WO2022206107A1 - V2x signature verification method and apparatus, electronic device, and readable storage medium - Google Patents

V2x signature verification method and apparatus, electronic device, and readable storage medium Download PDF

Info

Publication number
WO2022206107A1
WO2022206107A1 PCT/CN2022/071406 CN2022071406W WO2022206107A1 WO 2022206107 A1 WO2022206107 A1 WO 2022206107A1 CN 2022071406 W CN2022071406 W CN 2022071406W WO 2022206107 A1 WO2022206107 A1 WO 2022206107A1
Authority
WO
WIPO (PCT)
Prior art keywords
signature verification
message
security chip
load
messages
Prior art date
Application number
PCT/CN2022/071406
Other languages
French (fr)
Chinese (zh)
Inventor
林云龙
游奕航
Original Assignee
荣耀终端有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 荣耀终端有限公司 filed Critical 荣耀终端有限公司
Publication of WO2022206107A1 publication Critical patent/WO2022206107A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/40Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W28/00Network traffic management; Network resource management
    • H04W28/02Traffic management, e.g. flow control or congestion control
    • H04W28/08Load balancing or load distribution

Definitions

  • the present application relates to the field of terminals, and in particular, to a V2X signature verification method, apparatus, electronic device, and readable storage medium.
  • V2X Vehicle-to-Everything
  • CA digital certificate authority
  • the security chip performs certificate verification on all received V2X messages, and only the V2X messages that pass the signature verification can continue to be processed.
  • the embodiments of the present application provide a V2X signature verification method, device, electronic device, and readable storage medium, which can improve the security chip verification pressure when the received V2X message is too large in a short period of time, and the signature verification The efficiency is reduced, which leads to the problem that the processing efficiency of the V2X message is reduced.
  • an embodiment of the present application provides a V2X signature verification method, which is applied to an electronic device.
  • the electronic device is provided with a security chip.
  • the method includes: acquiring a signature verification load state of the security chip. When the signature verification load state is a high load, the subsequently received first V2X message that complies with the preset filtering rule is sent to the security chip for signature verification.
  • the V2X signature verification method provided in this application can be applied to electronic devices capable of sending and receiving V2X messages, such as on-board equipment (On Board Equipment, OBE), smartphones with V2X functions, tablet computers, wearable devices, customized terminals, etc.
  • on-board equipment On Board Equipment, OBE
  • smartphones with V2X functions tablet computers, wearable devices, customized terminals, etc.
  • the first aspect after it is determined that the signature verification load status of the electronic device is high, only the first V2X message that meets the preset filtering rule among the subsequently received V2X messages is sent to the security chip for signature verification.
  • the number of V2X messages subject to signature verification is reduced, which relieves the security chip's signature verification pressure, improves signature verification efficiency, and improves the processing efficiency of V2X messages.
  • acquiring the signature verification load status of the security chip includes: receiving signature verification load information from the security chip.
  • the signature verification load information indicates that the signature verification load of the security chip is greater than the first load threshold, it is determined that the signature verification load state is a high load.
  • acquiring the signature verification load status of the security chip includes: acquiring the signature verification duration for the security chip to perform signature verification on the V2X message. When the signature verification duration is greater than the first signature verification time threshold, it is determined that the signature verification load state is a high load.
  • acquiring the signature verification duration of the V2X message performed by the security chip includes: acquiring the first timestamp when the V2X message is sent to the security chip. Receive the signature verification result of the V2X message returned by the security chip, and obtain the second timestamp when the signature verification result of the V2X message is received.
  • the signature verification duration is the time difference between the first timestamp and the second timestamp.
  • the method of determining the first V2X message that complies with the preset filtering rule includes: acquiring the priority level of at least one V2X message with the same sender identifier received. A V2X message with a priority level higher than the first priority threshold in at least one V2X message is determined as the first V2X message.
  • the method further includes: when the received multiple first V2X messages include N second V2X messages with the same priority, sending M second V2X messages to the security chip, where M is less than N.
  • the method of determining the first V2X message that complies with the preset filtering rule further includes: determining the priority level and sender distance of at least one V2X message received.
  • a V2X message whose sender distance is greater than the preset distance threshold and whose priority level is higher than the second priority threshold in at least one V2X message is determined to be the first V2X message.
  • the V2X message whose sender distance is less than or equal to the distance threshold is the first V2X message.
  • the method of determining the first V2X message that complies with the preset filtering rule includes: determining that the non-high-risk message in the received at least one V2X message is the first V2X message, and the sender identifier of the non-high-risk message is the same as the high-risk message.
  • the senders of risk messages have different identifiers, and high-risk messages are V2X messages that have not passed the security chip verification.
  • the method further includes: when the signature verification load state is low load, sending all subsequent received V2X messages to the security chip for signature verification.
  • acquiring the signature verification load status when the security chip performs signature verification on the received V2X message includes: receiving signature verification load information from the security chip.
  • the signature verification load information indicates that the signature verification load of the security chip is less than the second load threshold, it is determined that the signature verification load state is a low load.
  • acquiring the signature verification load status when the security chip performs signature verification on the received V2X message includes: acquiring the signature verification duration for the security chip to perform signature verification on the V2X message. When the signature verification duration is less than the second signature verification time threshold, it is determined that the signature verification load state is low load.
  • an embodiment of the present application provides a V2X signature verification device, including: an acquisition module configured to acquire the signature verification load status of the security chip.
  • a sending module configured to send the subsequently received first V2X message conforming to the preset filtering rule to the security chip for signature verification when the signature verification load state is high load.
  • the acquisition module is specifically configured to receive the signature verification payload information from the security chip.
  • the signature verification load information indicates that the signature verification load of the security chip is greater than the first load threshold, it is determined that the signature verification load state is a high load.
  • the acquiring module is specifically configured to acquire the signature verification duration for the security chip to perform signature verification on the V2X message.
  • the signature verification duration is greater than the first signature verification time threshold, it is determined that the signature verification load state is a high load.
  • the obtaining module is specifically configured to obtain the first timestamp when the V2X message is sent to the security chip. Receive the signature verification result of the V2X message returned by the security chip, and obtain the second timestamp when the signature verification result of the V2X message is received.
  • the signature verification duration is the time difference between the first timestamp and the second timestamp.
  • the sending module is specifically configured to acquire the priority level of at least one V2X message with the same sender identifier.
  • a V2X message with a priority level higher than the first priority threshold in at least one V2X message is determined as the first V2X message.
  • the sending module is further configured to send M second V2X messages to the security chip when the received multiple first V2X messages include N second V2X messages with the same priority, where M is less than N. .
  • the sending module is further configured to determine the priority level and the distance to the sender of the received at least one V2X message.
  • a V2X message whose sender distance is greater than the preset distance threshold and whose priority level is higher than the second priority threshold in at least one V2X message is determined to be the first V2X message.
  • the V2X message whose sender distance is less than or equal to the distance threshold is the first V2X message.
  • the sending module is further configured to determine that a non-high-risk message in the received at least one V2X message is the first V2X message, and the sender identifier of the non-high-risk message is different from that of the high-risk message, and the high-risk message is different from the sender identifier of the high-risk message.
  • the message is a V2X message that fails the security chip verification.
  • the sending module is further configured to send all subsequent received V2X messages to the security chip for signature verification when the signature verification load state is low load.
  • the acquisition module is further configured to receive signature verification load information from the security chip.
  • signature verification load information indicates that the signature verification load of the security chip is less than the second load threshold, it is determined that the signature verification load state is a low load.
  • the acquiring module is further configured to acquire the signature verification duration for the security chip to perform signature verification on the V2X message.
  • the signature verification duration is less than the second signature verification time threshold, it is determined that the signature verification load state is low load.
  • an embodiment of the present application provides an electronic device, including a memory, a processor, a security chip, and a computer program stored in the memory and running on the processor.
  • the security chip implements the following: The method provided by the first aspect.
  • an embodiment of the present application provides a computer-readable storage medium, where the computer-readable storage medium stores a computer program, and when the computer program is executed by a processor, the method provided in the first aspect is implemented.
  • an embodiment of the present application provides a computer program product, which enables the terminal device to execute the method provided in the first aspect when the computer program product runs on a terminal device.
  • an embodiment of the present application provides a chip system, the chip system includes a memory and a processor, and the processor executes a computer program stored in the memory to implement the method provided in the first aspect.
  • an embodiment of the present application provides a chip system, the chip system includes a processor, the processor is coupled to the computer-readable storage medium provided in the fourth aspect, and the processor executes a computer program stored in the computer-readable storage medium, to implement the method provided in the first aspect.
  • FIG. 1 is a schematic diagram of an application scenario of the V2X signature verification method provided by an embodiment of the present application
  • FIG. 2 is a schematic structural diagram of an electronic device for V2X message signature verification provided by an embodiment of the present application
  • FIG. 3 is a schematic flowchart of a V2X security chip signature verification provided by an embodiment of the present application
  • FIG. 4 is a schematic flowchart of a V2X signature verification method provided by an embodiment of the present application.
  • FIG. 5 is a schematic flowchart of another V2X signature verification method provided by an embodiment of the present application.
  • FIG. 6 is a schematic flowchart of another V2X signature verification method provided by an embodiment of the present application.
  • FIG. 7 is a schematic structural diagram of a V2X signature verification device provided by an embodiment of the present application.
  • FIG. 8 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
  • the term “if” may be contextually interpreted as “when” or “once” or “in response to determining” or “in response to detecting ".
  • references in this specification to "one embodiment” or “some embodiments” and the like mean that a particular feature, structure or characteristic described in connection with the embodiment is included in one or more embodiments of the present application.
  • appearances of the phrases “in one embodiment,” “in some embodiments,” “in other embodiments,” “in other embodiments,” etc. in various places in this specification are not necessarily All refer to the same embodiment, but mean “one or more but not all embodiments” unless specifically emphasized otherwise.
  • the terms “including”, “including”, “having” and their variants mean “including but not limited to” unless specifically emphasized otherwise.
  • FIG. 1 shows a schematic diagram of an application scenario of a V2X signature verification method.
  • the vehicles are divided into a vehicle 11 that receives a V2X message and a vehicle 12 that sends a V2X message.
  • both the vehicle 11 receiving the V2X message and the vehicle 12 sending the V2X message have the functions of sending and receiving the V2X message.
  • the vehicle 11 receiving the V2X message and the vehicle 12 sending the V2X message may transition. For example, the vehicle that originally sent the V2X message receives the V2X message, or the vehicle that originally received the V2X message sends the V2X message, etc.
  • FIG. 1 multiple vehicles 12 sending V2X messages broadcast V2X messages, and vehicles 11 receiving V2X messages receive the broadcast V2X messages. After receiving the V2X message, the V2X message is verified by the security chip installed in the electronic device in the vehicle. The V2X message is processed only after the V2X message has passed the signature verification.
  • the present application provides a V2X signature verification method, which includes: an electronic device performs signature verification on a received V2X message through a security chip. After determining that the electronic device's signature verification load state is high load, the electronic device performs signature verification on part of the V2X messages in the received V2X messages according to a preset filtering rule.
  • the received V2X messages are filtered through a preset filtering rule.
  • the security chip only needs to verify the signature of some of the received V2X messages.
  • the number of V2X messages subject to signature verification is reduced, which relieves the security chip's signature verification pressure, improves signature verification efficiency, and improves the processing efficiency of V2X messages.
  • FIG. 2 shows a schematic structural diagram of an electronic device for V2X message signature verification.
  • the access layer can receive V2X messages from other devices and send them to the security chip for verification. After the verification is passed, the security chip will send the V2X message. to the application layer for processing. Since the V2X message communication in this application can be implemented based on the direct link (PC5) communication interface, the access layer can also be an access layer adapted to the PC5 communication interface, and the security chip can be used to pass the digital certification authority ( Certification Authority, CA) certificate signature method to verify the signature.
  • PC5 communication interface the direct link
  • CA digital certification authority
  • the security chip may include Internet Protocol (IP) address information of the application layer and the access layer, a data service management platform (Data Service Management Platform, DSMP), an adaptation layer, and security services.
  • IP Internet Protocol
  • DSMP Data Service Management Platform
  • FIG 3 shows a schematic flowchart of a V2X security chip signature verification, wherein the security chip can support a V2X application security subsystem, and the V2X application security subsystem can be located in on-board equipment, roadside equipment, and application service systems of V2X application service providers In the functional entity that provides communication security for V2X applications. These include V2X applications. V2X applications can be located in in-vehicle equipment, roadside equipment, and functional entities that require V2X application communication security in the application service system of V2X application service providers, such as in-vehicle applications of V2X vehicles and applications corresponding to V2X roadside stations. or application services, etc.
  • the V2X security management entity can be used as a functional entity for security configuration and security data provision for the V2X application security subsystem, for example, functional entities such as registration, authorization, key provision and certificate issuance.
  • the V2X application security service is located in the V2X application security subsystem. It interacts with the V2X application to complete operations such as message signing, verification, encryption, and decryption. The interaction with the V2X security management entity has completed key writing, certificate application and writing. and so on.
  • the security environment can be used to store important security data, such as CA certificates, public and private keys, and encryption and decryption keys. And, provide important security computing services for security service entities, such as digital signature, data encryption and decryption, etc.
  • FIG. 4 shows a schematic flowchart of the V2X signature verification method provided by the present application. As an example and not a limitation, the method can be applied to the above electronic device.
  • the electronic device is located in the vehicle, and the V2X message received by the electronic device is from the surrounding vehicle and the V2X device sending the V2X message.
  • V2X equipment includes electronic toll collection system (Electronic Toll Collection, ETC) equipment with V2X function, traffic lights with V2X function, etc.
  • ETC Electronic Toll Collection
  • the security chip is used to verify the signature of the V2X message received by the access layer, and the signature verification load information of the security chip may be the number of V2X messages whose signature is verified per second.
  • the frequency of each vehicle 12 sending the V2X message broadcasting the V2X message is 10 Hz, that is, 10 V2X messages are broadcast per second.
  • the signature verification load information is 2000 pieces per second.
  • the verification load information may indicate that the verification load status of the security chip is high load or low load.
  • the signature verification load information indicates that the signature verification load of the security chip is greater than the first load threshold, it can be determined that the current signature verification load state of the security chip is a high load.
  • the first load threshold can be determined according to the maximum signature verification load of the security chip. For example, if the maximum signature verification load of the security chip is 2000 pieces/second, the first load threshold can be 80% of the maximum signature verification load, that is, 1600 pieces/second. second. When it is determined that the signature verification load information indicates that the signature verification load of the security chip is less than the second load threshold, it can be determined that the current signature verification load state of the security chip is a low load.
  • the second load threshold may be equal to the first load threshold. For example, the second load threshold may be 80% of the maximum signature verification load, that is, 1600 pieces/second, and the second load threshold may also be 70% of the maximum signature verification load.
  • a time limit of the first load threshold may be set, and when the signature verification load is greater than the first load threshold and exceeds the preset time limit, the current signature verification load of the security chip is determined.
  • Status is high load. For example, when the signature verification load is greater than 1800 pieces/second and the duration is longer than 1 second, it is determined that the current signature verification load status of the security chip is a high load. Similarly, when determining the low load, it can also be determined according to a preset time limit.
  • the sender identifier and the priority level may be obtained from the structure header area of the V2X message, and the sender identifier may be the sender's layer-2 identity document (L2ID).
  • L2ID layer-2 identity document
  • the priority level may be ProSe Pre-Packet Priority (PPPP), for example, the priority of the V2X message may be determined with reference to the PPPP shown in Table 1.
  • PPPP ProSe Pre-Packet Priority
  • the structure header area of the V2X message further includes the signal strength of the V2X message sent by the sender.
  • the signal strength can be represented by a reference signal received power (Reference Signal Receiving Power, RSRP) or a received signal strength indication (Received Signal Strength Indication, RSSI).
  • RSRP Reference Signal Receiving Power
  • RSSI Receiveived Signal Strength Indication
  • one of S105, S107 and S109 can be executed to reduce the Check pressure.
  • the V2X message conforming to the first filtering rule is the first V2X message
  • the first filtering rule may include: the sender identifiers of the V2X messages are the same and the priority level of the V2X messages is higher than the first priority threshold. For example, in the received V2X messages, if there are multiple V2X messages with the same sender L2ID, the high-priority V2X messages in these messages can be sent to the security chip for signature verification, and the low-priority V2X messages are discarded and not processed. deal with.
  • the first priority threshold may be level 7
  • the high-priority V2X messages may be V2X messages related to driving safety, for example, may be V2X messages with PPPP priority levels 2, 3, 4, and 5 .
  • the low-priority V2X message may be a V2X message of level 7 or lower in the PPPP priority.
  • Low priority V2X messages can be service class or application messages. For example, it can be to display the nearby parking lot, display the news of the nearby restaurant business, and so on. After the V2X messages that do not meet the first filtering rule are discarded, the number of V2X messages sent to the security chip for signature verification is reduced, which can reduce the security chip's signature verification pressure.
  • S106 further filters the first V2X messages on the basis of S105, and the second filtering rule includes: when the received multiple first V2X messages include N second V2X messages with the same priority When , send M second V2X messages to the security chip, where M is less than N.
  • the V2X messages with the same priority in the first V2X message (that is, the second V2X message) sent to the security chip can be reduced.
  • the number of transmissions For example, if the number N of the first V2X messages is 100 after filtering out V2X messages with low priority in the same L2ID, M (for example, 10, 20, or 50, etc.) can be used as The second V2X message is sent to the security chip.
  • the frequency of sending V2X messages can be used as a unit.
  • the frequency of sending the first V2X message to the security chip is 10 times/second
  • the frequency of sending the second V2X message to the security chip can be reduced to M/N, for example, when M/N is equal to 1
  • the V2X message that conforms to the third filtering rule is the first V2X message.
  • the third filtering rule may include: V2X messages whose sender distance is greater than the preset distance threshold and whose priority level is higher than the second priority threshold and V2X messages whose sender distance is less than or equal to the distance threshold are the first V2X messages .
  • a V2X message whose sender distance is greater than a preset distance threshold may also be referred to as a long-distance V2X message.
  • a long-distance identification can be performed on the sending and sending identification of the long-distance V2X message.
  • a V2X message is subsequently received, it may be determined whether the received V2X message is a long-distance V2X message according to whether the L2ID of the received V2X message has a long-distance identifier.
  • the L2ID of the V2X message When the L2ID of the V2X message is different from the long-distance V2X message, it indicates that the V2X message is not a long-distance V2X message, that is, the sender's distance is less than or equal to the distance threshold, and the V2X message needs to be verified.
  • the priority may be the PPPP priority
  • the second priority threshold may be the same as or different from the first priority threshold, which is not limited in this application. Since the low-priority V2X messages sent by the distant car are discarded, the number of V2X messages for the security chip signature verification is reduced, which can reduce the security chip signature verification pressure.
  • the sender distance can also be verified. If the sender's distance is less than or equal to the distance threshold, the long-distance identifier of the L2ID can be cleared, so as to filter the received V2X message more accurately.
  • the V2X message conforming to the fourth filtering rule is the first V2X message.
  • the fourth filtering rule includes: V2X messages are non-high-risk messages.
  • the sender identifier of the non-high-risk message is different from the sender identifier of the high-risk message, and the high-risk message is a V2X message that has not passed the security chip signature verification.
  • the security chip can identify the L2ID of the V2X message as a high risk and report it to the access layer.
  • the L2ID of the subsequently received V2X message is an L2ID that identifies a high risk, the V2X message can be filtered without signature verification.
  • the high-risk V2X message may be a fake message, for example, a malicious non-standard message existing on the channel, a V2X message sent by an unauthorized device, and the like. These fake messages cannot pass signature verification in the security chip. Then, all pseudo messages corresponding to the L2ID are discarded, and no signature verification is performed on high-risk messages, thereby reducing the signature verification pressure on the security chip.
  • the received V2X message may be directly sent to the security chip for signature verification.
  • the filtering of the received V2X messages can be stopped, and all received V2X messages can be sent to the security chip.
  • Chip for signature verification For example, verification payload information can be received from the security chip.
  • the signature verification load information indicates that the signature verification load of the security chip is less than the second load threshold, it is determined that the signature verification load status of the electronic device is a low load.
  • the second load threshold may be equal to the first load threshold, the second load threshold may be 80% of the maximum signature verification load, that is, 1600 pieces/second, and the second load threshold may also be 70% of the maximum signature verification load.
  • the signature verification load of the security chip is used as the judgment parameter of the signature verification load status of the security chip. Since the signature verification load of the security chip can directly and accurately reflect the signature verification load status of the security chip, the judgment result is reliable. , the probability of misjudgment is low.
  • FIG. 5 shows a schematic flowchart of another V2X signature verification method provided by the present application. As an example and not a limitation, the method can be applied to the above electronic device.
  • the V2X message may be delivered by the access layer receiving the V2X message, and then the access layer transmits the V2X message to the security chip for signature verification, and after the security chip signature verification is completed, the V2X message is sent to the application layer.
  • the access layer when the access layer sends the V2X message to the security chip for signature verification, the access layer can record the timestamp of sending the V2X message and transmit it to the security chip at the same time.
  • the application layer records the timestamp when the V2X message is received, and the time difference between the two timestamps indicates the time for signature verification, that is, the signature verification duration.
  • the signature verification time is longer than the first signature verification time threshold, it can be confirmed that the signature verification efficiency of the security chip is reduced, and the V2X message sent to the signature verification chip needs to be filtered.
  • the signature verification duration is used as the load information of the security chip, and the signature verification load status of the security chip can be judged when the signature verification load of the security chip cannot be directly obtained, which has a wide application range.
  • FIG. 6 shows a schematic diagram of another V2X signature verification method provided by the present application. As an example and not a limitation, the method can be applied to the above electronic device.
  • the security chip sends the signature verification load information to the access layer and the application layer, and the access layer and the application layer can determine the signature verification load status of the security chip according to the signature verification load information. If the load is high, the access layer can perform filtering autonomously or the application layer can also instruct the access layer to filter the received V2X messages to reduce the pressure on the security chip for signature verification. Alternatively, the application layer may also determine the signature verification load status of the security chip according to the acquired signature verification duration, and if the load is high, instruct the access layer to filter the received V2X messages.
  • the method of V2X message filtering may refer to the methods in S105 to S110 above, which will not be repeated here.
  • FIG. 7 shows a structural block diagram of the V2X signature verification apparatus provided by the embodiments of the present application. For convenience of description, only parts related to the embodiments of the present application are shown.
  • the V2X signature verification device includes:
  • the acquiring module 301 is configured to acquire the signature verification load status of the security chip.
  • the sending module 302 is configured to send a subsequently received first V2X message conforming to a preset filtering rule to the security chip for signature verification when the signature verification load state is a high load.
  • the obtaining module 301 is specifically configured to receive the signature verification load information from the security chip.
  • the signature verification load information indicates that the signature verification load of the security chip is greater than the first load threshold, it is determined that the signature verification load state is a high load.
  • the acquiring module 301 is specifically configured to acquire the signature verification duration for the security chip to perform signature verification on the V2X message. When the signature verification duration is greater than the first signature verification time threshold, it is determined that the signature verification load state is a high load.
  • the obtaining module 301 is specifically configured to obtain the first timestamp when the V2X message is sent to the security chip. Receive the signature verification result of the V2X message returned by the security chip, and obtain the second timestamp when the signature verification result of the V2X message is received.
  • the signature verification duration is the time difference between the first timestamp and the second timestamp.
  • the sending module 302 is specifically configured to obtain the priority level of at least one V2X message with the same sender identifier.
  • a V2X message with a priority level higher than the first priority threshold in at least one V2X message is determined as the first V2X message.
  • the sending module 302 is further configured to send M second V2X messages to the security chip when the received multiple first V2X messages include N second V2X messages with the same priority, where M is less than N.
  • the sending module 302 is further configured to determine the priority level and sender distance of the received at least one V2X message.
  • a V2X message whose sender distance is greater than the preset distance threshold and whose priority level is higher than the second priority threshold in at least one V2X message is determined to be the first V2X message.
  • the V2X message whose sender distance is less than or equal to the distance threshold is the first V2X message.
  • the sending module 302 is further configured to determine that a non-high-risk message in the received at least one V2X message is the first V2X message, and the sender identifier of the non-high-risk message is different from the sender identifier of the high-risk message, and the high-risk message is different.
  • Risk messages are V2X messages that fail the security chip signature verification.
  • the sending module 302 is further configured to send all subsequent received V2X messages to the security chip for signature verification when the load status of the signature verification is low.
  • the obtaining module 301 is further configured to receive the signature verification load information from the security chip.
  • the signature verification load information indicates that the signature verification load of the security chip is less than the second load threshold, it is determined that the signature verification load state is a low load.
  • the acquiring module 301 is further configured to acquire the signature verification duration for the security chip to perform signature verification on the V2X message. When the signature verification duration is less than the second signature verification time threshold, it is determined that the signature verification load state is low load.
  • FIG. 8 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
  • the electronic device 4 of this embodiment includes: at least one processor 401 (only one processor is shown in FIG. 8 ), a memory 402 , a security chip 404 , and a memory 402 that is stored in the memory 402 and can be processed in at least one computer program 403 running on the server 401 .
  • the processor 401 executes the computer program 403
  • the security chip 404 implements the steps in the above method embodiments.
  • the electronic device 4 may be an electronic device such as a mobile phone, a desktop computer, a notebook, a palmtop computer and a cloud server.
  • the electronic device may include, but is not limited to, the processor 401 and the memory 402 .
  • FIG. 8 is only an example of the electronic device 4, and does not constitute a limitation to the electronic device 4, and may include more or less components than the one shown, or combine some components, or different components , for example, may also include input and output devices, network access devices, and the like.
  • the so-called processor 401 may be a central processing unit (Central Processing Unit, CPU), and the processor 401 may also be other general-purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuits) , ASIC), off-the-shelf programmable gate array (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc.
  • a general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
  • the memory 402 may in some embodiments be an internal storage unit of the electronic device 4 , such as a hard disk or memory of the electronic device 4 .
  • the memory 402 may also be an external storage device of the electronic device 4 in other embodiments, such as a plug-in hard disk, a smart memory card (Smart Media Card, SMC), a secure digital (Secure Digital, SD) equipped on the electronic device 4 card, Flash Card, etc.
  • the memory 402 may also include both an internal storage unit of the electronic device 4 and an external storage device.
  • the memory 402 is used to store an operating system, application programs, a boot loader (Boot Loader), data, and other programs, such as program codes of computer programs, and the like.
  • the memory 402 may also be used to temporarily store data that has been or will be output.
  • the security chip 404 is a chip that can provide V2X application security services.
  • the security chip 404 can be an independent chip or a structure that can be integrated in other chips and can implement the function of the security chip.
  • V2X application security services can include signing, verification, encryption, decryption, key writing or certificate writing.
  • the specific form of the security chip is not limited in this application.
  • Embodiments of the present application further provide a computer-readable storage medium, where a computer program is stored in the computer-readable storage medium, and when the computer program is executed by a processor, the steps in the foregoing method embodiments can be implemented.
  • the embodiments of the present application provide a computer program product, when the computer program product runs on a mobile terminal, the steps in the foregoing method embodiments can be implemented when the mobile terminal executes the computer program product.
  • the integrated unit if implemented in the form of a software functional unit and sold or used as an independent product, may be stored in a computer-readable storage medium.
  • the present application realizes all or part of the processes in the methods of the above embodiments, which can be completed by instructing the relevant hardware through a computer program, and the computer program can be stored in a computer-readable storage medium.
  • the computer program includes computer program code
  • the computer program code may be in the form of source code, object code, executable file or some intermediate form, and the like.
  • the computer-readable medium may include at least: any entity or device capable of carrying computer program codes to an electronic device, a recording medium, computer memory, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), electrical carrier signals, telecommunication signals, and software distribution media.
  • ROM read-only memory
  • RAM random access memory
  • electrical carrier signals telecommunication signals
  • software distribution media For example, U disk, mobile hard disk, disk or CD, etc.
  • computer readable media may not be electrical carrier signals and telecommunications signals.
  • An embodiment of the present application provides a chip system, where the chip system includes a memory and a processor, and the processor executes a computer program stored in the memory to implement the steps in each of the foregoing method embodiments.
  • An embodiment of the present application provides a chip system, the chip system includes a processor, the processor is coupled to a computer-readable storage medium, and the processor executes a computer program stored in the computer-readable storage medium, so as to implement the above method embodiments. step.
  • the disclosed method, apparatus and electronic device may be implemented in other manners.
  • the device embodiments described above are only illustrative.
  • the division of the modules or units is only a logical function division. In actual implementation, there may be other division methods.
  • multiple units or components may be Combinations can either be integrated into another system, or some features can be omitted, or not implemented.
  • the shown or discussed mutual coupling or direct coupling or communication connection may be through some interfaces, indirect coupling or communication connection of devices or units, and may be in electrical, mechanical or other forms.
  • the units described as separate components may or may not be physically separated, and components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution in this embodiment.

Abstract

The present application is applicable to the technical field of terminal, and provides a V2X signature verification method and apparatus, an electronic device, and a readable storage medium. The V2X signature verification method comprises: obtaining the signature verification load state of a security chip; and when the signature verification load state is high load, sending to the security chip a subsequently received first V2X message that complies with a preset filtering rule and performing signature verification. After filtering V2X messages, the number of V2X messages that must undergo signature verification by the security chip is reduced, which reduces the pressure of signature verification on the security chip and improves the processing efficiency of V2X messages.

Description

V2X验签方法、装置、电子设备及可读存储介质V2X signature verification method, device, electronic device and readable storage medium
本申请要求于2021年03月29日提交国家知识产权局、申请号为202110338299.1、申请名称为“V2X验签方法、装置、电子设备及可读存储介质”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of the Chinese patent application filed with the State Intellectual Property Office on March 29, 2021, the application number is 202110338299.1, and the application name is "V2X signature verification method, device, electronic equipment and readable storage medium", all of which are The contents are incorporated herein by reference.
技术领域technical field
本申请涉及终端领域,尤其涉及一种V2X验签方法、装置、电子设备及可读存储介质。The present application relates to the field of terminals, and in particular, to a V2X signature verification method, apparatus, electronic device, and readable storage medium.
背景技术Background technique
车联网(Vehicle-to-Everything,V2X)是车与外界进行互联的一种车载应用。两个V2X设备之间直接进行V2X通信时,可以基于PC5通信接口进行通信,PC5通信接口是基于广播设备到设备(Device-to-Device,D2D)消息的方式实现通信的。在这个通信系统中,信息安全保障是通过数字证书颁发机构(Certification Authority,CA)证书签名的方式实现的。Vehicle-to-Everything (V2X) is an in-vehicle application that interconnects vehicles with the outside world. When V2X communication is directly performed between two V2X devices, the communication can be performed based on the PC5 communication interface, and the PC5 communication interface realizes communication based on a broadcast device-to-device (Device-to-Device, D2D) message. In this communication system, information security assurance is realized by means of digital certificate authority (Certification Authority, CA) certificate signature.
现有技术中,通过安全芯片对接收到的所有V2X消息进行证书验签,只有验签通过的V2X消息才能够继续被处理。In the prior art, the security chip performs certificate verification on all received V2X messages, and only the V2X messages that pass the signature verification can continue to be processed.
但是,当在较短时间内接收到的V2X消息过大时,安全芯片的验签压力较大,验签效率降低,导致V2X消息的处理效率降低。However, when the V2X message received in a short period of time is too large, the verification pressure of the security chip is large, and the verification efficiency is reduced, resulting in a reduction in the processing efficiency of the V2X message.
发明内容SUMMARY OF THE INVENTION
本申请实施例提供了一种V2X验签方法、装置、电子设备及可读存储介质,可以改善在较短时间内接收到的V2X消息过大时,安全芯片的验签压力较大,验签效率降低,导致V2X消息的处理效率降低的问题。The embodiments of the present application provide a V2X signature verification method, device, electronic device, and readable storage medium, which can improve the security chip verification pressure when the received V2X message is too large in a short period of time, and the signature verification The efficiency is reduced, which leads to the problem that the processing efficiency of the V2X message is reduced.
第一方面,本申请实施例提供了一种V2X验签方法,应用于电子设备,所述电子设备中设置有安全芯片,该方法包括:获取所述安全芯片的验签负载状态。当所述验签负载状态为高负载时,将后续接收到的符合预设过滤规则的第一V2X消息发送给所述安全芯片进行验签。In a first aspect, an embodiment of the present application provides a V2X signature verification method, which is applied to an electronic device. The electronic device is provided with a security chip. The method includes: acquiring a signature verification load state of the security chip. When the signature verification load state is a high load, the subsequently received first V2X message that complies with the preset filtering rule is sent to the security chip for signature verification.
本申请提供的V2X验签方法,可以应用于能够收发V2X消息的电子设备,如车载设备(On Board Equipment,OBE)、有V2X功能的智能手机、平板电脑、可穿戴设备、定制终端等。The V2X signature verification method provided in this application can be applied to electronic devices capable of sending and receiving V2X messages, such as on-board equipment (On Board Equipment, OBE), smartphones with V2X functions, tablet computers, wearable devices, customized terminals, etc.
在第一方面中,在确定电子设备的验签负载状态为高负载后,仅将后续接收到的V2X消息中,符合预设过滤规则的第一V2X消息发送给所述安全芯片进行验签。进行验签的V2X消息数量减少,减轻了安全芯片的验签压力,提高了验签效率,也提高了V2X消息的处理效率。In the first aspect, after it is determined that the signature verification load status of the electronic device is high, only the first V2X message that meets the preset filtering rule among the subsequently received V2X messages is sent to the security chip for signature verification. The number of V2X messages subject to signature verification is reduced, which relieves the security chip's signature verification pressure, improves signature verification efficiency, and improves the processing efficiency of V2X messages.
一些实施方式中,获取安全芯片的验签负载状态,包括:接收来自安全芯片的验签负载信息。当验签负载信息指示安全芯片的验签负载大于第一负载阈值时,确定验签负载状态为高负载。In some embodiments, acquiring the signature verification load status of the security chip includes: receiving signature verification load information from the security chip. When the signature verification load information indicates that the signature verification load of the security chip is greater than the first load threshold, it is determined that the signature verification load state is a high load.
一些实施方式中,获取安全芯片的验签负载状态,包括:获取安全芯片对V2X消息进行验签的验签时长。当验签时长大于第一验签时间阈值时,确定验签负载状态为高负载。In some embodiments, acquiring the signature verification load status of the security chip includes: acquiring the signature verification duration for the security chip to perform signature verification on the V2X message. When the signature verification duration is greater than the first signature verification time threshold, it is determined that the signature verification load state is a high load.
一些实施方式中,获取安全芯片对V2X消息进行验签的验签时长,包括:获取发送V2X消息至安全芯片时的第一时间戳。接收安全芯片返回的V2X消息的验签结果,获取接收到V2X消息的验签结果时的第二时间戳。验签时长为第一时间戳与第二时间戳之间的时间差。In some embodiments, acquiring the signature verification duration of the V2X message performed by the security chip includes: acquiring the first timestamp when the V2X message is sent to the security chip. Receive the signature verification result of the V2X message returned by the security chip, and obtain the second timestamp when the signature verification result of the V2X message is received. The signature verification duration is the time difference between the first timestamp and the second timestamp.
一些实施方式中,确定符合预设过滤规则的第一V2X消息的方式,包括:获取接收到发送方标识相同的至少一个V2X消息的优先级等级。确定至少一个V2X消息中优先级等级高于第一优先级阈值的V2X消息为第一V2X消息。In some embodiments, the method of determining the first V2X message that complies with the preset filtering rule includes: acquiring the priority level of at least one V2X message with the same sender identifier received. A V2X message with a priority level higher than the first priority threshold in at least one V2X message is determined as the first V2X message.
一些实施方式中,该方法还包括:当接收到的多个第一V2X消息中,包括N个优先级相同的第二V2X消息时,向安全芯片发送M个第二V2X消息,M小于N。In some embodiments, the method further includes: when the received multiple first V2X messages include N second V2X messages with the same priority, sending M second V2X messages to the security chip, where M is less than N.
一些实施方式中,确定符合预设过滤规则的第一V2X消息的方式,还包括:确定接收到至少一个V2X消息的优先级等级和发送方距离。确定至少一个V2X消息中发送方距离大于预设的距离阈值且优先级等级高于第二优先级阈值的V2X消息为第一V2X消息。和,发送方距离小于或等于距离阈值的V2X消息为第一V2X消息。In some embodiments, the method of determining the first V2X message that complies with the preset filtering rule further includes: determining the priority level and sender distance of at least one V2X message received. A V2X message whose sender distance is greater than the preset distance threshold and whose priority level is higher than the second priority threshold in at least one V2X message is determined to be the first V2X message. And, the V2X message whose sender distance is less than or equal to the distance threshold is the first V2X message.
一些实施方式中,确定符合预设过滤规则的第一V2X消息的方式,包括:确定接收到至少一个V2X消息中的非高风险消息为第一V2X消息,非高风险消息的发送方标识与高风险消息的发送方标识不同,高风险消息为未通过安全芯片验签的V2X消息。In some embodiments, the method of determining the first V2X message that complies with the preset filtering rule includes: determining that the non-high-risk message in the received at least one V2X message is the first V2X message, and the sender identifier of the non-high-risk message is the same as the high-risk message. The senders of risk messages have different identifiers, and high-risk messages are V2X messages that have not passed the security chip verification.
一些实施方式中,该方法还包括:当验签负载状态为低负载时,将后续所有接收到的V2X消息发送给安全芯片进行验签。In some embodiments, the method further includes: when the signature verification load state is low load, sending all subsequent received V2X messages to the security chip for signature verification.
一些实施方式中,获取安全芯片对接收到的V2X消息进行验签时的验签负载状态,包括:接收来自安全芯片的验签负载信息。当验签负载信息指示安全芯片的验签负载小于第二负载阈值时,确定验签负载状态为低负载。In some embodiments, acquiring the signature verification load status when the security chip performs signature verification on the received V2X message includes: receiving signature verification load information from the security chip. When the signature verification load information indicates that the signature verification load of the security chip is less than the second load threshold, it is determined that the signature verification load state is a low load.
一些实施方式中,获取安全芯片对接收到的V2X消息进行验签时的验签负载状态,包括:获取安全芯片对V2X消息进行验签的验签时长。当验签时长小于第二验签时间阈值时,确定验签负载状态为低负载。In some embodiments, acquiring the signature verification load status when the security chip performs signature verification on the received V2X message includes: acquiring the signature verification duration for the security chip to perform signature verification on the V2X message. When the signature verification duration is less than the second signature verification time threshold, it is determined that the signature verification load state is low load.
第二方面,本申请实施例提供了一种V2X验签装置,包括:获取模块,用于获取所述安全芯片的验签负载状态。发送模块,用于当所述验签负载状态为高负载时,将后续接收到的符合预设过滤规则的第一V2X消息发送给所述安全芯片进行验签。In a second aspect, an embodiment of the present application provides a V2X signature verification device, including: an acquisition module configured to acquire the signature verification load status of the security chip. A sending module, configured to send the subsequently received first V2X message conforming to the preset filtering rule to the security chip for signature verification when the signature verification load state is high load.
一些实施方式中,获取模块,具体用于接收来自安全芯片的验签负载信息。当验签负载信息指示安全芯片的验签负载大于第一负载阈值时,确定验签负载状态为高负载。In some embodiments, the acquisition module is specifically configured to receive the signature verification payload information from the security chip. When the signature verification load information indicates that the signature verification load of the security chip is greater than the first load threshold, it is determined that the signature verification load state is a high load.
一些实施方式中,获取模块,具体用于获取安全芯片对V2X消息进行验签的验签时长。当验签时长大于第一验签时间阈值时,确定验签负载状态为高负载。In some embodiments, the acquiring module is specifically configured to acquire the signature verification duration for the security chip to perform signature verification on the V2X message. When the signature verification duration is greater than the first signature verification time threshold, it is determined that the signature verification load state is a high load.
一些实施方式中,获取模块,具体用于获取发送V2X消息至安全芯片时的第一时间戳。接收安全芯片返回的V2X消息的验签结果,获取接收到V2X消息的验签结果时的第二时间戳。验签时长为第一时间戳与第二时间戳之间的时间差。In some embodiments, the obtaining module is specifically configured to obtain the first timestamp when the V2X message is sent to the security chip. Receive the signature verification result of the V2X message returned by the security chip, and obtain the second timestamp when the signature verification result of the V2X message is received. The signature verification duration is the time difference between the first timestamp and the second timestamp.
一些实施方式中,发送模块,具体用于获取接收到发送方标识相同的至少一个V2X 消息的优先级等级。确定至少一个V2X消息中优先级等级高于第一优先级阈值的V2X消息为第一V2X消息。In some embodiments, the sending module is specifically configured to acquire the priority level of at least one V2X message with the same sender identifier. A V2X message with a priority level higher than the first priority threshold in at least one V2X message is determined as the first V2X message.
一些实施方式中,发送模块,还用于当接收到的多个第一V2X消息中,包括N个优先级相同的第二V2X消息时,向安全芯片发送M个第二V2X消息,M小于N。In some embodiments, the sending module is further configured to send M second V2X messages to the security chip when the received multiple first V2X messages include N second V2X messages with the same priority, where M is less than N. .
一些实施方式中,发送模块,还用于确定接收到至少一个V2X消息的优先级等级和发送方距离。确定至少一个V2X消息中发送方距离大于预设的距离阈值且优先级等级高于第二优先级阈值的V2X消息为第一V2X消息。和,发送方距离小于或等于距离阈值的V2X消息为第一V2X消息。In some embodiments, the sending module is further configured to determine the priority level and the distance to the sender of the received at least one V2X message. A V2X message whose sender distance is greater than the preset distance threshold and whose priority level is higher than the second priority threshold in at least one V2X message is determined to be the first V2X message. And, the V2X message whose sender distance is less than or equal to the distance threshold is the first V2X message.
一些实施方式中,发送模块,还用于确定接收到至少一个V2X消息中的非高风险消息为第一V2X消息,非高风险消息的发送方标识与高风险消息的发送方标识不同,高风险消息为未通过安全芯片验签的V2X消息。In some embodiments, the sending module is further configured to determine that a non-high-risk message in the received at least one V2X message is the first V2X message, and the sender identifier of the non-high-risk message is different from that of the high-risk message, and the high-risk message is different from the sender identifier of the high-risk message. The message is a V2X message that fails the security chip verification.
一些实施方式中,发送模块,还用于当验签负载状态为低负载时,将后续所有接收到的V2X消息发送给安全芯片进行验签。In some embodiments, the sending module is further configured to send all subsequent received V2X messages to the security chip for signature verification when the signature verification load state is low load.
一些实施方式中,获取模块,还用于接收来自安全芯片的验签负载信息。当验签负载信息指示安全芯片的验签负载小于第二负载阈值时,确定验签负载状态为低负载。In some embodiments, the acquisition module is further configured to receive signature verification load information from the security chip. When the signature verification load information indicates that the signature verification load of the security chip is less than the second load threshold, it is determined that the signature verification load state is a low load.
一些实施方式中,获取模块,还用于获取安全芯片对V2X消息进行验签的验签时长。当验签时长小于第二验签时间阈值时,确定验签负载状态为低负载。In some embodiments, the acquiring module is further configured to acquire the signature verification duration for the security chip to perform signature verification on the V2X message. When the signature verification duration is less than the second signature verification time threshold, it is determined that the signature verification load state is low load.
第三方面,本申请实施例提供了一种电子设备,包括存储器、处理器、安全芯片以及存储在存储器中并可在处理器上运行的计算机程序,处理器执行计算机程序时通过安全芯片实现如第一方面提供的方法。In a third aspect, an embodiment of the present application provides an electronic device, including a memory, a processor, a security chip, and a computer program stored in the memory and running on the processor. When the processor executes the computer program, the security chip implements the following: The method provided by the first aspect.
第四方面,本申请实施例提供了一种计算机可读存储介质,计算机可读存储介质存储有计算机程序,计算机程序被处理器执行时实现如第一方面提供的方法。In a fourth aspect, an embodiment of the present application provides a computer-readable storage medium, where the computer-readable storage medium stores a computer program, and when the computer program is executed by a processor, the method provided in the first aspect is implemented.
第五方面,本申请实施例提供了一种计算机程序产品,当计算机程序产品在终端设备上运行时,使得终端设备执行上述第一方面提供的方法。In a fifth aspect, an embodiment of the present application provides a computer program product, which enables the terminal device to execute the method provided in the first aspect when the computer program product runs on a terminal device.
第六方面,本申请实施例提供了一种芯片系统,芯片系统包括存储器和处理器,处理器执行存储器中存储的计算机程序,以实现第一方面提供的方法。In a sixth aspect, an embodiment of the present application provides a chip system, the chip system includes a memory and a processor, and the processor executes a computer program stored in the memory to implement the method provided in the first aspect.
第七方面,本申请实施例提供了一种芯片系统,芯片系统包括处理器,处理器与第四方面提供的计算机可读存储介质耦合,处理器执行计算机可读存储介质中存储的计算机程序,以实现第一方面提供的方法。In a seventh aspect, an embodiment of the present application provides a chip system, the chip system includes a processor, the processor is coupled to the computer-readable storage medium provided in the fourth aspect, and the processor executes a computer program stored in the computer-readable storage medium, to implement the method provided in the first aspect.
可以理解的是,上述第二方面至第七方面的有益效果可以参见上述第一方面中的相关描述,在此不再赘述。It can be understood that, for the beneficial effects of the foregoing second aspect to the seventh aspect, reference may be made to the relevant descriptions in the foregoing first aspect, which will not be repeated here.
附图说明Description of drawings
图1为本申请实施例提供的V2X验签方法的应用场景示意图;1 is a schematic diagram of an application scenario of the V2X signature verification method provided by an embodiment of the present application;
图2为本申请实施例提供的一种进行V2X消息验签的电子设备的架构示意图;FIG. 2 is a schematic structural diagram of an electronic device for V2X message signature verification provided by an embodiment of the present application;
图3为本申请实施例提供的一种V2X安全芯片验签的流程示意图;3 is a schematic flowchart of a V2X security chip signature verification provided by an embodiment of the present application;
图4为本申请实施例提供的一种V2X验签方法的流程示意图;4 is a schematic flowchart of a V2X signature verification method provided by an embodiment of the present application;
图5为本申请实施例提供的另一种V2X验签方法的流程示意图;5 is a schematic flowchart of another V2X signature verification method provided by an embodiment of the present application;
图6为本申请实施例提供的另一种V2X验签方法的流程示意图;6 is a schematic flowchart of another V2X signature verification method provided by an embodiment of the present application;
图7为本申请实施例提供的一种V2X验签装置的结构示意图;7 is a schematic structural diagram of a V2X signature verification device provided by an embodiment of the present application;
图8为本申请实施例提供的一种电子设备的结构示意图。FIG. 8 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
具体实施方式Detailed ways
以下描述中,为了说明而不是为了限定,提出了诸如特定系统结构、技术之类的具体细节,以便透彻理解本申请实施例。然而,本领域的技术人员应当清楚,在没有这些具体细节的其它实施例中也可以实现本申请。在其它情况中,省略对众所周知的系统、装置、电路以及方法的详细说明,以免不必要的细节妨碍本申请的描述。In the following description, for the purpose of illustration rather than limitation, specific details such as a specific system structure and technology are set forth in order to provide a thorough understanding of the embodiments of the present application. However, it will be apparent to those skilled in the art that the present application may be practiced in other embodiments without these specific details. In other instances, detailed descriptions of well-known systems, devices, circuits, and methods are omitted so as not to obscure the description of the present application with unnecessary detail.
应当理解,在本申请说明书和所附权利要求书中使用的术语“和/或”是指相关联列出的项中的一个或多个的任何组合以及所有可能组合,并且包括这些组合。It should be understood that, as used in this specification and the appended claims, the term "and/or" refers to and including any and all possible combinations of one or more of the associated listed items.
如在本申请说明书和所附权利要求书中所使用的那样,术语“如果”可以依据上下文被解释为“当...时”或“一旦”或“响应于确定”或“响应于检测到”。As used in the specification of this application and the appended claims, the term "if" may be contextually interpreted as "when" or "once" or "in response to determining" or "in response to detecting ".
另外,在本申请说明书和所附权利要求书的描述中,术语“第一”、“第二”、“第三”等仅用于区分描述,而不能理解为指示或暗示相对重要性。In addition, in the description of the specification of the present application and the appended claims, the terms "first", "second", "third", etc. are only used to distinguish the description, and should not be construed as indicating or implying relative importance.
在本申请说明书中描述的参考“一个实施例”或“一些实施例”等意味着在本申请的一个或多个实施例中包括结合该实施例描述的特定特征、结构或特点。由此,在本说明书中的不同之处出现的语句“在一个实施例中”、“在一些实施例中”、“在其他一些实施例中”、“在另外一些实施例中”等不是必然都参考相同的实施例,而是意味着“一个或多个但不是所有的实施例”,除非是以其他方式另外特别强调。术语“包括”、“包含”、“具有”及它们的变形都意味着“包括但不限于”,除非是以其他方式另外特别强调。References in this specification to "one embodiment" or "some embodiments" and the like mean that a particular feature, structure or characteristic described in connection with the embodiment is included in one or more embodiments of the present application. Thus, appearances of the phrases "in one embodiment," "in some embodiments," "in other embodiments," "in other embodiments," etc. in various places in this specification are not necessarily All refer to the same embodiment, but mean "one or more but not all embodiments" unless specifically emphasized otherwise. The terms "including", "including", "having" and their variants mean "including but not limited to" unless specifically emphasized otherwise.
图1示出了一种V2X验签方法的应用场景示意图。FIG. 1 shows a schematic diagram of an application scenario of a V2X signature verification method.
为了便于说明,在图1中将车辆分为了接收V2X消息的车辆11以及发送V2X消息的车辆12。但需要说明的是,接收V2X消息的车辆11以及发送V2X消息的车辆12都具有V2X消息发送和接收的功能。在特定的情况下,接收V2X消息的车辆11以及发送V2X消息的车辆12可以发生转变。例如,原本发送V2X消息的车辆接收V2X消息或原本接收V2X消息的车辆发送V2X消息等。For convenience of description, in FIG. 1 , the vehicles are divided into a vehicle 11 that receives a V2X message and a vehicle 12 that sends a V2X message. However, it should be noted that both the vehicle 11 receiving the V2X message and the vehicle 12 sending the V2X message have the functions of sending and receiving the V2X message. Under certain circumstances, the vehicle 11 receiving the V2X message and the vehicle 12 sending the V2X message may transition. For example, the vehicle that originally sent the V2X message receives the V2X message, or the vehicle that originally received the V2X message sends the V2X message, etc.
在图1中,多辆发送V2X消息的车辆12广播V2X消息,接收V2X消息的车辆11接收广播的V2X消息。在接收V2X消息后,通过设置于车辆内的电子设备中的安全芯片,对V2X消息进行验签。当V2X消息验签通过后,才会对V2X消息进行处理。In FIG. 1 , multiple vehicles 12 sending V2X messages broadcast V2X messages, and vehicles 11 receiving V2X messages receive the broadcast V2X messages. After receiving the V2X message, the V2X message is verified by the security chip installed in the electronic device in the vehicle. The V2X message is processed only after the V2X message has passed the signature verification.
当发送V2X消息的车辆12的数量过多时,接收V2X消息的车辆11接收到的V2X消息数量较多,安全芯片进行V2X消息验签的压力增大,验签效率降低,导致V2X消息的处理效率降低。When the number of vehicles 12 sending V2X messages is too large, the number of V2X messages received by the vehicles 11 receiving V2X messages is large, the pressure on the security chip to verify V2X message signatures increases, and the signature verification efficiency decreases, resulting in the processing efficiency of V2X messages reduce.
为此,本申请提供了一种V2X验签方法,包括:电子设备通过安全芯片对接收到的V2X消息进行验签。当确定所述电子设备的验签负载状态为高负载后,所述电子设备根据预设的过滤规则,对接收到的V2X消息中的部分V2X消息进行验签。To this end, the present application provides a V2X signature verification method, which includes: an electronic device performs signature verification on a received V2X message through a security chip. After determining that the electronic device's signature verification load state is high load, the electronic device performs signature verification on part of the V2X messages in the received V2X messages according to a preset filtering rule.
在本申请中,在确定电子设备的验签负载状态为高负载后,通过预设的过滤规则对对接收到的V2X消息进行过滤。安全芯片只需对接收到的V2X消息中的部分消息进行验签。进行验签的V2X消息数量减少,减轻了安全芯片的验签压力,提高了验签效率,也提高了V2X消息的处理效率。In the present application, after it is determined that the signature verification load status of the electronic device is a high load, the received V2X messages are filtered through a preset filtering rule. The security chip only needs to verify the signature of some of the received V2X messages. The number of V2X messages subject to signature verification is reduced, which relieves the security chip's signature verification pressure, improves signature verification efficiency, and improves the processing efficiency of V2X messages.
图2示出了一种进行V2X消息验签的电子设备的架构示意图。FIG. 2 shows a schematic structural diagram of an electronic device for V2X message signature verification.
参考图2,其中包括接入层、安全芯片以及应用层,接入层可以接收来自其他设 备的V2X消息,并发送至安全芯片进行验签,安全芯片在验签通过后,会将V2X消息发送至应用层进行处理。由于本申请中的V2X消息通信可以基于直通链路(PC5)通信接口实现,因此接入层也相应的可为适配PC5通信接口的接入层,安全芯片则可以用于通过数字认证机构(Certification Authority,CA)证书签名的方式进行验签。Referring to Figure 2, it includes the access layer, the security chip and the application layer. The access layer can receive V2X messages from other devices and send them to the security chip for verification. After the verification is passed, the security chip will send the V2X message. to the application layer for processing. Since the V2X message communication in this application can be implemented based on the direct link (PC5) communication interface, the access layer can also be an access layer adapted to the PC5 communication interface, and the security chip can be used to pass the digital certification authority ( Certification Authority, CA) certificate signature method to verify the signature.
其中,安全芯片可以包括应用层和接入层的网际互连协议(Internet Protocol,IP)地址信息、数据业务管理平台(Data Service Management Platform,DSMP)、适配层以及安全服务等。The security chip may include Internet Protocol (IP) address information of the application layer and the access layer, a data service management platform (Data Service Management Platform, DSMP), an adaptation layer, and security services.
图3示出了一种V2X安全芯片验签的流程示意图,其中,安全芯片可以支持V2X应用安全子系统,V2X应用安全子系统可以位于车载设备、路侧设备、V2X应用服务商的应用服务系统中为V2X应用提供通信安全的功能实体中。其中包括V2X应用,V2X应用可以位于车载设备、路侧设备、V2X应用服务商的应用服务系统中需要V2X应用通信安全的功能实体中,如V2X车辆的车载应用、V2X路边站对应功能的应用或应用服务等。V2X安全管理实体可以用于对V2X应用安全子系统进行安全配置和安全数据供应的功能实体,例如,注册、授权、密钥供应和证书颁发等功能实体。V2X应用安全服务则位于V2X应用安全子系统中,与V2X应用进行交互以完成消息签名、验证、加密、解密等操作,与V2X安全管理实体进行交互已完成密钥写入,证书申请与写入等操作。安全环境则可以用于存储重要的安全数据,例如,CA证书、公私钥和加解密密钥等。以及,为安全服务实体提供重要的安全计算服务,如数字签名、数据加密和解密等。Figure 3 shows a schematic flowchart of a V2X security chip signature verification, wherein the security chip can support a V2X application security subsystem, and the V2X application security subsystem can be located in on-board equipment, roadside equipment, and application service systems of V2X application service providers In the functional entity that provides communication security for V2X applications. These include V2X applications. V2X applications can be located in in-vehicle equipment, roadside equipment, and functional entities that require V2X application communication security in the application service system of V2X application service providers, such as in-vehicle applications of V2X vehicles and applications corresponding to V2X roadside stations. or application services, etc. The V2X security management entity can be used as a functional entity for security configuration and security data provision for the V2X application security subsystem, for example, functional entities such as registration, authorization, key provision and certificate issuance. The V2X application security service is located in the V2X application security subsystem. It interacts with the V2X application to complete operations such as message signing, verification, encryption, and decryption. The interaction with the V2X security management entity has completed key writing, certificate application and writing. and so on. The security environment can be used to store important security data, such as CA certificates, public and private keys, and encryption and decryption keys. And, provide important security computing services for security service entities, such as digital signature, data encryption and decryption, etc.
图4示出了本申请提供的V2X验签方法的示意性流程图,作为示例而非限定,该方法可以应用于上述电子设备中。FIG. 4 shows a schematic flowchart of the V2X signature verification method provided by the present application. As an example and not a limitation, the method can be applied to the above electronic device.
S101、接收V2X消息。S101. Receive a V2X message.
一些实施方式中,电子设备位于车辆中,电子设备接收的V2X消息来自周围发送V2X消息的车辆和V2X设备。其中,V2X设备包括具有V2X功能的电子不停车收费系统(Electronic Toll Collection,ETC)设备、具有V2X功能的交通灯等。In some embodiments, the electronic device is located in the vehicle, and the V2X message received by the electronic device is from the surrounding vehicle and the V2X device sending the V2X message. Among them, V2X equipment includes electronic toll collection system (Electronic Toll Collection, ETC) equipment with V2X function, traffic lights with V2X function, etc.
S102、接收来自安全芯片的验签负载信息。S102. Receive the signature verification load information from the security chip.
一些实施方式中,安全芯片用于对接入层接收到的V2X消息进行验签,安全芯片的验签负载信息可以是每秒进行验签的V2X消息的数量。例如,参考图1,每辆发送V2X消息的车辆12广播V2X消息的频率为10Hz,也就是每秒广播10条V2X消息。当发送V2X消息的车辆12的数量为200辆时,接收V2X消息的车辆11每秒接收2000条V2X消息,相应的,也就需要安全芯片每秒验签2000条V2X消息。这个情况下,验签负载信息即为2000条/秒。In some embodiments, the security chip is used to verify the signature of the V2X message received by the access layer, and the signature verification load information of the security chip may be the number of V2X messages whose signature is verified per second. For example, referring to FIG. 1 , the frequency of each vehicle 12 sending the V2X message broadcasting the V2X message is 10 Hz, that is, 10 V2X messages are broadcast per second. When the number of vehicles 12 sending V2X messages is 200, the vehicles 11 receiving V2X messages receive 2,000 V2X messages per second, and accordingly, the security chip needs to verify 2,000 V2X messages per second. In this case, the signature verification load information is 2000 pieces per second.
S103、当验签负载信息指示安全芯片的验签负载大于第一负载阈值时,执行S104,否则执行S111。S103. When the signature verification load information indicates that the signature verification load of the security chip is greater than the first load threshold, perform S104; otherwise, perform S111.
一些实施方式中,验签负载信息可以指示安全芯片的验签负载状态为高负载或低负载。其中,当确定验签负载信息指示安全芯片的验签负载大于第一负载阈值,即可确定安全芯片目前的验签负载状态为高负载。第一负载阈值可以根据安全芯片的最大验签负载确定,例如,若安全芯片的最大验签负载为2000条/秒,第一负载阈值则可以为最大验签负载的80%,即1600条/秒。当确定验签负载信息指示安全芯片的验签 负载小于第二负载阈值,即可确定安全芯片目前的验签负载状态为低负载。第二负载阈值可以等于第一负载阈值。例如,第二负载阈值则可以为最大验签负载的80%,即1600条/秒,第二负载阈值还可以是最大验签负载的70%。In some embodiments, the verification load information may indicate that the verification load status of the security chip is high load or low load. Wherein, when it is determined that the signature verification load information indicates that the signature verification load of the security chip is greater than the first load threshold, it can be determined that the current signature verification load state of the security chip is a high load. The first load threshold can be determined according to the maximum signature verification load of the security chip. For example, if the maximum signature verification load of the security chip is 2000 pieces/second, the first load threshold can be 80% of the maximum signature verification load, that is, 1600 pieces/second. second. When it is determined that the signature verification load information indicates that the signature verification load of the security chip is less than the second load threshold, it can be determined that the current signature verification load state of the security chip is a low load. The second load threshold may be equal to the first load threshold. For example, the second load threshold may be 80% of the maximum signature verification load, that is, 1600 pieces/second, and the second load threshold may also be 70% of the maximum signature verification load.
还有一些实施方式中,为了更加准确地确定高负载,还可以设置第一负载阈值的时限,当验签负载大于第一负载阈值且超过预设时限时,再确定安全芯片目前的验签负载状态为高负载。例如,当验签负载大于1800条/秒且持续时间大于1秒,即确定安全芯片目前的验签负载状态为高负载。类似的,在确定低负载时,也可以根据预设时限确定。In still other embodiments, in order to more accurately determine the high load, a time limit of the first load threshold may be set, and when the signature verification load is greater than the first load threshold and exceeds the preset time limit, the current signature verification load of the security chip is determined. Status is high load. For example, when the signature verification load is greater than 1800 pieces/second and the duration is longer than 1 second, it is determined that the current signature verification load status of the security chip is a high load. Similarly, when determining the low load, it can also be determined according to a preset time limit.
S104、获取接收到的每条V2X消息的特征信息,特征信息包括发送方标识、优先级等级和发送方距离。S104. Acquire characteristic information of each received V2X message, where the characteristic information includes a sender identifier, a priority level, and a sender distance.
一些实施方式中,发送方标识和优先级等级可以从V2X消息的结构头区中获取,发送方标识可以是发送方的第二层身份识别号(layer-2 identity document,L2ID)。In some embodiments, the sender identifier and the priority level may be obtained from the structure header area of the V2X message, and the sender identifier may be the sender's layer-2 identity document (L2ID).
优先级等级可以是近距离通信数据包优先级(ProSe Pre-Packet Priority,PPPP),例如,可以参考表1示出的PPPP确定V2X消息的优先级。The priority level may be ProSe Pre-Packet Priority (PPPP), for example, the priority of the V2X message may be determined with reference to the PPPP shown in Table 1.
表1Table 1
Figure PCTCN2022071406-appb-000001
Figure PCTCN2022071406-appb-000001
一些实施方式中,在V2X消息的结构头区中,还包括发送方发送V2X消息的信号强度。信号强度可以通过参考信号接收功率(Reference Signal Receiving Power,RSRP)或接收的信号强度指示(Received Signal Strength Indication,RSSI)进行表示。根据发送V2X消息时的信号强度以及接收到V2X消息时的信号强度,可以计算得到发送方距离。In some embodiments, the structure header area of the V2X message further includes the signal strength of the V2X message sent by the sender. The signal strength can be represented by a reference signal received power (Reference Signal Receiving Power, RSRP) or a received signal strength indication (Received Signal Strength Indication, RSSI). According to the signal strength when the V2X message is sent and the signal strength when the V2X message is received, the sender distance can be calculated.
在确定安全芯片的验签负载状态为高负载后并获取接收到的V2X消息的发送方标识、优先级等级和发送方距离后,可以执行S105、S107和S109中的一个,以降低安全芯片的验签压力。After it is determined that the verification load status of the security chip is high and the sender identification, priority level and sender distance of the received V2X message are obtained, one of S105, S107 and S109 can be executed to reduce the Check pressure.
S105、将符合第一过滤规则的V2X消息发送给安全芯片进行验签。S105. Send the V2X message conforming to the first filtering rule to the security chip for signature verification.
一些实施方式中,符合第一过滤规则的V2X消息为第一V2X消息,第一过滤规则可以包括:V2X消息的发送方标识相同且V2X消息的优先级等级高于第一优先级阈值。例如,接收到的V2X消息中,存在多条V2X消息的发送方L2ID相同,则可以将这些消息中高优先级的V2X消息发送给安全芯片进行验签,低优先级的V2X消息舍 弃掉,不进行处理。作为示例,第一优先级阈值可以为7级,高优先级的V2X消息可以是与行车安全相关的V2X消息,例如,可以是PPPP优先级2级、3级、4级和5级的V2X消息。而低优先级的V2X消息则可以是PPPP优先级中7级及以下的V2X消息。低有优先级的V2X消息可以是服务类或者应用的消息。例如,可以是展示附近停车场、展示附近餐饮商家的消息等。在舍弃掉不符合第一过滤规则的V2X消息后,送往安全芯片进行验签的V2X消息数量减少,可以降低安全芯片的验签压力。In some embodiments, the V2X message conforming to the first filtering rule is the first V2X message, and the first filtering rule may include: the sender identifiers of the V2X messages are the same and the priority level of the V2X messages is higher than the first priority threshold. For example, in the received V2X messages, if there are multiple V2X messages with the same sender L2ID, the high-priority V2X messages in these messages can be sent to the security chip for signature verification, and the low-priority V2X messages are discarded and not processed. deal with. As an example, the first priority threshold may be level 7, and the high-priority V2X messages may be V2X messages related to driving safety, for example, may be V2X messages with PPPP priority levels 2, 3, 4, and 5 . The low-priority V2X message may be a V2X message of level 7 or lower in the PPPP priority. Low priority V2X messages can be service class or application messages. For example, it can be to display the nearby parking lot, display the news of the nearby restaurant business, and so on. After the V2X messages that do not meet the first filtering rule are discarded, the number of V2X messages sent to the security chip for signature verification is reduced, which can reduce the security chip's signature verification pressure.
S106、将符合第二过滤规则的V2X消息发送给安全芯片进行验签的频次降低。S106, the frequency of sending the V2X message that meets the second filtering rule to the security chip for signature verification is reduced.
一些实施方式中,S106是在S105的基础上进一步对第一V2X消息进行过滤,第二过滤规则包括:当接收到的多个第一V2X消息中,包括N个优先级相同的第二V2X消息时,向安全芯片发送M个第二V2X消息,M小于N。In some embodiments, S106 further filters the first V2X messages on the basis of S105, and the second filtering rule includes: when the received multiple first V2X messages include N second V2X messages with the same priority When , send M second V2X messages to the security chip, where M is less than N.
在过滤掉相同L2ID中低优先级的V2X消息后,若安全芯片的验签压力依然较高,可以减少第一V2X消息中优先级相同的V2X消息(即第二V2X消息)发送给安全芯片的发送数量,例如,若在过滤掉相同L2ID中低优先级的V2X消息后,第一V2X消息的数量N为100,则可以将其中的M个(例如10个、20个或50个等)作为第二V2X消息发送给安全芯片。After filtering out V2X messages with low priority in the same L2ID, if the verification pressure of the security chip is still high, the V2X messages with the same priority in the first V2X message (that is, the second V2X message) sent to the security chip can be reduced. The number of transmissions. For example, if the number N of the first V2X messages is 100 after filtering out V2X messages with low priority in the same L2ID, M (for example, 10, 20, or 50, etc.) can be used as The second V2X message is sent to the security chip.
其中,在减少发送数量时,可以用发送V2X消息的频次作为单位。作为示例,若将第一V2X消息发送给安全芯片的发送频次为10次/秒,则可以将发送第二V2X消息发送给安全芯片的频次降为M/N,例如,当M/N等于1/5时,即将第二V2X消息发送给安全芯片的发送频次降为10次/秒*1/5=2次/秒。通过降低相同优先级V2X消息验签的频率,可以有效降低安全芯片的验签次数,进而降低安全芯片的验签压力。Among them, when reducing the number of sending, the frequency of sending V2X messages can be used as a unit. As an example, if the frequency of sending the first V2X message to the security chip is 10 times/second, the frequency of sending the second V2X message to the security chip can be reduced to M/N, for example, when M/N is equal to 1 When /5, the sending frequency of the second V2X message to the security chip is reduced to 10 times/second*1/5=2 times/second. By reducing the frequency of V2X message signature verification with the same priority, the number of signature verifications of the security chip can be effectively reduced, thereby reducing the verification pressure of the security chip.
S107、当接收到远距离V2X消息时,执行S108,否则执行S111。S107 , when the long-distance V2X message is received, execute S108 , otherwise execute S111 .
S108、将符合第三过滤规则的V2X消息发送给安全芯片进行验签。S108. Send the V2X message that meets the third filtering rule to the security chip for signature verification.
一些实施方式中,符合第三过滤规则的V2X消息为第一V2X消息。第三过滤规则可以包括:V2X消息中发送方距离大于预设的距离阈值且优先级等级高于第二优先级阈值的V2X消息和发送方距离小于或等于距离阈值的V2X消息为第一V2X消息。其中,发送方距离大于预设的距离阈值的V2X消息也可称为远距离V2X消息。In some embodiments, the V2X message that conforms to the third filtering rule is the first V2X message. The third filtering rule may include: V2X messages whose sender distance is greater than the preset distance threshold and whose priority level is higher than the second priority threshold and V2X messages whose sender distance is less than or equal to the distance threshold are the first V2X messages . Wherein, a V2X message whose sender distance is greater than a preset distance threshold may also be referred to as a long-distance V2X message.
需要说明的是,当确定接收到一条远距离V2X消息后,可以将该远距离V2X消息的发送发标识进行远距离标识。后续收到V2X消息时,可以根据接收到的V2X消息的L2ID是否有远距离标识确定其是否为远距离V2X消息。It should be noted that, after it is determined that a long-distance V2X message is received, a long-distance identification can be performed on the sending and sending identification of the long-distance V2X message. When a V2X message is subsequently received, it may be determined whether the received V2X message is a long-distance V2X message according to whether the L2ID of the received V2X message has a long-distance identifier.
当V2X消息的L2ID与远距离V2X消息不同时,表明该V2X消息并非远距离V2X消息,即发送方距离小于或等于距离阈值,需要对该V2X消息进行验签处理。When the L2ID of the V2X message is different from the long-distance V2X message, it indicates that the V2X message is not a long-distance V2X message, that is, the sender's distance is less than or equal to the distance threshold, and the V2X message needs to be verified.
当V2X消息的L2ID与远距离V2X消息相同时,确认发送方对应的车辆与电子设备对应的车辆距离较远,安全隐患较低,可以只将该车辆发送的高优先级V2X消息发送给安全芯片进行验签,而将低优先级的V2X消息舍弃。在本实施例中,优先级可以是PPPP优先级,第二优先级阈值可以与第一优先级阈值相同,也可以不同,在本申请中对此不做限制。由于舍弃掉了远车发送的低优先级V2X消息,减少了安全芯片验签的V2X消息数量,可以降低安全芯片的验签压力。When the L2ID of the V2X message is the same as that of the long-distance V2X message, it is confirmed that the vehicle corresponding to the sender is far away from the vehicle corresponding to the electronic device, and the safety hazard is low. Only the high-priority V2X message sent by the vehicle can be sent to the security chip. Perform signature verification and discard low-priority V2X messages. In this embodiment, the priority may be the PPPP priority, and the second priority threshold may be the same as or different from the first priority threshold, which is not limited in this application. Since the low-priority V2X messages sent by the distant car are discarded, the number of V2X messages for the security chip signature verification is reduced, which can reduce the security chip signature verification pressure.
还需说明的是,当对一个L2ID进行远距离标识后,若再次接收到该发送方发送的V2X消息,还可以对其发送方距离进行验证。若发送方距离小于或等于距离阈值, 则可以清除该L2ID的远距离标识,以更加精确的对接收到的V2X消息进行过滤。It should also be noted that after long-distance identification of an L2ID, if the V2X message sent by the sender is received again, the sender distance can also be verified. If the sender's distance is less than or equal to the distance threshold, the long-distance identifier of the L2ID can be cleared, so as to filter the received V2X message more accurately.
S109、当接收到高风险V2X消息时,执行S110,否则执行S111。S109 , when the high-risk V2X message is received, execute S110 , otherwise execute S111 .
S110、将符合第四过滤规则的V2X消息发送给安全芯片进行验签。S110. Send the V2X message conforming to the fourth filtering rule to the security chip for signature verification.
一些实施方式中,符合第四过滤规则的V2X消息为第一V2X消息。第四过滤规则包括:V2X消息为非高风险消息。其中,非高风险消息的发送方标识与高风险消息的发送方标识不同,高风险消息为未通过安全芯片验签的V2X消息。In some embodiments, the V2X message conforming to the fourth filtering rule is the first V2X message. The fourth filtering rule includes: V2X messages are non-high-risk messages. The sender identifier of the non-high-risk message is different from the sender identifier of the high-risk message, and the high-risk message is a V2X message that has not passed the security chip signature verification.
若一条V2X在安全芯片处未通过验证,则安全芯片可以将该V2X消息的L2ID标识为高风险,并上报给接入层。当后续接收到的V2X消息的L2ID为标识了高风险的L2ID时,即可过滤该V2X消息,不进行验签。If a V2X message fails the verification at the security chip, the security chip can identify the L2ID of the V2X message as a high risk and report it to the access layer. When the L2ID of the subsequently received V2X message is an L2ID that identifies a high risk, the V2X message can be filtered without signature verification.
作为示例,高风险V2X消息可以是伪消息,例如,信道上存的在恶意非标消息、未授权设备发送的V2X消息等。这些伪消息在安全芯片中无法通过验签。然后,将L2ID对应的伪消息全部舍弃,不对高风险消息进行验签,进而减少安全芯片的验签压力。As an example, the high-risk V2X message may be a fake message, for example, a malicious non-standard message existing on the channel, a V2X message sent by an unauthorized device, and the like. These fake messages cannot pass signature verification in the security chip. Then, all pseudo messages corresponding to the L2ID are discarded, and no signature verification is performed on high-risk messages, thereby reducing the signature verification pressure on the security chip.
S111、将接收到的所有V2X消息发送给安全芯片进行验签。S111. Send all the received V2X messages to the security chip for signature verification.
一些实施方式中,在上述流程中,无需对V2X消息进行过滤时,可以直接将接收到的V2X消息发送给安全芯片,进行验签。In some embodiments, in the above process, when the V2X message does not need to be filtered, the received V2X message may be directly sent to the security chip for signature verification.
可选地,在对接收到的V2X消息进行过滤之后,当安全芯片的验签负载状态变为低负载时,可以停止对接收到的V2X消息进行过滤,将所有接收到的V2X消息发送给安全芯片进行验签。例如,可以接收来自安全芯片的验签负载信息。当验签负载信息指示安全芯片的验签负载小于第二负载阈值时,确定电子设备的验签负载状态为低负载。参考S103,第二负载阈值可以等于第一负载阈值,第二负载阈值可以为最大验签负载的80%,即1600条/秒,第二负载阈值还可以是最大验签负载的70%。Optionally, after filtering the received V2X messages, when the signature verification load status of the security chip becomes low, the filtering of the received V2X messages can be stopped, and all received V2X messages can be sent to the security chip. Chip for signature verification. For example, verification payload information can be received from the security chip. When the signature verification load information indicates that the signature verification load of the security chip is less than the second load threshold, it is determined that the signature verification load status of the electronic device is a low load. Referring to S103, the second load threshold may be equal to the first load threshold, the second load threshold may be 80% of the maximum signature verification load, that is, 1600 pieces/second, and the second load threshold may also be 70% of the maximum signature verification load.
在本实施例中,通过安全芯片的验签负载作为安全芯片验签负载状态的判断参数,由于安全芯片的验签负载可以直接、精确的体现出安全芯片验签负载状态,因此判断的结果可靠、误判的概率低。In this embodiment, the signature verification load of the security chip is used as the judgment parameter of the signature verification load status of the security chip. Since the signature verification load of the security chip can directly and accurately reflect the signature verification load status of the security chip, the judgment result is reliable. , the probability of misjudgment is low.
图5示出了本申请提供的另一种V2X验签方法的示意性流程图,作为示例而非限定,该方法可以应用于上述电子设备中。FIG. 5 shows a schematic flowchart of another V2X signature verification method provided by the present application. As an example and not a limitation, the method can be applied to the above electronic device.
S201、接收V2X消息。S201. Receive a V2X message.
S202、获取电子设备通过安全芯片对接收到的V2X消息进行验签时,每条V2X消息的验签时长。S202, when the electronic device performs signature verification on the received V2X message through the security chip, the signature verification duration of each V2X message.
S203、当验签时长大于第一验签时间阈值时,执行S204,否则执行S211。S203. When the signature verification duration is greater than the first signature verification time threshold, perform S204; otherwise, perform S211.
一些实施方式中,V2X消息的传递方式可以是接入层接收V2X消息,然后接入层将V2X消息传递给安全芯片进行验签,安全芯片验签完成后,再将V2X消息发送给应用层。In some embodiments, the V2X message may be delivered by the access layer receiving the V2X message, and then the access layer transmits the V2X message to the security chip for signature verification, and after the security chip signature verification is completed, the V2X message is sent to the application layer.
其中,当接入层将V2X消息发送给安全芯片进行验签时,接入层可以记录发送V2X消息的时间戳并同时传送给安全芯片,安全芯片对V2X消息进行验签后,通过发送给应用层时,应用层记录接收到V2X消息时的时间戳,两个时间戳之间的时间差表示进行验签的时间,即验签时长。当验签时长大于第一验签时间阈值时,即可确认安全芯片的验签效率降低,需要对发送给验签芯片的V2X消息进行过滤。Among them, when the access layer sends the V2X message to the security chip for signature verification, the access layer can record the timestamp of sending the V2X message and transmit it to the security chip at the same time. When the V2X message is received, the application layer records the timestamp when the V2X message is received, and the time difference between the two timestamps indicates the time for signature verification, that is, the signature verification duration. When the signature verification time is longer than the first signature verification time threshold, it can be confirmed that the signature verification efficiency of the security chip is reduced, and the V2X message sent to the signature verification chip needs to be filtered.
S204、获取接收到的每条V2X消息的特征信息,特征信息包括发送方标识、优先级等级和发送方距离。S204. Acquire characteristic information of each received V2X message, where the characteristic information includes a sender identifier, a priority level, and a sender distance.
S205、将符合第一过滤规则的V2X消息发送给安全芯片进行验签。S205. Send the V2X message that conforms to the first filtering rule to the security chip for signature verification.
S206、将符合第二过滤规则的V2X消息发送给安全芯片进行验签的频次降低。S206, the frequency of sending the V2X message that meets the second filtering rule to the security chip for signature verification is reduced.
S207、当接收到远距离V2X消息时,执行S208,否则执行S211。S207 , when the long-distance V2X message is received, execute S208 , otherwise execute S211 .
S208、将符合第三过滤规则的V2X消息发送给安全芯片进行验签。S208. Send the V2X message that meets the third filtering rule to the security chip for signature verification.
S209、当接收到高风险V2X消息时,执行S210,否则执行S211。S209 , when the high-risk V2X message is received, execute S210 , otherwise execute S211 .
S210、将符合第四过滤规则的V2X消息发送给安全芯片进行验签。S210. Send the V2X message conforming to the fourth filtering rule to the security chip for signature verification.
S211、将接收到的所有V2X消息发送给安全芯片进行验签。S211. Send all the received V2X messages to the security chip for signature verification.
在上述方法中,S201和S101、S204至S211和S104至S111的实现方式相同,在此不做赘述。In the above method, the implementation manners of S201 and S101, and S204 to S211 and S104 to S111 are the same, which will not be repeated here.
在本实施例中,采用了验签时长作为安全芯片的负载信息,可以在无法直接获取安全芯片的验签负载时实现对安全芯片的验签负载状态进行判断,具有较广泛的应用范围。In this embodiment, the signature verification duration is used as the load information of the security chip, and the signature verification load status of the security chip can be judged when the signature verification load of the security chip cannot be directly obtained, which has a wide application range.
图6示出了本申请提供的另一种V2X验签方法的示意图,作为示例而非限定,该方法可以应用于上述电子设备中。FIG. 6 shows a schematic diagram of another V2X signature verification method provided by the present application. As an example and not a limitation, the method can be applied to the above electronic device.
在图6示出的方法中,安全芯片将验签负载信息发送给接入层和应用层,接入层和应用层可以根据验签负载信息确定安全芯片的验签负载状态。若为高负载,接入层可以自主进行过滤或者应用层也可以指示接入层对接收到的V2X消息进行过滤,以降低安全芯片的验签压力。或者,应用层还可以根据获取到的验签时长确定安全芯片的验签负载状态,若为高负载,则指示接入层对接收到的V2X消息进行过滤。其中,V2X消息过滤的方式可参照上述S105至S110中的方法,在此不作赘述。In the method shown in FIG. 6 , the security chip sends the signature verification load information to the access layer and the application layer, and the access layer and the application layer can determine the signature verification load status of the security chip according to the signature verification load information. If the load is high, the access layer can perform filtering autonomously or the application layer can also instruct the access layer to filter the received V2X messages to reduce the pressure on the security chip for signature verification. Alternatively, the application layer may also determine the signature verification load status of the security chip according to the acquired signature verification duration, and if the load is high, instruct the access layer to filter the received V2X messages. The method of V2X message filtering may refer to the methods in S105 to S110 above, which will not be repeated here.
在本实施例中,通过安全芯片、接入层和应用层之间的联动,可以更加准确的识别安全芯片压力较大的场景,进而对接收到的V2X消息进行过滤,降低安全芯片的验签压力。In this embodiment, through the linkage between the security chip, the access layer, and the application layer, it is possible to more accurately identify scenarios where the security chip is under high pressure, and then filter the received V2X messages to reduce the signature verification of the security chip. pressure.
应理解,上述实施例中各步骤的序号的大小并不意味着执行顺序的先后,各过程的执行顺序应以其功能和内在逻辑确定,而不应对本申请实施例的实施过程构成任何限定。It should be understood that the size of the sequence numbers of the steps in the above embodiments does not mean the sequence of execution, and the execution sequence of each process should be determined by its function and internal logic, and should not constitute any limitation to the implementation process of the embodiments of the present application.
对应于上文实施例所述的V2X验签方法,图7示出了本申请实施例提供的V2X验签装置的结构框图,为了便于说明,仅示出了与本申请实施例相关的部分。Corresponding to the V2X signature verification method described in the above embodiments, FIG. 7 shows a structural block diagram of the V2X signature verification apparatus provided by the embodiments of the present application. For convenience of description, only parts related to the embodiments of the present application are shown.
参照图7,V2X验签装置,包括:Referring to Figure 7, the V2X signature verification device includes:
获取模块301,用于获取所述安全芯片的验签负载状态。The acquiring module 301 is configured to acquire the signature verification load status of the security chip.
发送模块302,用于当所述验签负载状态为高负载时,将后续接收到的符合预设过滤规则的第一V2X消息发送给所述安全芯片进行验签。The sending module 302 is configured to send a subsequently received first V2X message conforming to a preset filtering rule to the security chip for signature verification when the signature verification load state is a high load.
一些实施方式中,获取模块301,具体用于接收来自安全芯片的验签负载信息。当验签负载信息指示安全芯片的验签负载大于第一负载阈值时,确定验签负载状态为高负载。In some embodiments, the obtaining module 301 is specifically configured to receive the signature verification load information from the security chip. When the signature verification load information indicates that the signature verification load of the security chip is greater than the first load threshold, it is determined that the signature verification load state is a high load.
一些实施方式中,获取模块301,具体用于获取安全芯片对V2X消息进行验签的验签时长。当验签时长大于第一验签时间阈值时,确定验签负载状态为高负载。In some embodiments, the acquiring module 301 is specifically configured to acquire the signature verification duration for the security chip to perform signature verification on the V2X message. When the signature verification duration is greater than the first signature verification time threshold, it is determined that the signature verification load state is a high load.
一些实施方式中,获取模块301,具体用于获取发送V2X消息至安全芯片时的第一时间戳。接收安全芯片返回的V2X消息的验签结果,获取接收到V2X消息的验签结果时的第二时间戳。验签时长为第一时间戳与第二时间戳之间的时间差。In some embodiments, the obtaining module 301 is specifically configured to obtain the first timestamp when the V2X message is sent to the security chip. Receive the signature verification result of the V2X message returned by the security chip, and obtain the second timestamp when the signature verification result of the V2X message is received. The signature verification duration is the time difference between the first timestamp and the second timestamp.
一些实施方式中,发送模块302,具体用于获取接收到发送方标识相同的至少一个V2X消息的优先级等级。确定至少一个V2X消息中优先级等级高于第一优先级阈值的V2X消息为第一V2X消息。In some embodiments, the sending module 302 is specifically configured to obtain the priority level of at least one V2X message with the same sender identifier. A V2X message with a priority level higher than the first priority threshold in at least one V2X message is determined as the first V2X message.
一些实施方式中,发送模块302,还用于当接收到的多个第一V2X消息中,包括N个优先级相同的第二V2X消息时,向安全芯片发送M个第二V2X消息,M小于N。In some embodiments, the sending module 302 is further configured to send M second V2X messages to the security chip when the received multiple first V2X messages include N second V2X messages with the same priority, where M is less than N.
一些实施方式中,发送模块302,还用于确定接收到至少一个V2X消息的优先级等级和发送方距离。确定至少一个V2X消息中发送方距离大于预设的距离阈值且优先级等级高于第二优先级阈值的V2X消息为第一V2X消息。和,发送方距离小于或等于距离阈值的V2X消息为第一V2X消息。In some implementation manners, the sending module 302 is further configured to determine the priority level and sender distance of the received at least one V2X message. A V2X message whose sender distance is greater than the preset distance threshold and whose priority level is higher than the second priority threshold in at least one V2X message is determined to be the first V2X message. And, the V2X message whose sender distance is less than or equal to the distance threshold is the first V2X message.
一些实施方式中,发送模块302,还用于确定接收到至少一个V2X消息中的非高风险消息为第一V2X消息,非高风险消息的发送方标识与高风险消息的发送方标识不同,高风险消息为未通过安全芯片验签的V2X消息。In some embodiments, the sending module 302 is further configured to determine that a non-high-risk message in the received at least one V2X message is the first V2X message, and the sender identifier of the non-high-risk message is different from the sender identifier of the high-risk message, and the high-risk message is different. Risk messages are V2X messages that fail the security chip signature verification.
一些实施方式中,发送模块302,还用于当验签负载状态为低负载时,将后续所有接收到的V2X消息发送给安全芯片进行验签。In some embodiments, the sending module 302 is further configured to send all subsequent received V2X messages to the security chip for signature verification when the load status of the signature verification is low.
一些实施方式中,获取模块301,还用于接收来自安全芯片的验签负载信息。当验签负载信息指示安全芯片的验签负载小于第二负载阈值时,确定验签负载状态为低负载。In some embodiments, the obtaining module 301 is further configured to receive the signature verification load information from the security chip. When the signature verification load information indicates that the signature verification load of the security chip is less than the second load threshold, it is determined that the signature verification load state is a low load.
一些实施方式中,获取模块301,还用于获取安全芯片对V2X消息进行验签的验签时长。当验签时长小于第二验签时间阈值时,确定验签负载状态为低负载。In some embodiments, the acquiring module 301 is further configured to acquire the signature verification duration for the security chip to perform signature verification on the V2X message. When the signature verification duration is less than the second signature verification time threshold, it is determined that the signature verification load state is low load.
需要说明的是,上述模块之间的信息交互、执行过程等内容,由于与本申请方法实施例基于同一构思,其具体功能及带来的技术效果,具体可参见方法实施例部分,此处不再赘述。It should be noted that the information exchange, execution process and other contents between the above modules are based on the same concept as the method embodiments of the present application, and the specific functions and technical effects brought by them can be found in the method embodiments section for details. Repeat.
所属领域的技术人员可以清楚地了解到,为了描述的方便和简洁,仅以上述各功能单元、模块的划分进行举例说明,实际应用中,可以根据需要而将上述功能分配由不同的功能单元、模块完成,即将所述装置的内部结构划分成不同的功能单元或模块,以完成以上描述的全部或者部分功能。实施例中的各功能单元、模块可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中,上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。另外,各功能单元、模块的具体名称也只是为了便于相互区分,并不用于限制本申请的保护范围。上述系统中单元、模块的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。Those skilled in the art can clearly understand that, for the convenience and simplicity of description, only the division of the above-mentioned functional units and modules is used as an example. Module completion, that is, dividing the internal structure of the device into different functional units or modules to complete all or part of the functions described above. Each functional unit and module in the embodiment may be integrated in one processing unit, or each unit may exist physically alone, or two or more units may be integrated in one unit, and the above-mentioned integrated units may adopt hardware. It can also be realized in the form of software functional units. In addition, the specific names of the functional units and modules are only for the convenience of distinguishing from each other, and are not used to limit the protection scope of the present application. For the specific working processes of the units and modules in the above-mentioned system, reference may be made to the corresponding processes in the foregoing method embodiments, which will not be repeated here.
图8为本申请一实施例提供的电子设备的结构示意图。如图8所示,该实施例的电子设备4包括:至少一个处理器401(图8中仅示出一个处理器)、存储器402、安全芯片404以及存储在存储器402中并可在至少一个处理器401上运行的计算机程序403。处理器401执行计算机程序403时,通过安全芯片404实现上述方法实施例中的步骤。FIG. 8 is a schematic structural diagram of an electronic device according to an embodiment of the present application. As shown in FIG. 8 , the electronic device 4 of this embodiment includes: at least one processor 401 (only one processor is shown in FIG. 8 ), a memory 402 , a security chip 404 , and a memory 402 that is stored in the memory 402 and can be processed in at least one computer program 403 running on the server 401 . When the processor 401 executes the computer program 403, the security chip 404 implements the steps in the above method embodiments.
电子设备4可以是手机、桌上型计算机、笔记本、掌上电脑及云端服务器等电子设备。该电子设备可包括,但不仅限于,处理器401、存储器402。本领域技术人员可以理解,图8仅仅是电子设备4的举例,并不构成对电子设备4的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件,例如还可以包括输入输出设备、网络接入设备等。The electronic device 4 may be an electronic device such as a mobile phone, a desktop computer, a notebook, a palmtop computer and a cloud server. The electronic device may include, but is not limited to, the processor 401 and the memory 402 . Those skilled in the art can understand that FIG. 8 is only an example of the electronic device 4, and does not constitute a limitation to the electronic device 4, and may include more or less components than the one shown, or combine some components, or different components , for example, may also include input and output devices, network access devices, and the like.
所称处理器401可以是中央处理单元(Central Processing Unit,CPU),该处理器401还可以是其他通用处理器、数字信号处理器(Digital Signal Processor,DSP)、专用集成电路(Application Specific Integrated Circuit,ASIC)、现成可编程门阵列(Field-Programmable Gate Array,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。The so-called processor 401 may be a central processing unit (Central Processing Unit, CPU), and the processor 401 may also be other general-purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuits) , ASIC), off-the-shelf programmable gate array (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
存储器402在一些实施例中可以是电子设备4的内部存储单元,例如电子设备4的硬盘或内存。存储器402在另一些实施例中也可以是电子设备4的外部存储设备,例如电子设备4上配备的插接式硬盘,智能存储卡(Smart Media Card,SMC),安全数字(Secure Digital,SD)卡,闪存卡(Flash Card)等。进一步地,存储器402还可以既包括电子设备4的内部存储单元也包括外部存储设备。存储器402用于存储操作系统、应用程序、引导装载程序(BootLoader)、数据以及其他程序等,例如计算机程序的程序代码等。存储器402还可以用于暂时地存储已经输出或者将要输出的数据。The memory 402 may in some embodiments be an internal storage unit of the electronic device 4 , such as a hard disk or memory of the electronic device 4 . The memory 402 may also be an external storage device of the electronic device 4 in other embodiments, such as a plug-in hard disk, a smart memory card (Smart Media Card, SMC), a secure digital (Secure Digital, SD) equipped on the electronic device 4 card, Flash Card, etc. Further, the memory 402 may also include both an internal storage unit of the electronic device 4 and an external storage device. The memory 402 is used to store an operating system, application programs, a boot loader (Boot Loader), data, and other programs, such as program codes of computer programs, and the like. The memory 402 may also be used to temporarily store data that has been or will be output.
安全芯片404为可以提供V2X应用安全服务的芯片,安全芯片404可以是独立的芯片也可以是集成在其它芯片中,能够实现安全芯片功能的结构。V2X应用安全服务可以包括签名、验证、加密、解密、秘钥写入或证书写入。安全芯片的具体形式在本申请中不做限制。The security chip 404 is a chip that can provide V2X application security services. The security chip 404 can be an independent chip or a structure that can be integrated in other chips and can implement the function of the security chip. V2X application security services can include signing, verification, encryption, decryption, key writing or certificate writing. The specific form of the security chip is not limited in this application.
本申请实施例还提供了一种计算机可读存储介质,所述计算机可读存储介质存储有计算机程序,所述计算机程序被处理器执行时实现可实现上述各个方法实施例中的步骤。Embodiments of the present application further provide a computer-readable storage medium, where a computer program is stored in the computer-readable storage medium, and when the computer program is executed by a processor, the steps in the foregoing method embodiments can be implemented.
本申请实施例提供了一种计算机程序产品,当计算机程序产品在移动终端上运行时,使得移动终端执行时实现可实现上述各个方法实施例中的步骤。The embodiments of the present application provide a computer program product, when the computer program product runs on a mobile terminal, the steps in the foregoing method embodiments can be implemented when the mobile terminal executes the computer program product.
所述集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本申请实现上述实施例方法中的全部或部分流程,可以通过计算机程序来指令相关的硬件来完成,所述的计算机程序可存储于一计算机可读存储介质中,该计算机程序在被处理器执行时,可实现上述各个方法实施例的步骤。其中,所述计算机程序包括计算机程序代码,所述计算机程序代码可以为源代码形式、对象代码形式、可执行文件或某些中间形式等。所述计算机可读介质至少可以包括:能够将计算机程序代码携带到电子设备的任何实体或装置、记录介质、计算机存储器、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、电载波信号、电信信号以及软件分发介质。例如U盘、移动硬盘、磁碟或者光盘等。在某些司法管辖区,根据立法和专利实践,计算机可读介质不可以是电载波信号和电信信号。The integrated unit, if implemented in the form of a software functional unit and sold or used as an independent product, may be stored in a computer-readable storage medium. Based on this understanding, the present application realizes all or part of the processes in the methods of the above embodiments, which can be completed by instructing the relevant hardware through a computer program, and the computer program can be stored in a computer-readable storage medium. When executed by a processor, the steps of each of the above method embodiments can be implemented. Wherein, the computer program includes computer program code, and the computer program code may be in the form of source code, object code, executable file or some intermediate form, and the like. The computer-readable medium may include at least: any entity or device capable of carrying computer program codes to an electronic device, a recording medium, computer memory, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), electrical carrier signals, telecommunication signals, and software distribution media. For example, U disk, mobile hard disk, disk or CD, etc. In some jurisdictions, under legislation and patent practice, computer readable media may not be electrical carrier signals and telecommunications signals.
本申请实施例提供了一种芯片系统,芯片系统包括存储器和处理器,处理器执行 存储器中存储的计算机程序,以实现上述各个方法实施例中的步骤。An embodiment of the present application provides a chip system, where the chip system includes a memory and a processor, and the processor executes a computer program stored in the memory to implement the steps in each of the foregoing method embodiments.
本申请实施例提供了一种芯片系统,芯片系统包括处理器,处理器与计算机可读存储介质耦合,处理器执行计算机可读存储介质中存储的计算机程序,以实现上述各个方法实施例中的步骤。An embodiment of the present application provides a chip system, the chip system includes a processor, the processor is coupled to a computer-readable storage medium, and the processor executes a computer program stored in the computer-readable storage medium, so as to implement the above method embodiments. step.
在上述实施例中,对各个实施例的描述都各有侧重,某个实施例中没有详述或记载的部分,可以参见其它实施例的相关描述。In the foregoing embodiments, the description of each embodiment has its own emphasis. For parts that are not described or described in detail in a certain embodiment, reference may be made to the relevant descriptions of other embodiments.
本领域普通技术人员可以意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、或者计算机软件和电子硬件的结合来实现。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本申请的范围。Those of ordinary skill in the art can realize that the units and algorithm steps of each example described in conjunction with the embodiments disclosed herein can be implemented in electronic hardware, or a combination of computer software and electronic hardware. Whether these functions are performed in hardware or software depends on the specific application and design constraints of the technical solution. Skilled artisans may implement the described functionality using different methods for each particular application, but such implementations should not be considered beyond the scope of this application.
在本申请所提供的实施例中,应该理解到,所揭露的方法、装置和电子设备,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述模块或单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通讯连接可以是通过一些接口,装置或单元的间接耦合或通讯连接,可以是电性,机械或其它的形式。In the embodiments provided in this application, it should be understood that the disclosed method, apparatus and electronic device may be implemented in other manners. For example, the device embodiments described above are only illustrative. For example, the division of the modules or units is only a logical function division. In actual implementation, there may be other division methods. For example, multiple units or components may be Combinations can either be integrated into another system, or some features can be omitted, or not implemented. On the other hand, the shown or discussed mutual coupling or direct coupling or communication connection may be through some interfaces, indirect coupling or communication connection of devices or units, and may be in electrical, mechanical or other forms.
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution in this embodiment.
最后应说明的是:以上所述,仅为本申请的具体实施方式,但本申请的保护范围并不局限于此,任何在本申请揭露的技术范围内的变化或替换,都应涵盖在本申请的保护范围之内。因此,本申请的保护范围应以所述权利要求的保护范围为准。Finally, it should be noted that: the above are only specific embodiments of the present application, but the protection scope of the present application is not limited to this, and any changes or replacements within the technical scope disclosed in the present application should be covered by the present application. within the scope of protection of the application. Therefore, the protection scope of the present application should be subject to the protection scope of the claims.

Claims (15)

  1. 一种V2X验签方法,应用于电子设备,所述电子设备中设置有安全芯片,其特征在于,包括:A V2X signature verification method, applied to electronic equipment, wherein the electronic equipment is provided with a security chip, and is characterized in that, comprising:
    获取所述安全芯片的验签负载状态;obtaining the signature verification load status of the security chip;
    当所述验签负载状态为高负载时,将后续接收到的符合预设过滤规则的第一V2X消息发送给所述安全芯片进行验签。When the signature verification load state is a high load, the subsequently received first V2X message that complies with the preset filtering rule is sent to the security chip for signature verification.
  2. 根据权利要求1所述的方法,其特征在于,所述获取所述安全芯片的验签负载状态,包括:The method according to claim 1, wherein the acquiring the signature verification load status of the security chip comprises:
    接收来自安全芯片的验签负载信息;Receive the verification payload information from the security chip;
    当所述验签负载信息指示所述安全芯片的验签负载大于第一负载阈值时,确定所述验签负载状态为高负载。When the signature verification load information indicates that the signature verification load of the security chip is greater than a first load threshold, it is determined that the signature verification load state is a high load.
  3. 根据权利要求1所述的方法,其特征在于,所述获取所述安全芯片的验签负载状态,包括:The method according to claim 1, wherein the acquiring the signature verification load status of the security chip comprises:
    获取所述安全芯片对V2X消息进行验签的验签时长;Obtain the signature verification duration for the security chip to perform signature verification on the V2X message;
    当所述验签时长大于第一验签时间阈值时,确定所述验签负载状态为高负载。When the signature verification duration is greater than the first signature verification time threshold, it is determined that the signature verification load state is a high load.
  4. 根据权利要求3所述的方法,其特征在于,所述获取所述安全芯片对V2X消息进行验签的验签时长,包括:The method according to claim 3, wherein the acquiring the signature verification duration for the V2X message to be verified by the security chip comprises:
    获取发送所述V2X消息至所述安全芯片时的第一时间戳;obtaining the first timestamp when the V2X message is sent to the security chip;
    接收所述安全芯片返回的所述V2X消息的验签结果,获取接收到所述V2X消息的验签结果时的第二时间戳;Receive the signature verification result of the V2X message returned by the security chip, and obtain a second timestamp when the signature verification result of the V2X message is received;
    所述验签时长为所述第一时间戳与所述第二时间戳之间的时间差。The signature verification duration is the time difference between the first timestamp and the second timestamp.
  5. 根据权利要求1-4任一项所述的方法,其特征在于,确定所述符合预设过滤规则的第一V2X消息的方式,包括:The method according to any one of claims 1-4, wherein the method of determining the first V2X message that complies with a preset filtering rule comprises:
    获取接收到发送方标识相同的至少一个V2X消息的优先级等级;Obtain the priority level of at least one V2X message with the same sender identifier;
    确定所述至少一个V2X消息中优先级等级高于第一优先级阈值的V2X消息为所述第一V2X消息。It is determined that a V2X message with a priority level higher than the first priority threshold in the at least one V2X message is the first V2X message.
  6. 根据权利要求5所述的方法,其特征在于,所述方法还包括:The method according to claim 5, wherein the method further comprises:
    当接收到的多个第一V2X消息中,包括N个优先级相同的第二V2X消息时,向安全芯片发送M个第二V2X消息,M小于N。When the received multiple first V2X messages include N second V2X messages with the same priority, send M second V2X messages to the security chip, where M is less than N.
  7. 根据权利要求1-4任一项所述的方法,其特征在于,所述确定所述符合预设过滤规则的第一V2X消息的方式,还包括:The method according to any one of claims 1-4, wherein the method for determining the first V2X message that complies with a preset filtering rule further comprises:
    确定接收到至少一个V2X消息的优先级等级和发送方距离;Determine the priority level and sender distance of at least one V2X message received;
    确定所述至少一个V2X消息中所述发送方距离大于预设的距离阈值且所述优先级等级高于第二优先级阈值的所述V2X消息为所述第一V2X消息;和,determining that the V2X message in the at least one V2X message whose sender distance is greater than a preset distance threshold and whose priority level is higher than a second priority threshold is the first V2X message; and,
    所述发送方距离小于或等于所述距离阈值的所述V2X消息为所述第一V2X消息。The V2X message whose sender distance is less than or equal to the distance threshold is the first V2X message.
  8. 根据权利要求1-4任一项所述的方法,其特征在于,确定所述符合预设过滤规则的第一V2X消息的方式,包括:The method according to any one of claims 1-4, wherein the method of determining the first V2X message that complies with a preset filtering rule comprises:
    确定接收到至少一个V2X消息中的非高风险消息为所述第一V2X消息,所述非高风险消息的发送方标识与高风险消息的发送方标识不同,所述高风险消息为未通过 所述安全芯片验签的V2X消息。It is determined that the non-high-risk message in the received at least one V2X message is the first V2X message, the sender identifier of the non-high-risk message is different from the sender identifier of the high-risk message, and the high-risk message is not passed. The V2X message for the security chip signature verification.
  9. 根据权利要求1-8任一项所述的方法,其特征在于,还包括:The method according to any one of claims 1-8, further comprising:
    当所述验签负载状态为低负载时,将后续所有接收到的V2X消息发送给所述安全芯片进行验签。When the signature verification load state is low load, all subsequent received V2X messages are sent to the security chip for signature verification.
  10. 根据权利要求9所述的方法,其特征在于,所述获取所述安全芯片的验签负载状态,包括:The method according to claim 9, wherein the acquiring the signature verification load status of the security chip comprises:
    接收来自安全芯片的验签负载信息;Receive the verification payload information from the security chip;
    当所述验签负载信息指示所述安全芯片的验签负载小于第二负载阈值时,确定所述验签负载状态为低负载。When the signature verification load information indicates that the signature verification load of the security chip is less than a second load threshold, it is determined that the signature verification load state is a low load.
  11. 根据权利要求9所述的方法,其特征在于,所述获取所述安全芯片的验签负载状态,包括:The method according to claim 9, wherein the acquiring the signature verification load status of the security chip comprises:
    获取所述安全芯片对V2X消息进行验签的验签时长;Obtain the signature verification duration for the security chip to perform signature verification on the V2X message;
    当所述验签时长小于第二验签时间阈值时,确定所述验签负载状态为低负载。When the signature verification duration is less than the second signature verification time threshold, it is determined that the signature verification load state is a low load.
  12. 一种V2X验签装置,其特征在于,包括:A V2X signature verification device, comprising:
    获取模块,用于获取安全芯片的验签负载状态;The acquisition module is used to acquire the signature verification load status of the security chip;
    发送模块,用于当所述验签负载状态为高负载时,将后续接收到的符合预设过滤规则的第一V2X消息发送给所述安全芯片进行验签。A sending module, configured to send the subsequently received first V2X message conforming to the preset filtering rule to the security chip for signature verification when the signature verification load state is high load.
  13. 一种电子设备,包括存储器、处理器、安全芯片以及存储在所述存储器中并可在所述处理器上运行的计算机程序,其特征在于,所述处理器执行所述计算机程序使得所述电子设备实现如权利要求1至11任一项所述的方法。An electronic device comprising a memory, a processor, a security chip, and a computer program stored in the memory and executable on the processor, characterized in that the processor executes the computer program so that the electronic A device implements a method as claimed in any one of claims 1 to 11.
  14. 一种计算机可读存储介质,所述计算机可读存储介质存储有计算机程序,其特征在于,所述计算机程序被处理器执行时实现如权利要求1至11任一项所述的方法。A computer-readable storage medium storing a computer program, characterized in that, when the computer program is executed by a processor, the method according to any one of claims 1 to 11 is implemented.
  15. 一种芯片系统,所述芯片系统包括存储器和处理器,所述处理器执行所述存储器中存储的计算机程序,其特征在于,所述处理器执行所述计算机程序使得所述芯片系统实现如权利要求1至11任一项所述的方法。A chip system, the chip system includes a memory and a processor, and the processor executes a computer program stored in the memory, wherein the processor executes the computer program so that the chip system realizes as claimed in the claim The method of any one of claims 1 to 11.
PCT/CN2022/071406 2021-03-29 2022-01-11 V2x signature verification method and apparatus, electronic device, and readable storage medium WO2022206107A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202110338299.1 2021-03-29
CN202110338299.1A CN113795008B (en) 2021-03-29 2021-03-29 V2X signature verification method and device, electronic equipment and readable storage medium

Publications (1)

Publication Number Publication Date
WO2022206107A1 true WO2022206107A1 (en) 2022-10-06

Family

ID=78876876

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/071406 WO2022206107A1 (en) 2021-03-29 2022-01-11 V2x signature verification method and apparatus, electronic device, and readable storage medium

Country Status (2)

Country Link
CN (1) CN113795008B (en)
WO (1) WO2022206107A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113795008B (en) * 2021-03-29 2022-08-02 荣耀终端有限公司 V2X signature verification method and device, electronic equipment and readable storage medium
CN114567445A (en) * 2022-02-28 2022-05-31 苏州国芯科技股份有限公司 Signature verification data transmission method, device, equipment and medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180069928A1 (en) * 2016-09-08 2018-03-08 Continental Teves Ag & Co. Ohg Method for processing vehicle-to-x messages
US20180097637A1 (en) * 2016-10-04 2018-04-05 Denso International America, Inc. Cryptographic Security Verification of Incoming Messages
CN112399347A (en) * 2019-07-31 2021-02-23 华为技术有限公司 Message processing method and device
US20210067970A1 (en) * 2019-09-02 2021-03-04 Wistron Neweb Corporation Distance-based packet filtering method and system thereof
CN113795008A (en) * 2021-03-29 2021-12-14 荣耀终端有限公司 V2X signature verification method and device, electronic equipment and readable storage medium

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105684397B (en) * 2013-08-26 2019-03-29 大陆-特韦斯贸易合伙股份公司及两合公司 Filter method for regulating calculation load
DE102015207050A1 (en) * 2015-04-17 2016-10-20 Continental Teves Ag & Co. Ohg Method for determining a channel load and method for setting a preprocessing in a vehicle-to-X communication, vehicle-to-X communication system and computer-readable storage medium
US11303458B2 (en) * 2018-04-09 2022-04-12 Blackberry Limited Method and system for reduced V2X receiver processing load using network based application layer message processing
CN108668258B (en) * 2018-05-09 2021-05-25 中国信息通信研究院 V2X communication rapid identity authentication system and method
US10868677B2 (en) * 2018-06-06 2020-12-15 Blackberry Limited Method and system for reduced V2X receiver processing load using certificates
CN111182497A (en) * 2019-12-27 2020-05-19 国家计算机网络与信息安全管理中心 V2X anonymous authentication method, device and storage medium
CN111885065B (en) * 2020-07-24 2022-04-12 重庆邮电大学 Vehicle-mounted terminal message preprocessing system based on V2X
CN111901126B (en) * 2020-08-05 2022-10-14 深圳旺富达讯息技术有限公司 Method for avoiding time consumption of decryption and signature verification module based on V2X protocol stack network layer
CN112367642A (en) * 2020-10-30 2021-02-12 东风汽车集团有限公司 Vehicle-mounted network load balancing method based on TBOX and mobile phone

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180069928A1 (en) * 2016-09-08 2018-03-08 Continental Teves Ag & Co. Ohg Method for processing vehicle-to-x messages
US20180097637A1 (en) * 2016-10-04 2018-04-05 Denso International America, Inc. Cryptographic Security Verification of Incoming Messages
CN112399347A (en) * 2019-07-31 2021-02-23 华为技术有限公司 Message processing method and device
US20210067970A1 (en) * 2019-09-02 2021-03-04 Wistron Neweb Corporation Distance-based packet filtering method and system thereof
CN113795008A (en) * 2021-03-29 2021-12-14 荣耀终端有限公司 V2X signature verification method and device, electronic equipment and readable storage medium

Also Published As

Publication number Publication date
CN113795008A (en) 2021-12-14
CN113795008B (en) 2022-08-02

Similar Documents

Publication Publication Date Title
WO2022206107A1 (en) V2x signature verification method and apparatus, electronic device, and readable storage medium
EP3800909B1 (en) Remote management method, and device
US9601016B2 (en) Communication system, vehicle-mounted terminal, roadside device
US9742569B2 (en) System and method for filtering digital certificates
CN105391681B (en) Communication system, communication device, vehicle, and communication method
CN109845185B (en) Data transmission method, terminal, node equipment and system
CN101369896A (en) Method of authenticating a short message service (SMS) message
WO2019042154A1 (en) Message processing method and related device
CN112435028B (en) Block chain-based Internet of things data sharing method and device
CN113225351B (en) Request processing method and device, storage medium and electronic equipment
CN107819768B (en) Method for server to actively disconnect illegal long connection, terminal equipment and storage medium
US20230239693A1 (en) Association control method and related apparatus
CN114710524B (en) Data interaction method, device and equipment of in-vehicle local area network and storage medium
CN107094169B (en) Apparatus and method for enhancing telematics security through a supplemental channel
WO2018218535A1 (en) Information processing method, device and system
CN115516886A (en) Method and system for handling dynamic network security posture of V2X entity
CN112003867B (en) Communication method of vehicle-mounted T-BOX and cloud server and related equipment
CN112804102B (en) Equipment binding method, device and terminal
EP4184966A1 (en) Vehicle certificate application method, vehicle-mounted device, and road side unit
CN114697945A (en) Method and device for generating discovery response message and method for processing discovery message
CN110519708B (en) Point-to-multipoint communication method and device based on PC5 interface
CN112102617A (en) Multifunctional road indication and information acquisition intelligent management system
CN112508483A (en) Logistics express delivery management method and system based on block chain and storage medium
CN111428279A (en) Explicit certificate generation method, device, equipment and storage medium
CN112153638A (en) Safety authentication method and equipment for vehicle-mounted mobile terminal

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22778296

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 22778296

Country of ref document: EP

Kind code of ref document: A1