transmission process between the first device and the second device) have been tampered with by the attacker, so the second communication unit of the second device will not send the first SPDU to the second device. The second computing unit of the device.
  • the second computing unit of the second device after receiving the first SPDU, the second computing unit of the second device also performs first signature verification on the first SPDU (the first signature verification and the second signature verification may be the same signature verification operation), if the first If the signature verification is successful, it proves that the first information has not been tampered with, and the second computing unit of the second device determines that the first information in the first SPDU is available. If the first signature verification fails, it proves that the first information is transmitted inside the second device. During the process, the attacker is tampered with, so the second computing unit of the second device determines that the first information in the first SPDU is unavailable.
  • the first computing unit of the first device signs the first information
  • the first communication unit of the first device does not sign the first information
  • the second communication unit of the second device and the second computing unit of the second device will perform the same signature verification on the first SPDU, and the second communication unit of the second device may determine whether to transparently transmit the first information based on the result of the signature verification
  • the second computing unit of the second device may determine whether the first information is available based on the result of the signature verification.
  • the first computing unit of the first device and the second computing unit of the second device may reuse those used between the first communication unit of the first device and the second communication unit of the second device in the prior art
  • the first computing unit of the first device signs the first information to obtain the first SPDU
  • the second computing unit of the second device performs signature verification on the first SPDU , to finally determine whether the first information in the first SPDU is available, so as to ensure the safe transmission of the first information in the entire transmission link.
  • the first communication unit of the first device and the second communication unit of the second device only need to implement the transparent transmission of the first SPDU, so the communication units of the two devices only need to maintain the existing functional security level, and do not Need to be re-improved.
  • this application only needs to redesign the first computing unit of the first device and the second computing unit of the second device to ensure the safe transmission of V2X information in the entire transmission link, and the required cost is low , easy to promote and implement.
  • the present application enables the entire transmission link to use the same set of digital signature technology, so there is no need to make any changes to the existing V2X communication protocol, making the solution easier to commercialize.
  • obtaining the first SPDU specifically includes: the first computing unit signs the first information according to the preset first security certificate, and obtains the first information
  • the first computing unit generates the first SPDU according to the first information, the signature of the first information and the first security certificate, and the first SPDU includes the first information, the signature of the first information and the first security certificate.
  • the first computing unit of the first device may directly use the first security certificate to perform signature calculation on the first information to obtain the signature of the first information.
  • the first computing unit of the first device may encapsulate the first information, the signature of the first information, and the first security certificate into a first SPDU, and send it to the first communication unit of the first device, so that the first communication unit The first SPDU is sent to the second device.
  • the second device can verify the signature of the first information according to the first security certificate, so as to determine whether the first information has been tampered with, that is, whether the first information is available.
  • obtaining the first SPDU specifically includes: the first computing unit signs the first information according to the preset first security certificate, and obtains the first information
  • the first computing unit generates a first SPDU according to the first information, the signature of the first information and the digest of the first security certificate, and the first SPDU includes the first information, the signature of the first information and the digest of the first security certificate.
  • the first computing unit of the first device may directly use the first security certificate to perform signature calculation on the first information to obtain the signature of the first information.
  • the first computing unit of the first device may encapsulate the first information, the signature of the first information, and the digest of the first security certificate into a first SPDU, and send it to the first communication unit of the first device, so that the first SPDU is The communication unit sends the first SPDU to the second device.
  • the second device can verify the signature of the first information according to the digest of the first security certificate, so as to determine whether the first information has been tampered with, that is, whether the first information is available.
  • the first computing unit sending the first SPDU to the first communication unit specifically includes: the first computing unit sending the first SPDU to the first communication unit.
  • a SPDU is sent to the first gateway, so that the first gateway sends the first SPDU to the first communication unit.
  • the signing takes place in the message layer.
  • a second aspect of the embodiments of the present application provides an information transmission method based on the Internet of Vehicles, the method is implemented by a second device, the second device includes a second communication unit and a second computing unit, and the method includes: the second device's The second communication unit may first receive the first SPDU sent by the first communication unit of the first device, where the first SPDU includes first information, and the first information is used to indicate at least one of the surrounding conditions of the first device or the state of the first device one. Then, the second communication unit of the second device sends the first SPDU to the second computing unit of the second device.
  • the second computing unit of the second device After obtaining the first SPDU, the second computing unit of the second device performs first signature verification on the first SPDU, and determines whether the first information in the first SPDU is available according to the result of the first signature verification. Specifically, if the first signature verification performed by the second computing unit of the second device is successful, which proves that the first information has not been tampered with, then the second computing unit of the second device determines that the first information in the first SPDU is available, If the first signature verification performed by the second computing unit of the second device fails, which proves that the first information has been tampered with by an attacker, the second computing unit of the second device determines that the first information in the first SPDU is unavailable.
  • the first computing unit of the first device and the second computing unit of the second device may reuse those used between the first communication unit of the first device and the second communication unit of the second device in the prior art
  • the first computing unit of the first device signs the first information to obtain the first SPDU
  • the second computing unit of the second device performs signature verification on the first SPDU , to finally determine whether the first information in the first SPDU is available, so as to ensure the safe transmission of the first information in the entire transmission link.
  • the first communication unit of the first device and the second communication unit of the second device only need to implement the transparent transmission of the first SPDU, so the communication units of the two devices only need to maintain the existing functional security level, and do not Need to be re-improved.
  • this application only needs to redesign the first computing unit of the first device and the second computing unit of the second device to ensure the safe transmission of V2X information in the entire transmission link, and the required cost is low , easy to promote and implement.
  • the present application enables the entire transmission link to use the same set of digital signature technology, so there is no need to make any changes to the existing V2X communication protocol, making the solution easier to commercialize.
  • the method before the second communication unit sends the first SPDU to the second computing unit, the method further includes: the second communication unit performs a second signature verification on the first SPDU, and determines the second signature verification success.
  • the second communication unit of the second device may perform a second signature verification on the first SPDU. If the second signature verification is successful, it proves that the first information in the first SPDU has not been tampered with.
  • the second communication unit of the second device forwards the first SPDU to the second computing unit of the second device, if the second signature verification fails, it proves that the first information in the first SPDU reaches the second device A message has been tampered with by an attacker during the process of transmitting the information inside the first device and between the first device and the second device, so the second communication unit of the second device will not send the first SPDU. to the second computing unit of the second device.
  • the first SPDU further includes the signature of the first information and the first security certificate
  • the second computing unit performing the first signature verification on the first SPDU specifically includes: The first security certificate of the first SPDU verifies the signature of the first information in the first SPDU.
  • the second device may verify the signature of the first information according to the first security certificate, thereby determining whether the first information has been tampered with, that is, whether the first information is available.
  • the first SPDU further includes a signature of the first information and a digest of the first security certificate
  • the second computing unit performing the first signature verification on the first SPDU specifically includes: The digest of the first security certificate in the SPDU verifies the signature of the first information in the first SPDU.
  • the second device can verify the signature of the first information according to the digest of the first security certificate, thereby determining whether the first information has been tampered with, that is, whether the first information is available.
  • the second communication unit sending the first SPDU to the second computing unit specifically includes: the second communication unit sending the first SPDU to the second computing unit.
  • a SPDU is sent to the second gateway, so that the second gateway sends the first SPDU to the second computing unit.
  • the first signature verification is performed in the message layer.
  • a third aspect of the embodiments of the present application provides an information transmission device based on the Internet of Vehicles.
  • the device is the aforementioned first device, and the device includes a first communication unit and a first computing unit; the first computing unit is used for Acquire first information, where the first information is used to indicate at least one of the surrounding conditions of the first device or the state of the first device; the first computing unit is further configured to sign the first information to obtain first security protocol data
  • the unit SPDU, the first SPDU contains the first information; the first calculation unit is further configured to send the first SPDU to the first communication unit; the first communication unit is configured to send the first SPDU to the second device.
  • the first computing unit is specifically configured to: sign the first information according to the preset first security certificate to obtain the signature of the first information; according to the first information and the signature of the first information And the first security certificate generates the first SPDU, the first SPDU includes the first information, the signature of the first information and the first security certificate; or, according to the first information, the signature of the first information and the digest of the first security certificate to generate the first One SPDU, the first SPDU includes first information, a signature of the first information, and a digest of the first security certificate.
  • the apparatus is an in-vehicle device, and the apparatus further includes a first gateway, the first computing unit is specifically configured to send the first SPDU to the first gateway, so that the first gateway sends the first SPDU to the first gateway.
  • a SPDU is sent to the first communication unit.
  • the signing takes place in the message layer.
  • a fourth aspect of the embodiments of the present application provides an information transmission device based on the Internet of Vehicles, the device is the aforementioned second device, and the device includes a second communication unit and a second computing unit; the second communication unit is used for The first SPDU is received from the first device, where the first SPDU contains first information, and the first information is used to indicate at least one of the surrounding conditions of the first device or the state of the first device; the second communication unit is further configured to The first SPDU is sent to the second calculation unit; the second calculation unit is used to perform the first signature verification on the first SPDU; the second calculation unit is also used to determine the first SPDU in the first SPDU according to the result of the first signature verification. whether information is available.
  • the second communication unit is further configured to perform second signature verification on the first SPDU, and determine that the second signature verification is successful.
  • the first SPDU further includes a signature of the first information and a first security certificate
  • the second computing unit is specifically configured to, according to the first security certificate in the first SPDU, The signature of the first information is verified; or, the first SPDU further includes the signature of the first information and a digest of the first security certificate, and the second computing unit is specifically configured to, according to the digest of the first security certificate in the first SPDU, The signature of the first information in the first SPDU is verified.
  • the second device is a vehicle-mounted device, and the second device further includes a second gateway, the second communication unit is specifically configured to send the first SPDU to the second gateway, so that the second gateway The first SPDU is sent to the second computing unit.
  • the first signature verification is performed in the message layer.
  • a fifth aspect of the embodiments of the present application provides an information transmission device based on the Internet of Vehicles, the device includes: a processor and a memory; the memory is used for storing computer-executed instructions; the processor is used for executing the computer-executed instructions stored in the memory, to The apparatus is caused to implement the method as described in the first aspect or any one of the possible implementations of the first aspect.
  • a sixth aspect of the embodiments of the present application provides an information transmission device based on the Internet of Vehicles.
  • the device includes: a processor and a memory; the memory is used for storing computer-executed instructions; the processor is used for executing the computer-executed instructions stored in the memory, to
  • the apparatus is caused to implement the method as described in the second aspect or any one of the possible implementations of the second aspect.
  • a seventh aspect of the embodiments of the present application provides an information transmission system based on the Internet of Vehicles, where the system includes the device described in the third aspect or any one of the possible implementations of the third aspect, and the fourth aspect or the third aspect.
  • the device according to any one of the four possible implementations.
  • An eighth aspect of the embodiments of the present application provides an information transmission system based on the Internet of Vehicles, where the system includes the device described in the fifth aspect and the device described in the sixth aspect.
  • a ninth aspect of the embodiments of the present application provides a computer-readable storage medium, wherein the computer-readable storage medium stores a computer program, and the computer program is executed by a processor to implement the first aspect and the first The method described in any one possible implementation manner of the one aspect, the second aspect, and any one possible implementation manner of the second aspect.
  • a tenth aspect of the embodiments of the present application provides a computer program product including instructions, when the computer program product runs on a processor, the information transmission device based on the Internet of Vehicles performs the first aspect and the first aspect.
  • the first computing unit of the first device and the second computing unit of the second device may reuse the information between the first communication unit of the first device and the second communication unit of the second device in the prior art
  • the digital signature technology used that is, in the process of transmitting the first information, the first computing unit of the first device signs the first information to obtain the first SPDU, and the second computing unit of the second device signs the first SPDU Verification is performed to finally determine whether the first information in the first SPDU is available, so as to ensure safe transmission of the first information in the entire transmission link.
  • the first communication unit of the first device and the second communication unit of the second device only need to implement the transparent transmission of the first SPDU, so the communication units of the two devices only need to maintain the existing functional security level, and do not Need to be re-improved.
  • this application only needs to redesign the first computing unit of the first device and the second computing unit of the second device to ensure the safe transmission of V2X information in the entire transmission link, and the required cost is low , easy to promote and implement.
  • the present application enables the entire transmission link to use the same set of digital signature technology, so there is no need to make any changes to the existing V2X communication protocol, making the solution easier to commercialize.
  • Fig. 1 is a schematic diagram of a vehicle-road collaboration scenario
  • Fig. 2 is a schematic diagram of a vehicle-vehicle collaboration scene
  • FIG. 3 is a schematic flowchart of an information transmission method based on the Internet of Vehicles provided by an embodiment of the present application;
  • FIG. 4 is a schematic diagram of an application example of the information transmission method based on the Internet of Vehicles provided by the embodiment of the present application;
  • FIG. 5 is a schematic diagram of another application example of the information transmission method based on the Internet of Vehicles provided by an embodiment of the present application;
  • FIG. 6 is a schematic structural diagram of an information transmission device based on the Internet of Vehicles provided by an embodiment of the present application.
  • FIG. 7 is another schematic structural diagram of the information transmission device based on the Internet of Vehicles provided by an embodiment of the present application.
  • FIG. 8 is another schematic structural diagram of an information transmission device based on the Internet of Vehicles provided by an embodiment of the present application.
  • FIG. 9 is another schematic structural diagram of the information transmission device based on the Internet of Vehicles provided by the embodiment of the present application.
  • the embodiments of the present application are applied to a vehicle networking communication system.
  • the Internet of Vehicles communication system usually includes multiple in-vehicle devices and multiple roadside devices, and information transmission can be realized between any two devices.
  • the on-board equipment includes an on-board unit (OBU) and an on-board computing unit.
  • the OBU can be presented in the form of a telematics box (T-BOX).
  • T-BOX can support At least one communication interface, for example, a direct-connect communication interface (PC5 interface), a cellular communication interface (Uu interface), and the like.
  • the in-vehicle computing platform (IVCP) can be presented in the form of computing platforms in the fields of intelligent driving, intelligent cockpit, and intelligent vehicle control.
  • the roadside equipment includes a roadside communication unit (RSU) and a roadside computing unit.
  • the roadside computing unit can use traffic light signals, various roadside perception devices (for example, sensors, cameras, etc.) or various roadside positioning devices.
  • the OBU of the in-vehicle device can communicate with the OBU of another in-vehicle device, thereby realizing communication between the two in-vehicle devices.
  • the OBU of the in-vehicle device can also communicate with the RSU of a certain roadside device, thereby realizing communication between a certain in-vehicle device and a certain roadside device.
  • the RSU of the roadside device can communicate with the RSU of another roadside device, thereby realizing communication between the two roadside devices.
  • an in-vehicle device can also be equivalent to a vehicle.
  • the communication between two in-vehicle devices can be equivalent to the communication between two vehicles.
  • the communication between devices can also be equivalent to the communication between a certain vehicle and a certain roadside device.
  • the status of a certain in-vehicle device is also equivalent to the status of a certain vehicle, etc., which will not be described in detail later.
  • the IVCP of the in-vehicle device can acquire at least one of the surrounding conditions of the in-vehicle device or the state of the in-vehicle device, and broadcast through the OBU of the in-vehicle device.
  • the surrounding situation of the in-vehicle device usually refers to obstacles and traffic participants around the in-vehicle device, for example, a vehicle in a car accident in front of the in-vehicle device, roadblocks on the road where the in-vehicle device is located, pedestrians and bicycles near the in-vehicle device , vehicles, etc.
  • the state of the in-vehicle device may refer to the future state of the in-vehicle device, for example, the in-vehicle device is preparing to drive to the left (ie, preparing to turn left), the in-vehicle device is preparing to change lanes, and so on.
  • the roadside computing unit of the roadside equipment can obtain at least one of the surrounding conditions of the roadside equipment or the state of the roadside equipment, and pass the roadside The device's RSU broadcasts.
  • the surrounding situation of the roadside equipment usually refers to obstacles around the roadside equipment and traffic participants, etc., for example, a vehicle in front of the roadside equipment in a car accident, the roadblock on the road where the roadside equipment is located, the roadside equipment Pedestrians, bicycles, vehicles, etc. nearby.
  • the state of the roadside equipment usually refers to the current state of the roadside computing unit of the roadside equipment.
  • the equipment roadside equipment includes RSUs and signals
  • the state of the roadside equipment refers to the color of the current signal output by the signal machine, and so on.
  • vehicle-road collaboration scenarios can be implemented between in-vehicle devices and roadside devices
  • vehicle-vehicle collaboration scenarios can be implemented between in-vehicle devices and in-vehicle devices.
  • vehicle-road collaboration scenarios can be implemented between in-vehicle devices and roadside devices
  • vehicle-vehicle collaboration scenarios can be implemented between in-vehicle devices and in-vehicle devices.
  • FIG. 1 is a schematic diagram of a vehicle-road collaboration scenario.
  • the roadside computing unit of the roadside equipment A can obtain information used to indicate the surrounding conditions of the roadside equipment A (as shown in Figure 1, there are vehicle-mounted equipment C, vehicle-mounted equipment D, pedestrian E near roadside equipment A and bicycle F, etc.) and send this information to the RSU of roadside equipment A.
  • the RSU of the roadside device A signs the information, obtains an SPDU containing the information, and sends the SPDU to the OBU of the in-vehicle device B.
  • the OBU of in-vehicle device B verifies the signature of the SPDU.
  • the information is obtained from the SPDU and forwarded to the IVCP of in-vehicle device B, so that the IVCP of in-vehicle device B is based on this information.
  • the vehicle where device B is located performs correct control (for example, path planning, vehicle speed control, etc.). If the signature fails, the OBU of in-vehicle device B will not send the information to the IVCP of in-vehicle device B, thereby avoiding danger.
  • FIG. 2 is a schematic diagram of a vehicle-vehicle collaboration scenario.
  • the IVCP of the in-vehicle device X can obtain information used to indicate the surrounding conditions of the in-vehicle device X (as shown in FIG. 2 , there are in-vehicle devices Z and pedestrians O near the roadside device X, etc.)
  • the information is sent to the OBU of the in-vehicle device X.
  • the OBU of the in-vehicle device X signs the information, obtains an SPDU containing the information, and sends the SPDU to the OBU of the in-vehicle device Y.
  • the OBU of in-vehicle device Y performs signature verification on the SPDU, and if the signature verification is successful, the information is obtained from the SPDU, and the information is forwarded to the IVCP of in-vehicle device Y, so that the IVCP of in-vehicle device Y is based on the information to the in-vehicle device Y.
  • the vehicle where the device Y is located is controlled. If the signature fails, the OBU of the in-vehicle device Y will not send the information to the IVCP of the in-vehicle device Y, thereby avoiding danger.
  • the OBU of in-vehicle device X and the OBU of in-vehicle device Y use digital signature technology to ensure the secure transmission of information between devices, which can meet certain functional safety requirements. Specifically, if the information is tampered with during transmission between devices, the OBU of the vehicle-mounted device Y can also discover the situation in time through the result of the signature verification, so the OBU of the vehicle-mounted device Y will not send the tampered information to the in-vehicle device Y.
  • IVCP avoids the IVCP from erroneously controlling the vehicle where the in-vehicle device B is located based on the tampered information, thereby avoiding the occurrence of a series of functional safety problems.
  • the IVCP of the in-vehicle device X sends the information to the OBU of the in-vehicle device X
  • the OBU of the in-vehicle device X will still sign the tampered information, and obtain the tampered information containing the tampered information. information, and send the SPDU to the OBU of the in-vehicle device Y.
  • the OBU of in-vehicle device Y verifies the signature of the SPDU.
  • the OBU of in-vehicle device Y sends the tampered information to the IVCP of in-vehicle device Y, which causes the IVCP of in-vehicle device Y to use the tampered information to verify itself.
  • the movement decision-making makes wrong adjustments, thereby increasing the driving danger, that is, there is a certain functional safety problem.
  • the existing security mechanism cannot ensure the safe transmission of information inside the device, and if the information is tampered with during transmission inside the device, it will lead to functional safety problems in the device.
  • the conventional improvement method to ensure the safe transmission of information inside the device, it is necessary to redesign the IVCP of the in-vehicle device X, the OBU of the in-vehicle device X, the OBU of the in-vehicle device Y, and the IVCP of the in-vehicle device Y according to the ISO26262 system
  • each unit achieves a higher functional safety level ASIL-B, so as to ensure that information can be safely transmitted in the entire transmission link to meet higher functional safety requirements.
  • the hardware cost of such improvement means is too high, which is not conducive to the commercial implementation of the Internet of Vehicles communication system.
  • an embodiment of the present application provides an information transmission method based on the Internet of Vehicles.
  • the method can be implemented by any in-vehicle device or any roadside device in the Internet of Vehicles communication system.
  • two of the in-vehicle devices and roadside devices in the Internet of Vehicles communication system can be selected.
  • devices referred to as the first device and the second device, respectively
  • the first device can realize information transmission with the second device.
  • the first device acts as the sender of the information
  • the second device acts as the receiver of the information
  • the second device acts as the sender of the information end.
  • the first device is used as an example to introduce as an example. It should be noted that when the first device is the transmitter, if the first device is an in-vehicle device, the second device is a roadside device or an in-vehicle device. One device is a roadside device, and the second device is an in-vehicle device.
  • the first communication unit of the first device is the OBU
  • the first computing unit of the first device is the IVCP.
  • the first communication unit of the first device is an RSU
  • the first computing unit of the first device is a roadside computing unit.
  • FIG. 3 is a schematic flowchart of an information transmission method based on the Internet of Vehicles provided by an embodiment of the present application. As shown in FIG. 3 , the method includes:
  • a first computing unit of a first device acquires first information, where the first information is used to indicate at least one of a surrounding situation of the first device or a state of the first device.
  • the processor of the first computing unit of the first device when it starts to run, it can be presented as a protocol stack.
  • the protocol stack of the first computing unit of the first device includes an application layer and a message layer, etc., and each layer corresponds to a respective communication protocol. ) of the Internet of Vehicles wireless communication technology message layer technical requirements.
  • the application layer of the first computing unit of the first device may first obtain first information, where the first information is used to indicate at least one of the surrounding conditions of the first device or the state of the first device. Then, the application layer of the first computing unit of the first device sends the first information to the message layer of the first computing unit of the first device.
  • the first computing unit of the first device signs the first information to obtain a first SPDU, where the first SPDU includes the first information.
  • the message layer of the first computing unit of the first device may sign the first message, thereby obtaining the first SPDU, where the first SPDU includes the first information.
  • the message layer of the first computing unit of the first device can obtain the first SPDU in various ways, which will be introduced separately below:
  • the message layer of the first computing unit of the first device signs the first information according to the preset first security certificate to obtain the signature of the first information. Then, the message layer of the first computing unit of the first device generates a first SPDU according to the first information, the signature of the first information, and the first security certificate, where the first SPDU includes the first information, the signature of the first information, and the first security certificate. Certificate. Specifically, the message layer of the first computing unit of the first device obtains the preset first security certificate (the security certificate preset in the first device, the certificate meets the requirements of the security mechanism of the Internet of Vehicles), and then checks the first security certificate. The certificate and the first information are calculated respectively to obtain a digest of the first security certificate and a digest of the first information.
  • the preset first security certificate the security certificate preset in the first device, the certificate meets the requirements of the security mechanism of the Internet of Vehicles
  • the message layer of the first computing unit of the first device performs secondary computation on the digest of the first security certificate and the digest of the first information, and obtains the signature of the first information.
  • the message layer of the first computing unit of the first device encapsulates the first information, the signature of the first information, and the first security certificate according to the security message format of the Internet of Vehicles to obtain the first SPDU.
  • the message layer of the first computing unit of the first device signs the first information according to the preset first security certificate to obtain the signature of the first information. Then, the message layer of the first computing unit of the first device generates a first SPDU according to the first information, the signature of the first information, and the digest of the first security certificate, and the first SPDU includes the first information, the signature of the first information, and the first SPDU.
  • a summary of the security certificate Specifically, the message layer of the first computing unit of the first device obtains the preset first security certificate, and then calculates the first security certificate and the first information respectively to obtain a summary of the first security certificate and a summary of the first information .
  • the message layer of the first computing unit of the first device performs secondary computation on the digest of the first security certificate and the digest of the first information, and obtains the signature of the first information.
  • the message layer of the first computing unit of the first device encapsulates the first information, the signature of the first information, and the digest of the first security certificate according to the security message format of the Internet of Vehicles to obtain the first SPDU.
  • the message format of the first SPDU conforms to the provisions of the communication protocol corresponding to the message layer.
  • the first computing unit of the first device sends the first SPDU to the first communication unit of the first device.
  • the protocol stack of the first communication unit of the first device includes an application layer, a message layer, a network layer, an access layer, etc., and each layer corresponds to a respective communication protocol.
  • the communication protocols corresponding to the same layer are usually the same.
  • the communication protocol corresponding to the application layer of the communication unit (whether it is the first communication unit of the first device or the first communication unit of the second device) is the same as the communication protocol of the computing unit (whether it is the first computing unit of the first device or the second device)
  • the communication protocol corresponding to the application layer of the first computing unit is the same
  • the communication protocol corresponding to the message layer of the communication unit is the same as the communication protocol corresponding to the message layer of the computing unit, etc.
  • the message layer of the first computing unit of the first device After the message layer of the first computing unit of the first device obtains the first SPDU, the message layer of the first computing unit of the first device sends the first SPDU to the message layer of the first communication unit of the first device.
  • information transmission can be performed between the first computing unit of the first device and the first communication unit of the first device in multiple ways, which will be introduced separately below:
  • the message layer of the first computing unit of the first device can pass the Ethernet in the car network, and sends the first SPDU to the first gateway of the first device, and the first gateway of the first device forwards the first SPDU to the message layer of the first communication unit of the first device.
  • the message layer of the first computing unit of the first device may send the first SPDU to the first device through an Ethernet or other physical bus.
  • the message layer of the first communication unit may send the first SPDU to the first device through an Ethernet or other physical bus.
  • the first communication unit of the first device sends the first SPDU to the second communication unit of the second device.
  • the message layer of the first communication unit of the first device can send the first SPDU to the network layer of the first communication unit of the first device, and the network layer can further encapsulate the first SPDU to obtain the encapsulated first SPDU, and then send the encapsulated first SPDU to the access layer of the first communication unit of the first device, so that the access layer of the first communication unit of the first device will send the encapsulated first SPDU to the access layer of the first communication unit of the first device. sent to the second communication unit of the second device.
  • the receiving layer of the second communication unit of the second device can receive the encapsulated first SPDU, and then send the encapsulated first SPDU to the network layer of the second communication unit of the second device, and the network layer can perform the encapsulated first SPDU.
  • the last first SPDU is decapsulated to obtain the first SPDU, and then the first SPDU is sent to the message layer of the second communication unit of the second device.
  • the second communication unit of the second device performs second signature verification on the first SPDU.
  • the message layer of the second communication unit of the second device After obtaining the first SPDU, the message layer of the second communication unit of the second device performs second signature verification on the first SPDU, thereby determining whether the first message in the first SPDU is available.
  • the second communication unit of the second device can perform the second signature verification on the first SPDU in various ways, which will be introduced separately below:
  • the message layer of the second communication unit of the second device if the first SPDU contains the first information, the signature of the first information, and the first security certificate, the message layer of the second communication unit of the second device according to the first security certificate in the first SPDU The certificate verifies the signature of the first information in the first SPDU. Specifically, the message layer of the second communication unit of the second device parses the first SPDU to obtain the first information, the signature of the first information, and the first security certificate. Then, the message layer of the second communication unit of the second device calculates the first information and the first security certificate respectively to obtain a digest of the first security certificate and a digest of the first information.
  • the message layer of the second communication unit of the second device performs secondary calculation on the digest of the first information and the digest of the first security certificate to obtain a signature for verification.
  • the message layer of the second communication unit of the second device compares the signature used for verification with the signature of the first information. If the two are the same, the verification of the second signature is successful. Signature verification failed.
  • the message layer of the second communication unit of the second device is based on the information in the first SPDU.
  • the digest of the first security certificate verifies the signature of the first information in the first SPDU.
  • the message layer of the second communication unit of the second device parses the first SPDU to obtain the first information, the signature of the first information, and the digest of the first security certificate.
  • the message layer of the second communication unit of the second device calculates the first information to obtain a digest of the first information.
  • the message layer of the second communication unit of the second device performs secondary calculation on the digest of the first information and the digest of the first security certificate to obtain a signature for verification.
  • the message layer of the second communication unit of the second device compares the signature used for verification with the signature of the first information. If the two are the same, the verification of the second signature is successful. Signature verification failed.
  • the second communication unit of the second device may also not perform the second signature verification on the first SPUD, and directly transparently transmit the first SPDU to the second computing unit of the second device.
  • the second communication unit of the second device sends the first SPDU to the second computing unit of the second device.
  • the message layer of the second communication unit of the second device may send the first SPDU to the message layer of the second computing unit of the second device.
  • the second signature verification performed by the second communication unit of the second device fails, it may be determined that the first computing unit of the first device is in the process of sending the first SPDU to the first communication unit of the first device, or, During a process in which the communication unit of the first communication unit of the first device sends the first SPDU to the second communication unit of the second device, the first information is tampered with by an attacker. Then, the second communication unit of the second device determines that the first information is unavailable, and will not send the first SPDU to the second computing unit of the second device.
  • step 303 the first communication unit of the first device and the first computing unit of the first device
  • the information transmission method between units is not described here.
  • the second computing unit of the second device performs the first signature verification on the first SPDU.
  • the message layer of the second computing unit of the second device After obtaining the first SPDU, the message layer of the second computing unit of the second device performs the first signature verification on the first SPDU, thereby determining whether the first message in the first SPDU is available.
  • the second computing unit of the second device can perform the first signature verification on the first SPDU in various ways, which will be introduced separately below:
  • the message layer of the second computing unit of the second device if the first SPDU includes the first information, the signature of the first information, and the first security certificate, the message layer of the second computing unit of the second device according to the first security certificate in the first SPDU The certificate verifies the signature of the first information in the first SPDU. Specifically, the message layer of the second computing unit of the second device parses the first SPDU to obtain the first information, the signature of the first information, and the first security certificate. Then, the message layer of the second calculation unit of the second device calculates the first information and the first security certificate respectively to obtain a digest of the first security certificate and a digest of the first information.
  • the message layer of the second computing unit of the second device performs secondary computation on the digest of the first information and the digest of the first security certificate to obtain a signature for verification.
  • the message layer of the second computing unit of the second device compares the signature used for verification with the signature of the first information. If the two are the same, the verification of the first signature is successful. Signature verification failed.
  • the message layer of the second computing unit of the second device if the first SPDU contains the first information, the signature of the first information, and the digest of the first security certificate, the message layer of the second computing unit of the second device according to the first SPDU
  • the digest of the first security certificate verifies the signature of the first information in the first SPDU.
  • the message layer of the second computing unit of the second device parses the first SPDU to obtain the first information, the signature of the first information, and the digest of the first security certificate.
  • the message layer of the second calculation unit of the second device calculates the first information to obtain a digest of the first information.
  • the message layer of the second computing unit of the second device performs secondary computation on the digest of the first information and the digest of the first security certificate to obtain a signature for verification.
  • the message layer of the second computing unit of the second device compares the signature used for verification with the signature of the first information. If the two are the same, the verification of the first signature is successful. Signature verification failed.
  • the second computing unit of the second device determines that the first information in the first SPDU is available.
  • the first signature verification performed by the second computing unit of the second device is successful, it can be determined that the first information in the first SPDU is original information and has not been tampered with. Therefore, the first information of the message layer of the second computing unit of the second device is sent to the application layer of the second computing unit of the second device, so that the application layer implements applications such as perception fusion and cooperative vehicle control based on the first information, so that the first information
  • the application layer of the second computing unit of the second device makes correct adjustments to the motion decision of the second device.
  • the first signature verification performed by the second computing unit of the second device fails, it may be determined that during the process of sending the first SPDU to the second computing unit of the second device by the second communication unit of the second device, the first Information has been tampered with by an attacker. Then, the message layer of the second computing unit of the second device determines that the first information is unavailable, and will not send the first information to the application layer of the second computing unit of the second device, so the first information cannot participate in perceptual fusion and Collaborative vehicle control and other applications. In addition, the message layer of the second computing unit of the second device may also report the reason for the signature verification failure to the application layer of the second computing unit of the second device.
  • the application layer of the second computing unit of the second device will not use the tampered information when implementing applications such as perception fusion and collaborative vehicle control, so the application layer of the second computing unit of the second device can Second, the movement of the equipment makes the right adjustments.
  • the first computing unit of the first device may sign the acquired first information, obtain the first SPDU, and send the first SPDU to the first communication unit of the first device.
  • the first communication unit of the first device then sends the first SPDU to the second device.
  • the second communication unit of the second device can perform signature verification on the first SPDU. If the signature verification is successful, it proves that the first information in the first SPDU has not been tampered with, and the second communication of the second device The unit forwards the first SPDU to the second computing unit of the second device.
  • the signature verification fails, it proves that the first information in the first SPDU is before reaching the second device (that is, the process of transmitting the first information inside the first device and During the transmission process between the first device and the second device), the attacker has been tampered with, so the second communication unit of the second device will not send the first SPDU to the second computing unit of the second device. Further, after receiving the first SPDU, the second computing unit of the second device also performs the same signature verification on the first SPDU. If the signature verification is successful, it proves that the first information has not been tampered with, then the second computing The unit determines that the first information in the first SPDU is available. If the signature verification fails, it proves that the first information was tampered with by the attacker during the internal transmission of the second device, so the second computing unit of the second device determines The first information in the first SPDU is not available.
  • the first computing unit of the first device signs the first information
  • the first communication unit of the first device does not sign the first information
  • the second communication unit of the second device and the second computing unit of the second device will perform the same signature verification on the first SPDU, and the second communication unit of the second device may determine whether to transparently transmit the first information based on the result of the signature verification
  • the second computing unit of the second device may determine whether the first information is available based on the result of the signature verification.
  • the first computing unit of the first device and the second computing unit of the second device may reuse those used between the first communication unit of the first device and the second communication unit of the second device in the prior art
  • the first computing unit of the first device signs the first information to obtain the first SPDU
  • the second computing unit of the second device performs signature verification on the first SPDU , to finally determine whether the first information in the first SPDU is available, so as to ensure the safe transmission of the first information in the entire transmission link.
  • the first communication unit of the first device and the second communication unit of the second device only need to implement the transparent transmission of the first SPDU, so the communication units of the two devices only need to maintain the existing functional security level, and do not Need to re-improve.
  • this application only needs to redesign the first computing unit of the first device and the second computing unit of the second device to ensure the safe transmission of V2X information in the entire transmission link, and the required cost is low , easy to promote and implement. Furthermore, the present application enables the entire transmission link to use the same set of digital signature technology, so there is no need to make any changes to the existing V2X communication protocol, making the solution easier to commercialize.
  • the computing unit at the sending end executes the signature on the information. Therefore, in any link of information transmission, if the information is tampered with, the communication unit and the computing unit of the receiving end can perform the same signature verification operation, so as to detect the tampered information in time and ensure that the receiving end will not use the tampered The information makes mistakes in its own motion decisions, avoiding functional safety problems at the receiving end.
  • FIG. 4 is a schematic diagram of an application example of the information transmission method based on the Internet of Vehicles provided by the embodiment of the present application.
  • a certain in-vehicle device A is set as the sending end
  • another in-vehicle device B is The receiving end, in which both the in-vehicle device A and the in-vehicle device B include OBU, gateway and IVCP, wherein the protocol stack of OBU includes application layer, message layer, network layer and access layer, and the protocol stack of IVCP includes application layer and message layer .
  • Examples of this application include:
  • the application layer of the IVCP of the in-vehicle device A can obtain the target information, which is used to indicate the in-vehicle device A. At least one of the surrounding situation of device A or the state of in-vehicle device A.
  • the application layer of IVCP transmits the target information to the message layer of IVCP, and the message layer of IVCP can first sign the target message to obtain a SPDU with a certain security message format, and the SPDU contains the target information, the signature of the target information and the vehicle-mounted SPDU.
  • Device A's security certificate
  • the message layer of the IVCP sends the SPDU to the message layer of the OBU through the gateway.
  • the message layer of the OBU After the message layer of the OBU receives the SPDU, it transparently transmits the SPDU to the network layer of the OBU, so that the network layer of the OBU transmits the SPDU to the access layer of the OBU, so that the access layer of the OBU sends the SPDU to the vehicle device B. .
  • the access layer of the OBU of the in-vehicle device B When the access layer of the OBU of the in-vehicle device B receives the SPDU, it sends the SPDU to the network layer of the OBU, so that the network layer sends the SPDU to the message layer of the OBU.
  • the message layer of the OBU performs a first signature verification corresponding to the first signature on the SPDU based on the content contained in the SPDU, so as to ensure that the target information in the SPDU has not been tampered with. If the first signature verification is successful, the SPDU is forwarded to the gateway, so that the gateway sends the SPDU to the message layer of the IVCP. If the first signature verification fails, the SPDU is not forwarded.
  • the message layer of IVCP After receiving the SPDU, the message layer of IVCP performs a first signature verification corresponding to the first signature on the SPDU based on the content contained in the SPDU. If the first signature verification is successful, it is determined that the target information has not been tampered with, and the target The information is sent to the application layer of IVCP for applications participating in perception fusion and cooperative control. If the first signature verification fails, it is determined that the target information has been tampered with, the target information is not sent to the application layer of the IVCP, and the reason for the failure of signature verification is reported to the application layer.
  • FIG. 5 is a schematic diagram of another application example of the information transmission method based on the Internet of Vehicles provided by the embodiment of the present application.
  • a certain roadside device C is set as the sending end, and another vehicle-mounted device D
  • the roadside device C includes an RSU and a roadside computing unit
  • the vehicle-mounted device D includes an OBU, a gateway, and an IVCP.
  • the application layer of the roadside computing unit of the roadside device C can Obtain target information, where the target information is used to indicate at least one of the surrounding conditions of the roadside device C or the state of the roadside device C.
  • the application layer of the roadside computing unit transmits the target information to the message layer of the roadside computing unit, and the message layer of the roadside computing unit can perform a first signature on the target message to obtain a SPDU with a certain security message format, and the SPDU contains Target information, the signature of the target information, and the security certificate of the roadside device C.
  • the message layer of the RSU sends the SPDU to the message layer of the RSU.
  • the message layer of the RSU transparently transmits the SPDU to the network layer of the RSU, so that the network layer of the RSU transmits the SPDU to the access layer of the RSU, so that the access layer of the RSU sends the SPDU to the vehicle device D. .
  • the access layer of the OBU of the in-vehicle device D When the access layer of the OBU of the in-vehicle device D receives the SPDU, it sends the SPDU to the network layer of the OBU, so that the network layer sends the SPDU to the message layer of the OBU.
  • the message layer of the OBU performs a first signature verification corresponding to the first signature on the SPDU based on the content contained in the SPDU, so as to ensure that the target information in the SPDU has not been tampered with. If the first signature verification is successful, the SPDU is forwarded to the gateway, so that the gateway sends the SPDU to the message layer of the IVCP. If the first signature verification fails, the SPDU is not forwarded.
  • the message layer of IVCP After receiving the SPDU, the message layer of IVCP performs a first signature verification corresponding to the first signature on the SPDU based on the content contained in the SPDU. If the first signature verification is successful, it is determined that the target information has not been tampered with, and the target The information is sent to the application layer of IVCP for applications participating in perception fusion and cooperative control. If the first signature verification fails, it is determined that the target information has been tampered with, the target information is not sent to the application layer of the IVCP, and the reason for the failure of signature verification is reported to the application layer.
  • this application provides a brand-new safety mechanism. It only needs to redesign and develop the IVCP and the roadside computing unit according to the ISO26262 system, so that the IVCP and the roadside computing unit can reach a higher functional safety level ASIL -B, and OBU and RSU can still maintain the original functional safety level. Therefore, the safe transmission of information in the entire transmission link can be ensured through lower hardware costs, and the entire transmission link shares the same set of digital signature technology, without changing the existing V2X communication protocol, making the solution easier Commercial landing.
  • FIG. 6 is a schematic structural diagram of an information transmission device based on the Internet of Vehicles provided by an embodiment of the application. As shown in FIG. 6 , the device is the aforementioned first device, and the device includes a first communication unit 601 and a first computing unit 602;
  • a first computing unit 602 configured to acquire first information, where the first information is used to indicate at least one of the surrounding conditions of the first device or the state of the first device;
  • the first computing unit 602 is further configured to sign the first information to obtain a first security protocol data unit SPDU, where the first SPDU contains the first information;
  • the first computing unit 602 further configured to send the first SPDU to the first communication unit 601;
  • the first communication unit 601 is configured to send the first SPDU to the second device.
  • the first computing unit 602 is specifically configured to: sign the first information according to the preset first security certificate to obtain the signature of the first information;
  • the signature and the first security certificate generate a first SPDU, where the first SPDU includes the first information, the signature of the first information, and the first security certificate; or, generated according to the first information, the signature of the first information, and a digest of the first security certificate
  • a first SPDU, the first SPDU includes first information, a signature of the first information, and a digest of the first security certificate.
  • the apparatus is a vehicle-mounted device, and the apparatus further includes a first gateway, then the first computing unit 602 is specifically configured to send the first SPDU to the first gateway, so that the first gateway will The first SPDU is sent to the first communication unit 601 .
  • the signing takes place in the message layer.
  • FIG. 7 is another schematic structural diagram of the information transmission device based on the Internet of Vehicles provided by the embodiment of the application.
  • the device is the aforementioned second device, and the device includes a second communication unit 701 and a second computing unit. unit 702;
  • a second communication unit 701 configured to receive a first SPDU from a first device, where the first SPDU includes first information, and the first information is used to indicate at least one of a surrounding situation of the first device or a state of the first device;
  • the second communication unit 701 is further configured to send the first SPDU to the second calculation unit 702;
  • a second computing unit 702 configured to perform a first signature verification on the first SPDU
  • the second calculation unit 702 is further configured to determine whether the first information in the first SPDU is available according to the result of the first signature verification.
  • the second communication unit 701 is further configured to perform second signature verification on the first SPDU, and determine that the second signature verification is successful.
  • the first SPDU further includes the signature of the first information and the first security certificate
  • the second computing unit 702 is specifically configured to, according to the first security certificate in the first SPDU, perform a The signature of the first information is verified; or, the first SPDU further includes the signature of the first information and the digest of the first security certificate, and the second calculation unit 702 is specifically configured to be based on the digest of the first security certificate in the first SPDU. , and verify the signature of the first information in the first SPDU.
  • the second device is a vehicle-mounted device, and the second device further includes a second gateway, then the second communication unit 701 is specifically configured to send the first SPDU to the second gateway, so that the second The gateway sends the first SPDU to the second computing unit 702 .
  • FIG. 8 is another schematic structural diagram of the information transmission device based on the Internet of Vehicles provided by an embodiment of the present application.
  • an embodiment of the information transmission apparatus in this embodiment of the present application may include one or more processors 801 , a memory 802 , an input/output interface 803 , a wired or wireless network interface 804 , and a power supply 805 .
  • the memory 802 may be ephemeral storage or persistent storage. Still further, the processor 801 may be configured to communicate with the memory 802 to execute a series of instruction operations in the memory 802 .
  • the information transmission apparatus implements the operations performed by the first device in the embodiment shown in FIG. 3, and details are not repeated here. .
  • FIG. 9 is another schematic structural diagram of the information transmission device based on the Internet of Vehicles provided by the embodiment of the present application.
  • an embodiment of the information transmission apparatus in this embodiment of the present application may include one or more processors 901 , a memory 902 , an input/output interface 903 , a wired or wireless network interface 904 , and a power supply 905 .
  • the memory 902 may be ephemeral storage or persistent storage. Still further, the processor 901 may be configured to communicate with the memory 902 to execute a series of instruction operations in the memory 902 .
  • the information transmission apparatus implements the operations performed by the second device in the embodiment shown in FIG. 3, and details are not repeated here. .
  • the embodiment of the present application also relates to an information transmission system based on the Internet of Vehicles, and the system includes the device shown in FIG. 6 and the device shown in FIG. 7 .
  • the embodiment of the present application also relates to an information transmission system based on the Internet of Vehicles, and the system includes the device shown in FIG. 8 and the device shown in FIG. 9 .
  • the embodiments of the present application also relate to a computer storage medium, including computer-readable instructions, when the computer-readable instructions are executed, the method steps performed by the first device or the second device in FIG. 3 are implemented.
  • the embodiments of the present application also relate to a computer program product containing instructions, which, when run on a computer, cause the computer to perform the method steps performed by the first device or the second device in FIG. 3 .
  • the disclosed system, apparatus and method may be implemented in other manners.
  • the apparatus embodiments described above are only illustrative.
  • the division of the units is only a logical function division. In actual implementation, there may be other division methods.
  • multiple units or components may be combined or Can be integrated into another system, or some features can be ignored, or not implemented.
  • the shown or discussed mutual coupling or direct coupling or communication connection may be through some interfaces, indirect coupling or communication connection of devices or units, and may be in electrical, mechanical or other forms.
  • the units described as separate components may or may not be physically separated, and components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution in this embodiment.
  • each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist physically alone, or two or more units may be integrated into one unit.
  • the above-mentioned integrated units may be implemented in the form of hardware, or may be implemented in the form of software functional units.
  • the integrated unit if implemented in the form of a software functional unit and sold or used as an independent product, may be stored in a computer-readable storage medium.
  • the technical solutions of the present application can be embodied in the form of software products in essence, or the parts that contribute to the prior art, or all or part of the technical solutions, and the computer software products are stored in a storage medium , including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of the present application.
  • the aforementioned storage medium includes: U disk, mobile hard disk, Read-Only Memory (ROM, Read-Only Memory), Random Access Memory (RAM, Random Access Memory), magnetic disk or optical disk and other media that can store program codes .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Traffic Control Systems (AREA)

Abstract

本申请实施例公开了一种基于车联网的信息传输方法及其相关设备,能以较低的硬件成本保证V2X信息在整条传输链路中的安全传输,推动车联网通信系统的商用落地。本申请的方法通过第一设备实现,第一设备包括第一通信单元和第一计算单元,方法包括:第一计算单元获取第一信息,第一信息用于指示第一设备的周围情况或第一设备的状态中的至少一项;第一计算单元对第一信息进行签名,得到第一安全协议数据单元SPDU,第一SPDU包含第一信息;第一计算单元将第一SPDU发送至第一通信单元;第一通信单元将第一SPDU发送至第二设备。

Description

一种基于车联网的信息传输方法及其相关设备
本申请要求于2020年12月31日提交中国专利局、申请号为202011642315.8、申请名称为“一种基于车联网的信息传输方法及其相关设备”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。
技术领域
本申请涉及网联车技术领域,尤其涉及一种基于车联网的信息传输方法及其相关设备。
背景技术
在车联网(vehicle to everything,V2X)通信技术中,某一车辆可通过广播该车辆的周围情况(例如,该车辆周围的障碍物、行人等等)或者该车辆的状态(例如,该车辆准备转弯、变道等等),使得周围车辆基于这部分V2X信息,对自身的运动决策(例如,路径规划)进行调整,从而实现感知融合以及协同控制类的应用。
由于前述V2X信息涉及到了车辆运动决策以及车辆控制,需要保证这部分信息具备更高的可靠性、有效性以及完整性,从而避免车辆出现行车危险。因此,在车联网通信系统中,传输V2X信息的设备也需要具备一定的功能安全等级,以确保V2X信息的安全传输。下面以车联网通信系统包括第一设备(某一车载设备或某一路侧设备)和第二设备(另一车载设备)为例进行说明,其中,第一设备和第二设备均包含通信单元(用于传输V2X信息)和计算单元(用于获取和使用V2X信息)。当第一设备向第二设备发送V2X信息时,第一设备的第一通信单元和第二设备的第二通信单元之间可通过数字签名技术,确保V2X信息在设备之间的安全传输,满足了一定的功能安全需求。
若要确保V2X信息在设备内部的安全传输,则需要将第一设备的第一计算单元、第一设备的第一通信单元、第二设备的第二通信单元以及第二设备的第二计算单元按ISO26262体系重新进行设计和开发,使其达到更高的功能安全等级ASIL-B,从而满足更高的功能安全需求。然而,前述的改进相当于对整条传输链路中的所有单元重新进行设计,所耗费的硬件成本极高。因此,如何能以较低的硬件成本保证V2X信息在整条传输链路中的安全传输,推动车联网通信系统的商用落地,成为了亟待解决的问题。
发明内容
本申请实施例提供了一种基于车联网的信息传输方法及其相关设备,能以较低的硬件成本保证V2X信息在整条传输链路中的安全传输,推动车联网通信系统的商用落地。
本申请实施例的第一方面提供了一种基于车联网的信息传输方法,该方法通过第一设备实现,第一设备包括第一通信单元和第一计算单元,该方法包括:
当第一设备准备广播第一设备的周围情况或第一设备的状态中的至少一项时,第一设备的第一计算单元可先获取第一信息,其中,第一信息用于指示第一设备的周围情况或第一设备的状态中的至少一项。例如,第一信息可用于指示第一设备周围的障碍物以及弱势 交通参与者(如行人、自行车等)。又如,设第一设备为车载设备,则第一信息可用于指示第一设备即将转弯,相当于第一信息用于指示第一设备所在车辆即将转弯等等。
然后,第一设备的第一计算单元对第一信息进行签名,得到第一SPDU,其中,第一SPDU包含第一信息。需要说明的是,第一SPDU的格式为车联网通信系统中的通信协议所规定的安全消息格式,故第一SPDU可作为车联网通信系统中的安全消息,在车联网通信系统中的设备内部以及设备之间传输。
接着,第一设备的第一计算单元将第一SPDU发送至第一设备的第一通信单元,以使得第一设备的第一通信单元将第一SPDU发送至第二设备。
最后,第二设备的第二通信单元接收到第一SPDU后,可对第一SPDU进行第二签名验证,若第二签名验证成功,证明第一SPDU中的第一信息未被篡改,则第二设备的第二通信单元将第一SPDU转发至第二设备的第二计算单元,若第二签名验证失败,证明第一SPDU中的第一信息在到达第二设备之前(即第一信息在第一设备内部传输的过程以及第一设备和第二设备之间传输的过程中),已经遭受到攻击者的篡改,故第二设备的第二通信单元不会将第一SPDU发送至第二设备的第二计算单元。进一步地,第二设备的第二计算单元接收到第一SPDU后,也对第一SPDU进行第一签名验证(第一签名验证和第二签名验证可为相同的签名验证操作),若第一签名验证成功,证明第一信息未被篡改,则第二设备的第二计算单元则确定第一SPDU中的第一信息可用,若第一签名验证失败,证明第一信息在第二设备内部传输的过程中,遭受到攻击者的篡改,故第二设备的第二计算单元则确定第一SPDU中的第一信息不可用。
本申请提供的安全机制中,由第一设备的第一计算单元对第一信息进行签名,第一设备的第一通信单元不对第一信息进行签名,将第一SPDU透传至第二设备。第二设备的第二通信单元和第二设备的第二计算单元会对第一SPDU进行相同的签名验证,第二设备的第二通信单元可基于签名验证的结果确定是否将第一信息透传至第二设备的第二计算单元,第二设备的第二计算单元可基于签名验证的结果确定第一信息是否可用。在本申请中,第一设备的第一计算单元和第二设备的第二计算单元可复用现有技术中第一设备的第一通信单元和第二设备的第二通信单元之间所使用的数字签名技术,即在传输第一信息的过程中,第一设备的第一计算单元对第一信息进行签名得到第一SPDU,且第二设备的第二计算单元对第一SPDU进行签名验证,以最终确定第一SPDU中的第一信息是否可用,从而确保第一信息在整条传输链路中的安全传输。在该过程中,第一设备的第一通信单元和第二设备的第二通信单元仅需实现第一SPDU的透传,故两个设备的通信单元保持现有的功能安全等级即可,不需重新进行改进。可见,本申请仅需对第一设备的第一计算单元和第二设备的第二计算单元重新进行设计,即可保证V2X信息在整条传输链路中的安全传输,所需的成本较低,易于推广和实现。更进一步地,本申请能够使得整条传输链路使用同一套数字签名技术,故不需对现有的V2X通信协议作出任何改变,使得方案更容易落地商用。
在一种可能的实现方式中,第一计算单元对第一信息进行签名,得到第一SPDU具体包括:第一计算单元根据预置的第一安全证书对第一信息进行签名,得到第一信息的签 名;第一计算单元根据第一信息、第一信息的签名以及第一安全证书生成第一SPDU,第一SPDU包括第一信息、第一信息的签名以及第一安全证书。前述实现方式中,第一设备的第一计算单元在获取第一信息后,可直接利用第一安全证书对第一信息进行签名计算,得到第一信息的签名。然后,第一设备的第一计算单元可将第一信息、第一信息的签名以及第一安全证书封装成第一SPDU,并发送至第一设备的第一通信单元,从而使得第一通信单元将第一SPDU发送至第二设备。如此一来,第二设备得到第一SPDU后,可根据第一安全证书对第一信息的签名进行验证,从而确定第一信息是否被篡改,即第一信息是否可用。
在一种可能的实现方式中,第一计算单元对第一信息进行签名,得到第一SPDU具体包括:第一计算单元根据预置的第一安全证书对第一信息进行签名,得到第一信息的签名;第一计算单元根据第一信息、第一信息的签名以及第一安全证书的摘要生成第一SPDU,第一SPDU包括第一信息、第一信息的签名以及第一安全证书的摘要。前述实现方式中,第一设备的第一计算单元在获取第一信息后,可直接利用第一安全证书对第一信息进行签名计算,得到第一信息的签名。然后,第一设备的第一计算单元可将第一信息、第一信息的签名以及第一安全证书的摘要封装成第一SPDU,并发送至第一设备的第一通信单元,从而使得第一通信单元将第一SPDU发送至第二设备。如此一来,第二设备得到第一SPDU后,可根据第一安全证书的摘要对第一信息的签名进行验证,从而确定第一信息是否被篡改,即第一信息是否可用。
在一种可能的实现方式中,第一设备为车载设备,且第一设备还包括第一网关,则第一计算单元将第一SPDU发送至第一通信单元具体包括:第一计算单元将第一SPDU发送至第一网关,以使得第一网关将第一SPDU发送至第一通信单元。
在一种可能的实现方式中,签名在消息层中进行。
本申请实施例的第二方面提供了一种基于车联网的信息传输方法,该方法通过第二设备实现,第二设备包括第二通信单元和第二计算单元,该方法包括:第二设备的第二通信单元可先接收第一设备的第一通信单元发送的第一SPDU,第一SPDU包含第一信息,第一信息用于指示第一设备的周围情况或第一设备的状态中的至少一项。然后,第二设备的第二通信单元将第一SPDU发送至第二设备的第二计算单元。第二设备的第二计算单元得到第一SPDU后,则对第一SPDU进行第一签名验证,并根据第一签名验证的结果,确定第一SPDU中的第一信息是否可用。具体地,若第二设备的第二计算单元所进行的第一签名验证成功,证明第一信息未被篡改,则第二设备的第二计算单元则确定第一SPDU中的第一信息可用,若第二设备的第二计算单元所进行的第一签名验证失败,证明第一信息遭受到攻击者的篡改,则第二设备的第二计算单元确定第一SPDU中的第一信息不可用。
在本申请中,第一设备的第一计算单元和第二设备的第二计算单元可复用现有技术中第一设备的第一通信单元和第二设备的第二通信单元之间所使用的数字签名技术,即在传输第一信息的过程中,第一设备的第一计算单元对第一信息进行签名得到第一SPDU,且第二设备的第二计算单元对第一SPDU进行签名验证,以最终确定第一SPDU中的第一信息是否可用,从而确保第一信息在整条传输链路中的安全传输。在该过程中,第一设备的第一通信单元和第二设备的第二通信单元仅需实现第一SPDU的透传,故两个设备的通信单元 保持现有的功能安全等级即可,不需重新进行改进。可见,本申请仅需对第一设备的第一计算单元和第二设备的第二计算单元重新进行设计,即可保证V2X信息在整条传输链路中的安全传输,所需的成本较低,易于推广和实现。更进一步地,本申请能够使得整条传输链路使用同一套数字签名技术,故不需对现有的V2X通信协议作出任何改变,使得方案更容易落地商用。
在一种可能的实现方式中,在第二通信单元向第二计算单元发送第一SPDU之前,该方法还包括:第二通信单元对第一SPDU进行第二签名验证,并确定第二签名验证成功。前述实现方式中,第二设备的第二通信单元接收到第一SPDU后,可对第一SPDU进行第二签名验证,若第二签名验证成功,证明第一SPDU中的第一信息未被篡改,则第二设备的第二通信单元将第一SPDU转发至第二设备的第二计算单元,若第二签名验证失败,证明第一SPDU中的第一信息在到达第二设备之前(即第一信息在第一设备内部传输的过程以及第一设备和第二设备之间传输的过程中),已经遭受到攻击者的篡改,故第二设备的第二通信单元不会将第一SPDU发送至第二设备的第二计算单元。
在一种可能的实现方式中,第一SPDU还包括第一信息的签名以及第一安全证书,第二计算单元对第一SPDU进行第一签名验证具体包括:第二计算单元根据第一SPDU中的第一安全证书,对第一SPDU中的第一信息的签名进行验证。前述实现方式中,第二设备得到第一SPDU后,可根据第一安全证书对第一信息的签名进行验证,从而确定第一信息是否被篡改,即第一信息是否可用。
在一种可能的实现方式中,第一SPDU还包括第一信息的签名以及第一安全证书的摘要,第二计算单元对第一SPDU进行第一签名验证具体包括:第二计算单元根据第一SPDU中的第一安全证书的摘要,对第一SPDU中的第一信息的签名进行验证。前述实现方式中,第二设备得到第一SPDU后,可根据第一安全证书的摘要对第一信息的签名进行验证,从而确定第一信息是否被篡改,即第一信息是否可用。
在一种可能的实现方式中,第二设备为车载设备,且第二设备还包括第二网关,则第二通信单元将第一SPDU发送至第二计算单元具体包括:第二通信单元将第一SPDU发送至第二网关,以使得第二网关将第一SPDU发送至第二计算单元。
在一种可能的实现方式中,第一签名验证在消息层中进行。
本申请实施例的第三方面提供了一种基于车联网的信息传输装置,该装置即为前述的第一设备,该装置包括第一通信单元和第一计算单元;第一计算单元,用于获取第一信息,第一信息用于指示第一设备的周围情况或第一设备的状态中的至少一项;第一计算单元,还用于对第一信息进行签名,得到第一安全协议数据单元SPDU,第一SPDU包含第一信息;第一计算单元,还用于将第一SPDU发送至第一通信单元;第一通信单元,用于将第一SPDU发送至第二设备。
在一种可能的实现方式中,第一计算单元,具体用于:根据预置的第一安全证书对第一信息进行签名,得到第一信息的签名;根据第一信息、第一信息的签名以及第一安全证书生成第一SPDU,第一SPDU包括第一信息、第一信息的签名以及第一安全证书;或,根据第一信息、第一信息的签名以及第一安全证书的摘要生成第一SPDU,第一SPDU包括第 一信息、第一信息的签名以及第一安全证书的摘要。
在一种可能的实现方式中,该装置为车载设备,且该装置还包括第一网关,则第一计算单元,具体用于将第一SPDU发送至第一网关,以使得第一网关将第一SPDU发送至第一通信单元。
在一种可能的实现方式中,签名在消息层中进行。
本申请实施例的第四方面提供了一种基于车联网的信息传输装置,该装置即为前述的第二设备,该装置包括第二通信单元和第二计算单元;第二通信单元,用于从第一设备接收第一SPDU,第一SPDU包含第一信息,第一信息用于指示第一设备的周围情况或第一设备的状态中的至少一项;第二通信单元,还用于将第一SPDU发送至第二计算单元;第二计算单元,用于对第一SPDU进行第一签名验证;第二计算单元,还用于根据第一签名验证的结果,确定第一SPDU中的第一信息是否可用。
在一种可能的实现方式中,第二通信单元,还用于对第一SPDU进行第二签名验证,并确定第二签名验证成功。
在一种可能的实现方式中,第一SPDU还包括第一信息的签名以及第一安全证书,第二计算单元,具体用于根据第一SPDU中的第一安全证书,对第一SPDU中的第一信息的签名进行验证;或者,第一SPDU还包括第一信息的签名以及第一安全证书的摘要,第二计算单元,具体用于根据第一SPDU中的第一安全证书的摘要,对第一SPDU中的第一信息的签名进行验证。
在一种可能的实现方式中,第二设备为车载设备,且第二设备还包括第二网关,则第二通信单元,具体用于将第一SPDU发送至第二网关,以使得第二网关将第一SPDU发送至第二计算单元。
在一种可能的实现方式中,第一签名验证在消息层中进行。
本申请实施例的第五方面提供了一种基于车联网的信息传输装置,该装置包括:处理器和存储器;存储器用于存储计算机执行指令;处理器用于执行存储器所存储的计算机执行指令,以使该装置实现如第一方面或第一方面中任意一项可能的实现方式所述的方法。
本申请实施例的第六方面提供了一种基于车联网的信息传输装置,该装置包括:处理器和存储器;存储器用于存储计算机执行指令;处理器用于执行存储器所存储的计算机执行指令,以使该装置实现如第二方面或第二方面中任意一项可能的实现方式所述的方法。
本申请实施例的第七方面提供了一种基于车联网的信息传输系统,该系统包括如第三方面或第三方面中任意一项可能的实现方式所述的装置和如第四方面或第四方面中任意一项可能的实现方式所述的装置。
本申请实施例的第八方面提供了一种基于车联网的信息传输系统,该系统包括如第五方面所述的装置和如第六方面所述的装置。
本申请实施例的第九方面提供了一种计算机可读存储介质,其特征在于,所述计算机可读存储介质存储有计算机程序,所述计算机程序被处理器执行以实现如第一方面、第一方面中任意一项可能的实现方式、第二方面、第二方面中任意一项可能的实现方式所述的方法。
本申请实施例的第十方面提供了一种包含指令的计算机程序产品当所述计算机程序产品在处理器上运行时,使得所述基于车联网的信息传输装置执行如第一方面、第一方面中任意一项可能的实现方式、第二方面、第二方面中任意一项可能的实现方式所述的方法。
本申请实施例中,第一设备的第一计算单元和第二设备的第二计算单元可复用现有技术中第一设备的第一通信单元和第二设备的第二通信单元之间所使用的数字签名技术,即在传输第一信息的过程中,第一设备的第一计算单元对第一信息进行签名得到第一SPDU,且第二设备的第二计算单元对第一SPDU进行签名验证,以最终确定第一SPDU中的第一信息是否可用,从而确保第一信息在整条传输链路中的安全传输。在该过程中,第一设备的第一通信单元和第二设备的第二通信单元仅需实现第一SPDU的透传,故两个设备的通信单元保持现有的功能安全等级即可,不需重新进行改进。可见,本申请仅需对第一设备的第一计算单元和第二设备的第二计算单元重新进行设计,即可保证V2X信息在整条传输链路中的安全传输,所需的成本较低,易于推广和实现。更进一步地,本申请能够使得整条传输链路使用同一套数字签名技术,故不需对现有的V2X通信协议作出任何改变,使得方案更容易落地商用。
附图说明
图1为车路协同场景的一个示意图;
图2为车车协同场景的一个示意图;
图3为本申请实施例提供的基于车联网的信息传输方法的一个流程示意图;
图4为本申请实施例提供的基于车联网的信息传输方法的一个应用例示意图;
图5为本申请实施例提供的基于车联网的信息传输方法的另一应用例示意图;
图6为本申请实施例提供的基于车联网的信息传输装置的一个结构示意图;
图7为本申请实施例提供的基于车联网的信息传输装置的另一结构示意图;
图8为本申请实施例提供的基于车联网的信息传输装置的又一结构示意图;
图9为本申请实施例提供的基于车联网的信息传输装置的又一结构示意图。
具体实施方式
下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行详细描述。
本申请的说明书和权利要求书及上述附图中的术语“第一”、“第二”等是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。应该理解这样使用的术语在适当情况下可以互换,这仅仅是描述本申请的实施例中对相同属性的对象在描述时所采用的区分方式。此外,术语“包括”和“具有”并他们的任何变形,意图在于覆盖不排他的包含,以便包含一系列单元的过程、方法、系统、产品或设备不必限于那些单元,而是可包括没有清楚地列出的或对于这些过程、方法、产品或设备固有的其它单元。
本申请实施例应用于车联网通信系统中。车联网通信系统通常包含多个车载设备和多个路侧设备,任意两个设备之间可实现信息传输。其中,车载设备包含车载单元(on-board unit,OBU)和车载计算单元,OBU例如可以通过远程信息处理器(telematics  box,T-BOX)等形式呈现,值得注意的是,T-BOX可支持至少一种通信接口,例如,直连通信接口(PC5接口)、蜂窝通信接口(Uu接口)等等。车载计算单元(in-vehicle computing platform,IVCP)可以通过智能驾驶、智能座舱、智能车控等领域的计算平台等形式呈现。路侧设备包含路侧通信单元(road side unit,RSU)和路侧计算单元,路侧计算单元可以通过交通灯信号机、各种路侧感知设备(例如,传感器、毫米波雷达、激光雷达、摄像头等)或各种路侧定位设备等形式呈现。
对于某个车载设备的OBU而言,该车载设备的OBU可与另一车载设备的OBU进行通信,从而实现两个车载设备之间的通信。该车载设备的OBU还可与某个路侧设备的RSU进行通信,从而实现某个车载设备与某个路侧设备之间的通信。同样地,对于某个路侧设备的RSU而言,该路侧设备的RSU可与另一路侧设备的RSU进行通信,从而实现两个路侧设备之间的通信。需要说明的是,某个车载设备也可等同于某个车辆,例如,两个车载设备之间的通信可等同于两个车辆之间的通信,又如,某个车载设备与某个路侧设备之间的通信也可等同于某个车辆与某个路侧设备之间的通信,再如,某个车载设备的状态也等同于某个车辆的状态等等,后续不再赘述。
对于某个车载设备的IVCP而言,该车载设备的IVCP可获取该车载设备的周围情况或该车载设备的状态中的至少一项,并通过该车载设备的OBU进行广播。该车载设备的周围情况通常指该车载设备周围的障碍物以及交通参与者等等,例如,该车载设备前方出现车祸的车辆,该车载设备所在道路上的路障,该车载设备附近的行人、自行车、车辆等等。该车载设备的状态可以指该车载设备的未来状态,例如,该车载设备准备往左行驶(即准备左拐),该车载设备准备变道等等。
对于某个路侧设备的路侧计算单元而言,该路侧设备的路侧计算单元可获取该路侧设备的周围情况或该路侧设备的状态中的至少一项,并通过该路侧设备的RSU进行广播。该路侧设备的周围情况通常指该路侧设备周围的障碍物以及交通参与者等等,例如,该路侧设备前方出现车祸的车辆,该路侧设备所在道路上的路障,该路侧设备附近的行人、自行车、车辆等等。该路侧设备的状态通常指该路侧设备的路侧计算单元的当前状态,例如,设备路侧设备包含RSU和信号机,路侧设备的状态指信号机输出的当前信号的颜色等等。
基于上述介绍,不同类型的设备之间可实现多种应用场景,例如,车载设备和路侧设备之间可实现车路协同场景,车载设备与车载设备之间可实现车车协同场景等等。为了进一步理解前述的场景,下文结合图1和图2分别对车路协同场景、车车协同场景进行简单的介绍:
图1为车路协同场景的一个示意图。如图1所示,路侧设备A的路侧计算单元可获取用于指示路侧设备A的周围情况(如图1所示,路侧设备A附近存在车载设备C、车载设备D、行人E和自行车F等等)的信息,并将该信息发送至路侧设备A的RSU。然后,路侧设备A的RSU对该信息进行签名,得到包含该信息的SPDU,并将SPDU发送至车载设备B的OBU。接着,车载设备B的OBU对SPDU进行签名验证,若签名验证成功,则从SPDU中获取该信息,并将该信息转发至车载设备B的IVCP,以使得车载设备B的IVCP基于该信息对车载设备B所在的车辆进行正确的控制(例如,进行路径规划、车速控制等等),若 签名失败,车载设备B的OBU则不会将该信息发送至车载设备B的IVCP,从而避免危险。
图2为车车协同场景的一个示意图。如图2所示,车载设备X的IVCP可获取用于指示车载设备X的周围情况(如图2所示,路侧设备X附近存在车载设备Z和行人O等等)的信息,并将该信息发送至车载设备X的OBU。然后,车载设备X的OBU对该信息进行签名,得到包含该信息的SPDU,并将SPDU发送至车载设备Y的OBU。接着,车载设备Y的OBU对SPDU进行签名验证,若签名验证成功,则从SPDU中获取该信息,并将该信息转发至车载设备Y的IVCP,以使得车载设备Y的IVCP基于该信息对车载设备Y所在的车辆进行控制,若签名失败,车载设备Y的OBU则不会将该信息发送至车载设备Y的IVCP,从而避免危险。
为了方便说明,下面以车车协同的场景为例进行介绍。基于图2可知,在现有的安全机制中,车载设备X的OBU与车载设备Y的OBU通过数字签名技术,保证了信息在设备之间的安全传输,可满足一定的功能安全需求。具体地,若信息在设备之间传输时被篡改,车载设备Y的OBU也可通过签名验证的结果及时发现该情况,故车载设备Y的OBU不会将篡改后的信息发送至车载设备Y的IVCP,避免IVCP基于篡改后的信息对车载设备B所在的车辆进行错误的控制,从而避免一系列功能安全问题的发生。然而,在车载设备X的IVCP将信息发送至车载设备X的OBU的过程中,若该信息遭受攻击者的篡改,车载设备X的OBU依旧会对篡改后的信息进行签名,得到包含篡改后的信息的SPDU,并将该SPDU发送至车载设备Y的OBU。车载设备Y的OBU对SPDU进行签名验证,在签名验证成功后,车载设备Y的OBU则将篡改后的信息发送至车载设备Y的IVCP,导致车载设备Y的IVCP使用篡改后的信息,对自身的运动决策做出错误的调整,从而增加行车危险,即存在一定的功能安全问题。
可见,现有的安全机制无法确保信息在设备内部的安全传输,若信息在设备内部传输时被篡改,则会导致设备出现功能安全问题。在常规的改进手段中,若要确保信息在设备内部的安全传输,则需要将车载设备X的IVCP、车载设备X的OBU、车载设备Y的OBU以及车载设备Y的IVCP按ISO26262体系重新进行设计和开发,使各个单元均达到更高的功能安全等级ASIL-B,从而确保信息能在整条传输链路中安全传输,满足更高的功能安全需求。但是,这样的改进手段所耗费的硬件成本过高,不利于车联网通信系统的商用落地。
为了解决上述问题,本申请实施例提供了一种基于车联网的信息传输方法。该方法可通过车联网通信系统中的任意一个车载设备或任意一个路侧设备实现,为了便于说明,可从车联网通信系统中的多个车载设备和多个路侧设备中,选择其中两个设备(分别称为第一设备和第二设备)进行介绍。第一设备可与第二设备实现信息传输,当第一设备作为信息的发送端时,第二设备作为信息的接收端,当第一设备作为信息的接收端时,第二设备作为信息的发送端。
下文先以第一设备为发送端作为例子进行介绍,需要说明的是,当第一设备为发送端时,若第一设备为车载设备,则第二设备为路侧设备或车载设备,若第一设备为路侧设备,第二设备为车载设备。当第一设备为车载设备时,第一设备的第一通信单元为OBU,第一设备的第一计算单元为IVCP。当第一设备为路侧设备时,第一设备的第一通信单元为 RSU,第一设备的第一计算单元为路侧计算单元,值得注意的是,第一通信单元和第一计算单元可部署于同一物理模块上,例如同一个芯片或者同一个部件,也可以分别部署于不同的物理模块上。同样地,第二设备的第二通信单元和第二计算单元也是如此,此处不再赘述。图3为本申请实施例提供的基于车联网的信息传输方法的一个流程示意图,如图3所示,该方法包括:
301、第一设备的第一计算单元获取第一信息,第一信息用于指示第一设备的周围情况或第一设备的状态中的至少一项。
本实施例中,当第一设备的第一计算单元的处理器开始运行后,可呈现为一个协议栈。第一设备的第一计算单元的协议栈包含应用层和消息层等等,每一层均对应各自的通信协议,例如,消息层所对应的通信协议为《基于长期演进(long term evolution,LTE)的车联网无线通信技术消息层技术要求》。当第一设备的第一计算单元需要将感知融合信息(用于指示第一设备的周围情况)或协同控制信息(用于指示第一设备的状态)中的至少一项发送给第二设备时,第一设备的第一计算单元的应用层可先获取第一信息,第一信息用于指示第一设备的周围情况或第一设备的状态中的至少一项。然后,第一设备的第一计算单元的应用层将第一信息发送至第一设备的第一计算单元的消息层。
302、第一设备的第一计算单元对第一信息进行签名,得到第一SPDU,第一SPDU包含第一信息。
第一设备的第一计算单元的消息层得到第一信息后,可对第一消息进行签名,从而得到第一SPDU,第一SPDU包含第一信息。具体地,第一设备的第一计算单元的消息层可通过多种方式得到第一SPDU,下文将分别进行介绍:
在一种可能的实现方式中,第一设备的第一计算单元的消息层根据预置的第一安全证书对第一信息进行签名,得到第一信息的签名。然后,第一设备的第一计算单元的消息层根据第一信息、第一信息的签名以及第一安全证书生成第一SPDU,第一SPDU包括第一信息、第一信息的签名以及第一安全证书。具体地,第一设备的第一计算单元的消息层获取预置的第一安全证书(预置于第一设备内的安全证书,该证书符合车联网安全机制的要求),然后对第一安全证书和第一信息分别进行计算,得到第一安全证书的摘要以及第一信息的摘要。接着,第一设备的第一计算单元的消息层对第一安全证书的摘要以及第一信息的摘要进行二次计算,得到第一信息的签名。最后,第一设备的第一计算单元的消息层将第一信息、第一信息的签名以及第一安全证书按车联网的安全消息格式进行封装,得到第一SPDU。
在另一种可能的实现方式中,第一设备的第一计算单元的消息层根据预置的第一安全证书对第一信息进行签名,得到第一信息的签名。然后,第一设备的第一计算单元的消息层根据第一信息、第一信息的签名以及第一安全证书的摘要生成第一SPDU,第一SPDU包括第一信息、第一信息的签名以及第一安全证书的摘要。具体地,第一设备的第一计算单元的消息层获取预置的第一安全证书,然后对第一安全证书和第一信息分别进行计算,得到第一安全证书的摘要以及第一信息的摘要。接着,第一设备的第一计算单元的消息层对第一安全证书的摘要以及第一信息的摘要进行二次计算,得到第一信息的签名。最后,第 一设备的第一计算单元的消息层将第一信息、第一信息的签名以及第一安全证书的摘要按车联网的安全消息格式进行封装,得到第一SPDU。
值得注意的是,第一SPDU的消息格式符合消息层对应的通信协议的规定。
303、第一设备的第一计算单元将第一SPDU发送至第一设备的第一通信单元。
本实施例中,第一设备的第一通信单元的处理器运行后,可呈现为一个协议栈。第一设备的第一通信单元的协议栈包含应用层、消息层、网络层和接入层等等,每一层均对应各自的通信协议。一般地,无论是第一设备还是第二设备,各个单元(包含通信单元和计算单元)的协议栈之间,相同层所对应的通信协议通常是相同的。例如,通信单元(无论是第一设备的第一通信单元还是第二设备的第一通信单元)的应用层对应的通信协议与计算单元(无论是第一设备的第一计算单元还是第二设备的第一计算单元)的应用层对应的通信协议相同,通信单元的消息层对应的通信协议与计算单元的消息层对应的通信协议相同等等,后续不再赘述。
第一设备的第一计算单元的消息层得到第一SPDU后,第一设备的第一计算单元的消息层将第一SPDU发送至第一设备的第一通信单元的消息层。具体地,第一设备的第一计算单元与第一设备的第一通信单元之间可通过多个方式进行信息传输,下文将分别进行介绍:
在一种可能的实现方式中,当第一设备为车载设备时,且第一设备还包含第一网关(车载网关),故第一设备的第一计算单元的消息层可通过车内的以太网,将第一SPDU发送至第一设备的第一网关,第一设备的第一网关再将第一SPDU转发至第一设备的第一通信单元的消息层。
在另一种可能的实现方式中,当第一设备为路侧设备时,第一设备的第一计算单元的消息层可通过以太网或其他物理总线,将第一SPDU发送至第一设备的第一通信单元的消息层。
304、第一设备的第一通信单元将第一SPDU发送至第二设备的第二通信单元。
第一设备的第一通信单元的消息层得到第一SPDU后,可将第一SPDU发送至第一设备的第一通信单元的网络层,该网络层可对第一SPDU做进一步的封装,得到封装后的第一SPDU,然后将封装后的第一SPDU发送至第一设备的第一通信单元的接入层,使得第一设备的第一通信单元的接入层将封装后的第一SPDU发送至第二设备的第二通信单元。
可以理解的是,第二设备的第二通信单元的处理器运行后,也可呈现为一个协议栈。第二设备的第二通信单元的协议栈可参考第一设备的第一通信单元的协议栈的相关说明。同理,第二设备的第二计算单元的协议栈也可参考第一设备的第一计算单元的协议栈的相关说明,此处不再赘述。因此,第二设备的第二通信单元的接收层可接收封装后的第一SPDU,然后将封装后的第一SPDU发送至第二设备的第二通信单元的网络层,该网络层可对封装后的第一SPDU进行解封装,得到第一SPDU,然后将第一SPDU发送至第二设备的第二通信单元的消息层。
305、第二设备的第二通信单元对第一SPDU进行第二签名验证。
第二设备的第二通信单元的消息层得到第一SPDU后,则对第一SPDU进行第二签名验 证,从而确定第一SPDU中的第一消息是否可用。具体地,第二设备的第二通信单元可通过多种方式对第一SPDU进行第二签名验证,下文将分别进行介绍:
在一种可能的实现方式中,若第一SPDU包含第一信息、第一信息的签名以及第一安全证书,则第二设备的第二通信单元的消息层根据第一SPDU中的第一安全证书对第一SPDU中的第一信息的签名进行验证。具体地,第二设备的第二通信单元的消息层解析第一SPDU,得到第一信息、第一信息的签名以及第一安全证书。然后,第二设备的第二通信单元的消息层对第一信息以及第一安全证书分别进行计算,得到第一安全证书的摘要和第一信息的摘要。接着,第二设备的第二通信单元的消息层对第一信息的摘要和第一安全证书的摘要进行二次计算,得到用于验证的签名。最后,第二设备的第二通信单元的消息层将用于验证的签名与第一信息的签名进行比对,若二者相同,则第二签名验证成功,若二者不相同,则第二签名验证失败。
在另一种可能的实现方式中,若第一SPDU包含第一信息、第一信息的签名以及第一安全证书的摘要,则第二设备的第二通信单元的消息层根据第一SPDU中的第一安全证书的摘要对第一SPDU中的第一信息的签名进行验证。具体地,第二设备的第二通信单元的消息层解析第一SPDU,得到第一信息、第一信息的签名以及第一安全证书的摘要。然后,第二设备的第二通信单元的消息层对第一信息进行计算,得到第一信息的摘要。接着,第二设备的第二通信单元的消息层对第一信息的摘要和第一安全证书的摘要进行二次计算,得到用于验证的签名。最后,第二设备的第二通信单元的消息层将用于验证的签名与第一信息的签名进行比对,若二者相同,则第二签名验证成功,若二者不相同,则第二签名验证失败。
值得注意的是,第二设备的第二通信单元也可不对第一SPUD进行第二签名验证,将第一SPDU直接透传至第二设备的第二计算单元。
306、若第二签名验证成功,则第二设备的第二通信单元将第一SPDU发送至第二设备的第二计算单元。
若第二设备的第二通信单元所进行的第二签名验证成功,则可确定第一SPDU中的第一信息是原始信息,并未被篡改过。因此,第二设备的第二通信单元的消息层可将第一SPDU发送至第二设备的第二计算单元的消息层。
若第二设备的第二通信单元所进行的第二签名验证失败,则可确定在第一设备的第一计算单元将第一SPDU发送至第一设备的第一通信单元的过程中,或,在第一设备的第一通信单元的通信单元将第一SPDU发送至第二设备的第二通信单元的过程中,第一信息遭受到攻击者的篡改。那么,第二设备的第二通信单元则确定第一信息不可用,不会将第一SPDU发送至第二设备的第二计算单元。
需要说明的是,第二设备的第二通信单元与第二设备的第二计算单元之间的信息传输方式可参考步骤303中,第一设备的第一通信单元与第一设备的第一计算单元之间的信息传输方式,此处不赘述。
307、第二设备的第二计算单元对第一SPDU进行第一签名验证。
第二设备的第二计算单元的消息层得到第一SPDU后,则对第一SPDU进行第一签名验 证,从而确定第一SPDU中的第一消息是否可用。具体地,第二设备的第二计算单元可通过多种方式对第一SPDU进行第一签名验证,下文将分别进行介绍:
在一种可能的实现方式中,若第一SPDU包含第一信息、第一信息的签名以及第一安全证书,则第二设备的第二计算单元的消息层根据第一SPDU中的第一安全证书对第一SPDU中的第一信息的签名进行验证。具体地,第二设备的第二计算单元的消息层解析第一SPDU,得到第一信息、第一信息的签名以及第一安全证书。然后,第二设备的第二计算单元的消息层对第一信息以及第一安全证书分别进行计算,得到第一安全证书的摘要和第一信息的摘要。接着,第二设备的第二计算单元的消息层对第一信息的摘要和第一安全证书的摘要进行二次计算,得到用于验证的签名。最后,第二设备的第二计算单元的消息层将用于验证的签名与第一信息的签名进行比对,若二者相同,则第一签名验证成功,若二者不相同,则第一签名验证失败。
在另一种可能的实现方式中,若第一SPDU包含第一信息、第一信息的签名以及第一安全证书的摘要,则第二设备的第二计算单元的消息层根据第一SPDU中的第一安全证书的摘要对第一SPDU中的第一信息的签名进行验证。具体地,第二设备的第二计算单元的消息层解析第一SPDU,得到第一信息、第一信息的签名以及第一安全证书的摘要。然后,第二设备的第二计算单元的消息层对第一信息进行计算,得到第一信息的摘要。接着,第二设备的第二计算单元的消息层对第一信息的摘要和第一安全证书的摘要进行二次计算,得到用于验证的签名。最后,第二设备的第二计算单元的消息层将用于验证的签名与第一信息的签名进行比对,若二者相同,则第一签名验证成功,若二者不相同,则第一签名验证失败。
308、若第一签名验证成功,则第二设备的第二计算单元确定第一SPDU中的第一信息可用。
若第二设备的第二计算单元所进行的第一签名验证成功,则可确定第一SPDU中的第一信息是原始信息,并未被篡改过。因此,第二设备的第二计算单元的消息层第一信息发送至第二设备的第二计算单元的应用层,使得应用层基于第一信息实现感知融合和协同车控等应用,从而使得第二设备的第二计算单元的应用层对第二设备的运动决策做出正确的调整。
若第二设备的第二计算单元所进行的第一签名验证失败,则可确定在第二设备的第二通信单元将第一SPDU发送至第二设备的第二计算单元的过程中,第一信息遭受到攻击者的篡改。那么,第二设备的第二计算单元的消息层则确定第一信息不可用,不会将第一信息发送至第二设备的第二计算单元的应用层,故第一信息无法参与感知融合和协同车控等应用。此外,第二设备的第二计算单元的消息层还可向第二设备的第二计算单元的应用层报告验签失败的原因。如此一来,第二设备的第二计算单元的应用层在实现感知融合和协同车控等应用时,不会使用被篡改的信息,故第二设备的第二计算单元的应用层可对第二设备的运动决策做出正确的调整。
本实施例中,第一设备的第一计算单元可对获取到的第一信息进行签名,得到第一SPDU,并将第一SPDU发送至第一设备的第一通信单元。第一设备的第一通信单元再将第 一SPDU发送至第二设备。第二设备的第二通信单元接收到第一SPDU后,可对第一SPDU进行签名验证,若签名验证成功,证明第一SPDU中的第一信息未被篡改,则第二设备的第二通信单元将第一SPDU转发至第二设备的第二计算单元,若签名验证失败,证明第一SPDU中的第一信息在到达第二设备之前(即第一信息在第一设备内部传输的过程以及第一设备和第二设备之间传输的过程中),已经遭受到攻击者的篡改,故第二设备的第二通信单元不会将第一SPDU发送至第二设备的第二计算单元。进一步地,第二设备的第二计算单元接收到第一SPDU后,也对第一SPDU进行相同的签名验证,若签名验证成功,证明第一信息未被篡改,则第二设备的第二计算单元则确定第一SPDU中的第一信息可用,若签名验证失败,证明第一信息在第二设备内部传输的过程中,遭受到攻击者的篡改,故第二设备的第二计算单元则确定第一SPDU中的第一信息不可用。
本申请提供的安全机制中,由第一设备的第一计算单元对第一信息进行签名,第一设备的第一通信单元不对第一信息进行签名,将第一SPDU透传至第二设备。第二设备的第二通信单元和第二设备的第二计算单元会对第一SPDU进行相同的签名验证,第二设备的第二通信单元可基于签名验证的结果确定是否将第一信息透传至第二设备的第二计算单元,第二设备的第二计算单元可基于签名验证的结果确定第一信息是否可用。在本申请中,第一设备的第一计算单元和第二设备的第二计算单元可复用现有技术中第一设备的第一通信单元和第二设备的第二通信单元之间所使用的数字签名技术,即在传输第一信息的过程中,第一设备的第一计算单元对第一信息进行签名得到第一SPDU,且第二设备的第二计算单元对第一SPDU进行签名验证,以最终确定第一SPDU中的第一信息是否可用,从而确保第一信息在整条传输链路中的安全传输。在该过程中,第一设备的第一通信单元和第二设备的第二通信单元仅需实现第一SPDU的透传,故两个设备的通信单元保持现有的功能安全等级即可,不需重新进行改进。可见,本申请仅需对第一设备的第一计算单元和第二设备的第二计算单元重新进行设计,即可保证V2X信息在整条传输链路中的安全传输,所需的成本较低,易于推广和实现。更进一步地,本申请能够使得整条传输链路使用同一套数字签名技术,故不需对现有的V2X通信协议作出任何改变,使得方案更容易落地商用。
综上所述,在发送端的计算单元将信息发送至接收端的计算单元的过程中,由发送端的计算单元对信息执行签名。因此,在信息传输的任意一个环节,若信息被篡改,接收端的通信单元和计算单元均可通过执行相同的签名验证操作,从而及时发现信息被篡改的情况,确保接收端不会使用篡改后的信息对自身的运动决策做出错误,避免接收端出现功能安全问题。
为了进一步理解图3所示的实施例,下文将通过两个具体应用例对本申请实施例提供的基于车联网的信息传输方法作进一步的说明。图4为本申请实施例提供的基于车联网的信息传输方法的一个应用例示意图,如图4所示,在该应用例中,设某一车载设备A为发送端,另一车载设备B为接收端,其中,车载设备A和车载设备B均包含OBU、网关和IVCP,其中,OBU的协议栈包含应用层、消息层、网络层和接入层,IVCP的协议栈包含应 用层和消息层。该应用例包括:
对于车载设备A一侧而言:
当车载设备A的IVCP需要将车载设备A的周围情况或车载设备A的状态中的至少一项告知车载设备B时,车载设备A的IVCP的应用层可获取目标信息,目标信息用于指示车载设备A的周围情况或车载设备A的状态中的至少一项。
然后,IVCP的应用层将目标信息传递至IVCP的消息层,IVCP的消息层可对目标消息进行第一签名,得到具备一定安全消息格式的SPDU,该SPDU包含目标信息、目标信息的签名以及车载设备A的安全证书。
接着,IVCP的消息层通过网关,将SPDU发送至OBU的消息层。OBU的消息层接收到SPDU后,则将SPDU透传至OBU的网络层,使得OBU的网络层将SPDU传递至OBU的接入层,进而使得OBU的接入层将SPDU对外发送至车载设备B。
对于车载设备B一侧而言:
当车载设备B的OBU的接入层接收到SPDU后,则将SPDU发送至OBU的网络层,进而使得网络层将SPDU发送至OBU的消息层。OBU的消息层基于SPDU中所包含的内容,对SPDU进行与第一签名对应的第一验签,以确保SPDU中目标信息未被篡改。若第一验签成功,则将SPDU转发至网关,以使得网关将SPDU发送至IVCP的消息层。若第一验签失败,则不转发SPDU。
IVCP的消息层接收到SPDU后,则基于SPDU中所包含的内容,对SPDU进行与第一签名对应的第一验签,若第一验签成功,则确定目标信息未被篡改,并将目标信息发送至IVCP的应用层,用于参与感知融合和协同控制的应用。若第一验签失败,则确定目标信息已被篡改,则不将目标信息发送至IVCP的应用层,并向应用层报告签名验证失败的原因。
图5为本申请实施例提供的基于车联网的信息传输方法的另一应用例示意图,如图5所示,在该应用例中,设某一路侧设备C为发送端,另一车载设备D为接收端,其中,路侧设备C包含RSU和路侧计算单元,车载设备D均包含OBU、网关和IVCP。
对于路侧设备C一侧而言:
当路侧设备C的路侧计算单元需要将路侧设备C的周围情况或路侧设备C的状态中的至少一项告知车载设备D时,路侧设备C的路侧计算单元的应用层可获取目标信息,目标信息用于指示路侧设备C的周围情况或路侧设备C的状态中的至少一项。
然后,路侧计算单元的应用层将目标信息传递至路侧计算单元的消息层,路侧计算单元的消息层可对目标消息进行第一签名,得到具备一定安全消息格式的SPDU,该SPDU包含目标信息、目标信息的签名以及路侧设备C的安全证书。
接着,路侧计算单元的消息层将SPDU发送至RSU的消息层。RSU的消息层接收到SPDU后,则将SPDU透传至RSU的网络层,使得RSU的网络层将SPDU传递至RSU的接入层,进而使得RSU的接入层将SPDU对外发送至车载设备D。
对于车载设备D一侧而言:
当车载设备D的OBU的接入层接收到SPDU后,则将SPDU发送至OBU的网络层,进而 使得网络层将SPDU发送至OBU的消息层。OBU的消息层基于SPDU中所包含的内容,对SPDU进行与第一签名对应的第一验签,以确保SPDU中目标信息未被篡改。若第一验签成功,则将SPDU转发至网关,以使得网关将SPDU发送至IVCP的消息层。若第一验签失败,则不转发SPDU。
IVCP的消息层接收到SPDU后,则基于SPDU中所包含的内容,对SPDU进行与第一签名对应的第一验签,若第一验签成功,则确定目标信息未被篡改,并将目标信息发送至IVCP的应用层,用于参与感知融合和协同控制的应用。若第一验签失败,则确定目标信息已被篡改,则不将目标信息发送至IVCP的应用层,并向应用层报告签名验证失败的原因。
从上述应用例可知,本申请提供了一种全新的安全机制,仅需将IVCP和路侧计算单元按ISO26262体系重新进行设计和开发,使得IVCP和路侧计算单元达到更高的功能安全等级ASIL-B,而OBU和RSU依旧保持原先的功能安全等级即可。故通过较低的硬件成本,即可保证信息在整个传输链路中的安全传输,且整个传输链路共用同一套数字签名技术,不需对现有的V2X通信协议作出改变,使得方案更容易落地商用。
以上是对本申请实施例提供的基于车联网的信息传输方法所进行的详细说明,以下将本申请实施例提供的基于车联网的信息传输装置进行介绍。图6为本申请实施例提供的基于车联网的信息传输装置的一个结构示意图,如图6所示,该装置即为前述的第一设备,该装置包括第一通信单元601和第一计算单元602;
第一计算单元602,用于获取第一信息,第一信息用于指示第一设备的周围情况或第一设备的状态中的至少一项;
第一计算单元602,还用于对第一信息进行签名,得到第一安全协议数据单元SPDU,第一SPDU包含第一信息;
第一计算单元602,还用于将第一SPDU发送至第一通信单元601;
第一通信单元601,用于将第一SPDU发送至第二设备。
在一种可能的实现方式中,第一计算单元602,具体用于:根据预置的第一安全证书对第一信息进行签名,得到第一信息的签名;根据第一信息、第一信息的签名以及第一安全证书生成第一SPDU,第一SPDU包括第一信息、第一信息的签名以及第一安全证书;或,根据第一信息、第一信息的签名以及第一安全证书的摘要生成第一SPDU,第一SPDU包括第一信息、第一信息的签名以及第一安全证书的摘要。
在一种可能的实现方式中,该装置为车载设备,且该装置还包括第一网关,则第一计算单元602,具体用于将第一SPDU发送至第一网关,以使得第一网关将第一SPDU发送至第一通信单元601。
在一种可能的实现方式中,签名在消息层中进行。
图7为本申请实施例提供的基于车联网的信息传输装置的另一结构示意图,如图7所示,该装置即为前述的第二设备,该装置包括第二通信单元701和第二计算单元702;
第二通信单元701,用于从第一设备接收第一SPDU,第一SPDU包含第一信息,第一信息用于指示第一设备的周围情况或第一设备的状态中的至少一项;
第二通信单元701,还用于将第一SPDU发送至第二计算单元702;
第二计算单元702,用于对第一SPDU进行第一签名验证;
第二计算单元702,还用于根据第一签名验证的结果,确定第一SPDU中的第一信息是否可用。
在一种可能的实现方式中,第二通信单元701,还用于对第一SPDU进行第二签名验证,并确定第二签名验证成功。
在一种可能的实现方式中,第一SPDU还包括第一信息的签名以及第一安全证书,第二计算单元702,具体用于根据第一SPDU中的第一安全证书,对第一SPDU中的第一信息的签名进行验证;或者,第一SPDU还包括第一信息的签名以及第一安全证书的摘要,第二计算单元702,具体用于根据第一SPDU中的第一安全证书的摘要,对第一SPDU中的第一信息的签名进行验证。
在一种可能的实现方式中,第二设备为车载设备,且第二设备还包括第二网关,则第二通信单元701,具体用于将第一SPDU发送至第二网关,以使得第二网关将第一SPDU发送至第二计算单元702。
需要说明的是,上述装置各模块/单元之间的信息交互、执行过程等内容,由于与本申请方法实施例基于同一构思,其带来的技术效果与本申请方法实施例相同,具体内容可参考本申请实施例前述所示的方法实施例中的叙述,此处不再赘述。
图8为本申请实施例提供的基于车联网的信息传输装置的又一结构示意图。如图8所示,本申请实施例中信息传输装置一个实施例可以包括一个或一个以上处理器801,存储器802,输入输出接口803,有线或无线网络接口804,电源805。
存储器802可以是短暂存储或持久存储。更进一步地,处理器801可以配置为与存储器802通信,以执行存储器802中的一系列指令操作。
本实施例中,通过在处理器801上运行存储器802中存储的计算机执行指令,使得所述信息传输装置实现前述图3所示实施例中第一设备所执行的操作,具体此处不再赘述。
图9为本申请实施例提供的基于车联网的信息传输装置的又一结构示意图。如图9所示,本申请实施例中信息传输装置一个实施例可以包括一个或一个以上处理器901,存储器902,输入输出接口903,有线或无线网络接口904,电源905。
存储器902可以是短暂存储或持久存储。更进一步地,处理器901可以配置为与存储器902通信,以执行存储器902中的一系列指令操作。
本实施例中,通过在处理器901上运行存储器902中存储的计算机执行指令,使得所述信息传输装置实现前述图3所示实施例中第二设备所执行的操作,具体此处不再赘述。
本申请实施例还涉及一种基于车联网的信息传输系统,该系统包括如图6所示的装置和如图7所示的装置。
本申请实施例还涉及一种基于车联网的信息传输系统,该系统包括如图8所示的装置和如图9所示的装置。
本申请实施例还涉及一种计算机存储介质,包括计算机可读指令,当计算机可读指令被执行时,实现如图3中第一设备或第二设备所执行的方法步骤。
本申请实施例还涉及一种包含指令的计算机程序产品,当其在计算机上运行时,使得计算机执行如图3中第一设备或第二设备所执行的方法步骤。
所属领域的技术人员可以清楚地了解到,为描述的方便和简洁,上述描述的系统,装置和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。
在本申请所提供的几个实施例中,应该理解到,所揭露的系统,装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。
另外,在本申请各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。
所述集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的全部或部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本申请各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。

Claims (24)

  1. 一种基于车联网的信息传输方法,其特征在于,所述方法通过第一设备实现,所述第一设备包括第一通信单元和第一计算单元,所述方法包括:
    所述第一计算单元获取第一信息,所述第一信息用于指示所述第一设备的周围情况或所述第一设备的状态中的至少一项;
    所述第一计算单元对所述第一信息进行签名,得到第一安全协议数据单元SPDU,所述第一SPDU包含所述第一信息;
    所述第一计算单元将所述第一SPDU发送至所述第一通信单元;
    所述第一通信单元将所述第一SPDU发送至第二设备。
  2. 根据权利要求1所述的方法,其特征在于,所述第一计算单元对所述第一信息进行签名,得到第一SPDU具体包括:
    所述第一计算单元根据预置的第一安全证书对所述第一信息进行签名,得到所述第一信息的签名;
    所述第一计算单元根据所述第一信息、所述第一信息的签名以及所述第一安全证书生成第一SPDU,所述第一SPDU包括所述第一信息、所述第一信息的签名以及所述第一安全证书;
    或,
    所述第一计算单元根据所述第一信息、所述第一信息的签名以及所述第一安全证书的摘要生成第一SPDU,所述第一SPDU包括所述第一信息、所述第一信息的签名以及所述第一安全证书的摘要。
  3. 根据权利要求1或2所述的方法,其特征在于,所述第一设备为车载设备,且所述第一设备还包括第一网关,则所述第一计算单元将所述第一SPDU发送至所述第一通信单元具体包括:
    所述第一计算单元将所述第一SPDU发送至所述第一网关,以使得所述第一网关将所述第一SPDU发送至所述第一通信单元。
  4. 根据权利要求1至3任意一项所述的方法,其特征在于,所述签名在消息层中进行。
  5. 一种基于车联网的信息传输方法,其特征在于,所述方法通过第二设备实现,所述第二设备包括第二通信单元和第二计算单元,所述方法包括:
    所述第二通信单元从第一设备接收第一SPDU,所述第一SPDU包含第一信息,所述第一信息用于指示第一设备的周围情况或所述第一设备的状态中的至少一项;
    所述第二通信单元将所述第一SPDU发送至所述第二计算单元;
    所述第二计算单元对所述第一SPDU进行第一签名验证;
    所述第二计算单元根据所述第一签名验证的结果,确定所述第一SPDU中的所述第一信息是否可用。
  6. 根据权利要求5所述的方法,其特征在于,所述第二通信单元将所述第一SPDU发送至所述第二计算单元之前,所述方法还包括:
    所述第二通信单元对所述第一SPDU进行第二签名验证,并确定所述第二签名验证成 功。
  7. 根据权利要求5或6所述的方法,其特征在于,所述第一SPDU还包括第一信息的签名以及第一安全证书,所述第二计算单元对所述第一SPDU进行第一签名验证具体包括:
    所述第二计算单元根据所述第一SPDU中的所述第一安全证书,对所述第一SPDU中的所述第一信息的签名进行验证;
    或者,第一SPDU还包括第一信息的签名以及所述第一安全证书的摘要,所述第二计算单元对所述第一SPDU进行第一签名验证具体包括:
    所述第二计算单元根据所述第一SPDU中的所述第一安全证书的摘要,对所述第一SPDU中的所述第一信息的签名进行验证。
  8. 根据权利要求5至7任意一项所述的方法,其特征在于,所述第二设备为车载设备,且所述第二设备还包括第二网关,则所述第二通信单元将所述第一SPDU发送至所述第二计算单元具体包括:
    所述第二通信单元将所述第一SPDU发送至所述第二网关,以使得所述第二网关将所述第一SPDU发送至所述第二计算单元。
  9. 根据权利要求5至8任意一项所述的方法,其特征在于,所述第一签名验证在消息层中进行。
  10. 一种基于车联网的信息传输装置,其特征在于,所述装置包括第一通信单元和第一计算单元;
    所述第一计算单元,用于获取第一信息,所述第一信息用于指示所述第一设备的周围情况或所述第一设备的状态中的至少一项;
    所述第一计算单元,还用于对所述第一信息进行签名,得到第一安全协议数据单元SPDU,所述第一SPDU包含所述第一信息;
    所述第一计算单元,还用于将所述第一SPDU发送至所述第一通信单元;
    所述第一通信单元,用于将所述第一SPDU发送至第二设备。
  11. 根据权利要求10所述的装置,其特征在于,所述第一计算单元,具体用于:
    根据预置的第一安全证书对所述第一信息进行签名,得到所述第一信息的签名;
    根据所述第一信息、所述第一信息的签名以及所述第一安全证书生成第一SPDU,所述第一SPDU包括所述第一信息、所述第一信息的签名以及所述第一安全证书;
    或,
    根据所述第一信息、所述第一信息的签名以及所述第一安全证书的摘要生成第一SPDU,所述第一SPDU包括所述第一信息、所述第一信息的签名以及所述第一安全证书的摘要。
  12. 根据权利要求10或11所述的装置,其特征在于,所述装置为车载设备,且所述装置还包括第一网关,则所述第一计算单元,具体用于将所述第一SPDU发送至所述第一网关,以使得所述第一网关将所述第一SPDU发送至所述第一通信单元。
  13. 根据权利要求10至12任意一项所述的装置,其特征在于,所述签名在消息层中进行。
  14. 一种基于车联网的信息传输装置,其特征在于,所述装置包括第二通信单元和第 二计算单元;
    所述第二通信单元,用于从第一设备接收第一SPDU,所述第一SPDU包含第一信息,所述第一信息用于指示第一设备的周围情况或所述第一设备的状态中的至少一项;
    所述第二通信单元,还用于将所述第一SPDU发送至所述第二计算单元;
    所述第二计算单元,用于对所述第一SPDU进行第一签名验证;
    所述第二计算单元,还用于根据所述第一签名验证的结果,确定所述第一SPDU中的所述第一信息是否可用。
  15. 根据权利要求14所述的装置,其特征在于,所述第二通信单元,还用于对所述第一SPDU进行第二签名验证,并确定所述第二签名验证成功。
  16. 根据权利要求14或15所述的装置,其特征在于,所述第一SPDU还包括第一信息的签名以及第一安全证书,所述第二计算单元,具体用于根据所述第一SPDU中的所述第一安全证书,对所述第一SPDU中的所述第一信息的签名进行验证;
    或者,第一SPDU还包括第一信息的签名以及所述第一安全证书的摘要,所述第二计算单元,具体用于根据所述第一SPDU中的所述第一安全证书的摘要,对所述第一SPDU中的所述第一信息的签名进行验证。
  17. 根据权利要求14至16任意一项所述的装置,其特征在于,所述第二设备为车载设备,且所述第二设备还包括第二网关,则所述第二通信单元,具体用于将所述第一SPDU发送至所述第二网关,以使得所述第二网关将所述第一SPDU发送至所述第二计算单元。
  18. 根据权利要求14至17任意一项所述的装置,其特征在于,所述第一签名验证在消息层中进行。
  19. 一种基于车联网的信息传输装置,其特征在于,所述装置包括:处理器和存储器;
    所述存储器用于存储计算机执行指令;
    所述处理器用于执行所述存储器所存储的计算机执行指令,以使所述装置实现如所述权利要求1至4任一项所述的方法。
  20. 一种基于车联网的信息传输装置,其特征在于,所述装置包括:处理器和存储器;
    所述存储器用于存储计算机执行指令;
    所述处理器用于执行所述存储器所存储的计算机执行指令,以使所述装置实现如所述权利要求5至9任一项所述的方法。
  21. 一种基于车联网的信息传输系统,其特征在于,所述系统包括如权利要求10至13任一项所述的装置和如权利要求14至18任一项所述的装置。
  22. 一种基于车联网的信息传输系统,其特征在于,所述系统包括如权利要求19所述的装置和如权利要求20所述的装置。
  23. 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质存储有计算机程序,所述计算机程序被处理器执行以实现如权利要求1-9任意一项所述的方法。
  24. 一种计算机程序产品,当所述计算机程序产品在处理器上运行时,使得所述基于车联网的信息传输装置执行如权利要求1-9任意一项所述的方法。
PCT/CN2021/133057 2020-12-31 2021-11-25 一种基于车联网的信息传输方法及其相关设备 WO2022142895A1 (zh)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202011642315.8A CN114697905A (zh) 2020-12-31 2020-12-31 一种基于车联网的信息传输方法及其相关设备
CN202011642315.8 2020-12-31

Publications (1)

Publication Number Publication Date
WO2022142895A1 true WO2022142895A1 (zh) 2022-07-07

Family

ID=82135466

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/133057 WO2022142895A1 (zh) 2020-12-31 2021-11-25 一种基于车联网的信息传输方法及其相关设备

Country Status (2)

Country Link
CN (1) CN114697905A (zh)
WO (1) WO2022142895A1 (zh)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107682859A (zh) * 2017-08-31 2018-02-09 上海华为技术有限公司 消息处理方法及相关设备
CN108881176A (zh) * 2018-05-28 2018-11-23 惠州市德赛西威汽车电子股份有限公司 一种车联网终端之间安全通信的方法
WO2018221805A1 (ko) * 2017-05-29 2018-12-06 엘지전자(주) V2x 통신 장치 및 그의 보안 통신 방법
CN111786776A (zh) * 2020-06-05 2020-10-16 张国蓉 一种基于车联网技术的安全通信管理系统
US20200334980A1 (en) * 2019-04-16 2020-10-22 Xevo Inc. Systems and methods for adaptive protocol implementation for vehicle head units

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018221805A1 (ko) * 2017-05-29 2018-12-06 엘지전자(주) V2x 통신 장치 및 그의 보안 통신 방법
CN107682859A (zh) * 2017-08-31 2018-02-09 上海华为技术有限公司 消息处理方法及相关设备
CN108881176A (zh) * 2018-05-28 2018-11-23 惠州市德赛西威汽车电子股份有限公司 一种车联网终端之间安全通信的方法
US20200334980A1 (en) * 2019-04-16 2020-10-22 Xevo Inc. Systems and methods for adaptive protocol implementation for vehicle head units
CN111786776A (zh) * 2020-06-05 2020-10-16 张国蓉 一种基于车联网技术的安全通信管理系统

Also Published As

Publication number Publication date
CN114697905A (zh) 2022-07-01

Similar Documents

Publication Publication Date Title
US11402853B2 (en) Method for controlling platooning and autonomous vehicle based on blockchain
KR20200141034A (ko) 네트워크 기반 애플리케이션 계층 메시지 처리를 사용하여 v2x 수신기 처리 부하를 감소시키기 위한 방법 및 시스템
JP6246929B2 (ja) インフラ描写情報のフィルタリング
US11120693B2 (en) Providing inter-vehicle data communications for vehicular drafting operations
CN110892463B (zh) 车辆操作
WO2020107737A1 (zh) 一种协同自动驾驶车队的冗余通信方法、装置及系统
CN107545756A (zh) 确定协同和/或自主驾驶的共同环境信息的方法及车辆
US20210284196A1 (en) Systems and Methods for Servicing Vehicle Messages
CN115243216A (zh) 用于在v2x网络中进行数据传输的方法
US10976750B2 (en) Base station for receiving and processing vehicle control information and/or traffic state information
WO2022142895A1 (zh) 一种基于车联网的信息传输方法及其相关设备
US20230224983A1 (en) Broadcast-based unicast session method and apparatus
CN113306568A (zh) 自动车辆和操作自动车辆的方法
CN115802417A (zh) 自动驾驶数据传输方法、系统及装置
CN216002486U (zh) Adas域控制器及汽车
CN112689982B (zh) 数据验证方法、装置及存储介质
WO2022218205A1 (zh) 数据传输方法及数据处理装置
DE102021133367A1 (de) Sitzungsschlüsselerzeugung für einen betrieb autonomer fahrzeuge
CN113781789A (zh) 接管对待掌控车辆的掌控的车辆、方法、设备和掌控中心
TWI613625B (zh) 交通管理系統及其交通管理方法
van der Ploeg et al. SECREDAS: Safe and (Cyber-) Secure Cooperative and Automated Mobility
CN113115250B (zh) 自动驾驶控制方法、装置、电子设备及计算机可读介质
EP4301006A1 (en) Communication method and apparatus, and device
CN116248778B (zh) 一种多协议环境下的数据融合传输方法及系统
CN114553472B (zh) 认证方法、装置、电子设备和存储介质

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21913637

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21913637

Country of ref document: EP

Kind code of ref document: A1