CN106453269B - Internet of vehicles safety communication method, vehicle-mounted terminal, server and system - Google Patents

Internet of vehicles safety communication method, vehicle-mounted terminal, server and system Download PDF

Info

Publication number
CN106453269B
CN106453269B CN201610838067.1A CN201610838067A CN106453269B CN 106453269 B CN106453269 B CN 106453269B CN 201610838067 A CN201610838067 A CN 201610838067A CN 106453269 B CN106453269 B CN 106453269B
Authority
CN
China
Prior art keywords
vehicle
mounted terminal
server
message
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610838067.1A
Other languages
Chinese (zh)
Other versions
CN106453269A (en
Inventor
刘玉涛
陈静相
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Neusoft Corp
Original Assignee
Neusoft Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Neusoft Corp filed Critical Neusoft Corp
Priority to CN201610838067.1A priority Critical patent/CN106453269B/en
Publication of CN106453269A publication Critical patent/CN106453269A/en
Application granted granted Critical
Publication of CN106453269B publication Critical patent/CN106453269B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/163In-band adaptation of TCP data exchange; In-band control procedures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Power Engineering (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The application provides a vehicle networking safety communication method, a vehicle-mounted terminal, a server and a system, wherein the vehicle networking safety communication method comprises the following steps: after the vehicle-mounted terminal is confirmed to be connected with a server through a transmission control protocol, a handshake authentication request is sent to the server, wherein the handshake authentication request comprises an identification of the vehicle-mounted terminal and a first Hash value encrypted by a symmetric encryption algorithm the same as that of the server; the vehicle-mounted terminal receives an authentication response message returned by the server, wherein the authentication response message is returned by the server after the vehicle-mounted terminal is determined to be legal; and the vehicle-mounted terminal establishes a security authentication transmission protocol connection with the server according to the authentication response message. The method and the system realize the establishment of the lightweight security authentication transmission protocol between the vehicle-mounted terminal and the server, utilize less resources and improve the security of data transmission between the vehicle-mounted terminal and the server.

Description

Internet of vehicles safety communication method, vehicle-mounted terminal, server and system
Technical Field
The application relates to the technical field of Internet of vehicles, in particular to a safe communication method, a vehicle-mounted terminal, a server and a system for the Internet of vehicles.
Background
With the gradual maturity of the technology of accessing the automobile to the internet, the functions of the vehicle-mounted application based on the network are greatly enriched and expanded, and the functions lay a foundation for the prosperity of the application market of the internet of vehicles. However, a problem that cannot be ignored is a safety problem, and how to ensure the safety (i.e. transmission safety) of sensitive information that the vehicle interacts with the outside world through the network has received great attention. If the transmission safety is not guaranteed, sensitive data can be stolen and tampered, and even a vehicle can be remotely controlled, so that the personal safety of an owner of the vehicle can be greatly threatened.
Currently, some security protocols in network security, such as: because of large occupied resources, a Secure Sockets Layer (SSL), an IP security (IPSec), etc. are difficult to use or popularize in a vehicle-mounted mobile terminal with limited resources, even for a vehicle-mounted mobile terminal with rich resources, if the above security protocol is applied, not only the pressure of a server end is increased, but also the security cost is increased.
Disclosure of Invention
The present application is directed to solving, at least to some extent, one of the technical problems in the related art.
Therefore, a first objective of the present application is to provide a vehicle networking secure communication method, which implements establishment of a lightweight secure authentication transmission protocol between a vehicle-mounted terminal and a server, and improves security of data transmission between the vehicle-mounted terminal and the server by using fewer resources.
A second object of the present application is to propose another car networking security communication method.
A third objective of the present application is to provide a vehicle-mounted terminal.
A fourth object of the present application is to provide a server.
A fifth object of the present application is to provide a car networking safety communication system.
In order to achieve the above object, an embodiment of a first aspect of the present application provides a vehicle networking security communication method, including: after the vehicle-mounted terminal is confirmed to be connected with a server through a transmission control protocol, a handshake authentication request is sent to the server, wherein the handshake authentication request comprises an identification of the vehicle-mounted terminal and a first Hash value encrypted by a symmetric encryption algorithm the same as that of the server; the vehicle-mounted terminal receives an authentication response message returned by the server, wherein the authentication response message is returned by the server after the vehicle-mounted terminal is determined to be legal; and the vehicle-mounted terminal establishes a security authentication transmission protocol connection with the server according to the authentication response message.
In an implementation form of the first aspect, before the vehicle-mounted terminal sends a handshake authentication request to a server, the method further includes:
the vehicle-mounted terminal generates a first random number according to a preset rule;
and the vehicle-mounted terminal generates the first hash value according to the first random number and a first initial key.
In another implementation form of the first aspect, the authentication response message includes an encrypted first random number, an update key, and a second hash value, and after the vehicle-mounted terminal receives the authentication response message returned by the server, the method further includes:
the vehicle-mounted terminal decrypts the authentication response message;
the vehicle-mounted terminal judges whether the first random number obtained after decryption is matched with the generated first random number or not;
and if so, updating the key by the vehicle-mounted terminal according to the decrypted updated key.
In another implementation form of the first aspect, the authentication response message further includes an encrypted second random number;
after the key is updated according to the updated key obtained after decryption, the vehicle-mounted terminal further includes:
and the vehicle-mounted terminal returns a key updating confirmation message to the server, wherein the key updating confirmation message comprises the encrypted second random number and a second hash value generated according to the updating key and the second random number, so that the server updates the key.
In another implementation form of the first aspect, the handshake authentication request and authentication response message includes:
recording a protocol header, a message body and a message authentication code corresponding to the message body.
In another implementation form of the first aspect, the first initial key includes: a read key and a write key;
the read key and the write key respectively comprise a symmetric encryption key value, a random vector and a Hash operation message authentication code algorithm key.
In another implementation form of the first aspect, after the vehicle-mounted terminal establishes a secure authenticated transmission protocol connection with the server, the method further includes:
the vehicle-mounted terminal constructs a first recording protocol head according to the type of data to be transmitted;
the vehicle-mounted terminal carries out hash information verification code operation on the first recording protocol head and the data body to be transmitted, and determines a first message authentication code of the data to be transmitted;
and the vehicle-mounted terminal encrypts the data body to be transmitted and the first message authentication code by using the updated key and encryption function and transmits the encrypted data body and the first message authentication code to the server.
In another implementation form of the first aspect, after the vehicle-mounted terminal establishes a secure authenticated transmission protocol connection with the server, the method further includes:
the vehicle-mounted terminal receives the data message sent by the server;
the vehicle-mounted terminal determines the position of a second message authentication code in the data message according to a second recording protocol header in the data message;
the vehicle-mounted terminal decrypts the data message by using the updated key and a decryption function which is symmetrical to the encryption function in the server so as to obtain a data body and a second message authentication code which are included in the data message;
the vehicle-mounted terminal performs hash information verification code operation on the second recording protocol head and the data body to determine a third message authentication code;
and the vehicle-mounted terminal judges whether the second message authentication code is consistent with the third message authentication code, and if so, the data body is sent to an application layer in the vehicle-mounted terminal.
In another implementation form of the first aspect, the method further includes:
the vehicle-mounted terminal receives a connection closing message sent by the server;
and the vehicle-mounted terminal releases local resources related to message reception according to the connection closing message.
In another implementation form of the first aspect, after the receiving, by the vehicle-mounted terminal, the connection close message sent by the server, the method further includes:
the vehicle-mounted terminal judges whether a local data message to be transmitted exists or not;
and if not, returning a connection closing response message to the server so as to close the communication connection between the server and the vehicle-mounted terminal.
According to the vehicle-mounted network security communication method provided by the embodiment of the application, after the vehicle-mounted terminal is determined to establish the TCP connection with the server, a handshake authentication request can be sent to the server based on a preset initial secret key and a symmetric encryption algorithm which is the same as that of the server, and then the vehicle-mounted terminal can establish the security authentication transmission protocol connection with the server after receiving an authentication response message returned by the server. Therefore, a lightweight security authentication transmission protocol is established between the vehicle-mounted terminal and the server, fewer resources are utilized, and the security of data transmission between the vehicle-mounted terminal and the server is improved.
In order to achieve the above object, a second aspect of the present application provides another car networking security communication method, including: the method comprises the steps that a server receives a handshake authentication request sent by a vehicle-mounted terminal, wherein the handshake authentication request comprises an identifier of the vehicle-mounted terminal and a first hash value encrypted by a symmetric encryption algorithm the same as that of the server; the server acquires a second initial key which is locally stored and corresponds to the identifier of the vehicle-mounted terminal according to the identifier of the vehicle-mounted terminal; the server decrypts the handshake authentication request by adopting a decryption algorithm symmetrical to the vehicle-mounted terminal so as to determine a first initial key carried in the handshake authentication request; the server judges whether the first initial key is consistent with the second initial key; and if the authentication information is consistent with the authentication information, returning an authentication response message to the vehicle-mounted terminal.
According to the Internet of vehicles safety communication method, after receiving a handshake authentication request sent by a vehicle-mounted terminal, a server obtains a second initial secret key corresponding to the vehicle-mounted terminal identification according to the vehicle-mounted terminal identification, then decrypts the handshake authentication request by adopting a decryption algorithm symmetrical to the vehicle-mounted terminal to obtain a first initial secret key in the handshake authentication request, and when the first initial secret key is determined to be consistent with the second secret key, an authentication response message is returned to the vehicle-mounted terminal. Therefore, a lightweight security authentication transmission protocol is established between the vehicle-mounted terminal and the server, fewer resources are utilized, and the security of data transmission between the vehicle-mounted terminal and the server is improved.
To achieve the above object, a third aspect of the present application provides a vehicle-mounted terminal, including: a memory and a processor for storing program code;
the processor is configured to call code in the memory to perform the following process:
after the fact that the transmission control protocol connection with a server is completed is determined, a handshake authentication request is sent to the server, wherein the handshake authentication request comprises an identification of the vehicle-mounted terminal and a first hash value encrypted by a symmetric encryption algorithm the same as that of the server; receiving an authentication response message returned by the server, wherein the authentication response message is returned by the server after the vehicle-mounted terminal is determined to be legal; and establishing a secure authentication transmission protocol connection with the server according to the authentication response message.
According to the vehicle-mounted terminal provided by the embodiment of the application, after the TCP connection is established in the server, the vehicle-mounted terminal can send a handshake authentication request to the server based on the preset initial secret key and the symmetric encryption algorithm which is the same as that of the server, and then can establish the secure authentication transmission protocol connection with the server after receiving the authentication response message returned by the server. Therefore, a lightweight security authentication transmission protocol is established between the vehicle-mounted terminal and the server, fewer resources are utilized, and the security of data transmission between the vehicle-mounted terminal and the server is improved.
In an implementation form of the third aspect, the processor is further configured to: generating a first random number according to a preset rule; and generating a first hash value according to the first random number and the first initial key.
In another implementation form of the third aspect, the authentication response message includes the encrypted first random number, the update key, and the second hash value;
the processor is further configured to:
decrypting the authentication response message;
judging whether the first random number obtained after decryption is matched with the generated first random number or not;
and if so, updating the key according to the updated key obtained after decryption.
In another implementation form of the third aspect, the authentication response message further includes an encrypted second random number;
the processor is further configured to:
and returning a key updating confirmation message to the server, wherein the key updating confirmation message comprises the encrypted second random number and a second hash value generated according to the updating key and the second random number, so that the server updates the key.
In another implementation form of the third aspect, the handshake authentication request and authentication response message includes:
recording a protocol header, a message body and a message authentication code corresponding to the message body.
In another implementation form of the third aspect, the first initial key includes: a read key and a write key;
the read key and the write key respectively comprise a symmetric encryption key value, a random vector and a Hash operation message authentication code algorithm key.
In another implementation form of the third aspect, the processor is further configured to:
constructing a first recording protocol head according to the type of data to be transmitted;
performing hash information verification code operation on the first recording protocol header and the data body to be transmitted, and determining a first message authentication code of the data to be transmitted;
and encrypting the data body to be transmitted and the first message authentication code by using the updated key and encryption function, and transmitting the data body to be transmitted and the first message authentication code to the server.
In another implementation form of the third aspect, the processor is further configured to:
receiving a data message sent by the server;
determining the position of a second message authentication code in the data message according to a second recording protocol header in the data message;
decrypting the data message by using the updated key and a decryption function which is symmetrical to the encryption function in the server to obtain a data body and a second message authentication code which are included in the data message;
performing hash information verification code operation on the second recording protocol header and the data body, and determining a third message authentication code;
and judging whether the second message authentication code is consistent with the third message authentication code, and if so, sending the data body to an application layer in the vehicle-mounted terminal.
In yet another implementation form of the third aspect, the processor is further configured to:
receiving a connection closing message sent by the server;
and releasing the local resources associated with the message reception according to the connection closing message.
In yet another implementation form of the third aspect, the processor is further configured to:
the vehicle-mounted terminal judges whether a local data message to be transmitted exists or not;
and if not, returning a connection closing response message to the server so as to close the communication connection between the server and the vehicle-mounted terminal.
To achieve the above object, a fourth aspect of the present application provides a server, including a memory for storing program codes and a processor, where the processor is configured to call the program codes in the memory to perform the following operations: receiving a handshake authentication request sent by a vehicle-mounted terminal, wherein the handshake authentication request comprises an identifier of the vehicle-mounted terminal and a first hash value encrypted by a symmetric encryption algorithm the same as that of the server; acquiring a second initial key which is locally stored and corresponds to the identifier of the vehicle-mounted terminal according to the identifier of the vehicle-mounted terminal; decrypting the handshake authentication request by adopting a decryption algorithm symmetrical to the vehicle-mounted terminal so as to determine a first initial key carried in the handshake authentication request; judging whether the first initial key is consistent with the second initial key; and if the authentication information is consistent with the authentication information, returning an authentication response message to the vehicle-mounted terminal.
According to the server, after receiving the handshake authentication request sent by the vehicle-mounted terminal, the server obtains a second initial key corresponding to the vehicle-mounted terminal identifier according to the vehicle-mounted terminal identifier, then decrypts the handshake authentication request by adopting a decryption algorithm symmetrical to the vehicle-mounted terminal to obtain a first initial key in the handshake authentication request, and returns an authentication response message to the vehicle-mounted terminal when the first initial key is determined to be consistent with the second key. Therefore, a lightweight security authentication transmission protocol is established between the vehicle-mounted terminal and the server, fewer resources are utilized, and the security of data transmission between the vehicle-mounted terminal and the server is improved.
In order to achieve the above object, a fifth aspect of the present application provides a vehicle networking security communication system, including the vehicle-mounted terminal according to the third aspect and the server according to the fourth aspect.
Drawings
The foregoing and/or additional aspects and advantages of the present invention will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:
FIG. 1 is a flow chart of a method of Internet of vehicles secure communication according to one embodiment of the present application;
FIG. 2 is a schematic block diagram of a vehicle networking security communication system according to one embodiment of the present application;
fig. 3 is a schematic diagram of an authentication process between a vehicle-mounted terminal and a server according to an embodiment of the present application;
fig. 4 is a schematic flow chart illustrating data transmission between a vehicle-mounted terminal and a server according to an embodiment of the present application;
FIG. 5 is a schematic flowchart of another method for Internet of vehicles secure communication according to an embodiment of the present application;
FIG. 6 is a schematic structural diagram of a vehicle-mounted terminal according to an embodiment of the present application;
fig. 7 is a schematic structural diagram of a server according to an embodiment of the present application.
Detailed Description
Reference will now be made in detail to embodiments of the present application, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are exemplary and intended to be used for explaining the present application and should not be construed as limiting the present application.
The embodiments of the application mainly aim at the problem that in the prior art, due to the fact that vehicle-mounted terminal resources are limited, the safety of data transmission cannot be guaranteed by using the existing transmission safety protocol, and provide a vehicle networking safety communication method, a vehicle-mounted terminal, a server and a system. In the vehicle networking safety communication method, the authentication and communication processes between the vehicle-mounted terminal and the server both use a symmetric encryption algorithm, so that the resource consumption of the vehicle-mounted terminal and the server is reduced.
The following describes a vehicle network secure communication method and apparatus according to an embodiment of the present application with reference to the drawings.
Fig. 1 is a flowchart of a car networking security communication method according to an embodiment of the present application.
As shown in fig. 1, the car networking security communication method includes:
s101, after the vehicle-mounted terminal is confirmed to be connected with the server through the transmission control protocol, a handshake authentication request is sent to the server.
The handshake authentication request comprises the identification of the vehicle-mounted terminal and a first hash value encrypted by a symmetric encryption algorithm which is the same as that of the server.
Specifically, the execution subject of the car networking safety communication method provided by the embodiment is the car networking safety communication device provided by the present application, and the device can be configured in the vehicle-mounted terminal to ensure the communication safety between the vehicle-mounted terminal and the server.
The identifier of the vehicle-mounted terminal refers to an identifier uniquely representing the identity of the vehicle-mounted terminal, and may be, for example, a product serial number of the vehicle-mounted terminal, or a unique identifier assigned by the server to the vehicle-mounted terminal, which is not limited in this embodiment. The first hash value is a check value generated according to the handshake authentication request, wherein the handshake authentication request may further include any one or more of a first initial key, an identifier of the first initial key, a first random number, and the like, and is used for enabling the server to check the identity of the vehicle-mounted terminal according to the handshake authentication request. The first random number is generated by the vehicle-mounted terminal randomly according to a preset rule.
In addition, the encryption algorithm of the vehicle-mounted terminal, which is the same as that of the server, can be any symmetric encryption algorithm, such as AES 128-CTR.
The first initial key is set by the manufacturer according to the initial key generated by the server before the vehicle-mounted terminal leaves the factory. Wherein, a vehicle-mounted terminal corresponds to an initial key.
For example, before the vehicle-mounted terminal leaves the factory, the server first generates a first initial key, then uses a HyperText Transfer protocol (HTTP) connection to transmit the first initial key to a production factory where the vehicle-mounted terminal is located, and then a person (a producer) injects the first initial key into the vehicle-mounted mobile terminal.
Further, in order to ensure that the vehicle-mounted terminal can reliably download the download certificate of the first initial key from the server, it is necessary to ensure that the HTTP connection for transmitting the first initial key is reliable.
Specifically, fig. 2 is a schematic structural diagram of a car networking safety communication system provided in the embodiment of the present application. As shown in fig. 2, the internet-of-vehicles secure communication system includes a Data Center (Data Center)1 on the server side and a manufacturing Plant (Plant)2 of the in-vehicle terminal. As shown in fig. 2, the downloading process of the certificate may be composed of the following processes:
1) the Data Center first generates a certificate named C1 for establishing the HTTPS link (C1 is only used to download the certificate requesting the first initial key, it cannot be used to download the first initial key).
2) The Data Center compresses C1 into a file, which may be encrypted using an algorithm such as AES256, and adds a password.
3) The Data Center sends the encrypted C1 to the worker (Producer) by e-mail.
4) The Producer obtains the encrypted C1 by mail and stores it.
5) The Data Center generates a certificate named C2 for downloading the first initial key and then uploads it to the HTTPS server in the Secure Transmission Gateway (STG).
6) The Data Center tells the Producer by phone the password to decrypt C1.
7) Producer decrypts C1 and uploads it to the browser.
8) Producer downloads C2 as soon as possible over the HTTPS link.
9) After confirming that the Producer successfully downloaded C2, the Data Center modifies the STG configuration to disable C1.
10) Producer uploads C2 to the browser and then establishes a new HTTPS link.
11) The Producer downloads the initial keys or upgrade certificates using the HTTPS link.
It should be noted that, in order to ensure the reliability of the downloaded certificate, the server may also perform periodic updating on the downloaded certificate, for example, updating once a week, every 10 days, and the like, so as to ensure the reliability and security of the HTTP link established by the downloaded certificate as much as possible.
S102, the vehicle-mounted terminal receives an authentication response message returned by the server, and the authentication response message is returned after the server determines that the vehicle-mounted terminal is legal.
Specifically, the server stores initial keys corresponding to the identifiers of the vehicle-mounted terminals, when the server receives a handshake authentication request sent by the vehicle-mounted terminal, the server can decrypt the encrypted first hash value by using the same symmetric encryption algorithm as that in the vehicle-mounted terminal, and then whether the first initial key obtained according to the first hash value is the same as the initial key corresponding to the identifier of the vehicle-mounted terminal and locally stored, if so, the vehicle-mounted terminal can be determined to be legal, and thus, an authentication response message can be returned to the vehicle-mounted terminal.
Further, the format of the communication message between the vehicle-mounted terminal and the server can be set to simplify the parsing process when the vehicle-mounted terminal and the server are in communication. Specifically, the handshake authentication request and the authentication response message may be shown in the following table, including: a Record protocol header (Record header), a Message Body (Message Body), and a Message authentication code (MAC Value) corresponding to the Message Body.
The recording protocol header is plaintext, the MAC value is ciphertext, and the content of the message body is determined according to the message type, for example, if the message is a handshake authentication request, the message body may include data messages such as a handshake authentication message header and a vehicle-mounted terminal identifier, and if the message is a data transmission message, the message body may only be a transmitted data value.
In addition, the first initial key in the vehicle-mounted terminal and the server mainly comprises two parts: a read key and a write key;
the read key and the write key respectively include a symmetric encryption key value, a random vector and a Hash-based Message Authentication Code (HMAC) key. In the three parts of the key, the key in the reading and writing directions of each end is different, but the reading key of the end is necessarily the same as the writing key of the opposite end, and the writing key of the end is necessarily the same as the reading key of the opposite end. The use of different keys for the read and write directions makes the protocol more resistant to statistical analysis attacks, thereby improving security.
S103, the vehicle-mounted terminal establishes a security authentication transmission protocol connection with the server according to the authentication response message.
Specifically, after receiving the Authentication response message returned by the server, the vehicle-mounted terminal may determine that the server is legal, so that a Secure Authentication and Transport Layer (SATL) connection may be established with the server, and data transmission may be performed through the Security Authentication and transport Layer.
It can be understood that after the TCP connection is established between the vehicle-mounted terminal and the server each time, the STAL connection needs to be established in the above manner, and the authentication of the identity and the update of the secret key can be completed in this process. The purpose of identity authentication is to ensure that the vehicle-mounted terminal or the server confirms the legal identity of the opposite terminal and prevent false communication terminal, man-in-the-middle attack and replay attack. The purpose of updating the keys is to strengthen the security of the keys.
According to the vehicle-mounted network security communication method provided by the embodiment of the application, after the vehicle-mounted terminal is determined to establish the TCP connection with the server, a handshake authentication request can be sent to the server based on a preset initial secret key and a symmetric encryption algorithm which is the same as that of the server, and then the vehicle-mounted terminal can establish the security authentication transmission protocol connection with the server after receiving an authentication response message returned by the server. Therefore, a lightweight security authentication transmission protocol is established between the vehicle-mounted terminal and the server, fewer resources are utilized, and the security of data transmission between the vehicle-mounted terminal and the server is improved.
Through the analysis, the vehicle-mounted terminal can perform handshake authentication with the server through the symmetric algorithm, so that the security authentication transmission protocol connection is established with the server, and the security of data transmission between the vehicle-mounted terminal and the server can be realized by using a lightweight security transmission protocol and occupying less resources.
Further, in order to prevent the handshake authentication request sent by the in-vehicle terminal from being illegally tampered, in step 101, the in-vehicle terminal may further generate a random Number according to a Pseudo Random Number Generator (PRNG), generate a hash value according to the random Number and an initial key by using a hash algorithm, and send the hash value as a ciphertext and an identifier of the in-vehicle terminal to the server for handshake authentication, where an authentication process between the in-vehicle terminal and the server is described in detail below with reference to fig. 3. That is, as shown in fig. 3, fig. 3 is a schematic diagram of an authentication process between a vehicle-mounted terminal and a server according to an embodiment of the present application.
As shown in fig. 3, the authentication process of the in-vehicle terminal and the server includes:
s301, the vehicle-mounted terminal generates a first random number according to a preset rule.
The preset rule may be a default rule of the pseudo random number generator or a rule preset by the user, which is not limited in this embodiment.
S302, the vehicle-mounted terminal generates a first hash value according to the first random number and the first initial secret key.
And S303, the vehicle-mounted terminal encrypts the first hash value by adopting a symmetric encryption algorithm which is the same as that of the server.
S304, the vehicle-mounted terminal sends a handshake authentication request comprising the identifier of the vehicle-mounted terminal, the first random number and the encrypted first hash value to the server.
Specifically, after receiving the handshake authentication request, the server may decrypt the handshake authentication request, and determine whether a hash value generated according to the first random number and the locally stored initial key corresponding to the vehicle-mounted terminal identifier matches the decrypted first hash value, if so, return an authentication response message to the vehicle-mounted terminal, otherwise, end.
It should be noted that, if the server determines that the decrypted first hash value matches the first hash value generated according to the algorithm, it may be determined that the handshake authentication request is legitimate and not modified, otherwise, a handshake failure message may be returned to the vehicle-mounted terminal, so that the vehicle-mounted terminal re-initiates the handshake authentication request.
S305, the vehicle-mounted terminal receives the authentication response message returned by the server.
The authentication response message includes the encrypted first random number, the update key, and the second hash value.
Specifically, the second hash value is generated by the server according to the update key and the first random number.
And S306, the vehicle-mounted terminal judges whether the first random number obtained after decryption is matched with the generated first random number, if so, S307 is executed, and otherwise, S301 is executed.
And S307, updating the key according to the decrypted updated key.
Specifically, after decrypting the authentication response message, the vehicle-mounted terminal may compare the first random number in the authentication response message with the first random number generated locally before, and if the first random number is the same as the first random number generated locally before, it may be determined that the server sending the authentication response message is legitimate, so that the key may be updated according to the update key in the authentication response message, otherwise, S301 may be returned to.
Further, in order to enable the server to determine whether the key update is performed on the vehicle-mounted terminal, after the key update is performed on the vehicle-mounted terminal, a key update confirmation message may be returned to the server, so that the server and the vehicle-mounted terminal can perform the key update synchronously.
For example, before returning the authentication response message to the vehicle-mounted terminal, the server may generate a second random number by using the random number generator, encrypt the second random number, and send the encrypted second random number to the vehicle-mounted terminal through the authentication response message, after determining that the server is legitimate according to the first random number, the vehicle-mounted terminal may generate a hash value according to the second random number and the update key, and return the hash value to the server after encrypting the hash value, so that after decrypting the key update confirmation message, the server may determine whether the second random number in the key update confirmation message is the same as the previously generated second random number, and if the second random number is the same as the previously generated second random number, the vehicle-mounted terminal may be determined to have performed key update, and the server may also replace the key corresponding to the vehicle-mounted terminal identifier with the update key, thereby completing the identity authentication process.
It can be understood that the key between the vehicle-mounted terminal and the server must be kept consistent, otherwise the next communication will fail. However, the key update may not be successful due to the problem of the communication link, so that the protocol must ensure that the next communication is normal even if the key update fails.
Thus, the server may store two copies of the key for each vehicle terminal, one old (denoted as KO) and one new (denoted as KN). When a handshake authentication request comes, the decryption is carried out by KN, if the updating is successful, the decryption by KN is successful, if the decryption is failed, the decryption is carried out by KO, and if the updating is failed, the decryption by KO is successful. If the key is determined to be updated successfully, the KO is overwritten when the key is updated again, and the KN is reserved; otherwise, writing the coverage KN and keeping KO.
In the embodiment, the vehicle-mounted terminal and the server perform identity authentication and key updating by adopting a symmetric encryption and decryption algorithm with less resources in the identity authentication process, so that the communication safety of the vehicle-mounted terminal and the server is improved, and the resource consumption of the vehicle-mounted terminal and the server is reduced.
After the vehicle-mounted terminal establishes the security authentication transmission protocol connection with the server, data transmission can be performed, and the vehicle networking security communication method provided by the embodiment of the present application is further described below with reference to fig. 4.
Fig. 4 is a schematic flow chart illustrating data transmission between a vehicle-mounted terminal and a server according to an embodiment of the present application.
As shown in fig. 4, after S307, the method further includes:
s401, the vehicle-mounted terminal constructs a first recording protocol head according to the type of the data to be transmitted.
The first recording protocol header is used for representing the type of data to be transmitted, such as vehicle driving messages or alarm data.
S402, the vehicle-mounted terminal carries out hash information verification code operation on the first recording protocol head and the data body to be transmitted, and determines a first message authentication code of the data to be transmitted.
And S403, the vehicle-mounted terminal encrypts the data body to be transmitted and the first message authentication code by using the updated key and encryption function, and transmits the encrypted data body and the first message authentication code to the server.
Specifically, after determining the content of each part of the message to be transmitted, the vehicle-mounted terminal can use a local write key and an encryption function to encrypt the data body and the first message authentication code and transmit the encrypted data body and the first message authentication code to the server, so that the server uses a symmetric decryption key and a symmetric decryption function to decrypt the received message to obtain corresponding data.
Further, when the server modifies the data in the vehicle-mounted terminal, the server encrypts the data body and the corresponding message authentication code in the same way as the vehicle-mounted terminal to obtain a transmission message, and then sends the transmission message to the vehicle-mounted terminal, and the corresponding method further comprises the following steps:
s404, the vehicle-mounted terminal receives the data message sent by the server.
S405, the vehicle-mounted terminal determines the position of a second message authentication code in the data message according to a second recording protocol header in the data message.
S406, the vehicle-mounted terminal decrypts the data message by using the updated key and a decryption function which is symmetrical to the encryption function in the server, so as to obtain a data body and a second message authentication code which are included in the data message.
And S407, the vehicle-mounted terminal performs hash information verification code operation on the second recording protocol head and the data body, and determines a third message authentication code.
S408, the vehicle-mounted terminal judges whether the second message authentication code is consistent with the third message authentication code, and if so, the data body is sent to an application layer in the vehicle-mounted terminal.
Specifically, after receiving the data message sent by the server, the vehicle-mounted terminal firstly decrypts through a symmetric decryption key and a corresponding decryption function to obtain a data body and a second message authentication code included in the data message, then obtains a third message authentication code according to the data body, and if the third message authentication code is consistent with the second message authentication code, the data message sent by the server is reliable, so that the plaintext data body can be sent to an application layer, and the vehicle-mounted terminal can modify according to the plaintext data. And if the third message authentication code is not consistent with the second message authentication code, the connection of the security authentication transmission protocol can be considered to be unreliable, so that the link can be closed, a new connection is reestablished, or an abnormal transmission message is returned to the server.
Further, after the data transmission between the vehicle-mounted terminal and the server is completed, the SATL connection may be closed, so that the vehicle-mounted terminal and the server release corresponding resources, that is, the method further includes:
the vehicle-mounted terminal receives a connection closing message sent by the server;
and the vehicle-mounted terminal releases local resources related to message reception according to the connection closing message.
Correspondingly, the vehicle-mounted terminal may also send a connection closing message to the server after completing data transmission, that is, the method further includes:
the vehicle-mounted terminal judges whether a local data message to be transmitted exists or not;
and if not, returning a connection closing response message to the server so as to close the communication connection between the server and the vehicle-mounted terminal.
If the two communicating parties wish to reestablish the SATL connection based on the current TCP connection, the old SATL connection must be closed following the above procedure, or the SATL connection may be closed by directly closing the TCP connection.
According to the vehicle networking safety communication method provided by the embodiment, after the vehicle-mounted terminal is connected with the server through the STAL, the transmitted message can be constructed according to the data body to be transmitted, the data message is reliably transmitted to the opposite terminal through the STAL connection, and the STAL connection is closed in real time after the data transmission is finished, so that resources in the vehicle-mounted terminal and the server are released. Therefore, the communication safety of the vehicle-mounted terminal and the server is improved, and the resource consumption of the vehicle-mounted terminal and the server is reduced. Fig. 5 is a schematic flowchart of another car networking security communication method provided in an embodiment of the present application.
As shown in fig. 5, the method includes:
s501, the server receives a handshake authentication request sent by the vehicle-mounted terminal.
The handshake authentication request comprises an identifier of the vehicle-mounted terminal and a first hash value encrypted by a symmetric encryption algorithm which is the same as that of the server;
s502, the server acquires a second initial key which is locally stored and corresponds to the identifier of the vehicle-mounted terminal according to the identifier of the vehicle-mounted terminal;
s503, the server decrypts the handshake authentication request by adopting a decryption algorithm symmetrical to the vehicle-mounted terminal to determine a first initial key carried in the handshake authentication request;
s504, the server judges whether the first initial key is consistent with the second initial key;
and S505, if the authentication response message is consistent with the authentication response message, returning the authentication response message to the vehicle-mounted terminal.
Specifically, the execution subject of the car networking security communication method provided by the embodiment is a server. In this embodiment, the server establishes an SATL connection by using a key and an encryption and decryption algorithm that are symmetric to the vehicle-mounted terminal through interaction with the vehicle-mounted terminal, thereby implementing secure and reliable data transmission.
For a specific implementation process of the method, reference may be made to the detailed description of the vehicle-mounted terminal side in the foregoing embodiment, which is not described herein again.
According to the Internet of vehicles safety communication method, after receiving a handshake authentication request sent by a vehicle-mounted terminal, a server obtains a second initial secret key corresponding to the vehicle-mounted terminal identification according to the vehicle-mounted terminal identification, then decrypts the handshake authentication request by adopting a decryption algorithm symmetrical to the vehicle-mounted terminal to obtain a first initial secret key in the handshake authentication request, and when the first initial secret key is determined to be consistent with the second secret key, an authentication response message is returned to the vehicle-mounted terminal. Therefore, a lightweight security authentication transmission protocol is established between the vehicle-mounted terminal and the server, fewer resources are utilized, and the security of data transmission between the vehicle-mounted terminal and the server is improved.
In order to implement the above embodiment, the present application further provides a vehicle-mounted terminal.
Fig. 6 is a schematic structural diagram of a vehicle-mounted terminal according to an embodiment of the present application.
As shown in fig. 6, the in-vehicle terminal 60 includes: a memory 61 and a processor 62.
Wherein, the memory 61 is used for storing program codes;
the processor 62 is configured to call the code in the storage 61 to perform the following processes:
after the fact that the transmission control protocol connection with a server is completed is determined, a handshake authentication request is sent to the server, wherein the handshake authentication request comprises an identification of the vehicle-mounted terminal and a first hash value encrypted by a symmetric encryption algorithm the same as that of the server;
receiving an authentication response message returned by the server, wherein the authentication response message is returned by the server after the vehicle-mounted terminal is determined to be legal;
and establishing a secure authentication transmission protocol connection with the server according to the authentication response message.
The vehicle-mounted terminal provided by the embodiment is used for executing the vehicle networking safety communication method provided by the first embodiment.
In a possible implementation of this embodiment, the processor 62 is further configured to:
generating a first random number according to a preset rule;
generating a first hash value according to the first random number and the first initial key;
encrypting the first hash value by adopting a symmetric encryption algorithm which is the same as that of the server;
and sending a handshake authentication request comprising the identification of the vehicle-mounted terminal and the encrypted first hash value to the server.
In a possible implementation of this embodiment, the authentication response message includes the encrypted first random number, the update key, and the second hash value;
accordingly, the processor 62 is further configured to:
decrypting the authentication response message;
judging whether the first random number obtained after decryption is matched with the generated first random number or not;
and if so, updating the key according to the updated key obtained after decryption.
In another possible implementation of this embodiment, the authentication response message further includes an encrypted second random number;
accordingly, the processor 62 is further configured to:
and returning a key updating confirmation message to the server, wherein the key updating confirmation message comprises the encrypted second random number and a second hash value generated according to the updating key and the second random number, so that the server updates the key.
In another possible implementation of this embodiment, the handshake authentication request and the authentication response message include:
recording a protocol header, a message body and a message authentication code corresponding to the message body.
In another possible implementation of this embodiment, the initial key includes: a read key and a write key;
the read key and the write key respectively comprise a symmetric encryption key value, a random vector and a Hash operation message authentication code algorithm key.
In another possible implementation of this embodiment, the processor 62 is further configured to:
constructing a first recording protocol head according to the type of data to be transmitted;
performing hash information verification code operation on the first recording protocol header and the data body to be transmitted, and determining a first message authentication code of the data to be transmitted;
and encrypting the data body to be transmitted and the first message authentication code by using the updated key and encryption function, and transmitting the data body to be transmitted and the first message authentication code to the server.
In yet another possible implementation of this embodiment, the processor 62 is further configured to:
receiving a data message sent by the server;
determining the position of a second message authentication code in the data message according to a second recording protocol header in the data message;
decrypting the data message by using the updated key and a decryption function which is symmetrical to the encryption function in the server to obtain a data body and a second message authentication code which are included in the data message;
performing hash information verification code operation on the second recording protocol header and the data body, and determining a third message authentication code;
and judging whether the second message authentication code is consistent with the third message authentication code, and if so, sending the data body to an application layer in the vehicle-mounted terminal.
In yet another possible implementation form of this embodiment, the processor 62 is further configured to:
receiving a connection closing message sent by the server;
and releasing the local resources associated with the message reception according to the connection closing message.
In yet another possible implementation form of this embodiment, the processor 62 is further configured to:
the vehicle-mounted terminal judges whether a local data message to be transmitted exists or not;
and if not, returning a connection closing response message to the server so as to close the communication connection between the server and the vehicle-mounted terminal.
It should be noted that the foregoing explanation on the embodiment of the car networking security communication method is also applicable to the car terminal in this embodiment, and details are not described here.
According to the vehicle-mounted terminal of the embodiment of the application, after the TCP connection is established in the server, the vehicle-mounted terminal can send a handshake authentication request to the server based on the preset initial secret key and the symmetric encryption algorithm which is the same as that of the server, and then can establish the security authentication transmission protocol connection with the server after receiving the authentication response message returned by the server. Therefore, a lightweight security authentication transmission protocol is established between the vehicle-mounted terminal and the server, fewer resources are utilized, and the security of data transmission between the vehicle-mounted terminal and the server is improved.
Fig. 7 is a schematic structural diagram of a server according to an embodiment of the present application.
As shown in fig. 7, the server 70 includes: a memory 71 and a processor 72.
Wherein the memory 71 is used for storing program codes;
the processor 72 is configured to call the program code in the memory to perform the following operations:
receiving a handshake authentication request sent by a vehicle-mounted terminal, wherein the handshake authentication request comprises an identifier of the vehicle-mounted terminal and a first hash value encrypted by a symmetric encryption algorithm the same as that of the server;
acquiring a second initial key which is locally stored and corresponds to the identifier of the vehicle-mounted terminal according to the identifier of the vehicle-mounted terminal;
decrypting the handshake authentication request by adopting a decryption algorithm symmetrical to the vehicle-mounted terminal so as to determine a first initial key carried in the handshake authentication request;
judging whether the first initial key is consistent with the second initial key;
and if the authentication information is consistent with the authentication information, returning an authentication response message to the vehicle-mounted terminal.
It should be noted that the server establishes a lightweight secure communication connection with the vehicle-mounted terminal by executing the method of interacting with the vehicle-mounted terminal, thereby ensuring the security of data transmission.
It should be noted that the foregoing explanation on the embodiment of the car networking security communication method is also applicable to the server in this embodiment, and details are not described here.
According to the server, after receiving the handshake authentication request sent by the vehicle-mounted terminal, the server obtains a second initial key corresponding to the vehicle-mounted terminal identifier according to the vehicle-mounted terminal identifier, then decrypts the handshake authentication request by adopting a decryption algorithm symmetrical to the vehicle-mounted terminal to obtain a first initial key in the handshake authentication request, and returns an authentication response message to the vehicle-mounted terminal when the first initial key is determined to be consistent with the second key. Therefore, a lightweight security authentication transmission protocol is established between the vehicle-mounted terminal and the server, fewer resources are utilized, and the security of data transmission between the vehicle-mounted terminal and the server is improved.
In the description herein, reference to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the application. Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated.
It should be understood that portions of the present application may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
It will be understood by those skilled in the art that all or part of the steps carried by the method for implementing the above embodiments may be implemented by hardware related to instructions of a program, which may be stored in a computer readable storage medium, and when the program is executed, the program includes one or a combination of the steps of the method embodiments.
The storage medium mentioned above may be a read-only memory, a magnetic or optical disk, etc. Although embodiments of the present application have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present application, and that variations, modifications, substitutions and alterations may be made to the above embodiments by those of ordinary skill in the art within the scope of the present application.

Claims (21)

1. A car networking safety communication method is characterized by comprising the following steps:
after the vehicle-mounted terminal is confirmed to be connected with a server through a transmission control protocol, a handshake authentication request is sent to the server, wherein the handshake authentication request comprises an identification of the vehicle-mounted terminal and a first Hash value encrypted by a symmetric encryption algorithm the same as that of the server;
the vehicle-mounted terminal receives an authentication response message returned by the server, wherein the authentication response message is returned by the server after the vehicle-mounted terminal is determined to be legal;
the vehicle-mounted terminal establishes a security authentication transmission protocol connection with the server according to the authentication response message, the authentication response message comprises an updated key, the vehicle-mounted terminal updates the key according to the updated key obtained after decryption, and after the vehicle-mounted terminal establishes the security authentication transmission protocol connection with the server, the method further comprises the following steps:
the vehicle-mounted terminal constructs a first recording protocol head according to the type of data to be transmitted;
the vehicle-mounted terminal carries out hash information verification code operation on the first recording protocol head and the data body to be transmitted, and determines a first message authentication code of the data to be transmitted;
and the vehicle-mounted terminal encrypts the data body to be transmitted and the first message authentication code by using the updated key and encryption function and transmits the encrypted data body and the first message authentication code to the server.
2. The method of claim 1, wherein before the in-vehicle terminal sends the handshake authentication request to the server, the method further comprises:
the vehicle-mounted terminal generates a first random number according to a preset rule;
and the vehicle-mounted terminal generates the first hash value according to the first random number and a first initial key.
3. The method according to claim 2, wherein the authentication response message further includes the encrypted first random number and the encrypted second hash value, and after the in-vehicle terminal receives the authentication response message returned by the server, the method further includes:
the vehicle-mounted terminal decrypts the authentication response message;
the vehicle-mounted terminal judges whether the first random number obtained after decryption is matched with the generated first random number or not;
and if so, updating the key by the vehicle-mounted terminal according to the decrypted updated key.
4. The method of claim 3, wherein the authentication response message further includes an encrypted second random number;
after the key is updated according to the updated key obtained after decryption, the vehicle-mounted terminal further includes:
and the vehicle-mounted terminal returns a key updating confirmation message to the server, wherein the key updating confirmation message comprises the encrypted second random number and a second hash value generated according to the updating key and the second random number, so that the server updates the key.
5. The method of claim 3, wherein the handshake authentication request and authentication response messages include:
recording a protocol header, a message body and a message authentication code corresponding to the message body.
6. The method of any of claims 1-5, wherein the first initial key comprises: a read key and a write key;
the read key and the write key respectively comprise a symmetric encryption key value, a random vector and a Hash operation message authentication code algorithm key.
7. The method of claim 5, wherein after the vehicle-mounted terminal establishes the secure authenticated transmission protocol connection with the server, the method further comprises:
the vehicle-mounted terminal receives the data message sent by the server;
the vehicle-mounted terminal determines the position of a second message authentication code in the data message according to a second recording protocol header in the data message;
the vehicle-mounted terminal decrypts the data message by using the updated key and a decryption function which is symmetrical to the encryption function in the server so as to obtain a data body and a second message authentication code which are included in the data message;
the vehicle-mounted terminal performs hash information verification code operation on the second recording protocol head and the data body to determine a third message authentication code;
and the vehicle-mounted terminal judges whether the second message authentication code is consistent with the third message authentication code, and if so, the data body is sent to an application layer in the vehicle-mounted terminal.
8. The method of claim 1 or 7, further comprising:
the vehicle-mounted terminal receives a connection closing message sent by the server;
and the vehicle-mounted terminal releases local resources related to message reception according to the connection closing message.
9. The method of claim 8, wherein after the vehicle-mounted terminal receives the connection closing message sent by the server, the method further comprises:
the vehicle-mounted terminal judges whether a local data message to be transmitted exists or not;
and if not, returning a connection closing response message to the server so as to close the communication connection between the server and the vehicle-mounted terminal.
10. A car networking safety communication method is characterized by comprising the following steps:
the method comprises the steps that a server receives a handshake authentication request sent by a vehicle-mounted terminal, wherein the handshake authentication request comprises an identifier of the vehicle-mounted terminal, a first initial key and a first hash value encrypted by a symmetric encryption algorithm the same as that of the server;
the server acquires a second initial key which is locally stored and corresponds to the identifier of the vehicle-mounted terminal according to the identifier of the vehicle-mounted terminal;
the server decrypts the handshake authentication request by adopting a decryption algorithm symmetrical to the vehicle-mounted terminal so as to determine a first initial key carried in the handshake authentication request;
the server judges whether the first initial key is consistent with the second initial key;
and if the authentication information is consistent with the authentication information, returning an authentication response message to the vehicle-mounted terminal.
11. A vehicle-mounted terminal characterized by comprising: a memory and a processor for storing program code;
the processor is configured to call code in the memory to perform the following process:
after the fact that the transmission control protocol connection with a server is completed is determined, a handshake authentication request is sent to the server, wherein the handshake authentication request comprises an identification of the vehicle-mounted terminal and a first hash value encrypted by a symmetric encryption algorithm the same as that of the server;
receiving an authentication response message returned by the server, wherein the authentication response message is returned by the server after the vehicle-mounted terminal is determined to be legal;
according to the authentication response message, establishing a secure authentication transmission protocol connection with the server, wherein the authentication response message comprises an updated key, the vehicle-mounted terminal updates the key according to the updated key obtained after decryption, and the processor is further configured to:
the vehicle-mounted terminal constructs a first recording protocol head according to the type of data to be transmitted;
the vehicle-mounted terminal carries out hash information verification code operation on the first recording protocol head and the data body to be transmitted, and determines a first message authentication code of the data to be transmitted;
and the vehicle-mounted terminal encrypts the data body to be transmitted and the first message authentication code by using the updated key and encryption function and transmits the encrypted data body and the first message authentication code to the server.
12. The vehicle terminal of claim 11, wherein the processor is further configured to:
generating a first random number according to a preset rule;
and generating a first hash value according to the first random number and the first initial key.
13. The in-vehicle terminal according to claim 12, wherein the authentication response message further includes the encrypted first random number and the second hash value;
the processor is further configured to:
decrypting the authentication response message;
judging whether the first random number obtained after decryption is matched with the generated first random number or not;
and if so, updating the key according to the updated key obtained after decryption.
14. The in-vehicle terminal according to claim 13, wherein the authentication response message further includes an encrypted second random number;
the processor is further configured to:
and returning a key updating confirmation message to the server, wherein the key updating confirmation message comprises the encrypted second random number and a second hash value generated according to the updating key and the second random number, so that the server updates the key.
15. The in-vehicle terminal of claim 13, wherein the handshake authentication request and authentication response messages include:
recording a protocol header, a message body and a message authentication code corresponding to the message body.
16. The vehicle terminal according to any of claims 11-15, wherein the first initial key comprises: a read key and a write key;
the read key and the write key respectively comprise a symmetric encryption key value, a random vector and a Hash operation message authentication code algorithm key.
17. The vehicle terminal of claim 15, wherein the processor is further configured to:
receiving a data message sent by the server;
determining the position of a second message authentication code in the data message according to a second recording protocol header in the data message;
decrypting the data message by using the updated key and a decryption function which is symmetrical to the encryption function in the server to obtain a data body and a second message authentication code which are included in the data message;
performing hash information verification code operation on the second recording protocol header and the data body, and determining a third message authentication code;
and judging whether the second message authentication code is consistent with the third message authentication code, and if so, sending the data body to an application layer in the vehicle-mounted terminal.
18. The vehicle terminal of claim 11 or 17, wherein the processor is further configured to:
receiving a connection closing message sent by the server;
and releasing the local resources associated with the message reception according to the connection closing message.
19. The vehicle terminal of claim 18, wherein the processor is further configured to:
the vehicle-mounted terminal judges whether a local data message to be transmitted exists or not;
and if not, returning a connection closing response message to the server so as to close the communication connection between the server and the vehicle-mounted terminal.
20. A server, comprising a memory for storing program code and a processor,
wherein the processor is configured to invoke the program code in the memory to perform the following operations:
receiving a handshake authentication request sent by a vehicle-mounted terminal, wherein the handshake authentication request comprises an identifier of the vehicle-mounted terminal, a first initial key and a first hash value encrypted by a symmetric encryption algorithm the same as that of the server;
acquiring a second initial key which is locally stored and corresponds to the identifier of the vehicle-mounted terminal according to the identifier of the vehicle-mounted terminal;
decrypting the handshake authentication request by adopting a decryption algorithm symmetrical to the vehicle-mounted terminal so as to determine a first initial key carried in the handshake authentication request;
judging whether the first initial key is consistent with the second initial key;
and if the authentication information is consistent with the authentication information, returning an authentication response message to the vehicle-mounted terminal.
21. A car networking security communication system, characterized by comprising a vehicle terminal according to any of claims 11-19 and a server according to claim 20.
CN201610838067.1A 2016-09-21 2016-09-21 Internet of vehicles safety communication method, vehicle-mounted terminal, server and system Active CN106453269B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610838067.1A CN106453269B (en) 2016-09-21 2016-09-21 Internet of vehicles safety communication method, vehicle-mounted terminal, server and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610838067.1A CN106453269B (en) 2016-09-21 2016-09-21 Internet of vehicles safety communication method, vehicle-mounted terminal, server and system

Publications (2)

Publication Number Publication Date
CN106453269A CN106453269A (en) 2017-02-22
CN106453269B true CN106453269B (en) 2021-06-25

Family

ID=58165775

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610838067.1A Active CN106453269B (en) 2016-09-21 2016-09-21 Internet of vehicles safety communication method, vehicle-mounted terminal, server and system

Country Status (1)

Country Link
CN (1) CN106453269B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI814487B (en) * 2022-07-15 2023-09-01 系統電子工業股份有限公司 Remote update vehicle host method

Families Citing this family (52)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107070998B (en) * 2017-03-20 2019-11-29 广东工业大学 A kind of safe Internet of Things communications protocol and method
CN106912049B (en) * 2017-04-05 2020-11-06 深圳市风云实业有限公司 Method for improving user authentication experience
CN107483539A (en) * 2017-07-14 2017-12-15 宝沃汽车(中国)有限公司 The key management method of car networking
CN107491279A (en) * 2017-08-15 2017-12-19 深圳市创维群欣安防科技股份有限公司 A kind of method, storage medium and throwing screen control device realized mobile terminal and throw screen
CN109561116A (en) * 2017-09-26 2019-04-02 株洲中车时代电气股份有限公司 Obtain the method and Train Control and diagnostic system of low-floor train fault data
CN108243181A (en) * 2017-10-09 2018-07-03 北京车和家信息技术有限公司 A kind of car networking terminal, data ciphering method and car networking server
CN108076062A (en) * 2017-12-22 2018-05-25 深圳市汇川技术股份有限公司 Internet of things equipment safe communication system, method, networked devices and server
CN110071904B (en) * 2018-01-24 2021-07-20 比亚迪股份有限公司 Detection method and system of vehicle-mounted terminal, server and storage medium
CN108632250B (en) * 2018-03-27 2020-12-08 北京安御道合科技有限公司 Method and equipment for generating command control session master key and transmitting operation command
CN108810859A (en) * 2018-05-20 2018-11-13 陈将 A kind of Bluetooth smart watch sound control method and system based on encryption function
CN108882164B (en) * 2018-06-05 2020-08-21 台州市荣创电子有限公司 Safe and reliable automobile navigation communication control method
CN108989282A (en) * 2018-06-06 2018-12-11 咕咚网络(北京)有限公司 The connection method of door lock terminal and gateway in a kind of Wireless Networking door-locking system
CN108449735A (en) * 2018-06-25 2018-08-24 中国联合网络通信集团有限公司 Method, car-mounted terminal, equipment and the computer readable storage medium of OTA communications
CN108989024B (en) * 2018-06-29 2023-04-14 百度在线网络技术(北京)有限公司 Method, device and equipment for controlling communication between ECUs and corresponding vehicle
CN110719247B (en) * 2018-07-11 2021-09-10 视联动力信息技术股份有限公司 Terminal network access method and device
CN110719248B (en) * 2018-07-12 2021-08-17 中移(杭州)信息技术有限公司 Method and device for forwarding user datagram protocol message
CN108989318B (en) * 2018-07-26 2020-12-29 中国电子科技集团公司第三十研究所 Light-weight security authentication and key exchange method for narrowband Internet of things
CN109495441A (en) * 2018-09-10 2019-03-19 北京车和家信息技术有限公司 Access authentication method, device, relevant device and computer readable storage medium
CN108958779A (en) * 2018-09-20 2018-12-07 广东美的暖通设备有限公司 Firmware upgrade management method, device and computer readable storage medium
US10785223B2 (en) * 2018-10-19 2020-09-22 Honda Motor Co., Ltd. Authentication and registration system
CN109525559B (en) * 2018-10-25 2021-08-10 深圳创维数字技术有限公司 Picture sharing method and system
CN109617886B (en) * 2018-12-21 2021-07-27 广东宏大欣电子科技有限公司 Client data encryption method and server data encryption method based on TCP communication
CN109672538B (en) * 2019-02-13 2021-08-27 北京仁信证科技有限公司 Lightweight vehicle-mounted bus secure communication method and system
CN109862040B (en) * 2019-03-27 2021-08-24 北京经纬恒润科技股份有限公司 Security authentication method and authentication system
CN110182218A (en) * 2019-05-23 2019-08-30 格陆博科技有限公司 A kind of power bottom plate domain controller for unmanned electric vehicle
CN110263526B (en) * 2019-06-13 2023-08-18 惠州市德赛西威汽车电子股份有限公司 Production line certificate injection system and method thereof
CN112328271B (en) * 2019-07-31 2022-05-03 株洲中车时代电气股份有限公司 Vehicle-mounted equipment software upgrading method and system
CN110830491A (en) * 2019-11-14 2020-02-21 武汉虹信通信技术有限责任公司 Internet of vehicles information acquisition method and device
CN112839019B (en) * 2019-11-25 2023-04-25 广州汽车集团股份有限公司 Vehicle-mounted data transmission method, device and system
CN110912680B (en) * 2019-11-26 2023-06-27 福建汉特云智能科技有限公司 Data transmission method and storage medium for improving safety of vehicle condition data
CN111127706B (en) * 2019-11-28 2022-04-22 深圳指芯物联技术有限公司 Intelligent lock control method, intelligent lock, cloud server and computing equipment
CN111182498A (en) * 2019-12-31 2020-05-19 成都车晓科技有限公司 Real-time asset management method and system for motor vehicle
CN113347133B (en) * 2020-02-18 2023-04-28 华为技术有限公司 Authentication method and device of vehicle-mounted equipment
CN111475869B (en) * 2020-03-31 2023-10-27 东软集团股份有限公司 Communication method, device, medium, secure computing module and secure chip
CN113572795B (en) * 2020-04-28 2023-10-27 广州汽车集团股份有限公司 Vehicle safety communication method, system and vehicle-mounted terminal
CN111541716A (en) * 2020-05-14 2020-08-14 东软睿驰汽车技术(沈阳)有限公司 Data transmission method and related device
WO2021226989A1 (en) * 2020-05-15 2021-11-18 华为技术有限公司 Communication method and communication apparatus
CN111629002B (en) * 2020-05-28 2022-02-08 爱瑟福信息科技(上海)有限公司 OTA (over the air) safety upgrading method and system of vehicle ECU (electronic control Unit)
CN111865666A (en) * 2020-06-24 2020-10-30 微梦创科网络科技(中国)有限公司 Service method and system for integrating API gateway by sdk
CN112087419B (en) * 2020-07-25 2022-07-29 北京蜂云科创信息技术有限公司 Vehicle-mounted terminal data transmission safety protection method and device
CN111787125B (en) * 2020-08-05 2021-09-28 安徽江淮汽车集团股份有限公司 Information interaction system and method
CN112134843B (en) * 2020-08-19 2023-10-13 南京信息职业技术学院 Authentication method of Internet of things equipment
CN112383897B (en) * 2020-10-19 2023-09-22 东软集团股份有限公司 Information transmission method, device, medium and electronic equipment based on intelligent network
CN112565251B (en) * 2020-12-02 2023-04-18 北京梧桐车联科技有限责任公司 Access authentication method, device and system for vehicle-mounted application
CN112437436B (en) * 2020-12-07 2023-05-02 中国联合网络通信集团有限公司 Identity authentication method and device
CN112839035B (en) * 2020-12-29 2022-11-11 合安科技技术有限公司 Safe communication control method and device for street lamp and related equipment
CN115174605A (en) * 2021-03-17 2022-10-11 大唐移动通信设备有限公司 Internet of vehicles equipment authentication method and device and processor readable storage medium
CN113395335B (en) * 2021-05-31 2022-04-08 江铃汽车股份有限公司 Detection method and system for connecting vehicle-mounted intelligent terminal with background server
CN113660271B (en) * 2021-08-17 2022-11-25 安徽江淮汽车集团股份有限公司 Security authentication method and device for Internet of vehicles
CN113656822A (en) * 2021-08-31 2021-11-16 成都卫士通信息产业股份有限公司 Multimedia conference key management method, device, equipment and storage medium
CN113992331A (en) * 2021-11-15 2022-01-28 苏州挚途科技有限公司 Vehicle-mounted Ethernet data transmission method, device and system
CN114157489B (en) * 2021-12-02 2023-01-03 安徽江淮汽车集团股份有限公司 Communication domain controller safety communication method based on periodic authentication handshake mechanism

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2012215922A (en) * 2011-03-31 2012-11-08 Japan Research Institute Ltd Car sharing system and car sharing method
CN103684766A (en) * 2012-08-30 2014-03-26 卓望数码技术(深圳)有限公司 Private key protection method and system for terminal user
CN103746969A (en) * 2013-12-24 2014-04-23 深圳市领华卫通数码科技有限公司 Vehicle terminal authentication method and authentication server
CN104363586A (en) * 2014-11-14 2015-02-18 安徽大学 Lightweight-class roaming access authentication method for Internet of Vehicles
CN104579694A (en) * 2015-02-09 2015-04-29 浙江大学 Identity authentication method and system
CN105101194A (en) * 2014-04-28 2015-11-25 华为技术有限公司 Terminal security authentication method, device and system
CN105656862A (en) * 2014-11-21 2016-06-08 航天恒星科技有限公司 Authentication method and device
WO2016118523A1 (en) * 2015-01-19 2016-07-28 InAuth, Inc. Systems and methods for trusted path secure communication
CN105871857A (en) * 2016-04-13 2016-08-17 北京怡和嘉业医疗科技有限公司 Authentication method, authentication device, authentication system and treatment equipment

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2012215922A (en) * 2011-03-31 2012-11-08 Japan Research Institute Ltd Car sharing system and car sharing method
CN103684766A (en) * 2012-08-30 2014-03-26 卓望数码技术(深圳)有限公司 Private key protection method and system for terminal user
CN103746969A (en) * 2013-12-24 2014-04-23 深圳市领华卫通数码科技有限公司 Vehicle terminal authentication method and authentication server
CN105101194A (en) * 2014-04-28 2015-11-25 华为技术有限公司 Terminal security authentication method, device and system
CN104363586A (en) * 2014-11-14 2015-02-18 安徽大学 Lightweight-class roaming access authentication method for Internet of Vehicles
CN105656862A (en) * 2014-11-21 2016-06-08 航天恒星科技有限公司 Authentication method and device
WO2016118523A1 (en) * 2015-01-19 2016-07-28 InAuth, Inc. Systems and methods for trusted path secure communication
CN104579694A (en) * 2015-02-09 2015-04-29 浙江大学 Identity authentication method and system
CN105871857A (en) * 2016-04-13 2016-08-17 北京怡和嘉业医疗科技有限公司 Authentication method, authentication device, authentication system and treatment equipment

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
《Cooperative Message Authentication in Vehicular Cyber-Physical Systems》;Wenlong Shen等;《IEEE Transactions on Emerging Topics in Computing》;20130712;第1卷(第1期);全文 *
《TCM在车联网移动终端中的应用》;高文彬;《中国优秀硕士学位论文全文数据库信息科技辑》《中国优秀硕士学位论文全文数据库信息科技辑》;20110401;全文 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI814487B (en) * 2022-07-15 2023-09-01 系統電子工業股份有限公司 Remote update vehicle host method

Also Published As

Publication number Publication date
CN106453269A (en) 2017-02-22

Similar Documents

Publication Publication Date Title
CN106453269B (en) Internet of vehicles safety communication method, vehicle-mounted terminal, server and system
JP6549664B2 (en) ID-based control unit key fob pairing
CN105978917B (en) A kind of system and method for trusted application safety certification
EP3723399A1 (en) Identity verification method and apparatus
KR101032016B1 (en) Constrained cryptographic keys
US8799657B2 (en) Method and system of reconstructing a secret code in a vehicle for performing secure operations
CA2662686C (en) Method and system for establishing a secure over-the-air (ota) device connection
CN110708388B (en) Vehicle body safety anchor node device, method and network system for providing safety service
JP2018502505A (en) Method for securely transmitting a virtual key and method for authenticating a mobile terminal
US11282079B2 (en) Method for securing contactless transactions
KR101706117B1 (en) Apparatus and method for other portable terminal authentication in portable terminal
EP2474178B1 (en) A method for communicating data between a secure element and a network access point and a corresponding secure element
CN109218263A (en) A kind of control method and device
EP3732910B1 (en) A method for updating a one-time secret key
CN108762791A (en) Firmware upgrade method and device
KR20170042549A (en) Method for the authentication of a first electronic entity by a second electronic entity, and electronic entity implementing such a method
JP2012100206A (en) Cryptographic communication relay system, cryptographic communication relay method and cryptographic communication relay program
CN107750470B (en) Method for replacing at least one authentication parameter for authenticating a secure element and corresponding secure element
JP2006019975A (en) Cipher packet communication system, receiving device and transmitting device with which same is equipped , and communication method, receiving method, transmitting method, receiving program and transmitting program for cipher packet which are applied thereto
CN114684070A (en) Safe vehicle control method and device, vehicle system and storage medium
US10700854B2 (en) Resource management in a cellular network
US10671717B2 (en) Communication device, communication method and computer program
CN114978542B (en) Full life cycle-oriented internet of things equipment identity authentication method, system and storage medium
CN111147236A (en) Encryption and decryption method and system based on RSA and AES
CN114389804B (en) Intelligent terminal control method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant