CN114125765B

CN114125765B - Internet of vehicles equipment management system, method and device

Info

Publication number: CN114125765B
Application number: CN202110443789.8A
Authority: CN
Inventors: 陈山枝; 周巍; 徐晖
Original assignee: Datang Mobile Communications Equipment Co Ltd
Current assignee: Datang Mobile Communications Equipment Co Ltd
Priority date: 2021-04-23
Filing date: 2021-04-23
Publication date: 2022-07-29
Anticipated expiration: 2041-04-23
Also published as: CN114125765A

Abstract

Disclosed are a management system, method and device for vehicle networking equipment, which are used for realizing the unified management of the vehicle networking equipment. This car networking device management system includes: a service and authentication subsystem and an equipment information management subsystem; the service and authentication subsystem is used for receiving a service request from the V2X equipment, triggering an authentication process of the V2X equipment according to an equipment authentication identifier carried by the service request, acquiring an equipment registration identifier of the V2X equipment associated with the equipment authentication identifier from the equipment information management subsystem according to the equipment authentication identifier of the V2X equipment, and sending a service authorization request to the equipment information management subsystem; wherein the service authorization request carries a service identifier and a device registration identifier of the V2X device, and the device registration identifier is allocated to the V2X device by the device information management subsystem.

Description

Internet of vehicles equipment management system, method and device

Technical Field

The present disclosure relates to the field of car networking technologies, and in particular, to a car networking device management system, method, and apparatus.

Background

The internet of vehicles (V2X) is made up of various devices connected into the internet of vehicles and the network infrastructure that supports the internet of vehicles communications and services. The devices connected to the internet of vehicles are various, and may include, for example, an On Board Unit (OBU) for mounting On a vehicle, and a Road Side Unit (RSU) for mounting On a Road Side. The OBUs, RSUs, etc. may be collectively referred to as vehicle networking devices, simply V2X devices. The functions implemented by the same type of car networking device may also be different, for example, some RSUs are used for controlling traffic lights, some RSUs are used for implementing road tolling, and some RSUs are used for issuing traffic information. Manufacturers of car networking equipment are also diverse.

How to carry out unified management to car networking equipment is the problem that needs to solve at present.

Disclosure of Invention

The disclosure provides a management system, a method and a device of Internet of vehicles equipment, which are used for realizing the unified management of the Internet of vehicles equipment.

In a first aspect, a vehicle networking device management system is provided, including: a service and authentication subsystem and an equipment information management subsystem;

the service and authentication subsystem is configured to receive a service request from a V2X device in an internet of vehicles, trigger an authentication process for the V2X device according to a device authentication identifier carried in the service request, acquire a device registration identifier of the V2X device associated with the device authentication identifier from the device information management subsystem according to the device authentication identifier of the V2X device, send a service authorization request to the device information management subsystem, receive a service authorization response returned by the device information management subsystem, and return a service response to the V2X device; wherein the service authorization request carries a service identifier and a device registration identifier of the V2X device, and the device registration identifier is allocated to the V2X device by the device information management subsystem;

The device information management subsystem is configured to allocate a device registration identifier to the V2X device, provide the device registration identifier of the V2X device to the service and authentication subsystem, and respond to the service authorization request to authorize the service requested by the V2X device according to the device registration identifier and the service identifier carried in the authorization request.

Optionally, the service and authentication subsystem is specifically configured to:

acquiring the equipment authentication information of the V2X equipment from the equipment management subsystem according to the equipment authentication identifier of the V2X equipment, and authenticating the V2X equipment according to the equipment authentication information; or sending the device authentication identifier of the V2X device to the device information management subsystem, instructing the device information management subsystem to authenticate the V2X device according to the device authentication information corresponding to the device authentication identifier, and receiving the authentication result sent by the device information management subsystem.

Optionally, the device information management subsystem is further configured to: associating the device registration identification of the V2X device with the device authentication identification of the V2X device; and sending the device authentication identification of the V2X device and device authentication mechanism information to the V2X device, wherein the device authentication mechanism information comprises the authentication identification of the V2X device and the security key of the V2X device.

Optionally, the device information management subsystem includes: a V2X device registration entity, a V2X device manufacturing and operating entity, a V2X service authorization entity;

the V2X device manufacturing and operating entity is configured to send the device authentication identifier and the device authentication mechanism information of the V2X device to the V2X device, and send a device registration request to the V2X device registration entity, where the device registration request carries the device information of the V2X device;

the V2X device registration entity is configured to, in response to the device registration request, allocate a registration identifier to the V2X device, register the V2X device, and return a device registration response to the V2X device manufacturing and operating entity, where the device registration response carries the device registration identifier of the V2X device;

the V2X device manufacturing and operating entity is further configured to receive a device registration response returned by the V2X device registration entity, and associate the device registration identifier of the V2X device with the device authentication identifier of the V2X device;

the V2X service authorization entity is configured to respond to a service authorization request sent by the service and authentication subsystem, obtain information required by the V2X device authorization process according to a service identifier carried in the service authorization request and the device registration identifier of the V2X device, authorize the service requested by the V2X device according to the information, and return a service authorization response to the service and authentication subsystem.

Optionally, the V2X device manufacturing and operating entity is further configured to: and receiving the equipment authentication identifier of the V2X equipment sent by the service and authentication subsystem, acquiring equipment authentication information corresponding to the equipment authentication identifier, authenticating the V2X equipment according to the equipment authentication information, and sending an authentication result to the service and authentication subsystem.

Optionally, the V2X device manufacturing and operating entity is further configured to: sending a key to the service and authentication subsystem for establishing a security association between the V2X device and the service and authentication subsystem.

Optionally, the service and authentication subsystem includes: a V2X service entity and a V2X device authentication function entity;

the V2X service entity is configured to respond to a service request from the V2X device, determine that service authorization needs to be obtained, send an device authentication request to the V2X device authentication function entity, where the device authentication request carries a device authentication identifier of the V2X device and indication information used for indicating to obtain a device registration identifier of the V2X device; receiving an equipment authentication response carrying the equipment registration identifier of the V2X equipment, returned by the V2X equipment authentication function entity, sending a service authorization request to the equipment information management subsystem, where the service authorization request carries a service identifier and the equipment registration identifier of the V2X equipment, and returning an equipment service response to the V2X equipment after receiving the service authorization response returned by the equipment information management subsystem;

The V2X device authentication function entity is configured to, in response to the device authentication request, trigger an authentication process for the V2X device, acquire, from the device information management subsystem, a device registration identifier of the V2X device associated with the device authentication identifier according to the device authentication identifier of the V2X device, and return a device authentication response to the V2X service entity, where the device authentication response carries an authentication result for the V2X device and the device registration identifier of the V2X device.

Optionally, the V2X device authentication function entity is specifically configured to:

Optionally, the device authentication response carries a key for establishing a security association between the V2X device and the service and authentication subsystem; the V2X service entity, further configured to: and establishing a security association with the V2X device according to the key.

In a second aspect, a method for managing devices in a vehicle networking system is provided, where the vehicle networking system includes a service authentication subsystem and a device information management subsystem, and the method includes:

the service and authentication subsystem receives a service request from a V2X device in the Internet of vehicles, wherein the service request carries a device authentication identifier of the V2X device;

the service and authentication subsystem triggers an authentication process of the V2X equipment according to an equipment authentication identifier carried by the service request;

the service and authentication subsystem acquires the equipment registration identifier of the V2X equipment associated with the equipment authentication identifier from the equipment information management subsystem according to the equipment authentication identifier of the V2X equipment, and sends a service authorization request to the equipment information management subsystem, wherein the service authorization request carries the service identifier and the equipment registration identifier of the V2X equipment; wherein the device registration identification is assigned by the device information management subsystem for the V2X device;

the service and authentication subsystem receives the service authorization response returned by the equipment information management subsystem and returns a service response to the V2X equipment.

Optionally, the service and authentication subsystem triggers an authentication process for the V2X device according to a device authentication identifier carried in the service request, including:

the service and authentication subsystem acquires the equipment authentication information of the V2X equipment from the equipment management subsystem according to the equipment authentication identification of the V2X equipment, and authenticates the V2X equipment according to the equipment authentication information; or, the service and authentication subsystem sends the device authentication identifier of the V2X device to the device information management subsystem, instructs the device information management subsystem to authenticate the V2X device according to the device authentication information corresponding to the device authentication identifier, and receives the authentication result sent by the device information management subsystem.

the service and authentication subsystem triggers an authentication process of the V2X device according to the device authentication identifier carried by the service request, and the authentication process comprises the following steps:

the V2X service entity sends an equipment authentication request to the V2X equipment authentication function entity if it is determined that service authorization needs to be obtained, where the equipment authentication request carries an equipment authentication identifier of the V2X equipment and indication information used for indicating to obtain an equipment registration identifier of the V2X equipment;

The V2X device authentication functional entity, in response to the device authentication request, triggers an authentication process for the V2X device, acquires, from the device information management subsystem, a device registration identifier of the V2X device associated with the device authentication identifier according to the device authentication identifier of the V2X device, and returns a device authentication response to the V2X service entity, where the device authentication response carries an authentication result for the V2X device and the device registration identifier of the V2X device;

the V2X service entity receives an equipment authentication response carrying the equipment registration identifier of the V2X equipment, which is returned by the V2X equipment authentication function entity, sends a service authorization request to the equipment information management subsystem, where the service authorization request carries a service identifier and the equipment registration identifier of the V2X equipment, and returns an equipment service response to the V2X equipment after receiving the service authorization response returned by the equipment information management subsystem.

Optionally, the device authentication response carries a key for establishing a security association between the V2X device and the service and authentication subsystem;

the method further comprises the following steps: the V2X service entity establishes a security association with the V2X device based on the key.

In a third aspect, a method for managing devices in a vehicle networking system is provided, where the vehicle networking system includes a service authentication subsystem and a device information management subsystem, and the method includes:

the information management subsystem allocates a device registration identifier for the V2X device, and associates the device registration identifier of the V2X device with the device authentication identifier of the V2X device;

the information management subsystem sends the device authentication identification of the V2X device and device authentication mechanism information to the V2X device, wherein the device authentication mechanism information comprises the authentication identification of the V2X device and the security key of the V2X device;

and the information management subsystem responds to a service authorization request from the service authentication subsystem, and authorizes the service requested by the V2X equipment according to the service identifier carried by the authorization request and the equipment registration identifier of the V2X equipment.

the V2X equipment manufacturing and operating entity sends the equipment authentication identification and the equipment authentication mechanism information of the V2X equipment to the V2X equipment, and sends an equipment registration request to the V2X equipment registration entity, wherein the equipment registration request carries the equipment information of the V2X equipment;

The V2X equipment registration entity responds to the equipment registration request, allocates a registration identifier for the V2X equipment, registers the V2X equipment, and returns an equipment registration response to the V2X equipment manufacturing and operating entity, wherein the equipment registration response carries the equipment registration identifier of the V2X equipment;

the V2X device manufacturing and operating entity receives the device registration response returned by the V2X device registration entity, and associates the device registration identification of the V2X device with the device authentication identification of the V2X device;

the V2X service authorization entity responds to the service authorization request sent by the service and authentication subsystem, acquires information required by the V2X device authorization process according to the service identifier carried by the service authorization request and the device registration identifier of the V2X device, authorizes the service requested by the V2X device according to the information, and returns a service authorization response to the service and authentication subsystem.

Optionally, the method further includes: and the V2X equipment manufacturing and operating entity receives the equipment authentication identifier of the V2X equipment sent by the service and authentication subsystem, acquires equipment authentication information corresponding to the equipment authentication identifier, authenticates the V2X equipment according to the equipment authentication information, and sends an authentication result to the service and authentication subsystem.

Optionally, the method further includes: the V2X device manufacturing and operating entity sends keys for establishing security associations between the V2X devices and the service and authentication subsystems to the service and authentication subsystems.

In a fourth aspect, a communication apparatus is provided, including: a processor, a memory; the memory storing computer instructions; the processor is configured to read the computer instructions to perform the method according to any one of the second and third aspects.

In a fifth aspect, there is provided a computer-readable storage medium having stored thereon computer-executable instructions for causing a computer to perform the method of any of the second and third aspects above.

A sixth aspect provides a computer program product which, when invoked by a computer, causes the computer to perform the method of any of the second and third aspects above.

The car networking equipment management system provided by the embodiment of the disclosure realizes unified management of car networking equipment. The device information management subsystem distributes device registration identifiers for the V2X devices, manages the V2X device information in a unified manner, and can provide device information related to authentication and service authorization for the service authentication subsystem, so that the service authentication subsystem can realize authentication and authorization processing on the V2X devices, and possibility is provided for managing the V2X devices of various different manufacturers in a unified manner.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present disclosure, the drawings needed to be used in the embodiments of the present disclosure will be briefly described below, and it is apparent that the drawings described below are only some embodiments of the present disclosure, and it is obvious for those skilled in the art that other drawings can be obtained based on the drawings without inventive labor.

Fig. 1a is a schematic structural diagram of a car networking device management system according to an embodiment of the present disclosure;

FIG. 1b is a management flow of the car networking device implemented based on the system shown in FIG. 1a in the embodiment of the present disclosure;

fig. 2a and fig. 2b are schematic structural diagrams of a car networking device management system according to an embodiment of the present disclosure, respectively;

FIG. 2c is a management flow of the car networking device implemented based on the system shown in FIG. 2a in the embodiment of the present disclosure;

Fig. 3a is a schematic structural diagram of a car networking device management system according to an embodiment of the present disclosure;

FIG. 3b is a management flow of the car networking device implemented based on the system shown in FIG. 3a in the embodiment of the present disclosure;

fig. 4a and 4b are schematic structural diagrams of a car networking device management system according to an embodiment of the present disclosure, respectively;

FIG. 4c is a management flow of the car networking device implemented based on the system shown in FIG. 4a in the embodiment of the present disclosure;

fig. 5 is a schematic structural diagram of a communication device according to an embodiment of the present disclosure.

Detailed Description

To make the objects, technical solutions and advantages of the present disclosure clearer, the present disclosure will be described in further detail with reference to the accompanying drawings, and it is apparent that the described embodiments are only a part of the embodiments of the present disclosure, rather than all embodiments. All other embodiments, which can be derived by one of ordinary skill in the art from the embodiments disclosed herein without making any creative effort, shall fall within the scope of protection of the present disclosure.

In the disclosed embodiment, for a V2X device managed by the car networking management system, the following identifiers may be provided:

(1) owned device identification of V2X device: the owned device identification of the V2X device is an identification assigned by the V2X device manufacturer to the V2X device. Different device manufacturers may configure their own device identifications for the V2X device according to customized rules.

(2) Device registration identity of V2X device: the device registration identities of V2X devices are assigned by the car networking management system provided by the embodiments of the present disclosure, in which one device registration identity can uniquely identify one V2X device. In the car networking management system, the V2X devices can be uniformly managed, such as registration, device authentication, service authorization and the like of the V2X devices, based on the device registration identification of the V2X devices.

In the embodiment of the present disclosure, the format of the device registration identifier may be defined as needed, so that the type, the use, and the like of one V2X device may be known according to the device registration identifier of the V2X device.

(3) Device authentication identification of V2X device: for uniquely identifying a V2X device during V2X device authentication. The authentication identifier of one V2X device may be the same as the device registration identifier of the V2X device, may be the same as the owned device identifier of the V2X device, or may be an identifier assigned by the car networking management system to the V2X device and different from the device registration identifier and the owned device identifier of the V2X device.

In the embodiment of the disclosure, for a V2X device managed by the car networking management system, device authentication mechanism information is also configured, and the information is used for an authentication process of the V2X device. The device authentication mechanism information includes a device authentication identification of the V2X device and a security key of the V2X device. For example, the device authentication identifier used in the V2X device authentication process may be bound to a security key unique to the V2X device, and constitute the authentication mechanism information of the V2X device. Optionally, the security key of the V2X device may be a key based on a symmetric cryptographic algorithm, or may be a key based on an asymmetric cryptographic algorithm, which is not limited in this disclosure.

Referring to fig. 1a, a schematic diagram of a car networking device management system provided in an embodiment of the present disclosure is shown.

As shown, the internet of vehicles device management system may include a device information management subsystem 10 and a service and authentication subsystem 20. Information interaction between the device information management subsystem 10 and the service and authentication subsystem 20 is possible. The V2X device 30 can communicate with the device information management subsystem 10 and the service and authentication subsystem 20, respectively, and management functions of the V2X device 30, such as registration, device authentication, service authorization, etc., of the V2X device 30 can be realized through the information management subsystem 10 and the service and authentication subsystem 20.

V2X devices (V2X Equipment Entity, EE), which may include on-board units (OBUs), Road Side Units (RSUs), V2X Service providers (V2X Service providers, VSPs) in an internet of vehicles system, devices for handling V2X communications, and other devices with V2X communications capabilities.

The device information management subsystem 10 is used to store and manage information related to V2X devices, and may provide information related to authentication, service authorization, etc. for V2X devices to the service and authentication subsystem 20. The device information management subsystem 10 may assign a device registration identification to the V2X device. The device information management subsystem 10 may also provide V2X device-related information (such as device registration identification, device authentication mechanism) to the V2X device.

The service and authentication subsystem 20 is used to provide V2X services to V2X devices, such as issuing internet of vehicles security certificates and performing certificate issuing. The service and authentication subsystem 20 may authenticate and authorize the V2X device, etc.

Based on the car networking management system shown in fig. 1a, the main functions of the relevant components may include:

the service and authentication subsystem 20 is configured to receive a service request from a V2X device, trigger an authentication process for the V2X device according to a device authentication identifier carried in the service request, acquire a device registration identifier of the V2X device associated with the device authentication identifier from the device information management subsystem according to the device authentication identifier of the V2X device, send a service authorization request to the device information management subsystem 10, receive a service authorization response returned by the device information management subsystem 10, and return a service response to the V2X device; wherein the service authorization request carries a service identifier and a device registration identifier of the V2X device, and the device registration identifier is allocated to the V2X device by the device information management subsystem;

the device information management subsystem 10 is configured to allocate a device registration identifier to the V2X device, provide the device registration identifier of the V2X device to the service and authentication subsystem 20, and authorize, according to the device registration identifier and the service identifier carried in the service and authentication subsystem 20, the service requested by the V2X device in response to the service authorization request from the service and authentication subsystem 20.

Alternatively, the service and authentication subsystem 20 may perform authentication of the V2X device in one of two ways.

The method I comprises the following steps: the service and authentication subsystem 20 acquires the device authentication information of the V2X device from the device management subsystem 10 according to the device authentication identifier of the V2X device, and authenticates the V2X device according to the device authentication information;

the second method comprises the following steps: the service and authentication subsystem 20 transmits the device authentication identifier of the V2X device to the device information management subsystem 10, instructs the device information management subsystem 10 to authenticate the V2X device according to the device authentication information corresponding to the device authentication identifier, and receives the authentication result transmitted by the device information management subsystem 10.

Optionally, the device information management subsystem 10 may further associate the device registration identifier of the V2X device with the device authentication identifier of the V2X device; and sending the device authentication identification and the device authentication mechanism information of the V2X device to the V2X device.

Based on the car networking management system shown in fig. 1a, fig. 1b exemplarily shows a car networking device management flow.

As shown in fig. 1b, the process may include:

step 0: the device information management subsystem transmits the device authentication identification and the device authentication mechanism information of the V2X device to the V2X device.

Through this step, the device information management subsystem sets (writes) the device authentication identification and the device authentication mechanism information of the V2X device to the V2X device.

Step 1: the device information management subsystem assigns a device registration id to the V2X device and registers the V2X device.

In this step, when the V2X device needs to be connected to the car networking system, an application may be made to the device information management subsystem, and the device information management subsystem allocates a device registration identifier to the V2X device. The device information management subsystem may determine from the application whether the V2X device meets registration criteria and assign a device registration identification to the V2X device if the registration criteria is met.

The device information management subsystem stores the registration information of the V2X device, and the stored registration information of the V2X device may include: device self identification, device registration identification, device authentication identification, other device information (e.g., device type, generation date, usage, technical parameters, etc.). Furthermore, authorization information such as network access permission, application scope and the like can be included, for example, admission information of the device in some application fields and the like. The authorization information may be provided by a device registration authority or other authorization authority.

And 2, step: the device information management subsystem associates the device registration identifier of the V2X device with the device authentication identifier of the V2X device, so that the corresponding device registration identifier can be obtained by the device authentication identifier.

And 3, step 3: the V2X device sends a service request to the service and authentication subsystem, carrying the device authentication identity of the V2X device.

In this step, after the V2X device registration is completed, when the V2X service is required, a service request is sent to the service and authentication subsystem.

Further, the service request may also carry a service identifier to indicate the V2X service requested by the V2X device. The service identifier is an identifier for identifying an internet of vehicles application service in an internet of vehicles system, for example, a process of issuing an internet of vehicles registration certificate may be regarded as an internet of vehicles application service.

And 4, step 4: the service and authentication subsystem determines that authorization of an external service authorization entity is required to provide services for the V2X device according to a service authorization policy.

In this step, the V2X service entity checks the V2X service authorization policy to determine if further authorization from an external V2X service authorization entity is required to provide service to the V2X device. In this embodiment, the V2X service entity confirms that authorization of an external service authorization entity is required to provide service for the V2X device.

And 5: the service and authentication subsystem triggers the authentication process for the V2X device.

In this step, the service and authentication subsystem may obtain, from the device management subsystem, device authentication information of the V2X device according to the device authentication identifier of the V2X device, and authenticate the V2X device according to the device authentication information; the device authentication identifier of the V2X device may be sent to the device information management subsystem, which instructs the device information management subsystem to authenticate the V2X device according to the device authentication information corresponding to the device authentication identifier, and receives the authentication result sent by the device information management subsystem.

In this step, when the device authentication mechanism of the V2X device is based on a symmetric cryptographic algorithm, the service and authentication subsystem may obtain an authentication vector of the V2X device from the device authentication address of the V2X device for authenticating the V2X device; when the device authentication mechanism of the V2X device is based on an asymmetric cryptographic algorithm, the service and authentication subsystem may obtain a public key, a public key certificate, or a certificate revocation list used to determine whether the public key certificate is revoked from the device authentication address of the V2X device for authenticating the V2X device.

Optionally, depending on the authentication mechanism employed, the authentication process of the device can generate keys for establishing security associations between the V2X device and the service and authentication subsystems. Further, if the V2X device is authenticated by the device information management subsystem, the device information management subsystem may send the key to the service and authentication subsystem.

And 6: the service and authentication subsystem acquires the device registration id of the V2X device from the device information management subsystem using the device authentication id of the V2X device.

In this step, the service and authentication subsystem may obtain a device registration identifier associated with the device authentication identifier according to the device authentication identifier of the V2X device.

And 7: the service and authentication subsystem sends a service authorization request to the device information management subsystem, wherein the service authorization request carries the device registration identifier of the V2X device.

Further, the service authorization request may also carry a service identifier.

And 8: the device information management subsystem performs an authorization check on the V2X device based on the information required for the authorization process.

In this step, based on the requirement of the local authorization policy, the device information management subsystem may use the information required for obtaining the authorization process by using the service identifier, such as obtaining device registration information or V2X device information, for authorization processing of the V2X device.

And step 9: the device information management subsystem returns a service authorization response to the service and authentication subsystem.

Step 10: optionally, if a key for establishing a security association is generated in the device authentication process, the V2X device and the service and authentication subsystem establish a security association using the key. The purpose of the security association is to enable mutual authentication between the V2X device and the subsystem and to establish a secure channel between the two.

Step 11: the service and authentication subsystem sends a service response to the V2X device.

In this step, the service and authentication subsystem determines whether to provide the requested service to the V2X device according to the device registration information of the V2X device, and returns the result to the V2X device.

Step 12: the service and authentication subsystem proceeds with the V2X device for subsequent V2X service flows.

It should be noted that the order of the steps in the above flow is not strictly limited, for example, step 0 may also occur after step 2.

In some embodiments, in the car networking device management system shown in fig. 1a, the device information management subsystem 10 may include a V2X device registration entity 110, a V2X device manufacturing and operating entity 120, and a V2X service authorization entity 130, as shown in fig. 2 a.

A V2X device Manufacturing and Operating Entity (ME) can write device information and a device authentication mechanism to a V2X device that it produces or operates, provide a service of a V2X device that it authenticates its production or operation, and provide information required in a V2X device registration process to a V2X device registration Entity.

The V2X device registration entity (V2X device enterprise Authority, EA) is responsible for allocating a device registration identifier to a V2X device to be added to the car networking system, and may store V2X device information that may be used for V2X device authentication, authorization, or information query, such as information of a device type, a device number, an application range, a network access permission, a valid time, a device authentication address, and the like.

The V2X service authorization entity may be used to authorize the service to the V2X device.

In other embodiments, in the car networking device management system shown in fig. 1a, the device information management subsystem 10 may include a V2X device registration entity 110, a V2X device manufacturing and operation entity 120, as shown in fig. 2 b. The V2X device registration entity 110 may have a function of authorizing a service of the V2X device, or the V2X device manufacturing and operating entity 120 may have a function of authorizing a V2X device, in addition to the above functions.

Based on the car networking management system shown in fig. 2a, fig. 2c exemplarily shows a car networking device management flow.

As shown in fig. 2c, the process may include:

step 0: the V2X device manufacturing and operating entity sends the device authentication identification and the device authentication mechanism information of the V2X device to the V2X device.

Through this step, the V2X device manufacturing and operating entity sets (writes) the device authentication identification and the device authentication mechanism information of the V2X device to the V2X device.

Step 1: the V2X device manufacturing and operating entity sends a device registration request to the V2X device registration entity, where device information of the V2X device is carried, and the information is information required for V2X device registration, such as device self-identification, device class (OBU or RSU), production date, usage, and technical parameters.

Step 2: the V2X device registration entity responds to the device registration request, assigns a device registration identity to the V2X device, and registers the V2X device.

In this step, when the V2X device needs to be accessed to the car networking system, an application may be made to the V2X device registration entity, and the V2X device registration entity allocates a device registration identifier to the V2X device. The V2X device registration entity may determine whether the V2X device meets the registration criteria based on the application, and assign a device registration identity to the V2X device if the registration criteria are met.

The V2X device registration entity stores the registration information of the V2X device, and the stored registration information of the V2X device may include: device self identification, device registration identification, device authentication identification, other device information (e.g., device type, generation date, usage, technical parameters, etc.). Furthermore, authorization information such as network access permission, application scope and the like can be included, for example, admission information of the device in some application fields and the like. The authorization information may be provided by a device registration authority or other authorization authority.

And step 3: the V2X device registration entity returns a device registration response to the V2X device manufacturing and operating entity, carrying the device registration identity of the V2X device.

And 4, step 4: the V2X device manufacturing and operating entity associates the device registration id of the V2X device with the device authentication id of the V2X device, so that the corresponding device registration id can be obtained through the device authentication id.

And 5: the V2X device sends a service request to the service and authentication subsystem, wherein the service request carries the device authentication identifier of the V2X device.

Step 6: the service and authentication subsystem determines that authorization of an external service authorization entity is required to provide services for the V2X device according to a service authorization policy.

And 7: the service and authentication subsystem triggers the authentication process for the V2X device.

In this step, the service and authentication subsystem may obtain device authentication information of the V2X device from the V2X device manufacturing and operating entity according to the device authentication identifier of the V2X device, and authenticate the V2X device according to the device authentication information; the device authentication identifier of the V2X device may also be sent to the V2X device manufacturing and operating entity, the V2X device manufacturing and operating entity is instructed to authenticate the V2X device according to the device authentication information corresponding to the device authentication identifier, the V2X device authentication function entity interacts with the V2X device and the V2X device production operation and maintenance entity to complete the authentication process of the V2X device, and the V2X device production operation and maintenance entity sends the authentication result to the service and authentication subsystem.

Optionally, depending on the authentication mechanism employed, the authentication process of the device can generate keys for establishing security associations between the V2X device and the service and authentication subsystems. Further, if the V2X device is authenticated by the V2X device manufacturing and operating entity, the V2X device manufacturing and operating entity may send the key to the service and authentication subsystem.

And 8: the service and authentication subsystem obtains the device registration identity of the V2X device from the V2X device manufacturing and operating entity using the device authentication identity of the V2X device.

And step 9: the service and authentication subsystem sends a service authorization request to the V2X service authorization entity, wherein the service authorization request carries the device registration identifier of the V2X device. Further, the service authorization request may also carry a service identifier.

Step 10: the V2X service authorization entity performs an authorization check on the V2X device based on the information required for the authorization process.

In this step, based on the requirement of the local authorization policy, the V2X service authorization entity may use the information required by the service identifier to obtain the authorization process, such as obtaining device registration information or V2X device information, for authorization processing of the V2X device.

Step 11: the V2X service authorization entity returns a service authorization response to the service and authentication subsystem.

Step 12: optionally, if a key for establishing a security association is generated in the device authentication process, the V2X device and the service and authentication subsystem use the key to establish a security association. The purpose of the security association is to enable mutual authentication between the V2X device and the subsystem and to establish a secure channel between the two.

Step 13: the service and authentication subsystem sends a service response to the V2X device.

Step 14: the service and authentication subsystem proceeds with the V2X device for subsequent V2X service flows.

It should be noted that the order of the steps in the above flow is not strictly limited, for example, step 0 may also occur after step 3.

It should be noted that some specific implementations of the flow shown in fig. 2c can be described with reference to the relevant contents in fig. 1 b.

In some embodiments, in the car networking device management system shown in fig. 1a, the service and authentication subsystem 20 may include a V2X service entity 210, a V2X device authentication function entity 220, as shown in fig. 3 a.

The V2X service entity (V2X service entity, SE) is an entity that can provide some kind of car networking service in the car networking system, such as a CA issuing car networking security certificates and a road operating organization issuing traffic information. It first requires an authentication and authorization check of the V2X device before it can provide service to the V2X device.

The V2X device Authentication Function (AF) interacts with V2X and V2X device manufacturing or operating entities to complete Authentication of the V2X device.

Based on the car networking management system shown in fig. 2a, fig. 2b exemplarily shows a car networking device management flow.

As shown in fig. 3b, the process may include:

Step 2: the device information management subsystem associates the device registration identifier of the V2X device with the device authentication identifier of the V2X device, so that the corresponding device registration identifier can be obtained by the device authentication identifier.

And step 3: the V2X device sends a service request to the V2X service entity, where the service request carries the device authentication identifier of the V2X device, and further, the service request may also carry a service identifier.

And 4, step 4: the V2X service entity determines that authorization of an external service authorization entity is required to provide service for the V2X device according to a service authorization policy.

And 5: the V2X service entity sends a device authentication request to the V2X device authentication function entity, where the device authentication identity of the V2X device and indication information are carried, and the indication information is used to indicate that the device registration identity of the V2X device needs to be acquired.

And 6: the V2X device authentication function interacts with the V2X device and the device information management subsystem to complete the authentication process for the device.

Alternatively, the authentication process of the device can generate keys for establishing security associations between the V2X device and the V2X service entity, depending on the authentication mechanism employed. Further, if the V2X device is authenticated by the device information management subsystem, the device information management subsystem may send the key to the V2X device authentication function entity.

And 7: the V2X device authentication function entity obtains the device registration id of the V2X device from the device information management subsystem using the device authentication id of the V2X device.

And 8: the V2X device authentication function entity returns a device authentication response to the V2X service entity, wherein the authentication result of the V2X device and the device registration identity of the V2X device are carried.

In this process, the authentication result is a successful authentication result.

Optionally, if a key for establishing the security association is generated in the device authentication process, the key may also be returned to the V2X device service entity, for example, the key may be returned to the V2X device service entity through a device authentication response.

And step 9: the V2X service entity sends a service authorization request to the device information management subsystem, where the service authorization request carries the device registration identifier of the V2X device. Further, the service authorization request may also carry a service identifier.

Step 10: the device information management subsystem performs an authorization check on the V2X device based on the information required for the authorization process.

Step 11: the device information management subsystem returns a service authorization response to the service and authentication subsystem.

Step 12: optionally, if a key for establishing the security association is generated in the device authentication process, the V2X device and the V2X service entity use the key to establish the security association. The purpose of the security association is to enable mutual authentication between the V2X device and the V2X service entity and to establish a secure channel between the two.

It should be noted that the order of the steps in the above flow is not strictly limited, for example, step 0 may also occur after step 1 or step 2.

It should be noted that some specific implementations of the flow shown in fig. 3b can be described with reference to relevant contents in fig. 1b and fig. 2 c.

In some embodiments, in the car networking device management system shown in fig. 1a, the device information management subsystem 10 may include a V2X device registration entity 110, a V2X device manufacturing and operating entity 120, a V2X service authorization entity 130, and the service and authentication subsystem 20 may include a V2X service entity 210 and a V2X device authentication function entity 220, as shown in fig. 4 a. The interface A1 is an authentication interface, the interface A2 is an interface with a registration authority, and the interface A3 is an authorization check interface.

In other embodiments, in the car networking device management system shown in fig. 1a, the device information management subsystem 10 may include a V2X device registration entity 110, a V2X device manufacturing and operating entity 120, and the service and authentication subsystem 20 may include a V2X service entity 210 and a V2X device authentication function entity 220, as shown in fig. 4 b. The function of service authorization for the V2X device may be implemented by the V2X device registration entity 110 or the V2X device manufacturing and operating entity 120.

Based on the car networking management system shown in fig. 4a, fig. 4c exemplarily shows a car networking device management flow.

As shown in fig. 4c, the process may include:

And 5: the V2X device sends a service request to the V2X service entity, where the service request carries the device authentication identifier of the V2X device, and further, the service request may also carry a service identifier.

And 5: the V2X service entity determines that authorization of an external service authorization entity is required to provide service for the V2X device according to the service authorization policy.

And 7: the V2X service entity sends a device authentication request to the V2X device authentication function entity, where the device authentication identity of the V2X device and indication information are carried, and the indication information is used to indicate that the device registration identity of the V2X device needs to be acquired.

And 8: the V2X device authentication function interacts with the V2X device and the V2X device manufacturing and operation entities to complete the authentication process for the devices.

Alternatively, the authentication process of the device can generate keys for establishing security associations between the V2X device and the V2X service entity, depending on the authentication mechanism employed. Further, if the V2X device is authenticated by the V2X device manufacturing and operating entity, the V2X device manufacturing and operating entity may send the key to the V2X device authentication function entity.

And step 9: the V2X device authentication function entity obtains the device registration identity of the V2X device from the V2X device manufacturing and operating entity using the device authentication identity of the V2X device.

Step 10: the V2X device authentication function entity returns a device authentication response to the V2X service entity, wherein the authentication result of the V2X device and the device registration identity of the V2X device are carried. In this process, the authentication result is a successful authentication result.

Step 11: the V2X service entity sends a service authorization request to the V2X service authorization entity, wherein the service authorization request carries the device registration identity of the V2X device. Further, the service authorization request may also carry a service identifier.

Step 12: the V2X service authorization entity performs an authorization check on the V2X device based on the information required for the authorization process.

Step 13: the V2X service authorization entity returns a service authorization response to the V2X service entity.

Step 14: optionally, if a key for establishing the security association is generated in the device authentication process, the V2X device and the V2X service entity use the key to establish the security association. The purpose of the security association is to enable mutual authentication between the V2X device and the V2X service entity and to establish a secure channel between the two.

15, the step of: the V2X service entity sends a service response to the V2X device.

Step 16: the V2X service entity proceeds with the V2X device for subsequent V2X service flow.

It should be noted that the order of the steps in the above-mentioned flow is not strictly limited, for example, step 0 may also occur after step 1 or step 3.

It should be noted that some specific implementations in the flow shown in fig. 4c can be described with reference to relevant contents in fig. 1b, fig. 2c, and fig. 3 b.

Based on the same technical concept, the embodiment of the disclosure further provides a communication device, which can implement the car networking device management method in the foregoing embodiment.

Referring to fig. 5, a schematic structural diagram of a communication device according to an embodiment of the present disclosure is provided. As shown, the apparatus may comprise: a processor 501, a memory 502, and a bus interface 503.

The processor 501 is responsible for managing the bus architecture and general processing, and the memory 502 may store data used by the processor 501 in performing operations.

The bus architecture may include any number of interconnected buses and bridges, with one or more processors, represented by processor 501, and various circuits, represented by memory 502, being linked together. The bus architecture may also link together various other circuits such as peripherals, voltage regulators, power management circuits, and the like, which are well known in the art, and therefore, will not be described any further herein. The bus interface provides an interface. The processor 501 is responsible for managing the bus architecture and general processing, and the memory 502 may store data used by the processor 501 in performing operations.

The processes disclosed in the embodiments of the present disclosure may be applied to the processor 501, or implemented by the processor 501. In implementation, the steps of the signal processing flow may be implemented by integrated logic circuits of hardware or instructions in the form of software in the processor 501. The processor 501 may be a general purpose processor, a digital signal processor, an application specific integrated circuit, a field programmable gate array or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination thereof that may implement or perform the methods, steps, and logic blocks disclosed in embodiments of the present disclosure. A general purpose processor may be a microprocessor or any conventional processor or the like. The steps of a method disclosed in connection with the embodiments of the present disclosure may be embodied directly in a hardware processor, or in a combination of hardware and software modules. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The storage medium is located in the memory 502, and the processor 501 reads the information in the memory 502 and completes the steps of the information processing flow in combination with the hardware thereof.

Specifically, the processor 501 is configured to read the computer instructions in the memory 502 and execute the car networking device management method in the embodiment of the present disclosure.

It should be noted that, the communication apparatus provided in the embodiment of the present disclosure can implement all the method steps implemented by the method embodiment and achieve the same technical effect, and detailed descriptions of the same parts and beneficial effects as the method embodiment in this embodiment are not repeated herein.

The embodiment of the disclosure also provides a computer-readable storage medium, where computer-executable instructions are stored, and the computer-executable instructions are used for enabling a computer to execute the method for managing the internet of vehicles device in the above embodiment.

The embodiment of the disclosure also provides a computer program product, and when the computer program product is called by a computer, the computer executes the method for managing the internet of vehicles equipment in the embodiment.

As will be appreciated by one skilled in the art, embodiments of the present disclosure may be provided as a method, system, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present disclosure may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and so forth) having computer-usable program code embodied therein.

The present disclosure is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to the present disclosure. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

It will be apparent to those skilled in the art that various changes and modifications can be made in the present disclosure without departing from the spirit and scope of the disclosure. Thus, if such modifications and variations of the present disclosure fall within the scope of the claims of the present disclosure and their equivalents, the present disclosure is intended to include such modifications and variations as well.

Claims

1. A car networking device management system, comprising: a service and authentication subsystem and an equipment information management subsystem;

the service and authentication subsystem is used for receiving a service request from a V2X device in the Internet of vehicles, triggering an authentication process for the V2X device according to a device authentication identifier carried by the service request, acquiring a device registration identifier of the V2X device associated with the device authentication identifier from the device information management subsystem according to the device authentication identifier of the V2X device after receiving an authentication result from the device information management subsystem, sending a service authorization request to the device information management subsystem, receiving a service authorization response returned by the device information management subsystem, and returning a service response to the V2X device; wherein the service authorization request carries a service identifier and a device registration identifier of the V2X device, and the device registration identifier is allocated to the V2X device by the device information management subsystem;

The device information management subsystem is configured to allocate a device registration identifier to the V2X device, provide the device registration identifier of the V2X device to the service and authentication subsystem, associate the device registration identifier of the V2X device with the device authentication identifier of the V2X device, and send the device authentication identifier of the V2X device and device authentication mechanism information to the V2X device, where the device authentication mechanism information includes the authentication identifier of the V2X device and a security key of the V2X device; and after receiving a service authorization request from the service and authentication subsystem, responding to the service authorization request, and authorizing the service requested by the V2X device according to the device registration identifier and the service identifier carried by the authorization request.

2. The system of claim 1, wherein the service and authentication subsystem is specifically configured to:

acquiring the equipment authentication information of the V2X equipment from the equipment management subsystem according to the equipment authentication identifier of the V2X equipment, and authenticating the V2X equipment according to the equipment authentication information; or

Sending the device authentication identifier of the V2X device to the device information management subsystem, instructing the device information management subsystem to authenticate the V2X device according to the device authentication information corresponding to the device authentication identifier, and receiving an authentication result sent by the device information management subsystem.

3. The system of claim 1, wherein the device information management subsystem comprises: a V2X device registration entity, a V2X device manufacturing and operating entity, a V2X service authorization entity;

4. The system of claim 3, wherein the V2X device manufacturing and operating entity is further to:

and receiving the equipment authentication identifier of the V2X equipment sent by the service and authentication subsystem, acquiring equipment authentication information corresponding to the equipment authentication identifier, authenticating the V2X equipment according to the equipment authentication information, and sending an authentication result to the service and authentication subsystem.

5. The system of claim 4, wherein the V2X device manufacturing and operating entity is further to:

sending a key to the service and authentication subsystem for establishing a security association between the V2X device and the service and authentication subsystem.

6. The system of claim 1, wherein the service and authentication subsystem comprises: a V2X service entity and a V2X device authentication function entity;

7. The system according to claim 6, wherein the V2X device authentication function entity is specifically configured to:

acquiring the equipment authentication information of the V2X equipment from the equipment management subsystem according to the equipment authentication identifier of the V2X equipment, and authenticating the V2X equipment according to the equipment authentication information; or alternatively

8. The system of claim 6 or 7, wherein the device authentication response carries a key for establishing a security association between the V2X device and the service and authentication subsystem;

The V2X service entity, further configured to: and establishing a security association with the V2X device according to the key.

9. A vehicle networking device management method is applied to a vehicle networking device management system, the vehicle networking device management system comprises a service and authentication subsystem and a device information management subsystem, and the method comprises the following steps:

10. The method of claim 9, wherein the service and authentication subsystem triggers an authentication process for the V2X device according to a device authentication identifier carried by the service request, comprising:

the service and authentication subsystem acquires the equipment authentication information of the V2X equipment from the equipment management subsystem according to the equipment authentication identification of the V2X equipment, and authenticates the V2X equipment according to the equipment authentication information; or

The service and authentication subsystem sends the equipment authentication identifier of the V2X equipment to the equipment information management subsystem, instructs the equipment information management subsystem to authenticate the V2X equipment according to the equipment authentication information corresponding to the equipment authentication identifier, and receives the authentication result sent by the equipment information management subsystem.

11. The method of claim 9 or 10, wherein the service and authentication subsystem comprises: a V2X service entity and a V2X device authentication function entity;

12. The method of claim 11, wherein the device authentication response carries a key for establishing a security association between the V2X device and the service and authentication subsystem;

the method further comprises the following steps:

the V2X service entity establishes a security association with the V2X device based on the key.

13. A vehicle networking device management method is applied to a vehicle networking device management system, the vehicle networking device management system comprises a service and authentication subsystem and a device information management subsystem, and the method comprises the following steps:

and the information management subsystem responds to a service authorization request from the service and authentication subsystem, and authorizes the service requested by the V2X equipment according to the service identifier carried by the authorization request and the equipment registration identifier of the V2X equipment.

14. The method of claim 13, wherein the device information management subsystem comprises: a V2X device registration entity, a V2X device manufacturing and operating entity, a V2X service authorization entity;

15. The method of claim 13, wherein the method further comprises:

and the V2X equipment manufacturing and operating entity receives the equipment authentication identifier of the V2X equipment sent by the service and authentication subsystem, acquires equipment authentication information corresponding to the equipment authentication identifier, authenticates the V2X equipment according to the equipment authentication information, and sends an authentication result to the service and authentication subsystem.

16. The method of claim 15, wherein the method further comprises:

the V2X device manufacturing and operating entity sends keys for establishing security associations between the V2X devices and the service and authentication subsystems to the service and authentication subsystems.

17. A communications apparatus, comprising: a processor, a memory;

the memory storing computer instructions;

the processor, reading the computer instructions, performing the method of any one of claims 9-16.

18. A computer-readable storage medium having stored thereon computer-executable instructions for causing a computer to perform the method of any one of claims 9-16.