WO2023010871A1 - Vehicle-infrastructure cooperation-based certificate application method and apparatus, computer device, and medium - Google Patents

Vehicle-infrastructure cooperation-based certificate application method and apparatus, computer device, and medium Download PDF

Info

Publication number
WO2023010871A1
WO2023010871A1 PCT/CN2022/084665 CN2022084665W WO2023010871A1 WO 2023010871 A1 WO2023010871 A1 WO 2023010871A1 CN 2022084665 W CN2022084665 W CN 2022084665W WO 2023010871 A1 WO2023010871 A1 WO 2023010871A1
Authority
WO
WIPO (PCT)
Prior art keywords
certificate
certificates
validity period
terminal device
valid
Prior art date
Application number
PCT/CN2022/084665
Other languages
French (fr)
Chinese (zh)
Inventor
韦杏媛
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2023010871A1 publication Critical patent/WO2023010871A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/40Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
    • H04W4/44Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P] for communication between vehicles and infrastructures, e.g. vehicle-to-cloud [V2C] or vehicle-to-home [V2H]

Definitions

  • the present application relates to the technical field of Internet of Vehicles, and specifically relates to a certificate application method, device, computer equipment and readable medium based on vehicle-road coordination.
  • Vehicle-to-vehicle equipment V2X Vehicle to X, vehicle wireless communication technology
  • V2X Vehicle to X, vehicle wireless communication technology
  • the Internet of Vehicles establishes a new direction for the development of automotive technology by integrating Global Positioning System (GPS) navigation technology, vehicle-to-vehicle communication technology, wireless communication and remote sensing technology, and realizes the compatibility of manual driving and automatic driving.
  • V2X is the key technology of the future intelligent transportation system, which enables communication between vehicles, vehicles and base stations, and base stations.
  • traffic information such as real-time road conditions, road information, and pedestrian information, so as to improve driving safety, reduce congestion, improve traffic efficiency, and provide in-vehicle entertainment information.
  • V2X data transmission Since there are many sources of V2X data transmission, including base stations, roadside units, and other vehicle-mounted devices, a security mechanism is required to ensure the safe transmission of V2X data, so as to prevent attackers from sending a large number of spam messages to form a message storm, causing terminal processing Exhaustion of resources leads to interruption of business services, and the attacked device directly parses and uses the attack information without going through the security check, causing the device to execute wrong instructions.
  • the certificates are generated and issued by the CA (Certificate Authority) server once in a batch application, and the validity period of the certificates for a batch application is the same. Failure, affecting the security of subsequent V2X data communication.
  • the present application provides a certificate application method, device, computer equipment and readable medium based on vehicle-road coordination.
  • an embodiment of the present application provides a method for applying for a certificate based on vehicle-road coordination, which is applied to a terminal device.
  • the method includes: in response to determining that there is a certificate to be applied for, determining the certificate according to the certificate set of the terminal device.
  • the validity period of the certificate to be applied for wherein, the validity period of the certificate to be applied for satisfies the following conditions: after the certificate application is completed, the validity period of at least one certificate in the certificate set is different from the validity period of other certificates in the certificate set;
  • the server sends a certificate application request including the validity period and quantity of the certificates to be applied for, and the certificate application request is used to make the certificate issuing server generate a certificate according to the validity period and quantity of the certificates to be applied for.
  • the embodiment of the present application further provides a terminal device, including a certificate management module and a certificate application module, and the certificate management module is configured to, in response to determining that there are certificates to be applied for, determine the The validity period of the certificate to be applied for; wherein, the validity period of the certificate to be applied for meets the following conditions: after the certificate application is completed, the validity period of at least one certificate in the certificate set is different from the validity period of other certificates in the certificate set;
  • the certificate application module is configured to send a certificate application request including the validity period and quantity of the certificate to be applied for to the certificate issuing server, and the certificate application request is used to make the certificate issuing server according to the validity period and quantity of the certificate to be applied for Generate a certificate.
  • the embodiment of the present application also provides a computer device, including: one or more processors; a storage device, on which one or more programs are stored; wherein, when the one or more programs are executed by the When the one or more processors execute, the one or more processors implement the above-mentioned method for applying for a certificate based on vehicle-road coordination.
  • the embodiment of the present application further provides a computer-readable medium on which a computer program is stored, wherein when the program is executed, the above-mentioned method for applying for a certificate based on vehicle-road coordination is implemented.
  • Fig. 1 is a system architecture diagram of an embodiment of the present application
  • FIG. 2 is a schematic flowchart of a certificate application method based on vehicle-road coordination provided by the embodiment of the present application;
  • FIG. 3 is a schematic flow diagram of determining that there is a certificate to be applied for provided by the embodiment of the present application
  • FIG. 4 is a schematic flow diagram of determining the validity period of the certificate to be applied for provided by the embodiment of the present application
  • FIG. 5 is a first schematic structural diagram of a terminal device provided by an embodiment of the present application.
  • FIG. 6 is a second schematic structural diagram of a terminal device provided by an embodiment of the present application.
  • Embodiments described herein may be described with reference to plan views and/or cross-sectional views by way of idealized schematic representation of the application. Accordingly, illustrations may be modified according to manufacturing techniques and/or tolerances. Therefore, the embodiments are not limited to the ones shown in the drawings but include modifications of configurations formed based on manufacturing processes. Accordingly, the regions illustrated in the figures have schematic properties, and the shapes of the regions shown in the figures illustrate the specific shapes of the regions of the elements, but are not intended to be limiting.
  • An embodiment of the present application provides a method for applying for a certificate based on vehicle-road coordination, which is applied to the system shown in FIG. 1 .
  • the system includes a CA server, a certificate storage server and a terminal device, and the terminal device may include a Road Side Unit (Road Side Unit, RSU) and an on-board terminal (On-Board Unit, OBU).
  • RSU Road Side Unit
  • OBU On-Board Unit
  • one roadside unit and two vehicle-mounted terminals located in different vehicles are taken as an example for illustration.
  • the CA server is used to generate a certificate according to the application of the terminal equipment (including the roadside unit and the vehicle terminal); the certificate storage server is used to store the certificate generated by the CA server; the roadside unit is used to send road information to the vehicle terminal, and from the certificate storage server Download the certificate; the vehicle-mounted terminal is used to send vehicle information to other vehicle-mounted terminals or roadside units, and download the certificate from the certificate storage server.
  • the communication between the CA server and the terminal device is described as an example through the V2X communication method, but those skilled in the art know that any communication method that can realize vehicle-road coordination falls within the protection scope of the present application.
  • the method for applying for a certificate based on vehicle-road coordination is applied to terminal equipment (including roadside units or vehicle-mounted terminals), and the method includes the following steps:
  • Step 21 in response to determining that there is a certificate to be applied for, determine the validity period of the certificate to be applied for according to the certificate set of the terminal device; wherein, the validity period of the certificate to be applied for meets the following conditions: after the certificate application is completed, at least A certificate has a different validity period than other certificates in the set of certificates.
  • the terminal device has a certificate set, the certificate set includes multiple certificates, and the multiple certificates downloaded by the terminal device from the certificate storage server form the certificate set.
  • the terminal device determines that there is a certificate to be applied for, it calculates the validity period of the certificate to be applied for according to the set of certificates, the terminal device can mark the identity of the certificate to be applied for, and count the number of certificates to be applied for.
  • Step 22 Send a certificate application request including the validity period and quantity of certificates to be applied for to the certificate issuing server, and the certificate application request is used to make the certificate issuing server generate certificates according to the validity period and quantity of the certificates to be applied for.
  • the terminal device sends a certificate application request to the CA server, and the certificate application request carries the validity period of the certificate to be applied for and the quantity of the certificates to be applied for, so that the CA server can generate the certificate according to the validity period and quantity.
  • the certificate application request may also include information such as a public key.
  • the method for applying for a certificate based on vehicle-road coordination provided by the embodiment of the present application is applied to a terminal device.
  • the validity period of the certificate to be applied for is determined according to the certificate set of the terminal device;
  • the validity period of the application certificate meets the following conditions: after the certificate application is completed, the validity period of at least one certificate in the certificate set is different from the validity period of other certificates in the certificate set; a certificate application request including the validity period and quantity of the certificate to be applied is sent to the certificate issuing server, In order to make the certificate issuing server generate certificates according to the validity period and quantity of the certificates to be applied for.
  • the validity period of at least one certificate of the terminal device is different from the validity period of other certificates of the terminal device. In this way, when some certificates become invalid, other certificates are still valid, thereby reducing the possibility of all certificates being invalid at the same time. In addition, it can expand the coverage time of the validity period of the certificate set, thereby reducing the security risk of the vehicle-road coordination data communication caused by the inability of the terminal device to update the certificate in time.
  • the types of certificates in the certificate set include valid certificates and certificates to be applied for.
  • a valid certificate refers to a certificate that is currently in a valid state, that is, the expiration time of the certificate is after the current time, and a certificate to be applied for refers to a certificate that meets the preset conditions.
  • the total number of certificates in the certificate set and the total validity period of the certificates in the certificate set are preset.
  • the total number of certificates in the certificate set is the total number of certificates stored on the terminal device, and the total validity period of the certificates in the certificate set is the period of validity of all certificates in the certificate set. The duration corresponding to the union.
  • the total validity period of the certificates in the certificate set is t1 to t3.
  • the validity period of at least one certificate to be applied for meets at least one of the following conditions:
  • the validity period of at least one certificate to be applied for is different from the validity period of at least one valid certificate in the certificate set;
  • the validity period of at least one pending certificate is different from the valid period of other pending certificates.
  • determining that there is a certificate to be applied for includes the following steps:
  • Step 31 traversing the certificate collection.
  • this step it is determined whether there is a certificate to be applied for by traversing the certificate collection of the terminal device.
  • Step 32 In response to the fact that there is no certificate in the certificate set, it is determined that there are at least two certificates to be applied for; or, in response to the presence of certificates in the certificate set and the certificates meet the preset conditions, it is determined that the preset conditions are satisfied.
  • Conditional certificates are pending certificates.
  • the certificate set is empty, it means that the current terminal device has not downloaded the certificate, and it is considered that there are certificates to be applied for, and the number of certificates to be applied for is the total number of certificates in the certificate set.
  • the total number of certificates is greater than 2, that is, the certificate set usually includes multiple certificates.
  • the certificate set is not empty, and at least one certificate in the certificate set satisfies the preset condition, it means that the current terminal device has downloaded the certificate, then judge whether there is a certificate to be applied for in the certificate set according to the preset condition, and the certificate that meets the preset condition is Certificate pending.
  • the terminal device has a certificate to be applied for.
  • One is that the terminal device has downloaded a certificate and there is a certificate to be applied for in the downloaded certificate. At this time, there are certificates in the certificate set, but at least some of the certificates in the certificate set meet the preset conditions. . In this case, there may be one or more certificates to be applied for, and the validity period of at least one certificate to be applied for is different from the validity period of at least one valid certificate in the certificate set.
  • the validity period of at least one certificate to be applied for is different from the validity period of one of the valid certificates; in some embodiments, the validity period of at least one certificate to be applied for is The validity period of each valid certificate is different, which can further reduce the probability of multiple certificates becoming invalid at the same time, and expand the coverage time of the validity period of the certificate set.
  • the validity period of at least one certificate to be applied for is different from the validity period of at least one valid certificate in the certificate set, and the validity period of at least one certificate to be applied for is different from that of other certificates to be applied for Certificates have different validity periods, so that the probability of multiple certificates being invalidated at the same time is reduced, and the effect of expanding the coverage time of the validity period of the certificate set is good.
  • Another situation where the terminal device has a certificate to be applied for is that the terminal device has not downloaded the certificate, and the certificate set is empty at this time, that is, there is no certificate.
  • the number of certificates to be applied for and the value of the preset certificate set The total number of certificates, as long as the validity period of at least one certificate to be applied for is different from that of other certificates to be applied for, the probability of multiple certificates being invalidated at the same time can be achieved, and the purpose of expanding the validity period of the certificate set can be achieved.
  • the traversing the certificate set includes: periodically traversing the certificate set. By traversing the certificate collection periodically, you can apply for a new certificate in time to realize the rolling update of the certificate.
  • the number of certificates to be applied for is the total number of certificates in the preset certificate set.
  • the determining the validity period of the certificate to be applied for according to the certificate set of the terminal device includes the following steps: determining the validity period of the certificate to be applied for according to the total number of certificates in the preset certificate set and the total validity period of the certificate, wherein the validity period of at least one certificate to be applied for is The validity period is different from other pending certificates. That is to say, when the terminal device has not downloaded the certificate, it can apply for certificates in batches at one time, and at least one of the certificates applied for in batches has a validity period different from that of other certificates applied for.
  • the validity periods of each certificate are different and the same.
  • the number of certificates to be applied for that is, the total number of certificates in the certificate set
  • Divide the total validity period of the certificates evenly, and the validity periods of the certificates to be applied for do not overlap. For example, if the number of certificates to be applied for is 10 and the total validity period of the certificates is 30 days, the validity period of each certificate to be applied for is 3 days. And the valid periods of the 10 certificates to be applied for are continuous in pairs.
  • the certificates to be applied for (the number of which is the total number of certificates in the certificate set) into multiple groups, and then for each group of certificates, carry out a superimposed division on the total validity period of the certificates. For example, if the number of certificates to be applied for is 20, the total number of certificates The validity period is 40 days, and the certificates to be applied are divided into 4 groups, each group has 5 certificates to be applied for, and the start time of the validity period of each group of certificates to be applied for is the same (that is, the start time of the validity period of the 20 certificates to be applied for is the same), The validity period of each group of certificates to be applied for is different (that is, the validity period is different).
  • the validity period of the first group of certificates to be applied for is 10 days
  • the validity period of the second group of certificates to be applied for is 20 days
  • the validity period of the third group of certificates to be applied for is 30 days. days
  • the fourth group of certificates to be applied for is valid for 40 days. It should be noted that the above method of determining the validity period of the certificates to be applied for is only an example. Any scheme for determining the validity period of the certificates to be applied for can reduce the probability of certificates being invalidated at the same time and/or expand the coverage time of the validity period of the certificate set in the embodiment of this application. , all belong to the scope of protection of the embodiments of the present application.
  • determining the validity period of the certificate to be applied for according to the certificate set of the terminal device includes the following steps:
  • Step 41 determine the number of certificates to be applied for, if there is one certificate to be applied for, then perform step 42; if there are at least two certificates to be applied for, then perform step 43.
  • Step 42 Determine the validity period of the certificate to be applied for according to the validity period of the valid certificate in the certificate set, wherein the validity period of the certificate to be applied for is different from the validity period of at least one valid certificate in the certificate set.
  • the validity period of the certificate to be applied is different from the validity period of at least one valid certificate that is currently valid.
  • the validity period of each valid certificate is different from the validity period of each valid certificate to reduce the probability of certificates being invalid at the same time and to expand the coverage time of the validity period of the certificate set.
  • Step 43 Determine the validity period of the certificates to be applied for according to the period of validity of the valid certificates in the certificate set, the number of certificates to be applied for, the total number of certificates in the preset certificate set, and the total validity period of the certificates.
  • the validity period of at least one certificate to be applied for is different from the validity period of other certificates to be applied for, and/or, the validity period of at least one certificate to be applied for is different from that of at least one of the certificate sets
  • Valid certificates have different validity periods.
  • the validity period of each certificate to be applied for is different, and the validity period of each certificate to be applied for is different from that of all valid certificates in the certificate set. The probability and the effect of extending the validity period coverage time of the certificate set is good.
  • the validity period of the valid certificates in the certificate set there are many ways to determine the validity period of the certificates to be applied for.
  • the time is the 5th day within the valid period of 5 valid certificates.
  • the start time of the validity period of each group of certificates to be applied for can be the same, for example, they can all be the current time, and the expiration time of the validity period of each group of certificates to be applied for is different ( That is, the validity period is different), the validity period of the first group of certificates to be applied for is 15 days, the validity period of the second group of certificates to be applied for is 25 days, the validity period of the third group of certificates to be applied for is 30 days, and the validity period of the fourth group of certificates to be applied for is 35 days. It should be noted that the determination of the validity period of the above-mentioned certificates to be applied for is only an example.
  • Any determination of the validity period of the certificates to be applied for can reduce the probability of certificates being invalidated at the same time and/or expand the validity period coverage time of the certificate set in the embodiment of this application.
  • the schemes all belong to the scope of protection of the embodiments of the present application.
  • the preset conditions include: the expiration time of the certificate's validity period is greater than the current time, and the difference between the expiration time of the certificate's validity period and the current time is less than a preset threshold; or, the expiration time of the certificate's validity period is less than or equal to the current time time. That is to say, the certificate that satisfies the preset condition is a certificate that has not yet expired but is about to expire, or a certificate that has currently expired.
  • the above preset conditions are used to determine the certificates that have expired or are about to expire, and these certificates are used as certificates to be applied for, and the certificates are updated.
  • the following steps may also be included: in response to receiving the certificate application response sent by the certificate issuing server, Obtain the download information contained therein; download the certificate according to the download information, and the certificates in the certificate set are the downloaded certificates.
  • the download information may include a download address (that is, the address of the certificate storage server) and a download time. That is to say, after receiving the certificate application request sent by the terminal device, the CA server generates a certificate according to the validity period and quantity of the certificate to be applied for, and stores the generated certificate in the designated certificate storage server, and sends the certificate in the certificate application response. Carry the download address and download time. After receiving the certificate application response, the terminal device downloads the certificate from the certificate storage server at the download time, and loads the downloaded certificate.
  • the certificate application method based on vehicle-road coordination may further include the following steps: in response to generating the vehicle-road coordination data message, randomly select a certificate from the certificate set Valid certificate; sign the vehicle-road coordination data message according to the private key of the terminal device and the selected valid certificate, and obtain the signed vehicle-road coordination data message; broadcast the signed vehicle-road coordination data message. That is to say, after the terminal device constructs the V2X data message due to business needs, it randomly obtains a valid certificate from the certificate set, uses the certificate and the private key of the terminal device to sign the V2X data message, and sends the signed The V2X data packet and the selected certificate are broadcast.
  • the certificate application method based on vehicle-road coordination may further include the following steps: in response to receiving the vehicle-road coordination data message and certificate broadcast by other terminal devices, verifying the validity of the certificate according to the CA root certificate properties, for example, whether it is issued by a CA root certificate, whether it is within the validity period, and so on. If the verification is passed, the public key is obtained from the certificate, and the signature of the V2X data message is verified according to the public key. After the signature verification is passed, the data in the V2X data message is analyzed and corresponding processing is performed.
  • the embodiment of the present application can be applied to secure communication based on the V2X protocol between vehicle-mounted terminals and vehicle-mounted terminals, and between vehicle-mounted terminals and roadside units.
  • the vehicle-mounted terminal/roadside unit randomly selects one of multiple certificates and multiple private keys.
  • a certificate and a private key are used to ensure the safe transmission of data.
  • the secure communication mechanism is to sign and verify the signature of the V2X data message through a random certificate.
  • the vehicle terminal, roadside unit and CA server need to support wireless or wired network communication, and follow the security protocol for certificate application and download.
  • the embodiment of this application proposes a certificate application method applied to the vehicle-road coordination scenario, which enables terminal devices to obtain certificates with different validity periods, and expands the coverage time of the validity period of the certificate set.
  • the remaining certificates are still valid.
  • SIM Subscriber Identity Module, user identification card
  • the embodiment of the present application also provides a terminal device, and the terminal device may be a vehicle-mounted terminal or a roadside unit.
  • the terminal device includes a certificate management module 101 and a certificate application module 102, and the certificate management module 101 is configured to, in response to determining that there is a certificate to be applied for, determine the certificate to be applied for according to the certificate set of the terminal device The validity period of the certificate; wherein, the validity period of the certificate to be applied for satisfies the following condition: after the certificate application is completed, the validity period of at least one certificate in the certificate set is different from the validity period of other certificates in the certificate set.
  • the certificate application module 102 is configured to send a certificate application request including the validity period and quantity of the certificate to be applied for to the certificate issuing server, and the certificate application request is used to make the certificate issuing server according to the validity period and quantity of the certificate to be applied for Quantity Generate Certificate.
  • the types of certificates in the certificate set include valid certificates and certificates to be applied for, and the validity period of at least one of the certificates to be applied for is different from the validity period of at least one valid certificate in the certificate set.
  • the validity period of at least one of the certificates to be applied for is different from the validity period of the other certificates to be applied for.
  • the certificate management module 101 is configured to traverse the certificate set; in response to no certificates in the certificate set, determine that there are at least two certificates to be applied for; or, In response to the existence of certificates in the certificate set and the certificates meeting the preset conditions, it is determined that the certificates meeting the preset conditions are certificates to be applied for.
  • the certificate management module 101 is configured to periodically traverse the certificate set.
  • the certificate management module 101 is configured to, if there is no certificate in the certificate set, determine the validity period of the certificate to be applied for according to the total number of certificates in the certificate set and the total validity period of the certificates, Wherein, the validity period of at least one of the certificates to be applied for is different from the validity period of other certificates to be applied for.
  • the certificate management module 101 is configured to, if there is a certificate in the certificate set and the certificate satisfies a preset condition, in response to the fact that there is one certificate to be applied for, according to the The validity period of the valid certificate determines the validity period of the certificate to be applied for, wherein the validity period of the certificate to be applied for is different from the validity period of at least one valid certificate in the certificate set.
  • the certificate management module 101 is configured to, if there are certificates in the certificate set and the certificates meet the preset conditions, in response to the number of the certificates to be applied for is at least two, according to the certificate
  • the validity period of the valid certificates in the set, the number of the certificates to be applied for, the total number of certificates in the certificate set, and the total validity period of the certificates determine the validity period of the certificates to be applied for.
  • the preset condition includes: the expiration time of the certificate's validity period is greater than the current time, and the difference between the expiration time of the certificate's validity period and the current time is smaller than a preset threshold; or, the expiration time of the certificate's validity period is less than or equal to the current time.
  • the terminal device may further include a communication module 103, and the certificate management module 101 is configured to, after the communication module 103 generates the vehicle-road coordination data message, select Randomly select a valid certificate.
  • the communication module 103 is configured to sign the vehicle-road coordination data message according to the private key of the terminal device and the selected valid certificate, obtain the signed vehicle-road coordination data message, and broadcast the signed vehicle-road coordination data message.
  • Road coordination data packets are configured to sign the vehicle-road coordination data message according to the private key of the terminal device and the selected valid certificate, obtain the signed vehicle-road coordination data message, and broadcast the signed vehicle-road coordination data message.
  • Road coordination data packets is configured to sign the vehicle-road coordination data message according to the private key of the terminal device and the selected valid certificate, obtain the signed vehicle-road coordination data message, and broadcast the signed vehicle-road coordination data message.
  • Road coordination data packets are configured to sign the vehicle-road coordination data message according to the private key of the terminal device and the selected valid certificate, obtain the signed vehicle-road coordination data message, and broadcast the signed vehicle-road coordination data message.
  • the embodiment of the present application also provides a computer device, the computer device includes: one or more processors and a storage device; wherein, one or more programs are stored on the storage device, when the above one or more programs are executed by the above one When executed by one or more processors, the above one or more processors implement the certificate application method based on vehicle-road coordination as provided in the foregoing embodiments.
  • the embodiment of the present application also provides a computer-readable medium on which a computer program is stored, wherein when the computer program is executed, the method for applying for a certificate based on vehicle-road coordination as provided in the foregoing embodiments is implemented.
  • the method for applying for a certificate based on vehicle-road coordination provided by the embodiment of the present application is applied to a terminal device.
  • the validity period of the certificate to be applied for is determined according to the certificate set of the terminal device;
  • the validity period of the application certificate meets the following conditions: after the certificate application is completed, the validity period of at least one certificate in the certificate set is different from the validity period of other certificates in the certificate set; a certificate application request including the validity period and quantity of the certificate to be applied is sent to the certificate issuing server, In order to make the certificate issuing server generate certificates according to the validity period and quantity of the certificates to be applied for.
  • the validity period of at least one certificate of the terminal device is different from that of other certificates of the terminal device. In this way, when some certificates become invalid, other certificates are still valid, thereby reducing the failure rate of certificates at the same time. In addition, it can expand the coverage time of the validity period of the certificate set, thereby reducing the security risk of the vehicle-road coordination data communication caused by the inability of the terminal device to update the certificate in time.
  • the division between functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may be composed of several physical components. Components cooperate to execute.
  • Some or all of the physical components may be implemented as software executed by a processor, such as a central processing unit, digital signal processor, or microprocessor, or as hardware, or as an integrated circuit, such as an application-specific integrated circuit .
  • Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media).
  • computer storage media includes both volatile and nonvolatile media implemented in any method or technology for storage of information, such as computer readable instructions, data structures, program modules, or other data. permanent, removable and non-removable media.
  • Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disk (DVD) or other optical disk storage, magnetic cartridges, tape, magnetic disk storage or other magnetic storage devices, or can Any other medium used to store desired information and which can be accessed by a computer.
  • communication media typically embodies computer readable instructions, data structures, program modules, or other data in a modulated data signal such as a carrier wave or other transport mechanism, and may include any information delivery media .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

A vehicle-infrastructure cooperation-based certificate application method, a terminal device, a computer device, and a readable medium. The method is applied to a terminal device. When it is determined that there are certificates to be applied for, the validity period of said certificates is determined according to a certificate set of the terminal device, and the validity period of said certificates satisfies the following condition: after certificate application is completed, the validity period of at least one certificate in the certificate set is different from that of other certificates in the certificate set. A certificate application request comprising the validity period and quantity of the certificates to be applied for is sent to a certificate authority server, so that the certificate authority server generates certificates according to the validity period and quantity of the certificates to be applied for.

Description

基于车路协同的证书申请方法、装置、计算机设备和介质Certificate application method, device, computer equipment and medium based on vehicle-road coordination
相关申请的交叉引用Cross References to Related Applications
本申请基于申请号为202110896122.3,申请日为2021年08月05日的中国专利申请提出,并要求该中国专利申请的优先权,该中国专利申请的全部内容在此引入本申请作为参考。This application is based on a Chinese patent application with application number 202110896122.3 and a filing date of August 5, 2021, and claims the priority of this Chinese patent application. The entire content of this Chinese patent application is hereby incorporated by reference into this application.
技术领域technical field
本申请涉及车联网技术领域,具体涉及一种基于车路协同的证书申请方法、装置、计算机设备和可读介质。The present application relates to the technical field of Internet of Vehicles, and specifically relates to a certificate application method, device, computer equipment and readable medium based on vehicle-road coordination.
背景技术Background technique
车载设备V2X(Vehicle to X,车用无线通信技术)数据通信用于车与外界的信息交换。车联网通过整合全球定位系统(Global Positioning System,GPS)导航技术、车对车交流技术、无线通信及远程感应技术奠定了新的汽车技术发展方向,实现了手动驾驶和自动驾驶的兼容。V2X是未来智能交通运输系统的关键技术,它使得车与车、车与基站、基站与基站之间能够通信。从而获得实时路况、道路信息、行人信息等一系列交通信息,从而提高驾驶安全性、减少拥堵、提高交通效率、提供车载娱乐信息等。Vehicle-to-vehicle equipment V2X (Vehicle to X, vehicle wireless communication technology) data communication is used for information exchange between the vehicle and the outside world. The Internet of Vehicles establishes a new direction for the development of automotive technology by integrating Global Positioning System (GPS) navigation technology, vehicle-to-vehicle communication technology, wireless communication and remote sensing technology, and realizes the compatibility of manual driving and automatic driving. V2X is the key technology of the future intelligent transportation system, which enables communication between vehicles, vehicles and base stations, and base stations. In order to obtain a series of traffic information such as real-time road conditions, road information, and pedestrian information, so as to improve driving safety, reduce congestion, improve traffic efficiency, and provide in-vehicle entertainment information.
由于V2X数据传输来源较多,包括基站、路边单元、其他车载设备等,需要通过安全机制来保障V2X数据的安全传输,以防止攻击者通过大量发送垃圾信息的方式形成消息风暴,使终端处理资源耗尽,导致业务服务中断,以及被攻击设备未经过安全检查直接解析使用攻击信息导致设备执行错误指令。在V2X安全通信机制中,证书在一次批量申请时由CA(Certificate Authority,证书颁发机构)服务器一次生成并颁发,一次批量申请的证书有效期相同,这样,一次批量申请的所有证书会在同一时间同时失效,影响后续V2X数据通信安全。Since there are many sources of V2X data transmission, including base stations, roadside units, and other vehicle-mounted devices, a security mechanism is required to ensure the safe transmission of V2X data, so as to prevent attackers from sending a large number of spam messages to form a message storm, causing terminal processing Exhaustion of resources leads to interruption of business services, and the attacked device directly parses and uses the attack information without going through the security check, causing the device to execute wrong instructions. In the V2X secure communication mechanism, the certificates are generated and issued by the CA (Certificate Authority) server once in a batch application, and the validity period of the certificates for a batch application is the same. Failure, affecting the security of subsequent V2X data communication.
发明内容Contents of the invention
本申请提供一种基于车路协同的证书申请方法、装置、计算机设备和可读介质。The present application provides a certificate application method, device, computer equipment and readable medium based on vehicle-road coordination.
第一方面,本申请实施例提供一种基于车路协同的证书申请方法,应用于终端设备,所述方法包括:响应于确定出存在待申请证书,根据所述终端设备的证书集合确定所述待申请证书的有效期;其中,所述待申请证书的有效期满足以下条件:完成证书申请后,所述证书集合中的至少一个证书的有效期与所述证书集合中其他证书的有效期不同;向证书颁发服务器发送包括所述待申请证书的有效期和数量的证书申请请求,所述证书申请请求用于使所述证书颁发服务器根据所述待申请证书的有效期和数量生成证书。In the first aspect, an embodiment of the present application provides a method for applying for a certificate based on vehicle-road coordination, which is applied to a terminal device. The method includes: in response to determining that there is a certificate to be applied for, determining the certificate according to the certificate set of the terminal device. The validity period of the certificate to be applied for; wherein, the validity period of the certificate to be applied for satisfies the following conditions: after the certificate application is completed, the validity period of at least one certificate in the certificate set is different from the validity period of other certificates in the certificate set; The server sends a certificate application request including the validity period and quantity of the certificates to be applied for, and the certificate application request is used to make the certificate issuing server generate a certificate according to the validity period and quantity of the certificates to be applied for.
又一方面,本申请实施例还提供一种终端设备,包括证书管理模块和证书申请模块,所述证书管理模块被设置为,响应于确定出存在待申请证书,根据终端设备的证书集合确定所述待申请证书的有效期;其中,所述待申请证书的有效期满足以下条件:完成证书申请后,所述证书集合中的至少一个证书的有效期与所述证书集合中其他证书的有效期不同;所述证 书申请模块被设置为,向证书颁发服务器发送包括所述待申请证书的有效期和数量的证书申请请求,所述证书申请请求用于使所述证书颁发服务器根据所述待申请证书的有效期和数量生成证书。In yet another aspect, the embodiment of the present application further provides a terminal device, including a certificate management module and a certificate application module, and the certificate management module is configured to, in response to determining that there are certificates to be applied for, determine the The validity period of the certificate to be applied for; wherein, the validity period of the certificate to be applied for meets the following conditions: after the certificate application is completed, the validity period of at least one certificate in the certificate set is different from the validity period of other certificates in the certificate set; The certificate application module is configured to send a certificate application request including the validity period and quantity of the certificate to be applied for to the certificate issuing server, and the certificate application request is used to make the certificate issuing server according to the validity period and quantity of the certificate to be applied for Generate a certificate.
又一方面,本申请实施例还提供一种计算机设备,包括:一个或多个处理器;存储装置,其上存储有一个或多个程序;其中,当所述一个或多个程序被所述一个或多个处理器执行时,使得所述一个或多个处理器实现如前所述的基于车路协同的证书申请方法。In yet another aspect, the embodiment of the present application also provides a computer device, including: one or more processors; a storage device, on which one or more programs are stored; wherein, when the one or more programs are executed by the When the one or more processors execute, the one or more processors implement the above-mentioned method for applying for a certificate based on vehicle-road coordination.
又一方面,本申请实施例还提供一种计算机可读介质,其上存储有计算机程序,其中,所述程序被执行时实现如前所述的基于车路协同的证书申请方法。In yet another aspect, the embodiment of the present application further provides a computer-readable medium on which a computer program is stored, wherein when the program is executed, the above-mentioned method for applying for a certificate based on vehicle-road coordination is implemented.
附图说明Description of drawings
图1为本申请实施例的系统架构图;Fig. 1 is a system architecture diagram of an embodiment of the present application;
图2为本申请实施例提供的基于车路协同的证书申请方法的流程示意图;FIG. 2 is a schematic flowchart of a certificate application method based on vehicle-road coordination provided by the embodiment of the present application;
图3为本申请实施例提供的确定存在待申请证书的流程示意图;FIG. 3 is a schematic flow diagram of determining that there is a certificate to be applied for provided by the embodiment of the present application;
图4为本申请实施例提供的确定待申请证书的有效期的流程示意图;FIG. 4 is a schematic flow diagram of determining the validity period of the certificate to be applied for provided by the embodiment of the present application;
图5为本申请实施例提供的终端设备的结构示意图一;FIG. 5 is a first schematic structural diagram of a terminal device provided by an embodiment of the present application;
图6为本申请实施例提供的终端设备的结构示意图二。FIG. 6 is a second schematic structural diagram of a terminal device provided by an embodiment of the present application.
具体实施方式Detailed ways
在下文中将参考附图更充分地描述若干实施例,但是所述若干实施例可以以不同形式来体现且不应当被解释为限于本文阐述的实施例。反之,提供这些实施例的目的在于使本申请透彻和完整,并将使本领域技术人员充分理解本申请的范围。Several embodiments will be described more fully hereinafter with reference to the accompanying drawings, but may be embodied in different forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided so that this application will be thorough and complete, and will fully convey the scope of the application to those skilled in the art.
如本文所使用的,术语“和/或”包括一个或多个相关列举条目的任何和所有组合。As used herein, the term "and/or" includes any and all combinations of one or more of the associated listed items.
本文所使用的术语仅用于描述特定实施例,且不意欲限制本申请。如本文所使用的,单数形式“一个”和“该”也意欲包括复数形式,除非上下文另外清楚指出。还将理解的是,当本说明书中使用术语“包括”和/或“由……制成”时,指定存在所述特征、整体、步骤、操作、元件和/或组件,但不排除存在或添加一个或多个其他特征、整体、步骤、操作、元件、组件和/或其群组。The terminology used herein is for describing particular embodiments only and is not intended to limit the application. As used herein, the singular forms "a" and "the" are intended to include the plural forms as well, unless the context clearly dictates otherwise. It will also be understood that when the terms "comprising" and/or "consisting of" are used in this specification, the stated features, integers, steps, operations, elements and/or components are specified to be present but not excluded to be present or Add one or more other features, integers, steps, operations, elements, components and/or groups thereof.
本文所述实施例可借助本申请的理想示意图而参考平面图和/或截面图进行描述。因此,可根据制造技术和/或容限来修改图示。因此,实施例不限于附图中所示的实施例,而是包括基于制造工艺而形成的配置的修改。因此,附图中例示的区具有示意性属性,并且图中所示区的形状例示了元件的区的具体形状,但并不旨在是限制性的。Embodiments described herein may be described with reference to plan views and/or cross-sectional views by way of idealized schematic representation of the application. Accordingly, illustrations may be modified according to manufacturing techniques and/or tolerances. Therefore, the embodiments are not limited to the ones shown in the drawings but include modifications of configurations formed based on manufacturing processes. Accordingly, the regions illustrated in the figures have schematic properties, and the shapes of the regions shown in the figures illustrate the specific shapes of the regions of the elements, but are not intended to be limiting.
除非另外限定,否则本文所用的所有术语(包括技术和科学术语)的含义与本领域普通技术人员通常理解的含义相同。还将理解,诸如那些在常用字典中限定的那些术语应当被解释为具有与其在一些情形下以及本申请的背景下的含义一致的含义,且将不解释为具有理想化或过度形式上的含义,除非本文明确如此限定。Unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art. It will also be understood that terms such as those defined in commonly used dictionaries should be interpreted as having meanings consistent with their meanings in some circumstances and in the context of this application, and will not be interpreted as having idealized or overly formal meanings , unless expressly so limited herein.
本申请实施例提供一种基于车路协同的证书申请方法,所述基于车路协同的证书申请方法应用于如图1所示的系统中。如图1所示,所述系统包括CA服务器、证书存储服务器和终端设备,终端设备可以包括路边单元(Road Side Unit,RSU)和车载终端(On-Board Unit,OBU)。在本申请实施例中,以1个路边单元以及位于不同车辆的2个车载终端为例进行说明。 CA服务器用于根据终端设备(包括路边单元和车载终端)的申请生成证书;证书存储服务器用于存储CA服务器生成的证书;路边单元用于向车载终端发送道路信息,以及从证书存储服务器下载证书;车载终端用于向其他车载终端或路边单元发送车辆信息,以及从证书存储服务器下载证书。在本申请实施例中,以CA服务器与终端设备之间通过V2X通信方式通信为例进行说明,但本领域技术人员可知,任何能够实现车路协同的通信方式均属于本申请的保护范围。An embodiment of the present application provides a method for applying for a certificate based on vehicle-road coordination, which is applied to the system shown in FIG. 1 . As shown in Figure 1, the system includes a CA server, a certificate storage server and a terminal device, and the terminal device may include a Road Side Unit (Road Side Unit, RSU) and an on-board terminal (On-Board Unit, OBU). In the embodiment of the present application, one roadside unit and two vehicle-mounted terminals located in different vehicles are taken as an example for illustration. The CA server is used to generate a certificate according to the application of the terminal equipment (including the roadside unit and the vehicle terminal); the certificate storage server is used to store the certificate generated by the CA server; the roadside unit is used to send road information to the vehicle terminal, and from the certificate storage server Download the certificate; the vehicle-mounted terminal is used to send vehicle information to other vehicle-mounted terminals or roadside units, and download the certificate from the certificate storage server. In the embodiment of the present application, the communication between the CA server and the terminal device is described as an example through the V2X communication method, but those skilled in the art know that any communication method that can realize vehicle-road coordination falls within the protection scope of the present application.
如图2所示,本申请实施例提供的基于车路协同的证书申请方法,应用于终端设备(包括路边单元或车载终端),所述方法包括以下步骤:As shown in Figure 2, the method for applying for a certificate based on vehicle-road coordination provided by the embodiment of the present application is applied to terminal equipment (including roadside units or vehicle-mounted terminals), and the method includes the following steps:
步骤21,响应于确定出存在待申请证书,根据终端设备的证书集合确定待申请证书的有效期;其中,所述待申请证书的有效期满足以下条件:完成证书申请后,所述证书集合中的至少一个证书的有效期与所述证书集合中其他证书的有效期不同。Step 21, in response to determining that there is a certificate to be applied for, determine the validity period of the certificate to be applied for according to the certificate set of the terminal device; wherein, the validity period of the certificate to be applied for meets the following conditions: after the certificate application is completed, at least A certificate has a different validity period than other certificates in the set of certificates.
终端设备具有证书集合,证书集合包括多个证书,终端设备从证书存储服务器中下载的多个证书形成证书集合。在本步骤中,终端设备在确定出存在待申请证书的情况下,根据证书集合计算待申请证书的有效期,终端设备可以标记待申请证书的标识,并统计待申请证书的数量。The terminal device has a certificate set, the certificate set includes multiple certificates, and the multiple certificates downloaded by the terminal device from the certificate storage server form the certificate set. In this step, when the terminal device determines that there is a certificate to be applied for, it calculates the validity period of the certificate to be applied for according to the set of certificates, the terminal device can mark the identity of the certificate to be applied for, and count the number of certificates to be applied for.
步骤22,向证书颁发服务器发送包括待申请证书的有效期和数量的证书申请请求,证书申请请求用于使证书颁发服务器根据所述待申请证书的有效期和数量生成证书。Step 22: Send a certificate application request including the validity period and quantity of certificates to be applied for to the certificate issuing server, and the certificate application request is used to make the certificate issuing server generate certificates according to the validity period and quantity of the certificates to be applied for.
在本步骤中,终端设备向CA服务器发送证书申请请求,证书申请请求中携带待申请证书的有效期和待申请证书的数量,以便CA服务器根据所述有效期和数量生成证书。需要说明的是,证书申请请求中还可以包括公钥等信息。In this step, the terminal device sends a certificate application request to the CA server, and the certificate application request carries the validity period of the certificate to be applied for and the quantity of the certificates to be applied for, so that the CA server can generate the certificate according to the validity period and quantity. It should be noted that the certificate application request may also include information such as a public key.
本申请实施例提供的基于车路协同的证书申请方法,所述方法应用于终端设备,在确定出存在待申请证书的情况下,根据终端设备的证书集合确定待申请证书的有效期;其中,待申请证书的有效期满足以下条件:完成证书申请后,证书集合中的至少一个证书的有效期与证书集合中其他证书的有效期不同;向证书颁发服务器发送包括待申请证书的有效期和数量的证书申请请求,以使证书颁发服务器根据待申请证书的有效期和数量生成证书。在本申请实施例中,终端设备的至少一个证书的有效期与该终端设备其他证书的有效期不同,这样,在部分证书失效时,仍然有其他证书仍处于有效状态,从而降低所有证书在同一时间失效带来的车路协同数据通信安全风险;而且可以扩大证书集合的有效期覆盖时间,从而降低终端设备无法及时更新证书带来的车路协同数据通信安全风险。The method for applying for a certificate based on vehicle-road coordination provided by the embodiment of the present application is applied to a terminal device. When it is determined that there is a certificate to be applied for, the validity period of the certificate to be applied for is determined according to the certificate set of the terminal device; The validity period of the application certificate meets the following conditions: after the certificate application is completed, the validity period of at least one certificate in the certificate set is different from the validity period of other certificates in the certificate set; a certificate application request including the validity period and quantity of the certificate to be applied is sent to the certificate issuing server, In order to make the certificate issuing server generate certificates according to the validity period and quantity of the certificates to be applied for. In this embodiment of the application, the validity period of at least one certificate of the terminal device is different from the validity period of other certificates of the terminal device. In this way, when some certificates become invalid, other certificates are still valid, thereby reducing the possibility of all certificates being invalid at the same time. In addition, it can expand the coverage time of the validity period of the certificate set, thereby reducing the security risk of the vehicle-road coordination data communication caused by the inability of the terminal device to update the certificate in time.
证书集合中证书的类型包括有效证书和待申请证书,有效证书是指当前处于有效状态的证书,即证书的有效期终止时间在当前时间之后,待申请证书是指满足预设条件的证书。证书集合的证书总数和证书集合的证书总有效时长均为预先设置,证书集合的证书总数即为终端设备上存储证书的总数量,证书集合的证书总有效时长为证书集合中全部证书的有效期的并集所对应的时长。在一些实施例中,若证书集合的证书总数为10,其中5个证书的有效期为t1至t2,另外5个证书的有效期为t2至t3,则证书集合的证书总有效时长为t1至t3。The types of certificates in the certificate set include valid certificates and certificates to be applied for. A valid certificate refers to a certificate that is currently in a valid state, that is, the expiration time of the certificate is after the current time, and a certificate to be applied for refers to a certificate that meets the preset conditions. The total number of certificates in the certificate set and the total validity period of the certificates in the certificate set are preset. The total number of certificates in the certificate set is the total number of certificates stored on the terminal device, and the total validity period of the certificates in the certificate set is the period of validity of all certificates in the certificate set. The duration corresponding to the union. In some embodiments, if the total number of certificates in the certificate set is 10, among which 5 certificates have a validity period from t1 to t2, and the other 5 certificates have a validity period from t2 to t3, then the total validity period of the certificates in the certificate set is t1 to t3.
在一些实施例中,至少一个待申请证书的有效期至少满足以下条件之一:In some embodiments, the validity period of at least one certificate to be applied for meets at least one of the following conditions:
至少一个待申请证书的有效期与证书集合中至少一个有效证书的有效期不同;The validity period of at least one certificate to be applied for is different from the validity period of at least one valid certificate in the certificate set;
至少一个待申请证书的有效期与其他待申请证书的有效期不同。The validity period of at least one pending certificate is different from the valid period of other pending certificates.
在一些实施例中,如图3所示,所述确定出存在待申请证书包括以下步骤:In some embodiments, as shown in FIG. 3 , determining that there is a certificate to be applied for includes the following steps:
步骤31,遍历证书集合。Step 31, traversing the certificate collection.
在本步骤中,通过遍历终端设备的证书集合来确定是否存在待申请证书。In this step, it is determined whether there is a certificate to be applied for by traversing the certificate collection of the terminal device.
步骤32,响应于证书集合中不存在证书,确定出存在待申请证书,所述待申请证书为至少两个;或者,响应于证书集合中存在证书且证书满足预设条件,确定出满足预设条件的证书为待申请证书。Step 32: In response to the fact that there is no certificate in the certificate set, it is determined that there are at least two certificates to be applied for; or, in response to the presence of certificates in the certificate set and the certificates meet the preset conditions, it is determined that the preset conditions are satisfied. Conditional certificates are pending certificates.
若证书集合为空,说明当前终端设备尚未下载证书,则认为存在待申请证书,且待申请证书的数量为证书集合的证书总数,通常,证书总数大于2,即证书集合通常包括多个证书。If the certificate set is empty, it means that the current terminal device has not downloaded the certificate, and it is considered that there are certificates to be applied for, and the number of certificates to be applied for is the total number of certificates in the certificate set. Usually, the total number of certificates is greater than 2, that is, the certificate set usually includes multiple certificates.
若证书集合不为空,且证书集合中至少一个证书满足预设条件,说明当前终端设备已下载证书,则通过预设条件判断证书集合中是否存在待申请证书,满足预设条件的证书即为待申请证书。If the certificate set is not empty, and at least one certificate in the certificate set satisfies the preset condition, it means that the current terminal device has downloaded the certificate, then judge whether there is a certificate to be applied for in the certificate set according to the preset condition, and the certificate that meets the preset condition is Certificate pending.
终端设备存在待申请证书包括两种情况,一种是终端设备已下载证书且已下载证书中存在待申请证书的情况,此时证书集合中存在证书,但是证书集合中至少部分证书满足预设条件。在这种情况下,待申请证书可以是一个也可以是多个,至少一个待申请证书的有效期与证书集合中至少一个有效证书的有效期不同。也就是说,若证书集合包括多个有效证书,各有效证书的有效期不同,则至少一个待申请证书的有效期与其中一个有效证书的有效期不同;在一些实施例中,至少一个待申请证书的有效期与各个有效证书的有效期均不同,这样可以进一步降低多个证书在同一时间失效的概率,以及扩大证书集合的有效期覆盖时间。在一些实施例中,若待申请证书为多个,则可以同时满足:至少一个待申请证书的有效期与证书集合中至少一个有效证书的有效期不同,以及至少一个待申请证书的有效期与其他待申请证书的有效期不同,这样,降低多个证书在同一时间失效的概率,以及扩大证书集合的有效期覆盖时间的效果良好。终端设备存在待申请证书的另一种情况是,终端设备尚未下载证书,此时证书集合为空,即不存在证书,在这种情况下,待申请证书的数量及为预设的证书集合的证书总数,只要保证至少一个待申请证书的有效期与其他待申请证书的有效期不同,即可达到降低多个证书在同一时间失效的概率,以及扩大证书集合的有效期覆盖时间的目的。There are two situations where the terminal device has a certificate to be applied for. One is that the terminal device has downloaded a certificate and there is a certificate to be applied for in the downloaded certificate. At this time, there are certificates in the certificate set, but at least some of the certificates in the certificate set meet the preset conditions. . In this case, there may be one or more certificates to be applied for, and the validity period of at least one certificate to be applied for is different from the validity period of at least one valid certificate in the certificate set. That is to say, if the certificate set includes multiple valid certificates, and the validity period of each valid certificate is different, the validity period of at least one certificate to be applied for is different from the validity period of one of the valid certificates; in some embodiments, the validity period of at least one certificate to be applied for is The validity period of each valid certificate is different, which can further reduce the probability of multiple certificates becoming invalid at the same time, and expand the coverage time of the validity period of the certificate set. In some embodiments, if there are multiple certificates to be applied for, it can be satisfied at the same time: the validity period of at least one certificate to be applied for is different from the validity period of at least one valid certificate in the certificate set, and the validity period of at least one certificate to be applied for is different from that of other certificates to be applied for Certificates have different validity periods, so that the probability of multiple certificates being invalidated at the same time is reduced, and the effect of expanding the coverage time of the validity period of the certificate set is good. Another situation where the terminal device has a certificate to be applied for is that the terminal device has not downloaded the certificate, and the certificate set is empty at this time, that is, there is no certificate. In this case, the number of certificates to be applied for and the value of the preset certificate set The total number of certificates, as long as the validity period of at least one certificate to be applied for is different from that of other certificates to be applied for, the probability of multiple certificates being invalidated at the same time can be achieved, and the purpose of expanding the validity period of the certificate set can be achieved.
在一些实施例中,所述遍历所述证书集合包括:周期遍历证书集合。通过周期遍历证书集合,可以及时申请新的证书,实现证书的滚动更新。In some embodiments, the traversing the certificate set includes: periodically traversing the certificate set. By traversing the certificate collection periodically, you can apply for a new certificate in time to realize the rolling update of the certificate.
在一些实施例中,在证书集合中不存在证书的情况下,待申请证书的数量为预设的证书集合的证书总数。所述根据终端设备的证书集合确定待申请证书的有效期,包括以下步骤:根据预设的证书集合的证书总数和证书总有效时长,确定待申请证书的有效期,其中,至少一个待申请证书的有效期与其他待申请证书的有效期不同。也就是说,在终端设备没有下载证书的情况下,可以一次批量申请证书,批量申请的证书中至少有一个证书的有效期与所申请的其他证书的有效期不同,当然,本领域技术人员可知,一种方案是,在批量申请的多个证书中,各个证书的有效期均不同相同。在本步骤中,根据证书集合的证书总数和证书总有效时长确定待申请证书的有效期的方式有多种,在一些实施例中,可以根据待申请证书的数量(即证书集合的证书总数),对证书总有效时长进行平均划分,各个待申请证书的有效期均不重叠,例如,待申请证书的数量为10,证书总有效时长为30天,则每个待申请证书的有效期均为3天,且10个待申请证书的有效期两两连续。也可以先将待申请证书(其数量为证书集合的证书总数)划分为多组,再针对每组证书,对证书总有效时长进行叠加式划分,例如,待申请证书的数量为20,证书总有效时长为40天,将待申请证书分为4组,每组5个 待申请证书,每组待申请证书的有效期起始时间均相同(即20个待申请证书有效期的起始时间相同),各组待申请证书的有效期终止时间不同(即有效期不同),第一组待申请证书的有效期为10天,第二组待申请证书的有效期为20天,第三组待申请证书的有效期为30天,第四组待申请证书的有效期为40天。需要说明的是,上述待申请证书有效期的确定方式仅为举例说明,任何能够实现本申请实施例降低证书在同一时间失效的概率和/或扩大证书集合的有效期覆盖时间的待申请证书有效期确定方案,均属于本申请实施例的保护范围。In some embodiments, if there is no certificate in the certificate set, the number of certificates to be applied for is the total number of certificates in the preset certificate set. The determining the validity period of the certificate to be applied for according to the certificate set of the terminal device includes the following steps: determining the validity period of the certificate to be applied for according to the total number of certificates in the preset certificate set and the total validity period of the certificate, wherein the validity period of at least one certificate to be applied for is The validity period is different from other pending certificates. That is to say, when the terminal device has not downloaded the certificate, it can apply for certificates in batches at one time, and at least one of the certificates applied for in batches has a validity period different from that of other certificates applied for. Of course, those skilled in the art know that a One solution is that among multiple certificates applied in batches, the validity periods of each certificate are different and the same. In this step, there are multiple ways to determine the validity period of the certificates to be applied for according to the total number of certificates in the certificate set and the total validity period of the certificates. In some embodiments, according to the number of certificates to be applied for (that is, the total number of certificates in the certificate set), Divide the total validity period of the certificates evenly, and the validity periods of the certificates to be applied for do not overlap. For example, if the number of certificates to be applied for is 10 and the total validity period of the certificates is 30 days, the validity period of each certificate to be applied for is 3 days. And the valid periods of the 10 certificates to be applied for are continuous in pairs. It is also possible to firstly divide the certificates to be applied for (the number of which is the total number of certificates in the certificate set) into multiple groups, and then for each group of certificates, carry out a superimposed division on the total validity period of the certificates. For example, if the number of certificates to be applied for is 20, the total number of certificates The validity period is 40 days, and the certificates to be applied are divided into 4 groups, each group has 5 certificates to be applied for, and the start time of the validity period of each group of certificates to be applied for is the same (that is, the start time of the validity period of the 20 certificates to be applied for is the same), The validity period of each group of certificates to be applied for is different (that is, the validity period is different). The validity period of the first group of certificates to be applied for is 10 days, the validity period of the second group of certificates to be applied for is 20 days, and the validity period of the third group of certificates to be applied for is 30 days. days, the fourth group of certificates to be applied for is valid for 40 days. It should be noted that the above method of determining the validity period of the certificates to be applied for is only an example. Any scheme for determining the validity period of the certificates to be applied for can reduce the probability of certificates being invalidated at the same time and/or expand the coverage time of the validity period of the certificate set in the embodiment of this application. , all belong to the scope of protection of the embodiments of the present application.
在一些实施例中,在证书集合中存在证书且证书满足预设条件的情况下,如图4所示,所述根据终端设备的证书集合确定所述待申请证书的有效期,包括以下步骤:In some embodiments, when a certificate exists in the certificate set and the certificate satisfies a preset condition, as shown in FIG. 4 , determining the validity period of the certificate to be applied for according to the certificate set of the terminal device includes the following steps:
步骤41,判断待申请证书的数量,若待申请证书为一个,则执行步骤42;若待申请证书为至少两个,则执行步骤43。Step 41, determine the number of certificates to be applied for, if there is one certificate to be applied for, then perform step 42; if there are at least two certificates to be applied for, then perform step 43.
步骤42,根据证书集合中有效证书的有效期确定待申请证书的有效期,其中,待申请证书的有效期与证书集合中至少一个有效证书的有效期不同。Step 42: Determine the validity period of the certificate to be applied for according to the validity period of the valid certificate in the certificate set, wherein the validity period of the certificate to be applied for is different from the validity period of at least one valid certificate in the certificate set.
在终端设备已载证书且当前只申请一个证书的情况下,该待申请证书的有效期与当前有效的至少一个有效证书的有效期不同,当然,如果证书集合中存在多个有效证书,只有待申请证书的有效期与每个有效证书的有效期均不同才能够降低证书在同一时间失效的概率以及扩大证书集合的有效期覆盖时间。In the case that the terminal device has a certificate and currently only applies for one certificate, the validity period of the certificate to be applied is different from the validity period of at least one valid certificate that is currently valid. Of course, if there are multiple valid certificates in the certificate set, only the certificate to be applied for The validity period of each valid certificate is different from the validity period of each valid certificate to reduce the probability of certificates being invalid at the same time and to expand the coverage time of the validity period of the certificate set.
步骤43,根据证书集合中有效证书的有效期、待申请证书的数量以及预设的证书集合的证书总数和证书总有效时长,确定待申请证书的有效期。Step 43: Determine the validity period of the certificates to be applied for according to the period of validity of the valid certificates in the certificate set, the number of certificates to be applied for, the total number of certificates in the preset certificate set, and the total validity period of the certificates.
在终端设备已载证书且当前批量申请多个证书的情况下,至少一个待申请证书的有效期与其他待申请证书的有效期不同,和/或,至少一个待申请证书的有效期与证书集合中至少一个有效证书的有效期不同。在一些实施例中,在多个待申请证书中,各待申请证书的有效期均不同,且各待申请证书的有效期与证书集合中所有有效证书的有效期均不同,这样,降低证书在同一时间失效的概率以及扩大证书集合的有效期覆盖时间的效果良好。在本步骤中,根据证书集合中有效证书的有效期、待申请证书的数量以及证书集合的证书总数和证书总有效时长,确定待申请证书的有效期的方式有多种,在一些实施例中,可以先将待申请证书划分为多组,再针对每组证书,对证书总有效时长进行叠加式划分。例如,证书总有效时长为40天,证书集合内证书总数为20,证书集合中有效证书的数量为5,该5个有效证书的有效期为10天,因此,待申请证书的数量为15,当前时间为5个有效证书的有效期内第5天。将15个待申请证书分为3组,每组5个待申请证书,每组待申请证书的有效期起始时间可以相同,例如可以均为当前时间,各组待申请证书的有效期终止时间不同(即有效期不同),第一组待申请证书的有效期为15天,第二组待申请证书的有效期为25天,第三组待申请证书的有效期为30天,第四组待申请证书的有效期为35天。需要说明的是,上述待申请证书有效期的确定方式仅为举例说明,任何能够实现本申请实施例降低证书在同一时间失效的概率和/或扩大证书集合的有效期覆盖时间的待申请证书有效期的确定方案,均属于本申请实施例的保护范围。In the case that the terminal device has a certificate and is currently applying for multiple certificates in batches, the validity period of at least one certificate to be applied for is different from the validity period of other certificates to be applied for, and/or, the validity period of at least one certificate to be applied for is different from that of at least one of the certificate sets Valid certificates have different validity periods. In some embodiments, among the plurality of certificates to be applied for, the validity period of each certificate to be applied for is different, and the validity period of each certificate to be applied for is different from that of all valid certificates in the certificate set. The probability and the effect of extending the validity period coverage time of the certificate set is good. In this step, according to the validity period of the valid certificates in the certificate set, the number of certificates to be applied for, the total number of certificates in the certificate set, and the total validity period of the certificates, there are many ways to determine the validity period of the certificates to be applied for. In some embodiments, you can First divide the certificates to be applied for into multiple groups, and then divide the total validity period of the certificates in a superimposed manner for each group of certificates. For example, the total validity period of certificates is 40 days, the total number of certificates in the certificate set is 20, the number of valid certificates in the certificate set is 5, and the validity period of the 5 valid certificates is 10 days. Therefore, the number of certificates to be applied for is 15. Currently The time is the 5th day within the valid period of 5 valid certificates. Divide the 15 certificates to be applied for into 3 groups, and each group has 5 certificates to be applied for. The start time of the validity period of each group of certificates to be applied for can be the same, for example, they can all be the current time, and the expiration time of the validity period of each group of certificates to be applied for is different ( That is, the validity period is different), the validity period of the first group of certificates to be applied for is 15 days, the validity period of the second group of certificates to be applied for is 25 days, the validity period of the third group of certificates to be applied for is 30 days, and the validity period of the fourth group of certificates to be applied for is 35 days. It should be noted that the determination of the validity period of the above-mentioned certificates to be applied for is only an example. Any determination of the validity period of the certificates to be applied for can reduce the probability of certificates being invalidated at the same time and/or expand the validity period coverage time of the certificate set in the embodiment of this application. The schemes all belong to the scope of protection of the embodiments of the present application.
在一些实施例中,所述预设条件包括:证书的有效期终止时间大于当前时间,且证书的有效期终止时间与当前时间的差值小于预设阈值;或者,证书的有效期终止时间小于或等于当前时间。也就是说,满足预设条件的证书为当前尚未失效但即将失效的证书,或者,当前已经失效的证书。本申请实施例利用上述预设条件确定出已失效或即将失效的证书,并将这 些证书作为待申请证书,进行证书更新。In some embodiments, the preset conditions include: the expiration time of the certificate's validity period is greater than the current time, and the difference between the expiration time of the certificate's validity period and the current time is less than a preset threshold; or, the expiration time of the certificate's validity period is less than or equal to the current time time. That is to say, the certificate that satisfies the preset condition is a certificate that has not yet expired but is about to expire, or a certificate that has currently expired. In this embodiment of the application, the above preset conditions are used to determine the certificates that have expired or are about to expire, and these certificates are used as certificates to be applied for, and the certificates are updated.
在一些实施例中,在向证书颁发服务器发送包括待申请证书的有效期和数量的证书申请请求(即步骤22)之后,还可以包括以下步骤:响应于接收到证书颁发服务器发送的证书申请响应,获取其中携带的下载信息;根据下载信息下载证书,证书集合中的证书为已下载的证书。在一些实施例中,下载信息可以包括下载地址(即证书存储服务器的地址)和下载时间。也就是说,CA服务器在接收到终端设备发送的证书申请请求后,根据所述待申请证书的有效期和数量生成证书,并将生成的证书存放至指定的证书存储服务器,并在证书申请响应中携带下载地址和下载时间。终端设备在接收到证书申请响应后,在该下载时间向证书存储服务器下载证书,并对下载获得的证书进行加载。In some embodiments, after sending the certificate application request including the validity period and quantity of the certificate to be applied for to the certificate issuing server (that is, step 22), the following steps may also be included: in response to receiving the certificate application response sent by the certificate issuing server, Obtain the download information contained therein; download the certificate according to the download information, and the certificates in the certificate set are the downloaded certificates. In some embodiments, the download information may include a download address (that is, the address of the certificate storage server) and a download time. That is to say, after receiving the certificate application request sent by the terminal device, the CA server generates a certificate according to the validity period and quantity of the certificate to be applied for, and stores the generated certificate in the designated certificate storage server, and sends the certificate in the certificate application response. Carry the download address and download time. After receiving the certificate application response, the terminal device downloads the certificate from the certificate storage server at the download time, and loads the downloaded certificate.
在一些实施例中,在证书集合中存在有效证书的情况下,所述基于车路协同的证书申请方法还可以包括以下步骤:响应于生成车路协同数据报文,从证书集合中随机选择一个有效证书;根据终端设备的私钥和选择出的有效证书对车路协同数据报文进行签名,得到签名后的车路协同数据报文;广播签名后的车路协同数据报文。也就是说,在终端设备因业务需要构建了V2X数据报文之后,从证书集合中随机获取一个有效证书,使用该证书和终端设备的私钥对V2X数据报文进行签名,并将签名后的V2X数据报文和所选择的证书广播出去。In some embodiments, when there are valid certificates in the certificate set, the certificate application method based on vehicle-road coordination may further include the following steps: in response to generating the vehicle-road coordination data message, randomly select a certificate from the certificate set Valid certificate; sign the vehicle-road coordination data message according to the private key of the terminal device and the selected valid certificate, and obtain the signed vehicle-road coordination data message; broadcast the signed vehicle-road coordination data message. That is to say, after the terminal device constructs the V2X data message due to business needs, it randomly obtains a valid certificate from the certificate set, uses the certificate and the private key of the terminal device to sign the V2X data message, and sends the signed The V2X data packet and the selected certificate are broadcast.
在一些实施例中,所述基于车路协同的证书申请方法还可以包括以下步骤:响应于接收到其他终端设备广播的车路协同数据报文和证书,根据CA根证书校验该证书的有效性,例如,是否为CA根证书签发、是否在有效期内等。若校验通过,则从所述证书中获取公钥,并根据公钥验证V2X数据报文的签名,在签名验证通过后,解析该V2X数据报文中的数据并执行相应处理。In some embodiments, the certificate application method based on vehicle-road coordination may further include the following steps: in response to receiving the vehicle-road coordination data message and certificate broadcast by other terminal devices, verifying the validity of the certificate according to the CA root certificate properties, for example, whether it is issued by a CA root certificate, whether it is within the validity period, and so on. If the verification is passed, the public key is obtained from the certificate, and the signature of the V2X data message is verified according to the public key. After the signature verification is passed, the data in the V2X data message is analyzed and corresponding processing is performed.
本申请实施例可以应用于车载终端与车载终端、车载终端与路边单元之间的基于V2X协议的安全通信中,车载终端/路边单元从多个证书和多个私钥中随机选择其中一个证书和一个私钥来保障数据安全传输,安全通信机制为通过随机证书对V2X数据报文进行签名和验证签名等。车载终端、路边单元与CA服务器之间需要支持无线或有线网络通信,遵循安全协议进行证书申请和下载。The embodiment of the present application can be applied to secure communication based on the V2X protocol between vehicle-mounted terminals and vehicle-mounted terminals, and between vehicle-mounted terminals and roadside units. The vehicle-mounted terminal/roadside unit randomly selects one of multiple certificates and multiple private keys. A certificate and a private key are used to ensure the safe transmission of data. The secure communication mechanism is to sign and verify the signature of the V2X data message through a random certificate. The vehicle terminal, roadside unit and CA server need to support wireless or wired network communication, and follow the security protocol for certificate application and download.
本申请实施例提出一种应用于车路协同场景的证书申请方法,能够使终端设备获得不同有效期证书,扩大证书集合的有效期覆盖时间,在部分证书失效时,剩余证书仍处于有效状态,在部分证书失效且在无网络场景下无法及时更新证书时,例如,车辆因长期停放或处于无网络状态、SIM(Subscriber Identity Module,用户身份识别卡)卡欠费等,剩余有效证书可以保障后续V2X数据安全通信;通过周期检测是否存在待申请证书,可以实现证书滚动更新。The embodiment of this application proposes a certificate application method applied to the vehicle-road coordination scenario, which enables terminal devices to obtain certificates with different validity periods, and expands the coverage time of the validity period of the certificate set. When some certificates fail, the remaining certificates are still valid. When the certificate expires and the certificate cannot be updated in time in the case of no network, for example, the vehicle is parked for a long time or is in a state of no network, SIM (Subscriber Identity Module, user identification card) card arrears, etc., the remaining valid certificate can guarantee the subsequent V2X data Secure communication; by periodically checking whether there is a certificate to be applied for, the rolling update of the certificate can be realized.
基于相同的技术构思,本申请实施例还提供一种终端设备,所述终端设备可以是车载终端,也可以是路边单元。如图5所示,所述终端设备包括证书管理模块101和证书申请模块102,证书管理模块101被设置为,响应于确定出存在待申请证书,根据终端设备的证书集合确定所述待申请证书的有效期;其中,所述待申请证书的有效期满足以下条件:完成证书申请后,所述证书集合中的至少一个证书的有效期与所述证书集合中其他证书的有效期不同。Based on the same technical idea, the embodiment of the present application also provides a terminal device, and the terminal device may be a vehicle-mounted terminal or a roadside unit. As shown in Figure 5, the terminal device includes a certificate management module 101 and a certificate application module 102, and the certificate management module 101 is configured to, in response to determining that there is a certificate to be applied for, determine the certificate to be applied for according to the certificate set of the terminal device The validity period of the certificate; wherein, the validity period of the certificate to be applied for satisfies the following condition: after the certificate application is completed, the validity period of at least one certificate in the certificate set is different from the validity period of other certificates in the certificate set.
证书申请模块102被设置为,向证书颁发服务器发送包括所述待申请证书的有效期和数量的证书申请请求,所述证书申请请求用于使所述证书颁发服务器根据所述待申请证书的有效期和数量生成证书。The certificate application module 102 is configured to send a certificate application request including the validity period and quantity of the certificate to be applied for to the certificate issuing server, and the certificate application request is used to make the certificate issuing server according to the validity period and quantity of the certificate to be applied for Quantity Generate Certificate.
在一些实施例中,所述证书集合中证书的类型包括有效证书和待申请证书,至少一个所述待申请证书的有效期与所述证书集合中至少一个有效证书的有效期不同。In some embodiments, the types of certificates in the certificate set include valid certificates and certificates to be applied for, and the validity period of at least one of the certificates to be applied for is different from the validity period of at least one valid certificate in the certificate set.
在一些实施例中,至少一个所述待申请证书的有效期与其他所述待申请证书的有效期不同。In some embodiments, the validity period of at least one of the certificates to be applied for is different from the validity period of the other certificates to be applied for.
在一些实施例中,证书管理模块101被设置为,遍历所述证书集合;响应于所述证书集合中不存在证书,确定出存在待申请证书,所述待申请证书为至少两个;或者,响应于所述证书集合中存在证书且所述证书满足预设条件,确定出满足预设条件的证书为待申请证书。In some embodiments, the certificate management module 101 is configured to traverse the certificate set; in response to no certificates in the certificate set, determine that there are at least two certificates to be applied for; or, In response to the existence of certificates in the certificate set and the certificates meeting the preset conditions, it is determined that the certificates meeting the preset conditions are certificates to be applied for.
在一些实施例中,证书管理模块101被设置为,周期遍历所述证书集合。In some embodiments, the certificate management module 101 is configured to periodically traverse the certificate set.
在一些实施例中,证书管理模块101被设置为,在所述证书集合中不存在证书的情况下,根据所述证书集合的证书总数和证书总有效时长,确定所述待申请证书的有效期,其中,至少一个所述待申请证书的有效期与其他待申请证书的有效期不同。In some embodiments, the certificate management module 101 is configured to, if there is no certificate in the certificate set, determine the validity period of the certificate to be applied for according to the total number of certificates in the certificate set and the total validity period of the certificates, Wherein, the validity period of at least one of the certificates to be applied for is different from the validity period of other certificates to be applied for.
在一些实施例中,证书管理模块101被设置为,在所述证书集合中存在证书且所述证书满足预设条件的情况下,响应于所述待申请证书为一个,根据所述证书集合中有效证书的有效期确定所述待申请证书的有效期,其中,所述待申请证书的有效期与所述证书集合中至少一个有效证书的有效期不同。In some embodiments, the certificate management module 101 is configured to, if there is a certificate in the certificate set and the certificate satisfies a preset condition, in response to the fact that there is one certificate to be applied for, according to the The validity period of the valid certificate determines the validity period of the certificate to be applied for, wherein the validity period of the certificate to be applied for is different from the validity period of at least one valid certificate in the certificate set.
在一些实施例中,证书管理模块101被设置为,在所述证书集合中存在证书且所述证书满足预设条件的情况下,响应于所述待申请证书为至少两个,根据所述证书集合中有效证书的有效期、所述待申请证书的数量以及所述证书集合的证书总数和证书总有效时长,确定所述待申请证书的有效期。In some embodiments, the certificate management module 101 is configured to, if there are certificates in the certificate set and the certificates meet the preset conditions, in response to the number of the certificates to be applied for is at least two, according to the certificate The validity period of the valid certificates in the set, the number of the certificates to be applied for, the total number of certificates in the certificate set, and the total validity period of the certificates determine the validity period of the certificates to be applied for.
在一些实施例中,预设条件包括:证书的有效期终止时间大于当前时间,且证书的有效期终止时间与当前时间的差值小于预设阈值;或者,证书的有效期终止时间小于或等于当前时间。In some embodiments, the preset condition includes: the expiration time of the certificate's validity period is greater than the current time, and the difference between the expiration time of the certificate's validity period and the current time is smaller than a preset threshold; or, the expiration time of the certificate's validity period is less than or equal to the current time.
在一些实施例中,如图6所示,所述终端设备还可以包括通信模块103,证书管理模块101被设置为,在通信模块103生成车路协同数据报文之后,从所述证书集合中随机选择一个有效证书。In some embodiments, as shown in FIG. 6 , the terminal device may further include a communication module 103, and the certificate management module 101 is configured to, after the communication module 103 generates the vehicle-road coordination data message, select Randomly select a valid certificate.
通信模块103被设置为,根据终端设备的私钥和选择出的有效证书对所述车路协同数据报文进行签名,得到签名后的车路协同数据报文,并广播所述签名后的车路协同数据报文。The communication module 103 is configured to sign the vehicle-road coordination data message according to the private key of the terminal device and the selected valid certificate, obtain the signed vehicle-road coordination data message, and broadcast the signed vehicle-road coordination data message. Road coordination data packets.
本申请实施例还提供了一种计算机设备,该计算机设备包括:一个或多个处理器以及存储装置;其中,存储装置上存储有一个或多个程序,当上述一个或多个程序被上述一个或多个处理器执行时,使得上述一个或多个处理器实现如前述各实施例所提供的基于车路协同的证书申请方法。The embodiment of the present application also provides a computer device, the computer device includes: one or more processors and a storage device; wherein, one or more programs are stored on the storage device, when the above one or more programs are executed by the above one When executed by one or more processors, the above one or more processors implement the certificate application method based on vehicle-road coordination as provided in the foregoing embodiments.
本申请实施例还提供了一种计算机可读介质,其上存储有计算机程序,其中,该计算机程序被执行时实现如前述各实施例所提供的基于车路协同的证书申请方法。The embodiment of the present application also provides a computer-readable medium on which a computer program is stored, wherein when the computer program is executed, the method for applying for a certificate based on vehicle-road coordination as provided in the foregoing embodiments is implemented.
本申请实施例提供的基于车路协同的证书申请方法,所述方法应用于终端设备,在确定出存在待申请证书的情况下,根据终端设备的证书集合确定待申请证书的有效期;其中,待申请证书的有效期满足以下条件:完成证书申请后,证书集合中的至少一个证书的有效期与证书集合中其他证书的有效期不同;向证书颁发服务器发送包括待申请证书的有效期和数量的证书申请请求,以使证书颁发服务器根据待申请证书的有效期和数量生成证书。在本申请实施例中,终端设备的至少一个证书的有效期与该终端设备其他证书的有效期不同,这样, 在部分证书失效时,仍然有其他证书仍处于有效状态,从而降低证书在同一时间失效带来的车路协同数据通信安全风险;而且可以扩大证书集合的有效期覆盖时间,从而降低终端设备无法及时更新证书带来的车路协同数据通信安全风险。The method for applying for a certificate based on vehicle-road coordination provided by the embodiment of the present application is applied to a terminal device. When it is determined that there is a certificate to be applied for, the validity period of the certificate to be applied for is determined according to the certificate set of the terminal device; The validity period of the application certificate meets the following conditions: after the certificate application is completed, the validity period of at least one certificate in the certificate set is different from the validity period of other certificates in the certificate set; a certificate application request including the validity period and quantity of the certificate to be applied is sent to the certificate issuing server, In order to make the certificate issuing server generate certificates according to the validity period and quantity of the certificates to be applied for. In this embodiment of the application, the validity period of at least one certificate of the terminal device is different from that of other certificates of the terminal device. In this way, when some certificates become invalid, other certificates are still valid, thereby reducing the failure rate of certificates at the same time. In addition, it can expand the coverage time of the validity period of the certificate set, thereby reducing the security risk of the vehicle-road coordination data communication caused by the inability of the terminal device to update the certificate in time.
本领域普通技术人员可以理解,上文中所公开方法中的全部或某些步骤、装置中的功能模块/单元可以被实施为软件、固件、硬件及其适当的组合。在硬件实施方式中,在以上描述中提及的功能模块/单元之间的划分不一定对应于物理组件的划分;例如,一个物理组件可以具有多个功能,或者一个功能或步骤可以由若干物理组件合作执行。某些物理组件或所有物理组件可以被实施为由处理器,如中央处理器、数字信号处理器或微处理器执行的软件,或者被实施为硬件,或者被实施为集成电路,如专用集成电路。这样的软件可以分布在计算机可读介质上,计算机可读介质可以包括计算机存储介质(或非暂时性介质)和通信介质(或暂时性介质)。如本领域普通技术人员公知的,术语计算机存储介质包括在用于存储信息(诸如计算机可读指令、数据结构、程序模块或其他数据)的任何方法或技术中实施的易失性和非易失性、可移除和不可移除介质。计算机存储介质包括但不限于RAM、ROM、EEPROM、闪存或其他存储器技术、CD-ROM、数字多功能盘(DVD)或其他光盘存储、磁盒、磁带、磁盘存储或其他磁存储装置、或者可以用于存储期望的信息并且可以被计算机访问的任何其他的介质。此外,本领域普通技术人员公知的是,通信介质通常包含计算机可读指令、数据结构、程序模块或者诸如载波或其他传输机制之类的调制数据信号中的其他数据,并且可包括任何信息递送介质。Those skilled in the art can understand that all or some of the steps in the method disclosed above and the functional modules/units in the device can be implemented as software, firmware, hardware and an appropriate combination thereof. In a hardware implementation, the division between functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may be composed of several physical components. Components cooperate to execute. Some or all of the physical components may be implemented as software executed by a processor, such as a central processing unit, digital signal processor, or microprocessor, or as hardware, or as an integrated circuit, such as an application-specific integrated circuit . Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). As known to those of ordinary skill in the art, the term computer storage media includes both volatile and nonvolatile media implemented in any method or technology for storage of information, such as computer readable instructions, data structures, program modules, or other data. permanent, removable and non-removable media. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disk (DVD) or other optical disk storage, magnetic cartridges, tape, magnetic disk storage or other magnetic storage devices, or can Any other medium used to store desired information and which can be accessed by a computer. In addition, as is well known to those of ordinary skill in the art, communication media typically embodies computer readable instructions, data structures, program modules, or other data in a modulated data signal such as a carrier wave or other transport mechanism, and may include any information delivery media .
本文已经公开了若干实施例,并且虽然采用了具体术语,但它们仅用于并仅应当被解释为一般说明性含义,并且不用于限制的目的。在一些实例中,对本领域技术人员显而易见的是,除非另外明确指出,否则可单独使用与特定实施例相结合描述的特征、特性和/或元素,或可与其他实施例相结合描述的特征、特性和/或元件组合使用。因此,本领域技术人员将理解,在不脱离由所附的权利要求阐明的本申请的范围的情况下,可进行各种形式和细节上的改变。Several embodiments have been disclosed herein, and while specific terms have been employed, they are used and should be construed in a generally descriptive sense only and not for purposes of limitation. In some instances, it will be apparent to those skilled in the art that features, characteristics and/or elements described in connection with a particular embodiment may be used alone, or may be described in combination with other embodiments, unless explicitly stated otherwise. Combinations of features and/or elements. Accordingly, it will be understood by those of ordinary skill in the art that various changes in form and details may be made without departing from the scope of the present application as set forth in the appended claims.

Claims (12)

  1. 一种基于车路协同的证书申请方法,应用于终端设备,其中,所述方法包括:A method for applying for a certificate based on vehicle-road coordination, applied to a terminal device, wherein the method includes:
    响应于确定出存在待申请证书,根据所述终端设备的证书集合确定所述待申请证书的有效期;其中,所述待申请证书的有效期满足以下条件:完成证书申请后,所述证书集合中的至少一个证书的有效期与所述证书集合中其他证书的有效期不同;In response to determining that there is a certificate to be applied for, the validity period of the certificate to be applied for is determined according to the certificate set of the terminal device; wherein, the validity period of the certificate to be applied for meets the following conditions: after the certificate application is completed, the certificate set in the at least one certificate has a different validity period than other certificates in said set of certificates;
    向证书颁发服务器发送包括所述待申请证书的有效期和数量的证书申请请求,所述证书申请请求用于使所述证书颁发服务器根据所述待申请证书的有效期和数量生成证书。Sending a certificate application request including the validity period and quantity of the certificate to be applied for to the certificate issuing server, where the certificate application request is used to make the certificate issuing server generate a certificate according to the validity period and quantity of the certificate to be applied for.
  2. 如权利要求1所述的方法,其中,所述证书集合中证书的类型包括有效证书和待申请证书,至少一个所述待申请证书的有效期与所述证书集合中至少一个有效证书的有效期不同。The method according to claim 1, wherein the types of certificates in the certificate set include valid certificates and certificates to be applied for, and the validity period of at least one of the certificates to be applied for is different from the validity period of at least one valid certificate in the certificate set.
  3. 如权利要求1或2所述的方法,其中,至少一个所述待申请证书的有效期与其他所述待申请证书的有效期不同。The method according to claim 1 or 2, wherein the valid period of at least one of the certificates to be applied for is different from the valid period of other said certificates to be applied for.
  4. 如权利要求3所述的方法,其中,所述确定出存在待申请证书包括:The method according to claim 3, wherein said determining that there is a certificate to be applied for comprises:
    遍历所述证书集合;traverse the certificate collection;
    响应于所述证书集合中不存在证书,确定出存在待申请证书,所述待申请证书为至少两个;或者,响应于所述证书集合中存在证书且所述证书满足预设条件,确定出满足预设条件的证书为待申请证书。In response to no certificates in the certificate set, it is determined that there are at least two certificates to be applied for; or, in response to the presence of certificates in the certificate set and the certificates satisfy a preset condition, it is determined that The certificates that meet the preset conditions are the certificates to be applied for.
  5. 如权利要求4所述的方法,其中,所述遍历所述证书集合,包括:周期遍历所述证书集合。The method according to claim 4, wherein the traversing the certificate set comprises: traversing the certificate set periodically.
  6. 如权利要求4所述的方法,其中,在所述证书集合中不存在证书的情况下,所述待申请证书的数量为预设的证书集合的证书总数,所述根据所述终端设备的证书集合确定所述待申请证书的有效期,包括:The method according to claim 4, wherein, when there is no certificate in the certificate set, the number of certificates to be applied for is the total number of certificates in the preset certificate set, and the certificate according to the terminal device The set determines the validity period of the certificate to be applied for, including:
    根据所述证书集合的证书总数和证书总有效时长,确定所述待申请证书的有效期,其中,至少一个所述待申请证书的有效期与其他待申请证书的有效期不同。The validity period of the certificates to be applied for is determined according to the total number of certificates and the total validity period of the certificates in the certificate set, wherein the validity period of at least one of the certificates to be applied for is different from the validity period of other certificates to be applied for.
  7. 如权利要求4所述的方法,其中,在所述证书集合中存在证书且所述证书满足预设条件的情况下,所述根据所述终端设备的证书集合确定所述待申请证书的有效期,包括:The method according to claim 4, wherein, when a certificate exists in the certificate set and the certificate satisfies a preset condition, the validity period of the certificate to be applied is determined according to the certificate set of the terminal device, include:
    响应于所述待申请证书为一个,根据所述证书集合中有效证书的有效期确定所述待申请证书的有效期,其中,所述待申请证书的有效期与所述证书集合中至少一个有效证书的有效期不同。In response to the fact that there is one certificate to be applied for, the validity period of the certificate to be applied for is determined according to the validity period of the valid certificates in the certificate set, wherein the validity period of the certificate to be applied for is the same as the validity period of at least one valid certificate in the certificate set different.
  8. 如权利要求4所述的方法,其中,在所述证书集合中存在证书且所述证书满足预设条件的情况下,所述根据所述终端设备的证书集合确定所述待申请证书的有效期,包括:The method according to claim 4, wherein, when a certificate exists in the certificate set and the certificate satisfies a preset condition, the validity period of the certificate to be applied is determined according to the certificate set of the terminal device, include:
    响应于所述待申请证书为至少两个,根据所述证书集合中有效证书的有效期、所述待申请证书的数量以及所述证书集合的证书总数和证书总有效时长,确定所述待申请证书的有效期。In response to the fact that there are at least two certificates to be applied for, the certificate to be applied for is determined according to the validity period of the valid certificates in the certificate set, the number of the certificates to be applied for, the total number of certificates in the certificate set, and the total validity period of the certificates validity period.
  9. 如权利要求4所述的方法,其中,所述预设条件包括:The method of claim 4, wherein the preset conditions include:
    证书的有效期终止时间大于当前时间,且证书的有效期终止时间与当前时间的差值小于预设阈值;或者,证书的有效期终止时间小于或等于当前时间。The expiration time of the validity period of the certificate is greater than the current time, and the difference between the expiration time of the validity period of the certificate and the current time is smaller than a preset threshold; or, the expiration time of the validity period of the certificate is less than or equal to the current time.
  10. 一种终端设备,包括证书管理模块和证书申请模块,其中,所述证书管理模块被设置为,响应于确定出存在待申请证书,根据终端设备的证书集合确定所述待申请证书的有效 期;其中,所述待申请证书的有效期满足以下条件:完成证书申请后,所述证书集合中的至少一个证书的有效期与所述证书集合中其他证书的有效期不同;A terminal device, including a certificate management module and a certificate application module, wherein the certificate management module is configured to, in response to determining that there is a certificate to be applied for, determine the validity period of the certificate to be applied for according to a set of certificates of the terminal device; wherein , the validity period of the certificate to be applied for meets the following conditions: after the certificate application is completed, the validity period of at least one certificate in the certificate set is different from the validity period of other certificates in the certificate set;
    所述证书申请模块被设置为,向证书颁发服务器发送包括所述待申请证书的有效期和数量的证书申请请求,所述证书申请请求用于使所述证书颁发服务器根据所述待申请证书的有效期和数量生成证书。The certificate application module is configured to send a certificate application request including the validity period and quantity of the certificate to be applied for to the certificate issuance server, and the certificate application request is used to make the certificate issuance server according to the validity period of the certificate to be applied for and quantity to generate the certificate.
  11. 一种计算机设备,包括:A computer device comprising:
    一个或多个处理器;one or more processors;
    存储装置,其上存储有一个或多个程序;a storage device having one or more programs stored thereon;
    其中,当所述一个或多个程序被所述一个或多个处理器执行时,使得所述一个或多个处理器实现如权利要求1-9任一项所述的基于车路协同的证书申请方法。Wherein, when the one or more programs are executed by the one or more processors, the one or more processors are made to implement the vehicle-road coordination-based certificate according to any one of claims 1-9 How to apply.
  12. 一种计算机可读介质,其上存储有计算机程序,其中,所述程序被执行时实现如权利要求1-9任一项所述的基于车路协同的证书申请方法。A computer-readable medium, on which a computer program is stored, wherein, when the program is executed, the method for applying for a certificate based on vehicle-road coordination according to any one of claims 1-9 is realized.
PCT/CN2022/084665 2021-08-05 2022-03-31 Vehicle-infrastructure cooperation-based certificate application method and apparatus, computer device, and medium WO2023010871A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202110896122.3 2021-08-05
CN202110896122.3A CN115706953A (en) 2021-08-05 2021-08-05 Certificate application method and device based on vehicle-road cooperation, computer equipment and medium

Publications (1)

Publication Number Publication Date
WO2023010871A1 true WO2023010871A1 (en) 2023-02-09

Family

ID=85155117

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/084665 WO2023010871A1 (en) 2021-08-05 2022-03-31 Vehicle-infrastructure cooperation-based certificate application method and apparatus, computer device, and medium

Country Status (2)

Country Link
CN (1) CN115706953A (en)
WO (1) WO2023010871A1 (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103618995A (en) * 2013-12-04 2014-03-05 西安电子科技大学 Position privacy protection method based on dynamic pseudonyms
US20170180989A1 (en) * 2015-12-17 2017-06-22 Security Innovation, Inc Secure vehicle communication system
CN110365486A (en) * 2019-06-28 2019-10-22 东软集团股份有限公司 A kind of certificate request method, device and equipment
CN111130777A (en) * 2019-12-31 2020-05-08 北京数字认证股份有限公司 Issuing management method and system for short-lived certificate
CN111865919A (en) * 2020-06-16 2020-10-30 郑州信大捷安信息技术股份有限公司 Digital certificate application method and system based on V2X
CN113038417A (en) * 2021-02-01 2021-06-25 北京汽车研究总院有限公司 Method and device for managing anonymous certificate of V2X in Internet of vehicles, storage medium and equipment
CN113207105A (en) * 2021-03-29 2021-08-03 北京汽车研究总院有限公司 V2X anonymous communication method, device, electronic equipment and storage medium

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103618995A (en) * 2013-12-04 2014-03-05 西安电子科技大学 Position privacy protection method based on dynamic pseudonyms
US20170180989A1 (en) * 2015-12-17 2017-06-22 Security Innovation, Inc Secure vehicle communication system
CN110365486A (en) * 2019-06-28 2019-10-22 东软集团股份有限公司 A kind of certificate request method, device and equipment
CN111130777A (en) * 2019-12-31 2020-05-08 北京数字认证股份有限公司 Issuing management method and system for short-lived certificate
CN111865919A (en) * 2020-06-16 2020-10-30 郑州信大捷安信息技术股份有限公司 Digital certificate application method and system based on V2X
CN113038417A (en) * 2021-02-01 2021-06-25 北京汽车研究总院有限公司 Method and device for managing anonymous certificate of V2X in Internet of vehicles, storage medium and equipment
CN113207105A (en) * 2021-03-29 2021-08-03 北京汽车研究总院有限公司 V2X anonymous communication method, device, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN115706953A (en) 2023-02-17

Similar Documents

Publication Publication Date Title
CN110679168B (en) V2X communication device and data communication method thereof
CN108702786B (en) Communication method, device and system
US9742569B2 (en) System and method for filtering digital certificates
EP3637672B1 (en) V2x communication device and secured communication method thereof
JP6112467B2 (en) Communication device
TWI600334B (en) Security certificate management method for a vehicular network node and vehicular network node applying the same
US11979509B2 (en) Method and system for handling dynamic cybersecurity posture of a V2X entity
JP5991561B2 (en) Wireless device
Kohli et al. Security challenges, applications and vehicular authentication methods in VANET for smart traffic management
JP2014014012A (en) Radio device
WO2023010871A1 (en) Vehicle-infrastructure cooperation-based certificate application method and apparatus, computer device, and medium
JP2014158105A (en) Terminal device
JP6187888B2 (en) Processing equipment
JP2016119543A (en) Radio communication device, server, mobile station, and method related thereto
Klaassen et al. Security for V2X
JP5991560B2 (en) Wireless device
Ganan et al. RAR: Risk aware revocation mechanism for vehicular networks
Akhter et al. A Secured Privacy-Preserving Multi-Level Blockchain Framework for Cluster Based VANET. Sustainability 2021, 13, 400
WO2023010872A1 (en) Vehicle-to-x-based data processing method and apparatus, and vehicle-to-x-based certificate application method and apparatus
CN114553472B (en) Authentication method, authentication device, electronic equipment and storage medium
JP6183629B2 (en) Processing equipment
Rao Performance evaluation of secure communication in vehicular networks
CN116567567A (en) V2X message processing method and device of Internet of vehicles, vehicle and V2X equipment
JP5903629B2 (en) Wireless device
JP2014158104A (en) Terminal device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22851596

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE