CN113852632A - Vehicle identity authentication method, system, device and storage medium based on SM9 algorithm - Google Patents

Vehicle identity authentication method, system, device and storage medium based on SM9 algorithm Download PDF

Info

Publication number
CN113852632A
CN113852632A CN202111124163.7A CN202111124163A CN113852632A CN 113852632 A CN113852632 A CN 113852632A CN 202111124163 A CN202111124163 A CN 202111124163A CN 113852632 A CN113852632 A CN 113852632A
Authority
CN
China
Prior art keywords
vehicle
vehicle end
key
private key
identity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111124163.7A
Other languages
Chinese (zh)
Other versions
CN113852632B (en
Inventor
孙亚东
谢福进
王志海
喻波
魏力
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Wondersoft Technology Co Ltd
Original Assignee
Beijing Wondersoft Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Wondersoft Technology Co Ltd filed Critical Beijing Wondersoft Technology Co Ltd
Priority to CN202111124163.7A priority Critical patent/CN113852632B/en
Publication of CN113852632A publication Critical patent/CN113852632A/en
Application granted granted Critical
Publication of CN113852632B publication Critical patent/CN113852632B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Power Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Lock And Its Accessories (AREA)

Abstract

The embodiment of the application provides a vehicle identity authentication method, a system, a device and a storage medium based on SM9 algorithm, and the method comprises the following steps: generating a public key of the first vehicle end according to the identity of the first vehicle end, encrypting verification information based on the public key pair of the first vehicle end and sending the verification information and the identity of the second vehicle end to the first vehicle end, generating a public key of the second vehicle end according to the identity of the second vehicle end, and encrypting the verification information by using the public key of the second vehicle end and sending the verification information to the second vehicle end; and the second vehicle end decrypts the verification information according to the private key of the second vehicle end, compares the verification information with the previous verification information and determines an authentication result. The traditional operation and maintenance PKI system is not needed in the cloud, the cloud operation cost is greatly reduced, the opposite party public key certificate is generated by adopting the opposite party identity based on the SM9 algorithm, the vehicle identity certificate is not needed to be synchronized from the cloud, the problems of low authentication efficiency and long time delay are solved, and the risk of identity impersonation attack caused by certificate updating does not exist.

Description

Vehicle identity authentication method, system, device and storage medium based on SM9 algorithm
Technical Field
The present disclosure relates to the field of car networking, and in particular, to a method, a system, an apparatus, and a storage medium for vehicle identity authentication based on SM9 algorithm.
Background
With the application of technologies such as internet, artificial intelligence, cloud computing and big data, the degree of intellectualization and networking of automobiles is higher and higher, and the automobiles become intelligent terminal equipment in the world of everything interconnection. Through more open modes such as in-vehicle communication, car-to-car communication, passenger communication, vehicle road communication, car and infrastructure communication, intelligent networked automobile will greatly increase the interaction of information during the driving of automobile on the road. And after the intelligent network connection, new requirements are provided for application and data safety and identity authentication between each terminal and the intelligent network connection automobile operation service. Due to the lack of identity authentication and transmission data encryption, an attacker attacks a vehicle information interface and intercepts a communication line, so that vehicle information is leaked and even an automobile control system is taken over, further accidents are caused, and the consequences are unreasonable. In the current application of the Internet of vehicles, the safety of vehicle-vehicle communication and vehicle-cloud communication is ensured through a public key certificate system (PKI), the identity information of the other party is verified, and the encrypted data is encrypted
In the related technology, due to the characteristics of the SM2\ SM3\ SM4 algorithm adopted by the PKI public key certificate system, the efficiency of the identity certificate verification process is low, the time delay is long, and the PKI public key certificate system cannot adapt to the communication requirements in the vehicle networking environment and the vehicle rapid moving process. Moreover, the cloud needs to host and maintain the identity certificate of the vehicle, so that the cloud operation and maintenance cost is high. And when the vehicle updates the identity certificate, the cloud needs a certain time to complete the certificate updating, and the vehicle needs a certain time to synchronize a new certificate, so that the attack risk of identity impersonation exists.
Disclosure of Invention
The embodiment of the invention provides a vehicle identity authentication method, a system, a device and a storage medium based on an SM9 algorithm, aiming at solving the problems existing in the special conditions.
In order to solve the technical problem, the invention is realized as follows:
in a first aspect, an embodiment of the present invention provides a vehicle identity authentication method based on an SM9 algorithm, which is applied to a vehicle networking, where the vehicle networking includes a cloud platform and a plurality of vehicle terminals communicatively connected to the cloud platform, and the vehicle terminals locally store a private key generated by the cloud platform according to an identity of the vehicle terminal, where the method includes: a first vehicle end sends an identity authentication request to a second vehicle end, wherein the identity authentication request carries an identity of the first vehicle end;
the second vehicle end generates a public key of the first vehicle end according to the identity of the first vehicle end, encrypts pre-generated verification information based on the public key of the first vehicle end, generates a first verification ciphertext and sends the first verification ciphertext and the identity of the second vehicle end to the first vehicle end;
the first vehicle end decrypts the first verification ciphertext according to a private key of the first vehicle end to obtain the verification information, generates a public key of a second vehicle end according to the identity of the second vehicle end, encrypts the verification information by using the public key of the second vehicle end to generate a second verification ciphertext and sends the second verification ciphertext to the second vehicle end;
and the second vehicle end decrypts the second verification ciphertext according to a private key of the second vehicle end, compares verification information obtained after decryption with the pre-generated verification information, and determines that authentication is successful under the condition that the verification information obtained after decryption is consistent with the pre-generated verification information.
Optionally, the vehicle end obtains its own private key by the following steps:
the vehicle end sends a private key request to the cloud platform, wherein the private key request carries the identity of the vehicle end;
the cloud platform generates a private key of the vehicle end according to the identity of the vehicle end, encrypts the private key based on a pre-generated vehicle cloud shared key, generates a private key ciphertext of the vehicle end and issues the private key ciphertext to the vehicle end;
and the vehicle end decrypts the private key ciphertext of the vehicle end based on the vehicle cloud shared key to obtain a self private key, and stores the self private key locally.
Optionally, encrypting the private key based on a pre-generated car cloud shared key includes:
the cloud platform generates a signature master key pair and an encryption master key pair based on an SM9 algorithm, communicates with a vehicle terminal through a Diffie-Hellman key exchange protocol, and generates a vehicle cloud shared key, wherein the encryption master key pair comprises an encryption master private key and an encryption master public key;
and the cloud platform encrypts the private key of the vehicle end based on the SM4 algorithm and the vehicle cloud shared key. Optionally, the method further comprises:
under the condition that the authentication is determined to be successful, the first vehicle end encrypts data to be communicated according to a public key of the second vehicle end to generate a data cipher text to be communicated and sends the data cipher text to the second vehicle end;
the second vehicle end decrypts the data cipher text to be communicated according to the public key of the first vehicle end to generate a data plaintext to be communicated, generates response data according to the generated data plaintext to be communicated, encrypts the response data by using the public key of the first vehicle end to generate a response data cipher text and sends the response data cipher text to the first vehicle end;
and the first vehicle end decrypts the response data ciphertext according to the public key of the second vehicle end to generate a response data plaintext.
In a second aspect, an embodiment of the present invention provides a vehicle identity authentication system based on an SM9 algorithm, where the system includes:
the identity request module is used for sending an identity authentication request to a second vehicle end by a first vehicle end, wherein the identity authentication request carries an identity identifier of the first vehicle end;
the first ciphertext generating module is used for the second vehicle end to generate a public key of the first vehicle end according to the identity of the first vehicle end, encrypt pre-generated verification information based on the public key of the first vehicle end, generate a first verification ciphertext and send the first verification ciphertext and the identity of the second vehicle end to the first vehicle end;
the second ciphertext generation module is used for decrypting the first verification ciphertext by the first vehicle end according to a private key of the first vehicle end to obtain the verification information, generating a public key of a second vehicle end according to the identity of the second vehicle end, encrypting the verification information by using the public key of the second vehicle end to generate a second verification ciphertext and sending the second verification ciphertext to the second vehicle end;
and the verification module is used for decrypting the second verification ciphertext by the second vehicle end according to a private key of the second vehicle end, comparing verification information obtained after decryption with the pre-generated verification information, and determining that authentication is successful under the condition that the verification information obtained after decryption is consistent with the pre-generated verification information.
Optionally, the system further comprises:
the vehicle-side private key request module is used for the vehicle side to send a private key request to the cloud platform, wherein the private key request carries the identity of the vehicle side;
the vehicle-end private key generation module is used for generating a private key of the vehicle end by the cloud platform according to the identity of the vehicle end, encrypting the private key based on a pre-generated vehicle cloud shared key, generating a private key ciphertext of the vehicle end and issuing the private key ciphertext to the vehicle end;
and the vehicle-end private key storage module is used for decrypting the private key ciphertext of the vehicle end by the vehicle end based on the vehicle cloud shared key to obtain a self private key, and storing the self private key locally.
Optionally, the vehicle-side private key generation module includes:
the system comprises a master key pair generation unit, a cloud platform and a vehicle cloud sharing unit, wherein the master key pair generation unit is used for generating a signature master key pair and an encryption master key pair based on an SM9 algorithm, communicating with a vehicle end through a Diffie-Hellman key exchange protocol and generating a vehicle cloud sharing key, and the encryption master key pair comprises an encryption master private key and an encryption master public key;
and the vehicle-side private key encryption unit is used for encrypting the private key of the vehicle side by the cloud platform based on an SM4 algorithm and the vehicle cloud shared key. Optionally, the system further comprises:
the communication encryption unit is used for encrypting data to be communicated according to a public key of the second vehicle end by the first vehicle end under the condition that the authentication is determined to be successful, generating a data cipher text to be communicated and sending the data cipher text to the second vehicle end;
the communication decryption and response encryption unit is used for decrypting the data cipher text to be communicated by the second vehicle end according to the public key of the first vehicle end to generate a data plain text to be communicated, generating response data according to the generated data plain text to be communicated, encrypting the response data by using the public key of the first vehicle end to generate a response data cipher text and sending the response data cipher text to the first vehicle end;
and the response decryption unit is used for decrypting the response data ciphertext by the first vehicle end according to the public key of the second vehicle end to generate a response data plaintext.
A third aspect of the embodiments of the present invention provides an apparatus, including a processor, a communication interface, a memory, and a communication bus, where the processor and the communication interface complete communication between the memory and the processor through the communication bus;
a memory for storing a computer program;
the processor is configured to implement the method steps provided in the first aspect of the embodiment of the present invention when executing the program stored in the memory.
A fourth aspect of the embodiments of the present invention provides a computer-readable storage medium, on which a computer program is stored, which, when executed by a processor, implements the method as set forth in the first aspect of the embodiments of the present invention.
The embodiment of the invention has the following advantages: when identity authentication is carried out, a traditional operation and maintenance PKI system is not needed at the cloud, and the cloud operation cost is greatly reduced. When the identity authentication is carried out, the public key certificate of the other party is generated by adopting the identity identification of the other party based on the SM9 algorithm, the vehicle identity certificate is not required to be synchronized from the cloud, the problems of low authentication efficiency and long time delay are solved, and the risk of identity impersonation attack caused by certificate updating does not exist.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a schematic diagram of a conventional vehicle networking identity authentication and encryption communication based on a PKI public key certificate system;
FIG. 2 is a schematic diagram of vehicle authentication and encrypted communication in an embodiment of the present invention;
FIG. 3 is a flowchart illustrating steps of generating a vehicle-side private key in a vehicle identity authentication method based on SM9 algorithm according to an embodiment of the present invention;
fig. 4 is a schematic diagram of the generation of the vehicle-side private key in the vehicle identity authentication method based on the SM9 algorithm in the embodiment of the present invention;
fig. 5 is a flowchart of steps of vehicle-end identity authentication in a vehicle identity authentication method based on the SM9 algorithm according to an embodiment of the present invention;
fig. 6 is a schematic diagram of vehicle-end identity authentication in a vehicle identity authentication method based on the SM9 algorithm in the embodiment of the present invention;
FIG. 7 is a functional block diagram of a vehicle identity authentication system based on SM9 algorithm according to an embodiment of the present invention;
fig. 8 is a functional module schematic diagram of a vehicle identity authentication device based on the SM9 algorithm in the embodiment of the invention.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some, but not all, embodiments of the present application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Interpretation of terms:
the internet of vehicles refers to the organic combination of the internet of vehicles and intelligent vehicles, is a new generation of vehicles which are equipped with advanced vehicle-mounted sensors, controllers, actuators and other devices, integrates modern communication and network technologies, realizes the exchange and sharing of intelligent information of vehicles, people, vehicles, roads, backstage and the like, realizes safe, comfortable, energy-saving and efficient driving, and can finally replace people to operate.
PKI, Public Key Infrastructure. Infrastructure that supports public key management and can support authentication, encryption, integrity, anti-repudiation services.
LDAP, Lightweight Directory Access Protocol. Access control and maintenance of distributed information is provided over IP protocols based on a subset of the x.500 standard.
Diffie-Hellman, who proposed a key exchange protocol in 1976 by Whitefield and Martin Hellman, implemented the generation of shared keys in public networks using finite field prime factorization mathematical puzzle
SM2, symmetric cryptographic algorithm issued by the national crypto authority.
SM3, a hash algorithm issued by the State crypto administration, can calculate any binary number less than 264 bits and output a hash value of 256 bits.
SM4, asymmetric cryptographic algorithm issued by the national crypto authority.
SM9, bilinear pairings based identity cipher algorithm issued by the national cipher authority. The key length is 256 bits.
Random number, the result of independent random experiments.
Plaintext, a word or string of characters that has not been cryptographically processed in cryptography.
Ciphertext, a word or a string of characters that have been encrypted in cryptography.
Encryption, which changes the original information data with a certain algorithm, so that even if an unauthorized user obtains the encrypted information, the unauthorized user still cannot know the content of the information without knowing the decryption method.
And decrypting and restoring the encrypted data by a certain algorithm to obtain the original content of the data.
The inventor finds that, in the related art, in the existing inter-vehicle identity verification process, a vehicle needs to update a directory LDAP from a certificate of a cloud PKI, download an identity certificate, query a certificate revocation list OCSP, and check whether the identity certificate is revoked. And verifying whether the digital certificate is signed by the vehicle private key by adopting the public key in the vehicle digital certificate. And verifying whether the identity certificate of the vehicle is generated by the cloud PKI by adopting the main signature public key of the cloud, and completing the steps and the identity verification between the vehicles. As shown in the schematic diagram of the vehicle networking identity authentication and encryption communication based on the PKI public key certificate system shown in fig. 1, due to the characteristics of the SM2\ SM3\ SM4 algorithm, the identity certificate verification process has low efficiency and long time delay, and cannot adapt to the communication requirements in the vehicle networking environment and the vehicle rapid moving process; moreover, the cloud needs to host and maintain the identity certificate of the vehicle, so that the cloud operation and maintenance cost is high; when the identity certificate of the vehicle is updated, the cloud needs a certain time to complete the certificate updating, the vehicle needs a certain time to synchronize a new certificate, and the attack risk of identity impersonation exists in the time period.
The embodiment of the invention provides a vehicle identity authentication method based on an SM9 algorithm, based on a relationship diagram shown in FIG. 2, a vehicle networking comprises a cloud platform and a plurality of vehicle ends in communication connection with the cloud platform, FIG. 3 shows a flow chart of generating steps of a vehicle end private key in the embodiment of the application, and the method comprises the following steps:
step S301, a vehicle end sends a private key request to the cloud platform, wherein the private key request carries an identity of the vehicle end.
The key generation center KGC is deployed in the Internet of vehicles cloud platform, the vehicle end sends a private key request to the cloud platform, the private key request carries information of the identity of the vehicle end, namely the large frame number information of the vehicle, the identification information is stored in a vehicle identification memory of the vehicle, and therefore uniqueness of the vehicle identification information is guaranteed.
And S302, the cloud platform generates a private key of the vehicle end according to the identity of the vehicle end, encrypts the private key based on a pre-generated vehicle cloud shared key, generates a private key ciphertext of the vehicle end and issues the private key ciphertext to the vehicle end.
The vehicle private key generator in the KGC generates a vehicle private key Car _ Pri, that is, Car _ Pri ═ SM9(KGC _ Pri, Car _ Iden), based on the SM9 algorithm and the pre-generated encrypted master private key KG C _ Pri and the vehicle identity Car _ Iden. And based on an SM4 algorithm and a vehicle cloud shared key Car _ Could _ Pri, encrypting the vehicle private key to obtain a vehicle private key ciphertext, namely SM4(Car _ Could _ Pri and Car _ Pri), and sending the vehicle private key ciphertext to the vehicle end.
And S303, the vehicle end decrypts the private key ciphertext of the vehicle end based on the vehicle cloud shared key to obtain the private key of the vehicle end, and stores the private key locally.
And after the vehicle end receives the private key ciphertext issued by the cloud platform, decrypting the private key ciphertext through the vehicle cloud shared key to obtain a private key plaintext, and storing the private key plaintext in a vehicle private key memory for verification between subsequent vehicles and communication between vehicles.
In the embodiment, the KGC generates the vehicle-side private key according to the identity of the vehicle side, so that the uniqueness of the vehicle-side private key is ensured, and the safety of vehicle-side communication is ensured.
In one possible implementation, encrypting the private key based on a pre-generated car cloud shared key includes:
the cloud platform generates a signature master key pair and an encryption master key pair based on an SM9 algorithm, communicates with a vehicle terminal through a Diffie-Hellman key exchange protocol, and generates a vehicle cloud shared key, wherein the encryption master key pair comprises an encryption master private key and an encryption master public key;
and the cloud platform encrypts the private key of the vehicle end based on the SM4 algorithm and the vehicle cloud shared key.
In this embodiment, in the vehicle-side private key generation process shown in fig. 4, KGC generates a signature master key pair through the KGC signature master key generator based on the SM9 algorithm, and encrypts the master key pair through the KGC encryption master key generator. And the main encryption private key KGC _ Pri is used for KGC to generate a vehicle encryption private key for the vehicle. And the main encryption public key is used for recovering communication data when the vehicle is communicated with the cloud. After the signature master key pair is completed and the encrypted master key pair is generated, the KGC communicates with the vehicle end by adopting a Diffie-Hellman key exchange protocol, and generates a vehicle cloud shared key through a shared key generator, wherein the vehicle cloud shared key belongs to a symmetric secret key, namely, the public key and the private key are not different. And respectively storing the negotiated vehicle cloud shared key in the vehicle end and the shared key memory of the cloud platform. The cloud platform encrypts a private key of the vehicle end based on an SM4 algorithm and a vehicle cloud shared key, and the vehicle end decrypts the private key of the vehicle end based on an SM4 algorithm and the vehicle cloud shared key to obtain a private key plaintext Car _ Pri of the vehicle end; that is, Car _ Pri ═ SM4(Car _ Could _ Pri, Car _ Pri _ Enc).
After the vehicle end completes the request of the vehicle end private key, the identity between the vehicle ends can be verified, and the vehicle identity authentication method based on the SM9 algorithm is shown in fig. 5, and specifically includes the following steps:
step S501, a first vehicle end sends an identity authentication request to a second vehicle end, wherein the identity authentication request carries an identity of the first vehicle end.
Taking the authentication between the vehicle a and the vehicle B as an example, the vehicle a carries its own identity (vehicle shelf number) to initiate an authentication request to the vehicle B through the identity authentication requester of the vehicle a.
And S502, the second vehicle end generates a public key of the first vehicle end according to the identity of the first vehicle end, encrypts pre-generated verification information based on the public key of the first vehicle end, generates a first verification ciphertext and sends the first verification ciphertext and the identity of the second vehicle end to the first vehicle end.
After the vehicle B receives the identity authentication request sent by the vehicle a, the public key CarA _ Pub of the vehicle a is generated by the vehicle public key generator based on the SM9 algorithm service unit and the identity identification CarA _ Iden of the vehicle. That is, CarA _ Pub ═ SM9(CarA _ Iden), the vehicle B stores the public key of the vehicle a through the vehicle public key storage, and generates a set of random numbers, that is, authentication information Ran, through the random number generator, and encrypts the authentication based on the public key of the vehicle a and the SM9 algorithm, that is, generates a random number cipher text (i.e., first authentication cipher text) Ran _ Enc, and Ran _ Enc ═ SM9(CarA _ Pub, Ran), and transmits the random number cipher text to the vehicle a together with the identification of the vehicle B, that is, the CarB _ Iden.
And S503, the first vehicle end decrypts the first verification ciphertext according to a private key of the first vehicle end to obtain the verification information, generates a public key of a second vehicle end according to the identity of the second vehicle end, encrypts the verification information by using the public key of the second vehicle end to generate a second verification ciphertext and sends the second verification ciphertext to the second vehicle end.
After receiving data returned by the vehicle B, the vehicle a decrypts the random number ciphertext Ran _ Enc by using the SM9 algorithm and the vehicle a private key CarA _ Pri to obtain the random number plaintext Ran, that is, Ran ═ SM9(CarA _ Pri, Ran _ Enc), generates the public key of the vehicle B by using the SM9 algorithm and the identity of the vehicle B, that is, CarB _ Pub ═ SM9(CarB _ Iden), and then encrypts the random number Ran based on the SM9 algorithm and the public key of the vehicle B to obtain the random number ciphertext (that is, the second verification ciphertext). Ran _ Enc ═ SM9(CarB _ Pub, Ran), and is transmitted to vehicle B.
And S504, the second vehicle end decrypts the second verification ciphertext according to the private key of the second vehicle end, compares the verification information obtained after decryption with the pre-generated verification information, and determines that the authentication is successful under the condition that the verification information obtained after decryption is consistent with the pre-generated verification information.
After receiving the random number ciphertext Ran _ Enc (second verification ciphertext), the vehicle B decrypts the random number ciphertext Ran _ Enc by adopting an SM9 algorithm and a vehicle B private key CarB _ Pri to obtain a random number plaintext Ran; ran — SM9(CarB _ Pri, Ran _ Enc), compares the random number plaintext with the random number generated by car B in the first authentication ciphertext seed; SM9(CarB _ Pri, Ran _ Enc) ═ random (time), if they are the same, the identity authentication is successful, and an identity authentication success identifier is returned; if the identity authentication is different, the identity authentication fails and no information is returned.
In this embodiment, as shown in fig. 6, in the KGC-based authentication process, when performing authentication, the public key certificate of the other party is generated by using the identity of the other party, and the vehicle identity certificate is not synchronized from the cloud, which solves the problems of low authentication efficiency and long time delay.
In a possible embodiment, after determining that the identity authentication of the vehicle a and the vehicle B is successful, the vehicle a and the vehicle B may perform corresponding communication, specifically including:
the first vehicle end encrypts data to be communicated according to a public key of the second vehicle end to generate a data cipher text to be communicated and sends the data cipher text to the second vehicle end;
the second vehicle end decrypts the data cipher text to be communicated according to the public key of the first vehicle end to generate a data plaintext to be communicated, generates response data according to the generated data plaintext to be communicated, encrypts the response data by using the public key of the first vehicle end to generate a response data cipher text and sends the response data cipher text to the first vehicle end;
and the first vehicle end decrypts the response data ciphertext according to the public key of the second vehicle end to generate a response data plaintext.
In this embodiment, after the identity authentication is completed, the vehicle a and the vehicle B can perform inter-vehicle communication, and the vehicle a encrypts the data to be communicated by using the SM9 algorithm based on the public key of the vehicle B stored in the identity authentication process to generate a ciphertext of the data to be communicated, where the data to be communicated may be an interaction request, an early warning message, or the like. The vehicle B receives the data cipher text to be communicated, the data cipher text to be communicated is decrypted by adopting an SM9 algorithm and a private key of the vehicle B, a data plaintext to be communicated is obtained, a driver of the vehicle B can know information transmitted by the driver of the vehicle A according to data of the plaintext information and make corresponding response information, the response information is encrypted by adopting an SM9 algorithm and a public key of the vehicle A, a response data cipher text is generated and sent to the vehicle B, the vehicle B decrypts the response data cipher text based on the private key of the vehicle B and an SM9 algorithm to obtain the response data plaintext, the driver of the vehicle B can determine feedback information of the driver of the vehicle A according to the response data plaintext, and a communication process is completed. The above process is a data encryption communication process between vehicles.
In one possible embodiment, the vehicle further comprises: and the vehicle public key updating clock stores the public keys of other vehicles in the inter-vehicle communication process. Since the vehicle identification may change, a new public key needs to be generated based on the current identification of the requesting vehicle.
The embodiment of the invention also provides a vehicle identity authentication system based on SM9 algorithm, referring to FIG. 7, which shows a functional module diagram of a first embodiment of the vehicle identity authentication system based on SM9 algorithm, the system may include the following modules:
an identity request module 701, configured to send an identity authentication request to a second vehicle end from a first vehicle end, where the identity authentication request carries an identity of the first vehicle end;
a first ciphertext generating module 702, configured to generate, by the second vehicle end, a public key of the first vehicle end according to the identity of the first vehicle end, encrypt, based on the public key of the first vehicle end, pre-generated verification information, generate a first verification ciphertext, and send, to the first vehicle end, the first verification ciphertext and the identity of the second vehicle end;
the second ciphertext generating module 703 is configured to decrypt the first verification ciphertext according to a private key of the first vehicle end to obtain the verification information, generate a public key of a second vehicle end according to the identity of the second vehicle end, encrypt the verification information by using the public key of the second vehicle end, generate a second verification ciphertext, and send the second verification ciphertext to the second vehicle end;
the verification module 704 is configured to decrypt the second verification ciphertext according to a private key of the second vehicle end, compare the verification information obtained after decryption with the pre-generated verification information, and determine that the authentication is successful when the verification information obtained after decryption is consistent with the pre-generated verification information.
In one possible embodiment, the system further comprises:
the vehicle-side private key request module is used for the vehicle side to send a private key request to the cloud platform, wherein the private key request carries the identity of the vehicle side;
the vehicle-end private key generation module is used for generating a private key of the vehicle end by the cloud platform according to the identity of the vehicle end, encrypting the private key based on a pre-generated vehicle cloud shared key, generating a private key ciphertext of the vehicle end and issuing the private key ciphertext to the vehicle end;
and the vehicle-end private key storage module is used for decrypting the private key ciphertext of the vehicle end by the vehicle end based on the vehicle cloud shared key to obtain a self private key, and storing the self private key locally.
In one possible implementation, the vehicle-side private key generation module includes:
the system comprises a master key pair generation unit, a cloud platform and a vehicle cloud sharing unit, wherein the master key pair generation unit is used for generating a signature master key pair and an encryption master key pair based on an SM9 algorithm, communicating with a vehicle end through a Diffie-Hellman key exchange protocol and generating a vehicle cloud sharing key, and the encryption master key pair comprises an encryption master private key and an encryption master public key;
and the vehicle-side private key encryption unit is used for encrypting the private key of the vehicle side by the cloud platform based on an SM4 algorithm and the vehicle cloud shared key. In one possible embodiment, the system further comprises:
the communication encryption unit is used for encrypting data to be communicated according to a public key of the second vehicle end by the first vehicle end under the condition that the authentication is determined to be successful, generating a data cipher text to be communicated and sending the data cipher text to the second vehicle end;
the communication decryption and response encryption unit is used for decrypting the data cipher text to be communicated by the second vehicle end according to the public key of the first vehicle end to generate a data plain text to be communicated, generating response data according to the generated data plain text to be communicated, encrypting the response data by using the public key of the first vehicle end to generate a response data cipher text and sending the response data cipher text to the first vehicle end;
and the response decryption unit is used for decrypting the response data ciphertext by the first vehicle end according to the public key of the second vehicle end to generate a response data plaintext.
The embodiment of the present invention further provides a vehicle identity authentication device based on the SM9 algorithm, as shown in fig. 8, which includes a processor 81, a communication interface 82, a memory 83, and a communication bus 84, wherein the processor 81, the communication interface 82, and the memory 83 complete mutual communication through the communication bus 84,
a memory 83 for storing a computer program;
the processor 81 is configured to implement the following steps when executing the program stored in the memory 83:
a first vehicle end sends an identity authentication request to a second vehicle end, wherein the identity authentication request carries an identity of the first vehicle end;
the second vehicle end generates a public key of the first vehicle end according to the identity of the first vehicle end, encrypts pre-generated verification information based on the public key of the first vehicle end, generates a first verification ciphertext and sends the first verification ciphertext and the identity of the second vehicle end to the first vehicle end;
the first vehicle end decrypts the first verification ciphertext according to a private key of the first vehicle end to obtain the verification information, generates a public key of a second vehicle end according to the identity of the second vehicle end, encrypts the verification information by using the public key of the second vehicle end to generate a second verification ciphertext and sends the second verification ciphertext to the second vehicle end;
and the second vehicle end decrypts the second verification ciphertext according to a private key of the second vehicle end, compares verification information obtained after decryption with the pre-generated verification information, and determines that authentication is successful under the condition that the verification information obtained after decryption is consistent with the pre-generated verification information.
The vehicle end obtains the private key thereof through the following steps:
the vehicle end sends a private key request to the cloud platform, wherein the private key request carries the identity of the vehicle end;
the cloud platform generates a private key of the vehicle end according to the identity of the vehicle end, encrypts the private key based on a pre-generated vehicle cloud shared key, generates a private key ciphertext of the vehicle end and issues the private key ciphertext to the vehicle end;
and the vehicle end decrypts the private key ciphertext of the vehicle end based on the vehicle cloud shared key to obtain a self private key, and stores the self private key locally.
Encrypting the private key based on a pre-generated car cloud shared key comprises:
the cloud platform generates a signature master key pair and an encryption master key pair based on an SM9 algorithm, communicates with a vehicle terminal through a Diffie-Hellman key exchange protocol, and generates a vehicle cloud shared key, wherein the encryption master key pair comprises an encryption master private key and an encryption master public key;
and the cloud platform encrypts the private key of the vehicle end based on the SM4 algorithm and the vehicle cloud shared key. Optionally, the method further comprises:
under the condition that the authentication is determined to be successful, the first vehicle end encrypts data to be communicated according to a public key of the second vehicle end to generate a data cipher text to be communicated and sends the data cipher text to the second vehicle end;
the second vehicle end decrypts the data cipher text to be communicated according to the public key of the first vehicle end to generate a data plaintext to be communicated, generates response data according to the generated data plaintext to be communicated, encrypts the response data by using the public key of the first vehicle end to generate a response data cipher text and sends the response data cipher text to the first vehicle end;
and the first vehicle end decrypts the response data ciphertext according to the public key of the second vehicle end to generate a response data plaintext.
The communication bus mentioned in the above terminal may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The communication bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown, but this does not mean that there is only one bus or one type of bus.
The communication interface is used for communication between the terminal and other equipment.
The Memory may include a Random Access Memory (RAM) or a non-volatile Memory (non-volatile Memory), such as at least one disk Memory. Optionally, the memory may also be at least one memory device located remotely from the processor.
The Processor may be a general-purpose Processor, and includes a Central Processing Unit (CPU), a Network Processor (NP), and the like; the Integrated Circuit may also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, a discrete Gate or transistor logic device, or a discrete hardware component.
In yet another embodiment of the present invention, there is also provided a computer-readable storage medium having stored therein instructions, which when run on a computer, cause the computer to perform the method for vehicle identity authentication based on the SM9 algorithm as described in any of the above embodiments.
The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, embodiments of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
Embodiments of the present invention are described with reference to flowchart illustrations and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing terminal to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing terminal to cause a series of operational steps to be performed on the computer or other programmable terminal to produce a computer implemented process such that the instructions which execute on the computer or other programmable terminal provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. "and/or" means that either or both of them can be selected. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or terminal that comprises the element.
The vehicle identity authentication method, system, device and storage medium based on the SM9 algorithm provided by the present invention are introduced in detail, and a specific example is applied in the present document to explain the principle and the implementation of the present invention, and the description of the above embodiment is only used to help understanding the method and the core idea of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

Claims (10)

1. A vehicle identity authentication method based on an SM9 algorithm is applied to a vehicle networking, the vehicle networking comprises a cloud platform and a plurality of vehicle terminals in communication connection with the cloud platform, and the vehicle terminals locally store private keys generated according to identity identifications of the vehicle terminals through the cloud platform, and the method comprises the following steps:
a first vehicle end sends an identity authentication request to a second vehicle end, wherein the identity authentication request carries an identity of the first vehicle end;
the second vehicle end generates a public key of the first vehicle end according to the identity of the first vehicle end, encrypts pre-generated verification information based on the public key of the first vehicle end, generates a first verification ciphertext and sends the first verification ciphertext and the identity of the second vehicle end to the first vehicle end;
the first vehicle end decrypts the first verification ciphertext according to a private key of the first vehicle end to obtain the verification information, generates a public key of a second vehicle end according to the identity of the second vehicle end, encrypts the verification information by using the public key of the second vehicle end to generate a second verification ciphertext and sends the second verification ciphertext to the second vehicle end;
and the second vehicle end decrypts the second verification ciphertext according to a private key of the second vehicle end, compares verification information obtained after decryption with the pre-generated verification information, and determines that authentication is successful under the condition that the verification information obtained after decryption is consistent with the pre-generated verification information.
2. The method of claim 1, wherein the vehicle end obtains its private key by:
the vehicle end sends a private key request to the cloud platform, wherein the private key request carries the identity of the vehicle end;
the cloud platform generates a private key of the vehicle end according to the identity of the vehicle end, encrypts the private key based on a pre-generated vehicle cloud shared key, generates a private key ciphertext of the vehicle end and issues the private key ciphertext to the vehicle end;
and the vehicle end decrypts the private key ciphertext of the vehicle end based on the vehicle cloud shared key to obtain a self private key, and stores the self private key locally.
3. The method of claim 2, wherein the encrypting the private key based on a pre-generated car cloud shared key comprises:
the cloud platform generates a signature master key pair and an encryption master key pair based on an SM9 algorithm, communicates with a vehicle terminal through a Diffie-Hellman key exchange protocol, and generates a vehicle cloud shared key, wherein the encryption master key pair comprises an encryption master private key and an encryption master public key;
and the cloud platform encrypts the private key of the vehicle end based on the SM4 algorithm and the vehicle cloud shared key.
4. The method of claim 1, further comprising:
under the condition that the authentication is determined to be successful, the first vehicle end encrypts data to be communicated according to a public key of the second vehicle end to generate a data cipher text to be communicated and sends the data cipher text to the second vehicle end;
the second vehicle end decrypts the data cipher text to be communicated according to the public key of the first vehicle end to generate a data plaintext to be communicated, generates response data according to the generated data plaintext to be communicated, encrypts the response data by using the public key of the first vehicle end to generate a response data cipher text and sends the response data cipher text to the first vehicle end;
and the first vehicle end decrypts the response data ciphertext according to the public key of the second vehicle end to generate a response data plaintext.
5. A vehicle identity authentication system based on SM9 algorithm, the system comprising:
the identity request module is used for sending an identity authentication request to a second vehicle end by a first vehicle end, wherein the identity authentication request carries an identity identifier of the first vehicle end;
the first ciphertext generating module is used for the second vehicle end to generate a public key of the first vehicle end according to the identity of the first vehicle end, encrypt pre-generated verification information based on the public key of the first vehicle end, generate a first verification ciphertext and send the first verification ciphertext and the identity of the second vehicle end to the first vehicle end;
the second ciphertext generation module is used for decrypting the first verification ciphertext by the first vehicle end according to a private key of the first vehicle end to obtain the verification information, generating a public key of a second vehicle end according to the identity of the second vehicle end, encrypting the verification information by using the public key of the second vehicle end to generate a second verification ciphertext and sending the second verification ciphertext to the second vehicle end;
and the verification module is used for decrypting the second verification ciphertext by the second vehicle end according to a private key of the second vehicle end, comparing verification information obtained after decryption with the pre-generated verification information, and determining that authentication is successful under the condition that the verification information obtained after decryption is consistent with the pre-generated verification information.
6. The system of claim 5, further comprising:
the vehicle-side private key request module is used for the vehicle side to send a private key request to the cloud platform, wherein the private key request carries the identity of the vehicle side;
the vehicle-end private key generation module is used for generating a private key of the vehicle end by the cloud platform according to the identity of the vehicle end, encrypting the private key based on a pre-generated vehicle cloud shared key, generating a private key ciphertext of the vehicle end and issuing the private key ciphertext to the vehicle end;
and the vehicle-end private key storage module is used for decrypting the private key ciphertext of the vehicle end by the vehicle end based on the vehicle cloud shared key to obtain a self private key, and storing the self private key locally.
7. The system of claim 6, wherein the vehicle-side private key generation module comprises:
the system comprises a master key pair generation unit, a cloud platform and a vehicle cloud sharing unit, wherein the master key pair generation unit is used for generating a signature master key pair and an encryption master key pair based on an SM9 algorithm, communicating with a vehicle end through a Diffie-Hellman key exchange protocol and generating a vehicle cloud sharing key, and the encryption master key pair comprises an encryption master private key and an encryption master public key;
and the vehicle-side private key encryption unit is used for encrypting the private key of the vehicle side by the cloud platform based on an SM4 algorithm and the vehicle cloud shared key.
8. The system of claim 5, further comprising:
the communication encryption unit is used for encrypting data to be communicated according to a public key of the second vehicle end by the first vehicle end under the condition that the authentication is determined to be successful, generating a data cipher text to be communicated and sending the data cipher text to the second vehicle end;
the communication decryption and response encryption unit is used for decrypting the data cipher text to be communicated by the second vehicle end according to the public key of the first vehicle end to generate a data plain text to be communicated, generating response data according to the generated data plain text to be communicated, encrypting the response data by using the public key of the first vehicle end to generate a response data cipher text and sending the response data cipher text to the first vehicle end;
and the response decryption unit is used for decrypting the response data ciphertext by the first vehicle end according to the public key of the second vehicle end to generate a response data plaintext.
9. The device is characterized by comprising a processor, a communication interface, a memory and a communication bus, wherein the processor and the communication interface are used for realizing the communication between the processor and the memory through the communication bus;
a memory for storing a computer program;
a processor for implementing the method steps of any of claims 1 to 4 when executing a program stored in the memory.
10. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the method according to any one of claims 1-4.
CN202111124163.7A 2021-09-24 2021-09-24 SM9 algorithm-based vehicle identity authentication method, system, device and storage medium Active CN113852632B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111124163.7A CN113852632B (en) 2021-09-24 2021-09-24 SM9 algorithm-based vehicle identity authentication method, system, device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111124163.7A CN113852632B (en) 2021-09-24 2021-09-24 SM9 algorithm-based vehicle identity authentication method, system, device and storage medium

Publications (2)

Publication Number Publication Date
CN113852632A true CN113852632A (en) 2021-12-28
CN113852632B CN113852632B (en) 2023-10-20

Family

ID=78979429

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111124163.7A Active CN113852632B (en) 2021-09-24 2021-09-24 SM9 algorithm-based vehicle identity authentication method, system, device and storage medium

Country Status (1)

Country Link
CN (1) CN113852632B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114448644A (en) * 2022-03-04 2022-05-06 芜湖雄狮汽车科技有限公司 Method, device, equipment and medium for realizing digital certificate based on symmetric algorithm
CN114879980A (en) * 2022-05-18 2022-08-09 一汽解放汽车有限公司 Vehicle-mounted application installation method and device, computer equipment and storage medium
CN115376226A (en) * 2022-08-23 2022-11-22 芜湖雄狮汽车科技有限公司 NFC vehicle key authentication method and device, vehicle and storage medium
CN115801448A (en) * 2023-01-09 2023-03-14 北京中科网威信息技术有限公司 Data communication method and system
CN115842632A (en) * 2022-11-15 2023-03-24 宁德时代新能源科技股份有限公司 Identity authentication method, device, equipment and medium

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170171174A1 (en) * 2015-12-11 2017-06-15 Amazon Technologies, Inc. Key exchange through partially trusted third party
CN110113150A (en) * 2019-04-08 2019-08-09 淮阴工学院 The encryption method and system of deniable authentication based on no certificate environment
CN110881177A (en) * 2019-10-22 2020-03-13 如般量子科技有限公司 Anti-quantum computing distributed Internet of vehicles method and system based on identity secret sharing
US20200177398A1 (en) * 2016-06-17 2020-06-04 Kddi Corporation System, certification authority, vehicle-mounted computer, vehicle, public key certificate issuance method, and program
CN111435913A (en) * 2019-01-14 2020-07-21 海信集团有限公司 Identity authentication method and device for terminal of Internet of things and storage medium
CN112491559A (en) * 2020-12-03 2021-03-12 中国联合网络通信集团有限公司 Identity verification method and device
CN112671798A (en) * 2020-12-31 2021-04-16 北京明朝万达科技股份有限公司 Service request method, device and system in Internet of vehicles
CN112673590A (en) * 2019-08-16 2021-04-16 华为技术有限公司 Method and equipment for data transmission between Internet of vehicles equipment
CN113204757A (en) * 2021-04-30 2021-08-03 北京明朝万达科技股份有限公司 Information interaction method, device and system

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170171174A1 (en) * 2015-12-11 2017-06-15 Amazon Technologies, Inc. Key exchange through partially trusted third party
US20200177398A1 (en) * 2016-06-17 2020-06-04 Kddi Corporation System, certification authority, vehicle-mounted computer, vehicle, public key certificate issuance method, and program
CN111435913A (en) * 2019-01-14 2020-07-21 海信集团有限公司 Identity authentication method and device for terminal of Internet of things and storage medium
CN110113150A (en) * 2019-04-08 2019-08-09 淮阴工学院 The encryption method and system of deniable authentication based on no certificate environment
CN112673590A (en) * 2019-08-16 2021-04-16 华为技术有限公司 Method and equipment for data transmission between Internet of vehicles equipment
CN110881177A (en) * 2019-10-22 2020-03-13 如般量子科技有限公司 Anti-quantum computing distributed Internet of vehicles method and system based on identity secret sharing
CN112491559A (en) * 2020-12-03 2021-03-12 中国联合网络通信集团有限公司 Identity verification method and device
CN112671798A (en) * 2020-12-31 2021-04-16 北京明朝万达科技股份有限公司 Service request method, device and system in Internet of vehicles
CN113204757A (en) * 2021-04-30 2021-08-03 北京明朝万达科技股份有限公司 Information interaction method, device and system

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114448644A (en) * 2022-03-04 2022-05-06 芜湖雄狮汽车科技有限公司 Method, device, equipment and medium for realizing digital certificate based on symmetric algorithm
CN114448644B (en) * 2022-03-04 2024-06-04 芜湖雄狮汽车科技有限公司 Digital certificate realization method, device, equipment and medium based on symmetric algorithm
CN114879980A (en) * 2022-05-18 2022-08-09 一汽解放汽车有限公司 Vehicle-mounted application installation method and device, computer equipment and storage medium
CN115376226A (en) * 2022-08-23 2022-11-22 芜湖雄狮汽车科技有限公司 NFC vehicle key authentication method and device, vehicle and storage medium
CN115842632A (en) * 2022-11-15 2023-03-24 宁德时代新能源科技股份有限公司 Identity authentication method, device, equipment and medium
CN115801448A (en) * 2023-01-09 2023-03-14 北京中科网威信息技术有限公司 Data communication method and system

Also Published As

Publication number Publication date
CN113852632B (en) 2023-10-20

Similar Documents

Publication Publication Date Title
CN106533655B (en) Method for safe communication of ECU (electronic control Unit) in vehicle interior network
CN113852632B (en) SM9 algorithm-based vehicle identity authentication method, system, device and storage medium
US8526606B2 (en) On-demand secure key generation in a vehicle-to-vehicle communication network
CN105763558A (en) Distributed aggregation authentication method having privacy protection function for vehicle-mounted self-organizing network
CN108259465B (en) Authentication encryption method for internal network of intelligent automobile
CN111147460B (en) Block chain-based cooperative fine-grained access control method
Wang et al. NOTSA: Novel OBU with three-level security architecture for internet of vehicles
CN105141602A (en) File ownership proof method based on convergence encryption
CN113452764B (en) SM 9-based vehicle networking V2I bidirectional authentication method
CN113132098B (en) Large-scale in-vehicle network-oriented extensible CAN bus safety communication method and device
CN112636923B (en) Engineering machinery CAN equipment identity authentication method and system
CN112437108A (en) Decentralized identity authentication device and method for privacy protection of Internet of vehicles
CN116032495B (en) Vehicle-cloud cooperative safety transmission data anomaly detection method based on intelligent traffic system
Carvajal-Roca et al. A semi-centralized dynamic key management framework for in-vehicle networks
CN113411294A (en) Vehicle-mounted secure communication method, system and device based on secure cloud public key protection
CN113472734B (en) Identity authentication method and device
CN113115309A (en) Data processing method and device for Internet of vehicles, storage medium and electronic equipment
WO2020229586A1 (en) Implementation of a butterfly key expansion scheme
CN116614811A (en) Distributed information authentication method and system for Internet of vehicles
CN111245613A (en) Identity-based three-level key negotiation method for in-vehicle and out-vehicle networks
CN116389098A (en) Cross-domain ciphertext access control method supporting multi-receiver authorization in Internet of vehicles environment
CN114928821A (en) Combined matrix management method and device for intelligent networked vehicle and storage medium
CN115174083A (en) Internet of vehicles information encryption method and device and Internet of vehicles system
US11570008B2 (en) Pseudonym credential configuration method and apparatus
CN114584385A (en) In-vehicle network safety communication method, computer equipment, medium and terminal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant